Cryptography – Communication system using cryptography – Symmetric key cryptography
Reexamination Certificate
1998-09-18
2002-03-12
Decady, Albert (Department: 2132)
Cryptography
Communication system using cryptography
Symmetric key cryptography
C380S044000, C380S045000, C380S046000, C380S028000, C071S064120, C071S064120
Reexamination Certificate
active
06356637
ABSTRACT:
BACKGROUND OF THE INVENTION
The invention relates to field programmable gate arrays, more especially but not exclusively to volatile field programmable gate arrays.
A field programmable gate array (FPGA) includes a functional portion comprising a logical structure, the configuration of which is programmable into states defined by configuration data specified for the application concerned at the design stage and loadable into the FPGA.
FPGA's based on volatile technology are in widespread use. The companies Altera Corporation and Xilinx, Inc. have been active in this field. Such volatile FPGA's lose their configuration when power is removed. Volatile FPGA's are therefore reconfigured on power-up by reloading the configuration data which is held externally. To perform this function, volatile FPGA's are provided with circuitry for routing the respective configuration data to the appropriate elements within the functional portion of the FPGA.
At the time of reloading the configuration data on power-up, it would be relatively straightforward to observe the configuration data by intercepting the data stream between the external configuration data store and the FPGA as the FPGA is being configured. Moreover, unauthorized reverse engineering of a programmed FPGA could make use of the intercepted configuration data.
A first possibility would be to obtain unprogrammed FPGA's on the open market and to program them with intercepted configuration data.
A second possibility would be to reverse engineer the design of the FPGA at the logic level from the configuration data and to manufacture FPGA's to that design which could then be programmed with the intercepted configuration data or other configuration data. This would be possible if the relationship between the intercepted configuration data and the resulting configuration of the FPGA were known. It could also then be possible to make modifications to the reverse engineered FPGA design, for example to use the unauthorized reverse engineering of the original FPGA logic as a springboard for further designs, or in order to mask the fact that the design had been obtained by reverse engineering from the original FPGA.
A third possibility, which could be adopted if the relationship between the configuration data and the resulting configuration of the FPGA were not known, would be to reverse engineer the FPGA at the hardware level using slice and scan methods, or other hardware cloning techniques.
There is thus the potential for unauthorized copying of commercially valuable configuration data, which may well have been created following original design work, perhaps involving teams of designers over significant periods of time. Moreover, there is the potential for unauthorized reverse engineering of FPGA hardware at the logic level through the use of configuration data obtained by the unauthorized interception of data during the FPGA configuration process.
SUMMARY OF THE INVENTION
Particular and preferred aspects of the invention are set out in the accompanying independent and dependent claims. Features of the dependent claims may be combined with those of the independent claims as appropriate and in combinations other than those explicitly set out in the claims.
According to a first aspect of the invention there is provided a field programmable gate array designed to receive encrypted configuration data and having on its input side decryption logic for acting on the encrypted configuration data received on reconfiguration, e.g. on power-up, to decrypt it. The decrypted configuration data can then be handled within the field programmable gate array in a conventional manner, i.e. distributed to configure the logical structure of the functional portion of the field programmable gate array.
In an embodiment of the invention, the decryption logic accesses a decryption key stored within the FPGA. The decryption algorithm then uses the key as an operand. The decryption algorithm is preferably stateful rather than stateless. A stateful algorithm may be realized in hardware based on a standard linear feedback shift register (LFSR) design. Typically, the key memory will be formed of non-volatile memory elements, for example EEPROM, and the functional portion of the gate array will be formed of volatile elements, for example SRAM. The key size may be typically of the order of 1K bits or more, with the size being chosen to provide the desired data security level having regard to current code cracking technology. Smaller key sizes may be appropriate for some applications, for example 64 bits, 128 bits or 256 bits.
Since the key memory will typically only constitute a small fraction of the FPGA in comparison to the gate array of the functional portion of the FPGA, the key memory can be realized in the hardware with a relatively large feature size which is beneficial to yields.
According to a second aspect of the invention there is provided a method of processing field programmable gate array configuration data. The method comprises: inputting configuration data; encrypting the configuration data; and storing the encrypted configuration data into a configuration data memory or intermediate recording medium for subsequent loading into a configuration data memory. The encryption may use an algorithm that utilizes an encryption key. A decryption key can be generated from the encryption key and the decryption key can then be embedded in a non-volatile memory of a field programmable gate array to which it is intended to supply the encrypted configuration data.
According to a third aspect of the invention there is provided a method of reconfiguring a field programmable gate array. The method comprises: inputting encrypted configuration data into the field programmable gate array; decrypting the encrypted configuration data; and distributing the decrypted configuration data to configure the field programmable gate array. In the third aspect of the invention the decrypting step may include applying a decryption algorithm to the encrypted configuration data using a decryption key, stored in non-volatile form within the field programmable gate array, as an operand of the algorithm. The decryption algorithm may be stateful or stateless.
According to a fourth aspect of the invention there is provided a field programmable gate array configurable according to externally inputted encrypted configuration data. The gate array has non-volatile memory elements loaded with a decryption key and also data manipulation elements forming part of a configuration data input channel and arranged to apply a decryption algorithm responsive to the decryption key to configuration data passing through the input channel.
Furthermore, a field programmable gate array module may be provided, the module including a field programmable gate array as well as a non-volatile configuration data memory, the field programmable gate array and its memory being interconnected by a configuration data transfer link.
In an alternative embodiment of the invention, there is provided a field programmable gate array comprising: a configurable logical structure having a default state and being configurable into a programmed state by configuration data; an input for receiving encrypted configuration data; and data storage for storing a set of configuration data for defining a programmed state, wherein, in the default state, the configurable logic structure serves to decrypt encrypted configuration data received at the input and to output the decrypted configuration data to the data storage for subsequent reconfiguration of the configurable logic structure into a programmed state. The data storage may comprise a plurality of configuration data holding registers and there may be provided a state machine connected to detect completion of decryption by the configurable logic structure and to trigger the data holding registers to load the configuration data stored therein into the configurable logic structure.
With the above embodiments and aspects of the invention, it is thus possible to im
Callahan Paul E.
De'cady Albert
O'Melveny & Myers LLP
Sun Microsystems Inc.
LandOfFree
Field programmable gate arrays does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Field programmable gate arrays, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Field programmable gate arrays will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2866134