Good FPGA for an encryptor

Hello,

I would like to build a 1GBit/s data encryptor/decryptor using an FPGA chip, but I have a big problem with an appropriate chip. It should contain about 3000LE, 70 IO pins and at least

12 dual-port RAM blocks (I need two read ports per block) configurable as 512x8 banks. Additionally, it should be Flash-based or SRAM

-based with encrypted bitstream. And must be cheap. Here are the options I know of:

  1. Altera Cyclone 1C3-8. It is perfectly suited for my needs, and is very cheap. There is extremely good design software available. But it can't be used: it's totally unsecure.

  1. Actel ProASIC+: flash-based and cheap, but their memory blocks are not big enough and have only one read port. Terribly bad software quality.

  2. Actel ProASIC3: good, moderately expensive but not yet available.

  1. Lattice XP: unknown price, unknown availability, technically suitable, I've heard many bad opinions about Lattice, but personally I have no experience with their chips.

  2. Xilinx Virtex4: too powerful and thus probably much too expensive, good availability, very good support [:-)], software quality unknown, but probably comparable to Quartus.

Could you please write something about remaining options?

Best regards Piotr Wyderski

Reply to
Piotr Wyderski
Loading thread data ...

"Piotr Wyderski" schrieb im Newsbeitrag news:d9pkb0$oas$ snipped-for-privacy@panorama.wcss.wroc.pl...

with some trick a RAM based FPGA can be made secure as well but generically its nogo for security related stuff

CORRECT, the software is a mist

CORRECT, ProAsic3 600 chips was there (i did see it!) November 2004, but in generic no PA3 devices are available. And the software is the same.

XP10 is available. When I asked a disti (WBC) where I could get XP, the answer was "from me", ie the disties are able to ship immediatly.

software is no OK. I guess, any comment: "comparable to Quartus" is understood as VERY bad insulting comment in the Xilinx side of the world. But you are right, the software OK.

expensive, yes expect any V4 to be >=100USD

there isnt much,

quicklogic is OTP, secure and ok, but OTP

Atmel AT94Sxx are also secure but software sucks bad times as well and is not free

Antti

Reply to
Antti Lukats

Piotr,

To complement Antti's comments,

I am working with Xilinx for about 7 years, used it everywhere and despite some minor software issues (they always have been resolved, but who said there is such a complex design with no bugs???) I have always been happy. I have used Altera Cyclone a few times & even now we have some diversity by using C2 for some minor project. I have also tried evaluating Lattice and Actel.

In the past, we had to choose FPGAs for ASIC prototyping and I was greatly disappointed by Altera tools Yes, Altera tools, but not FPGAs! FPGAs are always extraordinary stuff, regardless of their vendor! And this is the main reason we tried using Xilinx and occasionaly Altera Cyclone for small things. But the latest Quartus 4.2 / 5.x is definitely better than before, yet it still has some completely useless warnings.

If you are not planning massive production and you need only a few units, think no further. Go with Xilinx, forget about the rest. Softwarte quality is good, large support community, prices "above the average"...

Vladislav

Reply to
Vladislav Muravin

I'm curious. Why do you need an FPGA with bitstream encryption?

Reply to
allanherriman

What cypher are you going to use ?

We are getting about 20 Gbps in a Virtex 2 3000, for 1Gbps you can get away in a Spartan 3. Thats for AES with 128 bit keys. 256 bit key take a 25-30% larger FPGA.

My guess is that you can do 1 Gbps in any low cost/low end FPGA with the right architecture ...

Regards, rudi ============================================================= Rudolf Usselmann, ASICS World Services,

formatting link
Your Partner for IP Cores, Design, Verification and Synthesis

****** Certified USB 2.0 HS OTG and HS Device IP Cores ******
Reply to
Rudolf Usselmann

Piotr wants to do crypto in the FPGA. Also, he certainly needs secret keys inside the FPGA for working with digital crypto (speudo). Piotr needs FPGA bitstream encryption to make sure the secret key is safe and to protect his design and encryption method !

Laurent

formatting link

Reply to
Laurent Gauch

'Doing crypto' does not imply a requirement for bitstream encryption.

One needs to change the keys from time to time, so they can't be part of the bitstream. So having secret keys does not imply a requirement for bitstream encryption either.

IP protection makes sense, although the actual crypto part of the design will probably be an industry standard design (e.g. AES, 3DES, etc).

Reply to
allanherriman

I have used lattice since i started programming and find there FPGA and PLD products extremely good, i have found there software to be ideal for low yield projects and cheap!! My last project used the XPGA (a varient on the XP) and found it to have great functionality and easy to get hold of.

As mentioned previously in this thread, the distributor WBC will provide you with all Lattice products and will normally give you some shiny samples if you ask nicely :-)

Use Lattice chips; not enough people do!!!!!!!! ;->

Hope this helps

Reply to
Matt North

generically

No tricks.

And what is the price of LFXP3? This chip seems to be very promising and if it is less than 30$, it would be perfect.

:o)))

Quartus is extremely good (but quite slow), especially the full version, and since Xilinx is a really big player, I anticipate that their software is also very good, however I have no experience with ISE. It's a compliment, not an insulting comment. ;-)

Too much for this application.

Thank you for your comment, Piotr

Reply to
Piotr Wyderski

Well, I'm amazed by Quartus. :-)

ProASIC+ LEs cannot compute multi-input xors -- big disappointment. :-( Only one RAM read port: even bigger disappointment.

Generally, I prefer 100 not important warnings than the lack of one, important. :-)

Today I need only a prototype, but I am not planning mass production, at most 1000 devices in the best case.

Best regards Piotr Wyderski

Reply to
Piotr Wyderski

Because I need a safe place to store the symmetric key. The best option would be to store it inside the chip, but it can't be done using a SRAM-based device. So the best I can do is to store it in an external encrypted memory. But since the device has volatile configuration memory, the decoder (and its key!) must also be encrypted. The best soulution would teleport the key from a smartcard directly into the FPGA, but no such technology is available... ;-)

Best regards Piotr Wyderski

Reply to
Piotr Wyderski

Comment:

-snip-

Virtex 4 in the smaller parts (LX15, LX25, FX12) are all less than $100 (based on forward pricing in quantities, see the various press releases).

If this is a hobby project, then you are better off going to the Xilinx web store and buying a Spartan 3 (or buying the Digilent S3 pcb complete).

Austin

Reply to
Austin Lesea

I dont have pricing handy, but from face to face talk, the Lattice person promised to meet any Xilinx S3 price for comparable density for EC, and XP is projected 10% more than EC. Well there was a small misunderstanding at the conversation, when I mentioned the S3-1000 price then Lattice said at first that they would not get that price, but he heard me wrong, I said 16, and it was understood a 6 (EUR), so as per Lattice direct promise they have no problems with 16EUR price for a device that is comparable to s3-1000, but they would not give it for 6 :(

I can not guarantee what price you will actually get, but check them out. Notice that the only device from XP currently available is XP10. Just say that your target price is $30 and force them (nicely) to meet the price. As they don not have any other silicon to offer rigth now as XP10 I am sure you will get XP10 priced to meet your target price.

is

Reply to
Antti Lukats

Good point:

A lot of folks get the issues of security and encryption all mixed up.

Why, in fact, do you need anything at all?

Best to start from the beginning, and build your requirements from the basics.

What is needed? Do you need to authenticate (is this the system to whom I am speaking....)? Do you need to pass secure keys (update keys in an insecure channel)? There are many things which are really nice, and clever, but are they needed? Who is the attacker? Will they have physical access?

I am guessing that Piotr has thought all this through, so I will not question his requirements.

If local secure storage is required for information (pads, session keys, etc.), and the attacker has physical access, then one way to maintain security is to use a device with encrypted bitstreams, as readback is prohibited when the decryptor is being used (in V2, V2P, V4).

Aust> snipped-for-privacy@hotmail.com wrote:

Reply to
Austin Lesea

128 bit AES and a good hashing method to generate "session" keys.

Exactly, even the smallest Cyclone, 1C3-8, would perform this task easily. But there is no way to send the key securely to the FPGA and hence my favourite FPGA family can't be used.

The problem is not with a proper implementation, I can do it easily, but with the word "any". ;-) Any low cost SRAM

-based FPGA has enough performance, but there is no way to store the key securely (there's no "secure environment" and no secure communication channel between the scrambler and a smart card, so I can't just send the key and I can't send an encrypted version of the key, because the majority of available chips is unencrypted, i.e. it's impossible to implement a secure key exchange protocol). Flash-based and SRAM-based devices have no such problem, you can store the "auxilary" key(s) inside the chip.

Best regards Piotr Wyderski

Reply to
Piotr Wyderski

EXACTLY! :-)

Well, there's no need to protect these parts of my design. Only the secret key must be stored in an extremely secure location, because there's no way to change the key.

Best regards Piotr Wyderski

Reply to
Piotr Wyderski

"Austin Lesea" schrieb im Newsbeitrag news:d9rpon$ snipped-for-privacy@cliff.xsj.xilinx.com...

Hi Austin,

I think my estimate was more realistic, it is for the small volume project (at least the way I understood the OP) and I did mean pricing as of today. Sure the prices for the devices you mentioned do fall below $100 margin, some day in some qty. But for buying small qty of V4 as of today I would expect near 100$ pricing or am I mis understanding the pricing policy? I dont remember seeing V4 price forecasts going much lower than $80 USD for

5-10k yearly volumes. Sure I would welcome a lower pricing :)

as of 1 off testing, it sure makes sense to buy a low cost kit for evaluation, here are you absolutly right

Antti

Reply to
Antti Lukats

Of course, but...

... here it is impossible. No frequent key updates, no forward secure protocols, nothing can be used. Only a secure key storage is allowed, which means a physically secure storage, i.e. storing the key in an FPGA or at least an external, unprotected storage with encrypted contents.

Unencrypted bitstreams can be modified (it doesn't mean reserse engineering of the chip, just simply modify several bits of the bitstream and update the CRC) and then the "enemy" can analyse the errors produced by the chip to reconstruct the key. It's one of the simplest methods of breaking (wanna be) secure devices -- no extensive number crunching etc., is needed, just "inject" some bugs into the chip, record the results and then extract statistical correlations between the errors and the key bits.

There's no particularly valuable IP to protect.

Best regards Piotr Wyderski

Reply to
Piotr Wyderski

Still three times too much, Virtex4 chips are just to big, the goal is to design a device with the price of less than ~$70 @ 1000 specimen. But this must include a smart card, a small PCB, several connectors and wires etc., so the chip should cost below $30.

Well, it isn't, or better: it should not end up as a non-profit project. It's current status is "small research project".

Best regards Piotr Wyderski

Reply to
Piotr Wyderski

I have all of them.

Yes, definitely.

Yes.

A company with the budget of 20--100k$.

To the PCB: yes, virtually unlimited, but they will have no access to the die.

Thank you. :-)

Best regards Piotr Wyderski

Reply to
Piotr Wyderski

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.