Stratix II vs. Virtex 4 - features and performance

Responding to comments on features and performance . . .

Stratix II Features: Altera has led the innovation to introduce high-density, high-performance FPGAs. In 2002, the Stratix family won EDN Innovation of Year award over Virtex-II Pro. This year, we introduced the Stratix II family which includes a new logic structure, a whole new set of features, and breakthrough performance. Altera is the first FPGA company to integrate dedicated SERDES and DPA circuitry into our devices for high-speed source-synchronous I/Os (LVDS, LVPECL, etc.). Altera is the first FPGA company to introduce dedicated DQ and DQS circuitry into our devices for external memory interface support (DDR, DDR2, etc.). Altera is the first FPGA company to introduce a new flexible logic structure ? the Adaptive Logic Module (ALM). Stratix II Logic Efficiency: Altera studies highlighted that had we implemented the traditional logic structure on 90nm process technology, we would have seen minimal gains on performance and cost (over 130 nm products). Stratix II devices utilize new highly flexible adaptive logic modules (ALMs) that are optimized for 90nm process technology to maximize logic efficiency and performance. The inputs of a single ALM can be flexibly divided between the two output functions, allowing wide input functions to run fast and narrow input functions to efficiently use remaining resources. Stratix II is the industry's only FPGA with such a flexible logic structure, allowing it to provide 50% faster performance and consume 25% less logic comparing to other FPGAs. Stratix II Design Security: The Stratix II devices come with both the non-volatile key and volatile key storages for design security. Altera chose to only market the non-volatile key solution because it delivers the optimal features and functionality for customers. A volatile key solution requires a battery to backup the key when the power is off, which is not ideal as it increases the cost of the solution, board manufacturing complexity and is simply less reliable. Significant protections is put in place to make sure the non-volatile key is secure within the Stratix II FPGA.

Reading poly fuses on a 9 layer 90nm process is not trivial. It cannot be done in "less than an hour". Our feature has been designed to make it as painful as possible to crack, and has been verified by independent security consultants. Since all crypto systems are crackable, including ones by our competitors, it is a question of how much money and time one is willing to spend on this endeavor.

The battery solution for a volatile key provides no data integrity. What is the purpose of having security if you can over write a "supposedly secure design" (a design that has been loaded with an encrypted bit-stream) with any other design. You can do this in Virtex

4 devices which have a security key on board. A hacker can load a new design into a device with a security key onboard without knowing the key that resides onboard. He can also change the original key itself. A poly fuse system provides data integrity since the only bit-stream you can load is the encrypted bit-stream. A hacker trying to load any other bit-stream will be not be successful in loading the device and cannot change the original design.

A 256 bit key in this situation provides minimal added security beyond a 128 bit key. If you are going to spend the money to attempt cracking either Altera or Xilinx devices by reverse engineering the silicon, the entire method is dependent on how difficult you make the reverse engineering rather than the key length. Since no known method exists for cracking AES, a brute force attack is the only way to attempt to crack the key. A 128 bit key length is more than sufficient for this.

Performance Stratix II performance on average is 50% faster than Stratix performance ? details are well documented at our web-site

formatting link
Virtex 4 literature highlights that performance doubles, yet we only see two concrete examples on this bulletin board, neither substantiating the claim. It doesn't appear there has been any change to the Virtex CLB since Virtex-II (except removing half of the distributed RAM in Spartan-3 and Virtex 4). Without changes to the core architecture (logic module), I question how performance can double and power be cut in half (we have not yet run our benchmark suite though). Altera will be happy to release benchmark information on the 2 architectures once available.

Dave Greenfield Sr. Director of Product Marketing ? High Density FPGAs Altera Corporation

Reply to
Dave Greenfield
Loading thread data ...

Nope. Ever heard of differential power analysis?

Kolja Sulimma

Reply to
Kolja Sulimma

Give me enough of a reason: $$$, and geting the fuses out in less than an hour as a repeat performance wouldn't be a problem.

Call me biased, but please market the volatile-key solution, as this forces sidechannel attacks and other tricks to be used. It's still not perfect, but it is a LOT better.

True, BUT: If you are in a position where an attacker CAN load a bitfile of his choice/physical access to the board, you've lost anyway. I can see an advantage to authentication, but not enough to weaken confidentiality by using non-volatile memory for the keys.

For some strange reason, the NSA doesn't fully agree. In their authorization of AES for use in secured governmental communication, they require that Secret and Top Secret use 192 or 256 bit keys.

I agree that in practice it won't make a difference, but you can't blame em for the marketing advantage.

And THIS is why you should push the volatile solution. You have a group of nonvolatile cells. The work in reverse engineering is going to be a strong O(1) operation, as once it is done, it is simply a matter of delidding the chip, probing in the right places, and reading the results.

Compared with the volatile solution: you are probably going to need to do power or signal analysis on the encryption in action. Which means you are probably going to need to add probes to the power/ground pins, on a live board, without disrupting the power supply to the configuration loader (which can be made even harder by potting the FPGA with wires for the config voltage around it).

--
Nicholas C. Weaver                                 nweaver@cs.berkeley.edu
Reply to
Nicholas Weaver

Well, thats a side-channel attack on IMPLEMENTATIONS. Probably the best way to attack the Xilinx bitfile security is either power or EM (signal) analysis, or figuring out a weakness in the readback protection.

The best way to attack the Altera-marketed approach is just know-where-to-sand-and-drill.

--
Nicholas C. Weaver                                 nweaver@cs.berkeley.edu
Reply to
Nicholas Weaver

I am completely clueless about this but doesn't filtering your current consumption with some large metal/metal or any other type of on die capacitors in addition to hiding the processing with some uniformly distributed other power events make this very difficult ?

Reply to
mk

To throw a spanner in the works.. the code is only as good as the people ... if you really want to get the insides of the fpga ... go straight to the source... the money "invested" in cracking the code will probably buy one of the engineers who designed it :-)... you might even have some cash left over...

And for those that think this is illegal.... is cracking codes legal ?

Simon

Reply to
Simon Peacock

Probably, but is "very difficult" difficult enough? How much is your secret worth? If it's worth a lot then the bad guys will be willing to pay somebody a lot to work on the problem.

Don't forget that the people designing chips have to be able to debug them. There are tools and techniques designed for debugging chips that can be used for "debugging" secrets.

This comes up every year or two. I pull out these URLs:

formatting link
formatting link
Lots of pictures in the second one.

Those papers are from 1999. The technology has changed since them. I doubt if the general ideas are out of date.

--
The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
 Click to see the full signature
Reply to
Hal Murray

I once learned how to use an electron microscope to probe signals on a chip. Once you figure out where the volatile bits are stored, wouldn't it be a simple matter to read them out with an electron microscope? Just pop the lid and stick the board (assuming it is small enough) under the scope. Probe it with a very low beam current and you should be able to see which bits are powered and which bits are off.

--
Rick "rickman" Collins

rick.collins@XYarius.com
 Click to see the full signature
Reply to
rickman

Rick, don't forget, there are ten layers of metal above the transistors that store the key or the configuration... Peter A

Reply to
Peter Alfke

that

Reply to
Symon

And don't forget that the V4 is a flip-chip package, so you need to depackage and delid it without disrupting the power.

--
Nicholas C. Weaver.  to reply email to "nweaver" at the domain
icsi.berkeley.edu
Reply to
Nicholas Weaver

I don't need to see the transistors, just a signal that they control. That would be in the metal. It may be hard to sort out, but I am sure that is orders of magnitude easier than cracking the key by brute force.

Peter Alfke wrote:

--
Rick "rickman" Collins

rick.collins@XYarius.com
 Click to see the full signature
Reply to
rickman

However, those signals are still buried under 8 layers of metal, in a flip-chip package, with live SRAM cells.

In general, the best way is probably "Rubber Hose Cryptanalysis": Find someone at the company who knows the key and beat it out of him.

Second best is probably a power and/or EM singnal sidechannel analysis: you monitor the power and the EM emissions, and you have a boost in that you can probably guess a lot of the zeros (known information) based on the target design and its usage, so you have known plaintext/cyptertext pairs with an associated power and EM signature.

Somebody would have to DO it (no small feat) but that semes like the best way when dealing with volatile cells.

$100k + the challange of it (EG, release a challange board and "You get the key or the data in BlockRAM 0, you get $100k") and it would probably happen.

--
Nicholas C. Weaver.  to reply email to "nweaver" at the domain
icsi.berkeley.edu
Reply to
Nicholas Weaver

Nick,

Well, thanks for being the shill in the audience!

All,

It just so happens we do have a challenge board.

Email me directly if you are serious about trying to crack it.

The challenge is this: tell us the key, or tell us the unencrypted bitstream, or even a key part of the bitstream, or change the bitstream while still allowing the design to operate (ie add something to it - anything, even load some BRAM or change an IO strength - but it has to be something you intend to change! and can show you did (as we won't be able to tell either unless the effect is observable externally). Or, affect the TRNG in the configuration such that it generates numbers you want it to (ie non-random). I have set the challenges in the order of difficulty from most, to least (woth all of them being unbreakable based on our knowledge and experience.

You need to supply your own USB port (ie a personnal computer), and if you are serious, probably a JTAG cable to a system running our design environment (so you can play around).

If you lose the key (because you disconnected the battery and power), you can send the unit back to us, and we will rekey it only ONCE for you.

Unit is the size of a business card, with a USB port that powers it. There is JTAG access to the part(s) [eprom + fpga]. We supply pcb, and the schematic of the pcb.

There is no cash prize like Nick suggests, but I am sure the reputation of cracking it would bring in all the business you could handle.

Aust> >

Reply to
Austin Lesea

Please explain this. The outputs from the RAM cells never leave the lowest layer of metal?

--
Rick "rickman" Collins

rick.collins@XYarius.com
 Click to see the full signature
Reply to
rickman

The output of the encryptor's ram cells only go to the encryption engine itself, and if I was a paranoid designer, that would be a 2-3 layer metal design, with layers 4-9 on top of it with other stuff to make probing difficult.

I can't confirm, not knowing the design, but I'd lay good odds that the bitfile decryption engine is right next to the key storage, and that nothing really goes above layer 3, with layers 4-9 being used for other signals, power, ground, etc.

--
Nicholas C. Weaver.  to reply email to "nweaver" at the domain
icsi.berkeley.edu
Reply to
Nicholas Weaver

So does that make them invisble? You only need to probe the device with battery power, not main power. So everything that is not powered by the battery is at gnd potential. I would be willing to bet that you can still see between the top level runs.

--
Rick "rickman" Collins

rick.collins@XYarius.com
 Click to see the full signature
Reply to
rickman

The cells are static, so you can't track dynamic power which would make it easier. So you need to probe static signals buried under 4-8 layers of metal, without disrupting the battery power.

You could drill down, but that's going to be annoying, especially since if it were me, layer 3 & 4 would be a crisscrossing grid of battery power/gnd links (I don't know if they do that, but I would).

Frankly, it is probably going to be vastly easier to do a sidechannel analysis on encryptor power & EM signature, at least my gut thinks so, or drill down to the CONFIG wires and just read the config as its loaded, as the config info has to go everywhere.

--
Nicholas C. Weaver.  to reply email to "nweaver" at the domain
icsi.berkeley.edu
Reply to
Nicholas Weaver

I think you may not understand how em viewing of signals works. Signals with a positive voltage are bright and everything else is dim. The field of the positive tracks will attract electrons, even through the oxide and other metal. It is the field that is visualized, not the metal itself. Of course being deeply buried will make the field distorted, but I bet that would not obliterate the image enough that you can't distinguish the bits.

This might be a useful research topic. If the bounty were say, $10,000, it might result in a few people cracking it. I don't think many will bother testing the Xilinx chips security for a couple of hundred dollars.

--
Rick "rickman" Collins

rick.collins@XYarius.com
 Click to see the full signature
Reply to
rickman

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.