Challenge: Keeping Secrets Secret

IoT device makers need a way to protect keys and other secret material by encrypting or wrapping them with other keys. But how to protect the root key? How to keep secret keys secret?

Solution: SRAM PUF-based Key Vault

No unencrypted secrets stored on chip

  • Secret data and secret (user) keys are protected/wrapped with a root key that is not stored
  • SRAM PUF does not leak information about the root key

Root key is generated from SRAM PUF when needed

  • By using Synopsys IP, the SRAM PUF on the device is turned into a device-unique PUF root key
  • From this PUF root key, other keys, such as AES encryption keys, can be created
  • When secrets need to be unwrapped, the unwrapping key is regenerated from the SRAM PUF and Synopsys IP

Resources