Asymmetric Key Encryption - 2021.1 English

Vivado Design Suite User Guide: Dynamic Function eXchange (UG909)
Document ID
UG909
Release Date
2022-02-25
Version
2021.1 English

There are some new applications that are not possible without Dynamic Function eXchange. A very secure method for protecting the FPGA configuration file can be architected when Dynamic Function eXchange and asymmetric cryptography are combined. (See Public-key cryptography for asymmetric cryptography details.)

In Asymmetric Key Encryption, the group of functions in the shaded box can be implemented within the physical package of the FPGA. The cleartext information and the private key never leave a well-protected container.

Figure 1. Asymmetric Key Encryption
Page-1 Sheet.8 Sheet.1 Public Key Public Key Sheet.2 Private Key Private Key Sheet.9 f f Sheet.12 Sheet.10 cleartext cleartext Sheet.11 Sheet.13 Sheet.14 ciphertext ciphertext Sheet.15 Sheet.16 f f Sheet.17 Sheet.18 cleartext cleartext Sheet.19 Standard Arrow.490 Standard Arrow.21 Standard Arrow.483 Standard Arrow.23 Standard Arrow.24 Sheet.25 Key Co-generation Key Co-generation Graphic ID: HW - Fig# only X12022 X12022 Sheet.4

In a real implementation of this design, the initial BIT file is an unencrypted design that does not contain any proprietary information. The initial design only contains the algorithm to generate the public-private key pair and the interface connections between the host, FPGA and ICAP.

After the initial BIT file is loaded, the FPGA generates the public-private key pair. The public key is sent to the host which uses it to encrypt a partial BIT file. The encrypted partial BIT file is downloaded to the FPGA where it is decrypted and sent to the ICAP to partially reconfigure the FPGA, as shown in Asymmetric Key Encryption.

Figure 2. Loading an Encrypted Partial Bit File

The partial BIT file could be the vast majority of the FPGA design with the logic in the static design consuming a very small percentage of the overall FPGA resources.

This scheme has several advantages:

  • The public-private key pair can be regenerated at any time. If a new configuration is downloaded from the host it can be encrypted with a different public key. If the FPGA is configured with the same partial BIT file, such as after a power-on reset, a different public key pair is used even though it is the same BIT file.
  • The private key is stored in SRAM. If the FPGA ever loses power the private key no longer exists.
  • Even if the system is stolen and the FPGA remains powered, it is extremely difficult to find the private key because it is stored in the general purpose FPGA programmable logic. It is not stored in a special register. You could manually locate each register bit that stores the private key in physically remote and unrelated regions.