UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Adventurer
Adventurer
946 Views
Registered: ‎01-09-2018

is the ASIC manufacture from .bit file possible?

Jump to solution

For copyright safety reasons a FPGA designer will only provide his clients with the .bit file that is then enough for the industrial applications. 

What if they then decide behind the back of the designer to simply manufacture an ASIC from that .bit file and not have to pay any money to buy FPGA's anymore and also not having to pay the design bureau.

Is it possible for a foundry to produce an ASIC from a .bit file?

 

If yes what do we need to do, I heard there are Packaging or Encryption tools for that purpose?

Any help appreciated tremendously

the FPGA is a forerunner to a totally new computing adventure
0 Kudos
1 Solution

Accepted Solutions
Adventurer
Adventurer
335 Views
Registered: ‎01-09-2018

Re: is the ASIC manufacture from .bit file possible?

Jump to solution

I found that Xilinx dione great work here:

https://www.xilinx.com/video/hardware/using-ip-encryption-vivado-design-suite.html

Creating a custom IP block as an encrypted IP core is possible in a way no one is throwing the key around so no one could intercept or pretend to want to use it but in fact just make copies or pass it on.

Its what they call the "embedded" way and they have a keyfile.v (see video in the link I provided above)

the process is done in a Tcl window (its like the Linux or DOS prompt) and the licence is free

that would stop people reverse engineer the IP to an ASIC because the key is embedded to the keyfile,

I just learned.

Was great to discuss here and I was really happy to then find the Xilinx video

Great job Xilinx!!

Remaining Question: for Intel/Altera users do they have a similar solution, to avoid the Hardcopy thing they have?

 

the FPGA is a forerunner to a totally new computing adventure
0 Kudos
7 Replies
Scholar u4223374
Scholar
936 Views
Registered: ‎04-26-2015

Re: is the ASIC manufacture from .bit file possible?

Jump to solution

I don't think it would be possible to build an ASIC from a .bit file. Even if you could, it would basically be an FPGA with all the settings hard-wired, and to use the same bitstream it'd have to be an exact clone of the original Xilinx FPGA with all the associated legal issues.

 

Altera has/had a product line called "HardCopy" which was exactly this - one of their standard FPGAs with the SRAM configuration memory replaced by mask ROM (as far as I know). Cheaper for very large quantities, but not reprogrammable.

 

You can encrypt the bitstream on Xilinx devices, which will make this sort of thing even harder.

 

With that said, I'm not sure why it matters from a designer's point of view. Whether the client gets the bitstream turned into an ASIC or just buys their FPGAs from Xilinx directly, the designer isn't getting any more money...

0 Kudos
Adventurer
Adventurer
746 Views
Registered: ‎01-09-2018

Re: is the ASIC manufacture from .bit file possible?

Jump to solution

"Altera has/had a product line called "HardCopy" which was exactly this - one of their standard FPGAs with the SRAM configuration memory replaced by mask ROM (as far as I know). Cheaper for very large quantities, but not reprogrammable."

so it is possible on Intel good I will not use Intel

If I understand properly we can encrypt the .bit into what. Is the encrypted file then given to the PROM as if it was a .bit?

It matter to protect yourself against theft because otherwise why do you think the synthesis process is not open source? It is a burden to progress but necessary to survive as corporation, hence any solutions suggested might help enhance the flow of technological process. Look at Xilinx and you got the reply, this company would have never existed if they did not protect what they do and have the pioneers heavily rewarded. Xilinx is a great company -

the FPGA is a forerunner to a totally new computing adventure
0 Kudos
Scholar u4223374
Scholar
710 Views
Registered: ‎04-26-2015

Re: is the ASIC manufacture from .bit file possible?

Jump to solution

@xlyns Sorry, I still don't see your point. Suppose you sell a company your .bit file for, say $10,000. They can then go and purchase 1,000,000 FPGAs from Xilinx and run that .bit file on all of them without giving you any more money. From your point of view, this is exactly the same as if they had just gone and had the bit file turned into an ASIC.

 

With the encrypted bitstream, you load that into PROM (just like a normal .bit file) and then program the decryption key into the FPGA's OTP memory (so it can decrypt the bitstream). However, if you're just a software company, this has exactly the same problem: after you've given the customer the encrypted bitstream and the decryption key, they can load 1,000,000 FPGAs with both of those without paying you anything extra.

 

One workaround is to sell hardware too. If you sell companies FPGAs that already have the decryption key loaded into OTP memory, then you don't need to tell them what the key is. If they ever want to use more FPGAs, they have to buy them from you with the key already loaded. However, this is obviously a pretty large change to the business model.

0 Kudos
574 Views
Registered: ‎01-08-2012

Re: is the ASIC manufacture from .bit file possible?

Jump to solution

Another way of protecting your IP is to include a secret cryptographic hash function inside your IP.  Your IP will also instantiate the DNA_PORT or DNA_PORTE2 block so that it can access the unique (or almost unique) serial number inside the FPGA.  This serial number gets hashed by your secret hash function inside your IP in the FPGA.  It compares the hashed value against a value (the "activation key") written into registers by your customer's software.  Your IP will refuse to function unless they match.

Since only you know the secret hash function, this means that your customer will need to ask you for the activation key for each FPGA they use.  (They will need to read out the unique serial number, which they can do over JTAG, and send that information to you.)

This is secure provided that:

  • the .bit file cannot be reverse engineered
  • JTAG is disabled so they can't debug your design
  • the hash algorithm is cryptographically strong
  • the hash algorithm implementation has no side channels that leak information
  • the hash algorithm is secret (i.e it relies on a key that never leaves your servers, and your servers never get hacked.)
  • the unique serial numbers in the FPGA are unique and can't be forged
  • the activation key contains enough bits so that collisions are impossible
  • the activation key contains enough bits (or the test slow enough) to make brute force attacks infeasible.

(Actually, I don't think any of those can be true.  But are you defending against an engineering company or the NSA?  Are there thousands of $ at stake, or billions?)

BTW, unless you are a cryptographer, you probably cannot make your own hash function that's actually secure and efficient.  But you can make an adequate secret hash out of an existing (publicly known but secure) hash function by hashing the combination of a long constant that only you know (i.e. the key) and the unique serial number.

0 Kudos
Adventurer
Adventurer
479 Views
Registered: ‎01-09-2018

Re: is the ASIC manufacture from .bit file possible?

Jump to solution
1.

can you synthesise a .bit that is only taking one small specified area and let someone else then use that so they can add it to their design like it was an IP (COREGEN/ISE  or  IP Catalog/Vivado)?

2.

The idea is to give something to others so they can add it to their design on FPGA but without letting others ASIC it.

3.

For the encrypt my objection is that to have the key in the FPGA you would need to use the .bit prior to decrypting it?

4.

Having a key or .bit is the same risk, may I suggest that Xilinx makes an encrypted .bit by default and the FPGA tools deal with it to put it in PROM - no risk from a key dangling around
the FPGA is a forerunner to a totally new computing adventure
0 Kudos
Scholar u4223374
Scholar
399 Views
Registered: ‎04-26-2015

Re: is the ASIC manufacture from .bit file possible?

Jump to solution

1. For this you need an encrypted IP core, not an encrypted bit file. A .bit file cannot be used as an IP core. However, I think that the end result will still be "shareable" (in that the .bit file will work on any Xilinx FPGA of the right type).

2. Still not seeing why it's fine for them to load it onto a million identical Xilinx FPGAs but not turn it into a million ASICs...

3. For an encrypted bitstream, you program the decryption key into the FPGA, then you program the encrypted bitstream into PROM. Having the key allows the FPGA to decrypt the bitstream. This does not apply to encrypted IP, as an encrypted IP does not necessarily generate an encrypted bitstream.

4. Can't see how that will work. Suppose Xilinx automatically encrypts all bitstreams. Then every Xilinx chip needs to have the same key already loaded so they can decrypt those bitstreams. Where is the advantage here? Anyone can still load that bitstream onto a million Xilinx FPGAs (since they can all decrypt the bitstream).

 

The whole point of the encrypted bitstream is that the developer can create a key for each FPGA which is known only to them - as soon as you give the same key to every FPGA it's a bit pointless.

0 Kudos
Adventurer
Adventurer
336 Views
Registered: ‎01-09-2018

Re: is the ASIC manufacture from .bit file possible?

Jump to solution

I found that Xilinx dione great work here:

https://www.xilinx.com/video/hardware/using-ip-encryption-vivado-design-suite.html

Creating a custom IP block as an encrypted IP core is possible in a way no one is throwing the key around so no one could intercept or pretend to want to use it but in fact just make copies or pass it on.

Its what they call the "embedded" way and they have a keyfile.v (see video in the link I provided above)

the process is done in a Tcl window (its like the Linux or DOS prompt) and the licence is free

that would stop people reverse engineer the IP to an ASIC because the key is embedded to the keyfile,

I just learned.

Was great to discuss here and I was really happy to then find the Xilinx video

Great job Xilinx!!

Remaining Question: for Intel/Altera users do they have a similar solution, to avoid the Hardcopy thing they have?

 

the FPGA is a forerunner to a totally new computing adventure
0 Kudos