synopsys p1735 proposals

Synopsys P1735 Proposals

Dave Graubart & Parminder GillNovember 1, 2010

• Problem Statement• Requirements• Proposals

• Plan: Between now and next meeting: collect feedback and contribute to Twiki

Agenda

• Interoperability needs not yet met– Rights management– More complex tool flows– EDA tool version control

• These are essential for Synopsys FPGA synthesis in first version of 1735

• We’re now prepared to make contributions

Problem Statement

More Complex Tool Flow

C or M

High level synthesis

RTL synthesis

Formal Verification

Simulation

Netlist

PlacedNetlist

Place & Route

1. Extensibility to any language2. Tool rights3. User rights4. IP creation tool5. Control of authorized tool versions

Requirements

• Support existing envelope for Verilog and VHDL

• Support envelope as header in any file– Useful for C, M (Matlab), Edif, SDC, and others

Requirement 1: Extensibility to any language

• Create rights/control block per key block– Plain text so end-user can view– Digest line that is tamper-proof and tightly

associated with IP– Each right can be conditional

• Narrow scope of public key: key for single tool or family of similar tools, not one key for a big EDA vendor

Requirement 2: Tool Rights

• Identical mechanism to Tool Rights• Use conditional syntax where condition

varies by user• Condition can be satisfied in multiple ways

such as– License requirement– Password– One-time activation– Arbitrary mechanism

Requirement 3: User Rights

• Lower barrier for IP author participation• Synopsys can contribute script that uses

OpenSSL to process:– Encryption envelope or source plus commands– Key repository

Requirement 4: Tool for IP Author

• Allow IP author to specify minimum version of tool– After security fix– After functional enhancement

• Avoid expensive introduction of new keys• Different than P1735 version

Requirement 5: Control of authorized tool versions

Details and Proposed Solutions

Encrypted Synthesis flow

Compile

Netlist

Compiler log messages

Mapper log messages

Log file

Technology view

RTL view

Graphical Views

Compile

Netlist

Mapper log messages

Log file

Technology view

RTL view

Graphical Views

Technology viewTechnology view

Mapper log messagesMapper log

messages

NetlistNetlist

RTL viewCompiler log messages

Netlist

Compile

Netlist

Mapper log messages

Log file

Technology view

RTL view

Graphical Views

Technology viewTechnology view

Mapper log messagesMapper log

messages

NetlistNetlist

RTL viewCompiler log messages

NetlistVisibilityLog Messages

Output Method

None, No-name,No-restriction

None, Interfaces,No-restriction

None, Encrypted,ObfuscatedPlain-text

Introducing Control Block

Key Block - Simulation User

Decryption Envelope (current)

Key Block - Synthesis User

Data Block

Introducing Control Block

Decryption Envelope (enhanced)

Data Block

Control Block - Synthesis User

Basic encryption

Encryption with fine grained controls

Enhancing Key Block

Session Key (for data-block)

Key Block – Synthesis User

Enhancing Key Block

Control Block – Synthesis User

Session Key (for control-block)

Enhancing Key Block

Key Block – Synthesis User B

Control Block – Synthesis User B

Key Block – Synthesis User A

Control Block – Synthesis User A

Separate Control block for each tool

Separate Control block session key

for each tool

Defining Control Block

Control Block

Control Line: Right=value

Control Line: Right=value, conditionControl Digest

Syntax Proposal – Key Block

`protect begin_protected`protect key_keyowner=“IP User”, key_method=“rsa”`protect encoding=(enctype=“base64”, …), key_block<session key>

`protect data_method=“des-cbc”`protect encoding=(enctype=“base64”, …), data_blockencoded encrypted IP`protect end_protected

encoded encrypted

Syntax Proposal – Key Block

`protect begin_protected`protect key_keyowner=“IP User”, key_method=“rsa”`protect encoding=(enctype=“base64”, …), key_blockdata-session-key=<session key>control-session-key=<control session key>

encoded encrypted

Syntax Proposal – Control Block

Decryption Envelope (re-spaced)

Syntax Proposal – Control Block

`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block`protect <right>=<value>`protect <right>=<value>, <conditions>`protect encoding=(enctype=“base64”, …), control_digestencoded encrypted control digest

Control Block – Internal Details

Data Block

Control Block

Control Line: Right=value

Control Line: Right=value, conditionControl Digest

Syntax Example – Control Block

`protect begin_protected`protect key_keyowner=“IP User”, key_method=“rsa”`protect encoding=(enctype=“base64”, …), key_blockdata-session-key=<session key>control-session-key=<new session key>

`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block`protect control_visibility=none`protect control_visibility=unrestricted, data_state=mapped`protect control_log_messages=noname`protect control_output_method=encrypted`protect control_output_method=plain-text, license=(…)`protect encoding=(enctype=“base64”, …), control_digestencoded encrypted control digest

Decryption Envelope (enhanced with examples)

Introducing Tool Version

Control Block – Synthesis User

Tool Version Synthesis User Tool with version older than this is not allowed to read this IP

Syntax – Tool Version

`protect begin_protected`protect key_keyowner=“IP User”, key_method=“rsa”`protect encoding=(enctype=“base64”, …), key_blockdata-session-key=<session key>control-session-key=<new session key>tool-version=<version number>`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block`protect control_visibility=none`protect control_visibility=full, data_state=mapped`protect control_log_messages=noname`protect control_output_method=obfuscated`protect control_output_method=plain-text, license=(…)`protect encoding=(enctype=“base64”, …), control_digestencoded encrypted control digest

Decryption Envelope (enhanced with examples)

Encryption Script (for IP Vendors)

IP Source FileVerilog sourceVHDL Source…

Key RepositoryIP User A = <Public Key>IP User B = <Public Key>

Encryption Tool/Script

Encrypted IP Source(Decryption Envelope)

Encryption Script – Enhancements(for non-HDL files)

IP Source FileC/EDIF sourceDesign constraints…

Key RepositoryIP User A = <Public Key>IP User B = <Public Key>

Encryption Tool/Script

IP Encryption Header`protect pragmas

Encrypted IP Source(Decryption Envelope)

Syntax Example – Encryption Header

`protect key_keyowner=“IP User”, key_method=“rsa”, key_block

`protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block`protect control_visibility=none`protect control_visibility=full, data_state=mapped`protect control_log_messages=noname`protect control_output_method=obfuscated`protect control_output_method=plain-text, license=(…)

`protect data_method=“des-cbc”, begin<IP Source File>.c`protect end

Encryption Header file

Optional. If present, ensures encryption header is linked to specified file only

Thank You

synopsys p1735 proposals

rightscontrol block

single tool

vhdlsupport envelope

encryption envelope

complex tool flowc

synopsys fpga synthesis

key blockplain text

support existing envelope

Documents

design compiler graphical - synopsys

rsoft products installation guide - synopsys · rsoft...

verification methodology manual for systemverilog...janick...

logic synthesis and synopsys design compiler demo

synopsys nit warangal nitw - foservice.com

lecture 3: synopsys simulator

continuous integration and test - synopsys

license administration guide - synopsys

date 2006 - synopsys

chip simulation of automotive ecus - synopsys

comparison: synopsys™ vs. zemax™

corporate overview for investors - synopsys

true random numbers for every soc - synopsys

commuter spending account online ordering platform -...

get smart with nb-iot - synopsys

automatic flow for library cell optimization with synopsys

synopsys™ (synthesis of optical systems)

physical synthesis tutorial -...

synopsys photonic solutions datasheet

© 2021 synopsys, inc. 1