PUFiot Introduction

The high-security PUF-based crypto co-processor

PUFiot is a novel high-security crypto co-processor. Compared to traditional security SoC design (embedded HSM with secure core or discrete crypto components), PUFiot can provide a much easier to adopt hardware RoT with less vulnerability. As a result PUFiot quickly improves the security level for any system without additional loading on the processor core or operating system.

The security boundary for PUFiot is quite robust, based on a physical separation of hardware, with less vulnerability than a software-only barrier. The on-board PUF is a naturally well-protected source of static entropy, suitable for SoC architects to build a system’s key hierarchy using established key generation and management procedures.  In addition, PUFiot’s crypto engines can perform a wide variety of secure operations, such as key exchange, secure booting or TLS (public key validation and signing), authentication (MAC), or key wrapping (again based on the natural randomness inherent to the PUF) and storing said wrapped keys to an external memory.


PUFiot is a high-security crypto co-processor that is built from the addition of five more blocks to PUFrt, for a total of nine main blocks:

  • PITC: PUFiot control APB I/F

  • DMA: direct memory access AXI4 I/F

  • PUFkeyst: a 4kb mass production OTP with built-in instant hardware encryption  

  • PUFuid: one set of hardware fingerprint with the ability to act as a unique private key, UID, or root key 

  • PUFtrng: a high-quality true random number generator 

  • KWP: key wrapping function, for export of keys for external use

  • PKC: public key co-processor, supporting all elliptic curve cryptography functions

  • Crypto: crypto engine collective, consisting of private key cipher, message authentication code, hash, and key derivation functions

  • Comprehensive anti-tamper circuitry and countermeasures


PUFiot can support:

  • Enhancing TEE security

  • Key processing and generation

  • Instant key wrapping or indirect key wrapping

  • Key hierarchy build and advanced management

  • Secure boot

  • Anti-cloning and asset protection by using local key encryption

  • TLS protocol

Block Diagram



Tech Spec

Product Brief Download 



Evaluation Kit


If you are interested in PUFiot, you are welcome to apply for the evaluation kit through our open source program: IP Go! It is free to download now!

© 2019 PUFsecurity  All Rights Reserved