PUFiot Introduction

The high-security PUF-based crypto co-processor

PUFiot is a novel high-security crypto co-processor. Compared to traditional security SoC design (embedded HSM with secure core or discrete crypto components), PUFiot can provide a much easier to adopt hardware RoT with less vulnerability. As a result, PUFiot quickly improves the security level for any system without additional loading on the processor core or operating system.

The security boundary for PUFiot is quite robust, based on a physical separation of hardware, with less vulnerability than a software-only barrier. The on-board PUF is a naturally well-protected source of static entropy, suitable for SoC architects to build a system’s key hierarchy using established key generation and management procedures.  In addition, PUFiot’s crypto engines can perform a wide variety of secure operations, such as key exchange, secure booting or TLS (public key validation and signing), authentication (MAC), or key wrapping (again based on the natural randomness inherent to the PUF) and storing said wrapped keys to an external memory.


PUFiot is a high-security crypto co-processor that is built from the addition of five more blocks to PUFrt, for a total of nine main blocks:

  • PITC: PUFiot control APB I/F

  • DMA: direct memory access AXI4 I/F

  • PUFkeyst: a 4kb mass production OTP with built-in instant hardware encryption  

  • PUFuid: one set of hardware fingerprint with the ability to act as a unique private key, UID, or root key 

  • PUFtrng: a high-quality true random number generator 

  • KWP: key wrapping function, for export of keys for external use

  • PKC: public key co-processor, supporting all elliptic curve cryptography functions

  • Crypto: crypto engine collective, consisting of private key cipher, message authentication code, hash, and key derivation functions

  • Comprehensive anti-tamper circuitry and countermeasures


PUFiot can support:

  • Enhancing TEE security

  • Key processing and generation

  • Instant key wrapping or indirect key wrapping

  • Key hierarchy build and advanced management

  • Secure boot

  • Anti-cloning and asset protection by using local key encryption

  • TLS protocol

Block Diagram



Tech Spec


Product Brief Download 



Evaluation Kit

The PUFiot evaluation kit comprises a digital part (PUFsecurity’s RTL design in encrypted Verilog format) and an analog part (eMemory’s OTP/PUF behavioral model in Verilog format), user manual and simulation environment. The RTL portion of the design is available in two versions, one for SoC integration evaluation (Verilog simulation), and the other for synthesis and hardware evaluation (FPGA emulation).

With this evaluation kit, an SoC designer can experience the full functionality of PUFiot, allowing for the evaluation of adding a crypto co-processor at the front-end design stage. The PUFiot design includes a standard APB slave and AXI4 master interface, making it easy to plug into existing systems that support the APB/AXI4 bus standards. In addition, an API is available upon request to aid in the evaluation of all security functions when using an FPGA for PUFiot emulation.  Please refer to the integration and application notes for further details regarding FPGA emulation and API functions.




  • Datasheet  

  • Integration Note

  • Application Note (API)

  • Release Note 

Front-end model 

  • Verilog HDL File in RTL (Synthesizable in FPGA) 

  • Pre-built API / FW (.h.a.)

  • Test bench 

If you are interested in PUFiot, you are welcome to apply for the evaluation kit through our free evaluation program: IP GO! It is free to download now!