PUFkeygen Introduction

Hardware acceleration security solution with benefit of PUF


Key generation is the process of generating keys for cryptography.All security functions involve keys and crypto algorithms for encryption, decryption, authentication, signatures and secure storage. Modern cryptographic systems include symmetric-key algorithms such as DES and AES and asymmetric-key algorithms such as ECC. Keys can be categorized into many types such as private keys, public keys, symmetric keys, shared keys, master keys and root keys, to name a few.


PUFkeygen uses the characteristics of NeoPUF and a circuit design to achieve a key generation function. As part of the hardware root-of-trust, the keys derived from NeoPUF through PUFkeygen have the features of uniqueness and non-repudiation.


This can prevent the problems of key collisions or key tampering, which is common with other key-generation functions. PUFkeygen combines with unique identity generation to create a root key or a master key, a true random number generator as a nonce, a session key, keys for secure storage of encryption keys or a key wrapping function.

Hardware acceleration security solution with the benefit of PUF: PUFkeygen


Generally, keys can be divided into two types, symmetric and asymmetric keys. The generation of symmetric keys may be derived from a secret value. The secret value, together with other information such as UID, is input into a key-derivation function that outputs the required key(s). For asymmetric keys, a static key pair is generated by the entity that “owns” the key pair. In the case of a signature-verification system, a public key is further distributed accordingly.


PUFkeygen is IP for hardware acceleration-based symmetric key generation. It is a comprehensive solution that contains NeoPUF, PUF-based IPs and AES crypto algorithms to achieve key-generation functions and other applications. Derived from NeoPUF, the master or root keys are unique and non-repudiated, making them very trustworthy. PUFkeygen has multiple advantages derived from NeoPUF and PUF-based IPs, including ideal uniqueness for root key generation inside the chip; high-speed throughput for session keys or a nonce with efficient power consumption; injected shared key protection and more.


Compared with other key-generation methods, PUFkeygen only allows injection of a shared key, and all other keys are derived from NeoPUF or internally created by PUFtrng, PUFuid, so there’s no chance for keys to be leaked out to unauthorized users.


Moreover, with PUFtrng, high-quality session keys can be generated easily. Randomness is crucial for strong keys that are resilient to brute force attacks. PUFkeygen enhances the security level for key generation functions, impeding hacks into a system.


PUFkeygen provides a more efficient key-generation system with a hardware-accelerated crypto engine that minimizes CPU usage while supporting various interfaces such as APB, AHB, AXI.


This technique generates a unique secret inside a chip, which eliminates concerns of external key injection while also protecting the unique identity of the chip. It has high-speed throughput for session keys with lower power consumption. Furthermore, PUFkeyst can protect an injected shared key through NeoPUF entanglement. What’s more, PUFkeygen can be easily customized for different application scenarios and adopted into a customer’s existing designs, reducing time-to-market and lowering development costs.

Key Features

  • CPU usage is minimized, and the technology is compatible with various interfaces such as APB, AHB and AXI.

  • This solution strengthens the security of key generation functions, making hacks more difficult.

  • Key generation provides unique keys with high-speed throughput and efficient power consumption on a small portion of a chip.

  • The solution provides secure storage for injected secrets, eliminating the need for extra OTP.