Authenticated encryption for FPGA bitstreams

FPGA bitstream encryption blocks theft of the design in the FPGA bitstream by preventing unauthorized copy and reverse engineering. By itself, encryption does not protect against tampering with the bitstream, so without additional capabilities, bitstream encryption cannot prevent the FPGA from executing an unauthorized bitstream. An unauthorized bitstream might be generated by trial and error to cause the FPGA to leak confidential data, including the decrypted bitstream. Strong authentication detects tampering with the bitstream, providing a root of trust that enables applications that require protection of sensitive data in a hostile environment. This paper describes the SHA HMAC-based bitstream authentication algorithm and protocol in Virtex-6 FPGAs and shows how they are integrated in the bitstream.