PUF-PQC Integrated with PUFrt to Solve PPA Challenge for SoCs
Hardware Root of Trust in the Quantum Computing Era: How PUF-PQC Solves PPA Challenges for SoCs
With the official release of NIST's post-quantum cryptography (PQC) standards—FIPS 203, FIPS 204, and FIPS 205—the semiconductor industry is facing one of its most significant security architectural shift since the RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography) era. While PQC offers defense against quantum computer attacks, its complex matrix operations and massive key sizes impose unprecedented challenges on SoC performance, power, and area (PPA).
How can designers find the balance between performance and cost? PUFsecurity introduces the PUF-PQC solution, built on a "modular thinking" approach. Through two distinct architectural strategies, we help customers navigate the post-quantum transition with ease.
Architecture option 1: PUF-PQC Engine – Ultra-Lightweight Pure Hardware Acceleration
If you are designing for IoT endpoint devices, smart cards, or low-cost MCUs, cost and area are undoubtedly your top priorities.
The PUF-PQC Engine is a pure hardware accelerator developed according to the design philosophy of “lean architecture”, returning instruction scheduling responsibilities to the host CPU. Furthermore, by employing multi-bank single-port SRAM and conflict-free scheduling technologies, we successfully maintain the high bandwidth required for Number Theoretic Transform (NTT) while minimizing memory area.
- Advantages: minimal IP area and configurable SRAM size, making it perfect for extremely cost-sensitive projects.
Architecture option 2: PUF-PQC Subsystem – A Secure Enclave Built for High Performance
For HPC, automotive electronics, or edge AI servers, freeing up the host processor's computing power is critical.
The PUF-PQC Subsystem operates as a secure enclave that aligns with architectural concepts of PSA certified levels 3 and 4. It integrates a dedicated RISC-V processor and firmware to achieve "full offloading." The host CPU only needs to send high-level instructions without intervening in complex mathematical operations. Additionally, its non-blocking operation prevents system stalling.
- Advantages: features crypto-agility, simplified software integration, and delivers optimal system performance.
The Source of Trust for PUF-PQC: Deep Integration with PUFrt
No matter how powerful the algorithm, security is compromised if the source of key generation, entropy source, lacks randomness.
The PUF-PQC solution deeply integrates the PUFrt Hardware Root of Trust, constructing a complete key generation chain:
- Inborn UDS (Unique Device Secret) as a chip fingerprint: leveraging process variations during manufacturing, NeoPUF creates a unique identifier that acts as the entropy foundation for all keys, ensuring they are unclonable.
- True Random Number Generation (TRNG) as a source for entropy: NIST SP 800-90B compliant TRNG generates high-quality entropy. These true random numbers are fed directly into the engine as seeds to generate ephemeral public/private key pairs.
- NeoFuse OTP (One-Time Programmable Memory) for secure storage:
Provides highly reliable non-volatile memory for secure storage of sensitive data and cryptographic material, establishing a complete and trusted chain of security.
This comprehensive integration ensures that every set of PQC keys possesses physical-level unpredictability and effectively mitigates the risk of side-channel attacks (SCA).
Conclusion
In the post-quantum era, no single standard fits all scenarios. Through the dual-track strategy of PUF-PQC Engine and PUF-PQC Subsystem, PUFsecurity ensures that whether you are aiming for cost-efficient endpoint devices or high-performance edge computing platforms, you can build a robust and compliant security defense.
Want to learn more details about PUF-PQC and its potential integration into your application? Check out our full white paper.