In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it. The information or data, referred to as plaintext, will be encrypted by a crypto algorithm to generate encrypted information, or so-called ciphertext. Protecting keys is critical to the whole system. Normally, the key encryption key (KEK) is used for protecting a cryptographic key.

PUFenc uses NeoPUF as the key for encryption. It extracts a NeoPUF value to generate the crypto engine key. On the other hand, only when the key is needed by the system can the value be extracted. This provides a more secure key for a crypto engine without using KEK. Moreover, PUFenc allows flexible choice of different key lengths for a crypto engine.

Secure inborn crypto engine keys with key length flexibility: PUFenc

For managing cryptographic keys, the most commonly used methods are storing keys in an external memory or inside an embedded hardware security module (HSM). This can separate keys and memory to reduce the chance of lost keys when a database is hacked. Moreover, this can provide additional flexibility for key management.

PUFenc is an on-chip cryptographic key for different types of security algorithms from NeoPUF. With NeoPUF, the crypto engines in different chips are equipped with unique keys to generate different ciphertext while inputting the same plaintext. Moreover, a cryptographic key is extracted only when the crypto engine requires it. NeoPUF's perfect reliability ensures the exact same key can be generated every single time. This can lower the risk of key exposure, which is common when NVM is used for key storage.