Hello,
I am using ampcrypt to encrypt a design for a third party user, and have found that while the encrypted file cannot be viewed in Quartus, as plain text, or in the RTL viewer tool, when running analysis and synthesis, Quartus Prime Standard reports a message in the following format:
Info (12128): Elaborating entity "encrypted_entity_name" for hierarchy "full:encrypted|entity:hierarchy|with:all|module:names"
Is there any way to disable these messages, either through the encryption method or the license? To me, it seems like displaying the entire system hierarchy for an encrypted module somewhat defeats the purpose of encrypting (even though the full source is not available).
For completeness, I'd additionally appreciate any information I would need to ensure that any design details other than the top level encrypted module name and port interface is hidden from the user.
Thanks in advance!
链接已复制
Sorry for the wait. The Quartus tool development team is looking into this and plans to implement it in a future Quartus release (may subject to change based on priority/resources).
I am checking with them to see if there is a way to hide the elaboration message in the current Quartus Standard.
If that is not possible with the current quartus, I would suggest have a combination of a license agreement between the IP provider and their customer, and encrypting the IP to prevent IP theft.
Please keep in mind that any work involving our developer team may take some time, ranging from a few days to a few weeks, depending on the complexity of the issue.
Regards,
Richard Tan
Hi Richard,
Just to clarify, the IP source is already encrypted with ampcrypt, and while the design input text files are not readable, once the design is built, Quartus Standard 17.0 reveals the names of modules, signals, etc., in timing analyzer, signal top node finder, and even in the technology map viewer, which is definitely a concern. An end user being able to see the technology map view of the IP core would be able to get a good understanding of how the encrypted IP works even if they can't see/modify the source code.
Please let me know if there is anything I could be missing to prevent Quartus from revealing information from the encrypted files.
Thanks!
Yes, this is expected. For some encrypted IP cores, the ability to tap internal nodes is considered a feature, while for others, it is seen as a security vulnerability.
I believe this was discussed years ago, and a potential solution was considered—allowing IP providers to decide whether their signals could be tapped on a customer’s machine. However, due to the complexity and high development costs, this proposal was ultimately rejected or put on hold.
Unless there is a strong business justification, this is unlikely to change, especially for Quartus Standard, which is currently in maintenance mode.
I'm not sure if obfuscation would provide much protection. While it may add a layer of difficulty for reverse engineering, users would still be able to use SignalTap to extract some level of information.
Regards,
Richard Tan
