encryption (encryption)

Description

Encryption enables you to protect your proprietary parameters, subcircuits, models, netlists, and release your libraries to your customers without revealing sensitive information.

1. Define Encryption blocks in the netlist
   Keywords (protect, unprotect) are used for defining an encryption block.The dot keywords are used in the context of the spice mode: .protect, .unprotect.protect, unprotect can be abbreviated to prot, unprot(or, .prot, .unprot in spice).
   If the whole file needs to be encrypted, one method is to put protect at the beginning of the file and unprotect at the end of the file. Alternatively,you can use the -all option of the spectre encrypt command.
   Examples of netlist with protected blocks:
   Example: Protection of subckts

   protect

   subckt sub1 ( ... ) 

   ....

   ends sub1

   subckt sub2 ( ... )

   .....

   ends sub2

   unprotect

2. Encrypt the netlist
   spectre_encrypt is a standalone encryptor, and is used as follows:

   spectre_encrypt [-i input_file] [-o output_file] [-all] 

   where
   [-i Input_file]: Netlist to be encrypted
   [-o output _file]: Output file of the encrypted netlist
   [-all]: The whole file will be encrypted in the input netlist
   
   You can separately encrypt the include files or the library files in the netlist. Spectre encryptor does not encrypt the included files automatically.
3. Simulate the encrypted netlist
   There is no difference in how you run Spectre on an encrypted or unencrypted netlist. Spectre automatically decrypts an encrypted netlist.
   For encrypted netlists, Spectre turns on the protection for devices, models, signals, and parameters in the encrypted blocks. Any error or warning messages and the outputs from the protected information is suppressed or filtered out.
   The following list describes how protection is implemented:
   • Circuit inventory does not include encrypted parts.
   • The info command suppresses all information on encrypted parts.
   • Errors on encrypted parts are reported as:
     

     Error has occurred within the encrypted block (no details are given).

   • If a portion of the model is encrypted, the entire model is encrypted.
   • Any command that references the protected elements results in an error message reporting that those elements do not exist.
   • Protected device and model parameters cannot be altered directly through alter. However, if they depend on other alterable parameters, protected parameters are recalculated. Protected devices and models can be replaced in the altergroup.
   • Protected nodes are output in an encrypted format when the ic file is requested (similarly, for nodes in checking point and restart).
   • The encryption feature is not available in models using CMI 2.0.
4. Output operating points on protected devices
   By default, all information about the protected devices is suppressed and is not visible. However, IP providers have the control to expose the operating points of the protected devices to the end users for back annotation.
   Keywords (visible, invisible) or (.visible, .invisible) in the spice netlist content are defined to expose the operating points of encrypted devices.
   The operating point of the protected devices between visible and invisible is not suppressed by adding what=oppoints to the visible statement.
   For example:

   prot

   x1 n1 n2 n3 n4  nmos

   visible what=oppoints 

   x2  n5 n6 n7 n8  nmos

   x3  n9 n10 n10 n8 pmos

   invisible 

   X4   n11 n12 n13 n13 pmos

   unprot

For more information, refer to the Encryption chapter in Spectre Classic Simulator, Spectre APS, Spectre X, and Spectre XPS User Guide.