18

---

Encryption

---

Encryption allows you to protect your proprietary parameters, subcircuits, models, and netlists, and release your libraries to your customers without revealing sensitive information. Your customers can run simulations in the Spectre^® circuit simulator with the encrypted netlists – the Spectre circuit simulator does not print any data inside the encrypted blocks. Messages about the encrypted portions of your circuit are suppressed.

You can encrypt netlists that are in the Spectre and Berkeley SPICE formats.

You cannot use encryption if you are using the Spectre Compiled-Model Interface (CMI).

This chapter covers the following topics:

• “New key for Encryption”.
• “Encrypting a Netlist”
• “Encrypted Information During Simulation”.

New key for Encryption

Starting with the SPECTRE19.1 release, Spectre uses a new key (k -4) as default. You can use the k-3 option to invoke the old key. The following table lists the usage of the key in the SPECTRE18.1 ISR8 and SPECTRE19.1 releases.

Encrypting a Netlist

To encrypt a netlist,

1. Open the netlist you want to encrypt in a text editor.
2. Type PROTect above the data you want to protect. The capital letters indicate the shortest legal abbreviation, so you achieve the same affect by typing prote or protec for example.
3. Type UNPROTect after the last line of the data you want to protect. The capital letters indicate the shortest legal abbreviation, so you achieve the same affect by typing unprote or unprotec for example.
   You must use the protect and unprotect keywords in pairs.
4. Save the netlist.
5. In a terminal window, type
   

   spectre_encrypt [-i input_file] [-o output_file] [-all] [-key 1|2|3|4]

   where
   

   input_file	The path and name of the netlist to be encrypted. If you do not specify the input file, the netlist from standard input is encrypted.
   output_file	The path and name of a file to hold the encrypted netlist. The extension that you use for output_file must be the same extension used on input_file. If you do not specify the output file, the encrypted netlist is displayed as standard output in the terminal window.
   -all	Encrypts the entire netlist, ignoring the protect and unprotect keywords.
   -key	By default, the netlist encrypted in SPECTRE19.1 release onwards cannot be decrypted using earlier versions.

The Spectre circuit simulator uses the SSL CRYPTO library to encrypt your netlist.

The protect and unprotect keywords are replaced with pragma statements in the output netlist. The pragma statements contain important information about encryption such as the method used, the key name, and the beginning and end of the encrypted block. The Spectre circuit simulator uses this information while decrypting the netlist. Hence it is important that you do not modify any pragma statement or the encrypted text between the pragma statements in the output file.

What You can Encrypt

You can encrypt signals, netlist and subcircuit parameters, files, devices, and model cards. You can use multiple pairs of protect, unprotect to encrypt different portions of your netlist. The content inside the protect, unprotect block is encrypted and the content outside this block remains the same as the original netlist.

Encrypting a File

You can encrypt a file by adding protect at the beginning and unprotect at the end of the file.

Encrypting Subcircuits

As described in the following sections, you can encrypt an entire subcircuit, part of a subcircuit, or multiple subcircuit blocks.

Encrypting an Entire Subcircuit

To encrypt an entire subcircuit, place protect before the subckt and unprotect after the ends statement. This encrypts the subcircuit name as well as the I/O pins. Since the interfaces are not readable after encryption, Cadence recommends that you add some information on how the interface works outside the protected block so that your users can create Composer symbols for simulation.

All flattened primitive devices expanded from a protected subcircuit are also protected.

Example

* subckt name :inv, I/O pins:2 

* parameters wi, le

protect

subckt inv out in 

parameters wi=1u le=3u

mp1 mid in vd vd pmos w=wi l=le

mn1 mid in 0 0 nmos w=wi l=le

r1 mid out resistor r=2k

model pmos bsim3v3 type=p tnom=27.0 tox=2.9e-09

model nmos bsim3v3 type=n tnom=27.0 tox=2.8e-09

ends

unprotect

* subckt name :inv, I/O pins:2

* parameters wi, le

//pragma protect begin_protected

//pragma protect data_method   = AES

//pragma protect data_keyowner = Cadence Design Systems.

//pragma protect data_keyname  = CDS_KEY

//pragma protect data_keyversion = 4

//pragma protect data_block

fajdfejwrADFASDfdhfjadfahd

QERWfdjau77r42jagadfhjkuer

jdfejwrADFASDfdhfjad

jdfejwrADFASDfdhfjad

//pragma protect end_protected

* open latch module

subckt latch q qbar clk d

...

* open latch module

subckt latch q qbar clk d

Encrypting a Subcircuit without Interfaces

To encrypt the contents of a subcircuit leaving its name and I/O pins public, place protect after subckt and unprotect before ends.

Example

subckt inv out in

protect

parameters wi=1u le=3u

mp1 mid in vd vd pmos w=wi l=le

mn1 mid in 0 0 nmos w=wi l=le

r1 mid out resistor r=2k

model pmos bsim3v3 type=p tnom=27.0 tox=2.9e-09

model nmos bsim3v3 type=n tnom=27.0 tox=2.8e-09

unprotect

ends

subckt inv out in

//pragma protect begin_protected

//pragma protect data_method   = AES

//pragma protect data_keyowner = Cadence Design Systems.

//pragma protect data_keyname  = CDS_KEY

//pragma protect data_keyversion = 4

//pragma protect data_block

fajdfejwrADFASDfdhfjadfahd

QERWfdjau77r42jagadfhjkuer

//pragma protect end_protected

ends

* open latch module

subckt latch q qbar clk d

...

* open latch module

subckt latch q qbar clk d

Encrypting Portions of a Subcircuit or Multiple Subcircuits

You can use multiple pairs of protect and unprotect in a subcircuit to protect portions of it. See the example below.

Example

subckt inv out in 

parameters wi=1u le=3u

protect

mp1 mid in vd vd pmos w=wi l=le

mn1 mid in 0 0 nmos w=wi l=le

unprotect

r1 mid out resistor r=2k

protect

model pmos bsim3v3 type=p tnom=27.0 tox=2.9e-09

model nmos bsim3v3 type=n tnom=27.0 tox=2.8e-09

unprotect

ends inv

...

subckt inv out 

parameters wi=1u le=3u

global vd

//pragma protect begin_protected

//pragma protect data_method   = RC5

//pragma protect data_keyowner= Cadence Design Systems.

//pragma protect data_keyname  = CDS_KEY

//pragma protect data_block

QERWfdjau77r42jagadfhjkuer

//pragma protect end_protected

r1 mid out 2k

//pragma protect begin_protected

etu45j6jgfly5po765t8tnji5j5i76k

// pragma protect end_protected

ends inv

...

If you have multiple subcircuits in your netlist, you can encrypt them by using multiple pairs of protect and unprotect as shown in the example above.

Encrypting a Model Card

You can encrypt one or more model cards with a pair of protect and unprotect keywords. The keywords do not have to be within or outside the model card. Even if you encrypt only a portion of the model card, the entire model card is protected during simulation. In case there are no parameters within a protected block, the Spectre circuit simulator displays a warning message, but still encrypts the model card.

Example 1

In the following example, the encryption keywords are around the model card definition. The model name and all parameters are encrypted.

* The 1st model name is pmos, type is p

* The 2nd model name is nmos, type is n

subckt inv out in 

paramemters wi=lu le=3u

mp1 mid in vd vd pmos w=wi l-le

mn1 mid in 0 0 nmos w=wi l=le

ends inv

protect

model pmos bsim3v3 type=p tnom=27.0 tox=2.9e-09

model nmos bsim3v3 type=n tnom=27.0 tox=2.8e-09

unprotect

* The 1st model name is pmos, type is p

* The 2nd model name is nmos, type is n

subckt inv out in

parameters wi=1u le=3u

mp1 mid in vd vd pmos w=wi l=le

mn1 mid in 0 0 nmos w=wi l=le

ends inv

//pragma protect begin_protected

//pragma protect data_method   = AES

//pragma protect data_keyowner = Cadence Design Systems.

//pragma protect data_keyname  = CDS_KEY

//pragma protect data_keyversion = 4

//pragma protect data_block

QERWfdjau77r42jagadfhjkuer

//pragma protect end_protected

Example 2

In the following example, the protect keyword is within the model card definition, leaving a number of parameters outside the protection block. The model name and parameters outside the protection block remain public, but the whole model is protected for message and parameter output during simulation.

model pmos bsim3v3 type=p tnom=27.0 tox=2.9e-09

protect

Nch=2.498E+17 Tox=27.0 tox=2.9e-09 Xj=1.00000E-07

+Lint=9.36e-8 Wint=1.47e-7

+Vth0=.6322 K1=.756 K2=-3.83e-2

+Dvt2=-9.17e-2 Nlx=3.52291E-08

Dwg=-6.0E-09 Dwb=-3.56E-09

+Cit=1.622527E-04 Cdsc=-2.147181E-05

unprotect

model pmos bsim3v3 type=p tnom=27.0

tox=2.9e-09

//pragma protect begin_protected

//pragma protect data_method   = AES

//pragma protect data_keyowner = Cadence Design Systems.

//pragma protect data_keyname  = CDS_KEY

//pragma protect data_keyversion = 4

//pragma protect data_block

fajdfejwrADFASDfdhfjadfahd

//pragma protect end_protected

Encrypting an Include File

If there is an include file in the encrypted portion of your netlist, you must encrypt it separately.

Encrypted Information During Simulation

When you simulate an encrypted netlist, all warnings, error messages, and info statements about the encrypted portions of your netlist are suppressed.

The following sections describe how the Spectre circuit simulator handles the encrypted portions of your netlist.

Protected Device

A device is encrypted if any of the following conditions are met:

• It is a primitive and inside a protected block.
• It is an instance of a subcircuit. The instance is not in a protected block, but the subcircuit is protected. Here is an example:
  

  X1 in out INV

  subckt INV (in out)

  protect

  mp1 vdd in vdd pmos W=1.0e-6 L=1.0e-6

  mn1 out in 0 0 nmos W=1.0e-6 L=1.0e-6

  unprotect

  ends INV

  In the flattened netlist, devices X1/mp1 and X1/mn1 are protected.
• It is an instance of a subcircuit, and the instance is in a protected block. Whether the subcircuit is protected or not, all the flattened primitive devices from that hierarchical level are protected. An example is given below.
  

  protect

  X1 in out INV

  unprotect

  subckt INV (in out)

  mp1 vdd in vdd pmos W=1.0e-6 L=1.0e-6

  mn1 out in 0 0 nmos W=1.0e-6 L=1.0e-6

  ends INV

  In the flattened netlist, devices X1/mp1 and X1/mn1 are protected.

For a device meeting any of the above criteria, its name and instance parameters are protected. The instance parameters of a protected device cannot be modified through an alter statement, but the protected device can be replaced through an altergroup statement. Information about a protected device is filtered out in all analyses outputs.

Encrypted devices are not included in the circuit inventory.

Protected Node

A node contained exclusively within a protected block is protected, and its name and value is not displayed in the output file. If you request an ic file or restart a simulation, protected nodes are displayed in encrypted format in the ic, checking point, and restart output files.

Protected Global and Netlist Parameters

Global and netlist parameters defined inside a protected block are encrypted. However, you can alter or sweep a protected parameter. All device instance and model parameters dependent on the altered parameter are updated even if the device or model is protected.

Protected Subcircuit Parameters

Subcircuit parameters are protected if they appear exclusively within a protected block. All devices or model cards that refer to encrypted parameters must be in a protected block to protect the parameter values. If protected parameters are referred to by an unprotected device or model card, the parameter values are printed in the info statements for this device or model card.

You can alter or sweep a protected subcircuit parameter. All device instance and model parameters dependent on the altered parameter are updated even if the device or model is protected.

Protected Model Parameters

For a model card inside a protected block (where the protect keyword appears before the model statement), the model card and all model parameters are encrypted. If you place protect after the model definition and leave some parameters outside a protection block, only parameters inside the protection block are encrypted. During simulation, all parameters inside the model card are encrypted since encryption is done on the basis of the model card, not individual parameters. Warning messages and info statements for all model parameters and values of a protected model card are suppressed.

Even if the model name is protected, you can instantiate primitives using that model. You cannot alter or sweep protected model parameters, but you can replace a protected model through an altergroup statement.

Multiple Name Spaces

Names of parameters, subcicuits, models, and devices that appear exclusively within protected blocks are encrypted. However, identical names appearing outside the protected blocks are bound to their encrypted counterparts. Hence, Cadence recommends that you give unique names to the parameters, subcircuits, models, and devices you want to protect.

Displaying Messages Generated From an Encrypted Block

By default, messages generated from an encrypted block are not displayed in the Spectre log file. You can use the simulator visible=messages and simulator visible=none keywords to show or hide messages that are generated from an encrypted block.

Consider the following example:

simulator lang=spectre

parameters c1=1p c2=2p c10=c1+c2

parameters res=10k

protect

simulator visible=messages

r1 1 0 resistor r=res

simulator visible=none

c1 1 0 capacitor c=c10

unprotect

run dc

spectre2 options currents=all

In the above example, r1 and c1 are specified in a protected block and both have errors. However, because r1 has been specified using the keyword simulator visible=messsages, the message related to r1 will be displayed in the Spectre log file. On the other hand, the message related to c1 will not be displayed in the log file because it has been specified using the keyword simulator visible=none.