( ESNUG 598 Item 1 ) ------------------------------------------------------- [02/21/25]
Subject: Real Intent Sentry HW security sign-off is 12x faster vs. Jasper formal
The live DAC'24 Troublemakers Panel
Cooley: Prakash, you just announced -- which I gave a #2 on my Cheesy Must See List
for 2024 -- your Sentry tool. Real Intent Sentry. It's a security sign-off
tool that looks at all the different security holes going on inside your
chip design.
The big thing you were talking about was that Real Intent Sentry technology
is static sign-off and your competition uses formal verification.
Why should I care?
Prakash: Sentry is about hardware security sign off. Real Intent is a static
sign-off company -- which lets users "left shift" for all your verification
processes.
Similarly, our Sentry has been designed to enable "shift left" for your
security sign-off -- to make sure that your data transfer integrity is free
of any interference or leakage. The way our product works is that your
security architects and designers specify your rules -- and then at RTL level,
Sentry analyzes and points out potential security failures.
Prakash: Now we come to static sign-off. So, the competition that you mentioned
John...
Cooley: Which would be CDNS Jasper, SNPS VC formal, and Siemens OneSpin ...
Prakash: Basically, formal tools.
And formal tools are great because they can precisely either prove a problem
or precisely give you a counter example for the problem.
The only issue is formal is capacity limited to 2 or 3 million gates maximum.
With Sentry's static sign-off approach, we can process a 5 million gate
design in a couple minutes. And 100 million gate designs in a couple hours.
Now, the catch is that static sign off necessarily produces noise in the form
of false failures.
But you can hand waiver on those false failures, and then you have sign-off.
And in contrast -- if you run a 100 million gates on a formal tool [Jasper,
VC Formal, OneSpin] -- the formal tool will not finish in a year.
So, why not solve a problem that you are simply not able to solve today
early, but early -- and with some degree of reliability?
So that is the differentiating factor that's behind Sentry.
Cooley: Yeah, I did some math on it.
It was basically a 12x speed up difference between using a static approach
and a formal approach for 100 million gates. (3 weeks vs. 12 months.)
And I was like OK -- that's why for me Sentry was the #2 DAC'24 Must See.
I estimate it would take about a year for Cadence to do 100 million gates
on their formal Jasper tool.
Whereas Sentry does 100 M gates in 5 hours and then Sentry users have to do
an extra 3 weeks of false failures waivers.
Paul: It's the point that you know ... I think that this kind of static security
that Real Intent has ... I mean it's a great idea.
And of course if you if you find something with Sentry, right, that's a real
thing that the design team needs to go take a look at.
But if the Sentry tool run checks clean -- it doesn't guarantee that your
private keys are private.
Cooley: What do you mean it "checks clean"?
Paul: So, if you pass all the warnings ... if you pass the static checks.
Because there are certain things that you can only do with formal.
You're going to have to formally model check to prove that your
design is absolutely secure.
So I see static Sentry more as complimentary to our formal Jasper. It's
not like you can only do static and then not do the formal. But likewise,
if you do formal only, your point, Prakash, is valid -- it's going to be way
too high effort to find a bunch of things using formal only.
Cooley: Yes, you're saying that Herr Doctor Formal has to do it, too.
Paul: My view is you still need both ... and so I support what Real Intent Sentry
is doing -- but I think that kind of formal model checking security
path verification (aka Cadence Jasper) is still needed for sign-off.
Prakash: Paul, I'm sorry but I will have to disagree with you that formal model checking
is the only way to sign-off that a secure key cannot be accessed incorrectly
or improperly.
That's exactly what we do -- the reason why static sign off works is because
the onus on static sign-off approaches is that they cannot miss a problem.
That's the only way you can achieve sign-off. So even though static tools
are noisy, if they say that you do not miss a problem -- then once you have
dealt with the noise -- you have sign-off.
And how we do that at Real Intent is a secret sauce we have on our own.
We at Real Intent spent years developing customized technology to be able to
analyze chip verification problems and to be able to provide that assurance.
So yes, if your assumption was correct, your statement that you need both
static and formal model checking would have been correct.
But, no, we do stand behind our guarantee that if you use our static
sign-off Sentry correctly, that your design's secure keys will not be
accessed improperly. If you use Sentry, you do not need Jasper.
---- ---- ---- ---- ---- ---- ----
Related Articles
Real Intent low noise/multimode Meridian RDC gets the Best of 2020 #3a
Users choosing Meridian CDC over Spyglass CDC gets the Best of 2020 #3b
Real Intent Verix CDC true multimode analysis gets the Best of 2020 #3c
Ascent Lint "designer intent" and pre-submit gets the Best of EDA #3d
Real Intent smacks Synopsys CDC & RDC signoff as #3 "Best of 2018"
Real Intent trounces Synopsys Atrenta as the #6 "Best of" for 2017
Real Intent caught launching a "true" CDC linter under old name
Join
Index
Next->Item
|
|
