Proof-Carrying Hardware Intellectual Property: A Pathway to Trusted Module Acquisition

We present a novel framework for facilitating the acquisition of provably trustworthy hardware intellectual property (IP). The proposed framework draws upon research in the field of proof-carrying code (PCC) to allow for formal yet computationally straightforward validation of security-related properties by the IP consumer. These security-related properties, agreed upon a priori by the IP vendor and consumer and codified in a temporal logic, outline the boundaries of trusted operation, without necessarily specifying the exact IP functionality. A formal proof of these properties is then crafted by the vendor and presented to the consumer alongside the hardware IP. The consumer, in turn, can easily and automatically check the correctness of the proof and, thereby, validate compliance of the hardware IP with the agreed-upon properties. We implement the proposed framework using a synthesizable subset of Verilog and a series of pertinent definitions in the Coq theorem-proving language. Finally, we demonstrate the application of this framework on a simple IP acquisition scenario, including specification of security-related properties, Verilog code for two alter- native circuit implementations, as well as proofs of their security compliance.