1993-09-28 - Verilog encryption broken

Header Data

From: Bruce R Koball <bkoball@well.sf.ca.us>
To: cypherpunks@toad.com
Message Hash: a7ff2a67b831f91d444a24e0001ba0ae5adb17deb5a10f10dbdde3612acd61e4
Message ID: <93Sep27.173714pdt.14125-3@well.sf.ca.us>
Reply To: N/A
UTC Datetime: 1993-09-28 00:41:21 UTC
Raw Date: Mon, 27 Sep 93 17:41:21 PDT

Raw message

From: Bruce R Koball <bkoball@well.sf.ca.us>
Date: Mon, 27 Sep 93 17:41:21 PDT
To: cypherpunks@toad.com
Subject: Verilog encryption broken
Message-ID: <93Sep27.173714pdt.14125-3@well.sf.ca.us>
MIME-Version: 1.0
Content-Type: text/plain


The following is an article that I posted in the EFF conf on the WELL.
Though it's written for non-tech readers, I thought it might be of 
interest to the cypherpunks. -- Bruce

--------
A recent anonymous posting in the comp.lang.verilog newsgroup on Usenet
has generated a raging controversey and threatens to shake up the
electronic design automation (EDA) community.  The posting was a program
that broke the encryption scheme used to protect the proprietary
libraries that are part of Cadence Design Systems high-end IC design
tool Verilog-XL.  Verilog is a sophisticated CAD tool that allows
engineers to design and simulate new chips before they are
manufacturered.

These libraries contain detailed descriptions of integrated circuit
building blocks (called cells) and are usually supplied by different
chip manufacturers in an encrypted format because their information
could be used to reverse engineer the proprietary cells and the chips
built with them.  Cadence also uses the encryption to prevent these
libraries from being used with lower-cost Verilog clones that are
available.

The anonymous poster claimed that he was doing this in protest of
Cadence's pricing policies.  The program was written in Perl, a Unix
scripting language, and contained Verilog encryption tables.  It
exploited debugging features that were left in Verilog by Cadence
programmers to break Verilog's rather simple encryption scheme.
Cadence's response on the net was swift and strongly worded:
 
> 
> Newsgroups: comp.lang.verilog
> From: robert@cadence.com (Robert Donohue)
> Subject: Cadence Official Position on Protected Code
> Organization: Cadence Design Systems, Inc.
> Date: Thu, 16 Sep 1993 00:11:36 GMT
> 
>   On September 14, 1993, someone posted on the 'Internet' a program
> relating to Cadence Design Systems Verilog technology.  This disclosure was
> unauthorized by Cadence and is illegal.  Any copying of the program or any
> use of it would be unlawful, subjecting the infringer to substantial civil
> and, potentially, criminal penalties.
> 
>   Cadence is investigating this unauthorized disclosure and copying, and
> will take all available legal actions against the person who made the
> disclosure when his or her identity is learned.  Any person or entity using
> such illegally posted code will also be the subject of the same legal
> action.  You should immediately destroy any copy you may have made of the
> program.  Anyone having information about the illegal posting should contact
> Robert Donohue, Cadence's General Counsel, at 'robert@cadence.com' or
> telephone (408) 944-7748 or fax at (408) 944-0215 in the United States.
> 
 
As might be expected, much heat has been generated in subsequent
net discussions. Several issues are at stake. There has been some
discussion over the legality of the posting and potential subsequent use
of the Perl script.  Cadence has apparently received heat from its users
for what some have perceived as its heavy-handed reaction. Some Verilog
users have complained that hacking on the libraries is sometimes
necessary because of the insufficient documentation of their contents.

Perhaps the most serious implication for the EDA community is the
apparent ease with which the protection of numerous ASIC vendor's
intellectual property was broached. The data contained in these
libraries are the "crown jewels" for these chip manufacturers and are
typically protected by non-disclosure agreements between the
manufacturers and their customers. There has been some mention of
liability on Cadence's part for any unauthorized disclosure that may
occur.

Finally, this incident will undoubtedly provide more ammunition for
those who have been criticising the growing phenomenon of anonymous
remailing services on the net.

--------

P.S. Does anyone on this list know if the offending post was made
through an anonymous remailer?  -brk







Thread