Bastionchip silicon in evaluation — now accepting qualified partner requests. Request Eval Kit →
Technology

Silicon Architecture

Chip block diagram, tamper-mesh topology, Physical Unclonable Function entropy, and hardware key isolation — the layers that make Bastionchip a genuine root of trust.

<1 nsZeroize response
256-bitPUF root key
Block Diagram

Full chip architecture

The Bastionchip die integrates all security-relevant silicon blocks into a single package. No external bus exposure of key material.

Bastionchip silicon block diagram showing tamper mesh overlay, PUF cell array, crypto engine, key vault, and interface controller with labeled interconnects
Crypto Engine
AES-256-GCM, ECDSA P-384, SHA-3/512, Kyber-768. All operations in isolated silicon — no firmware-accessible key registers.
Tamper Mesh
Active metal mesh overlaid on all sensitive logic. Continuous integrity monitoring. Triggers zeroize on detect.
PUF Array
Physical Unclonable Function derives 256-bit device root key from silicon variation. No factory key injection required.
Key Vault
Isolated key storage accessible only through the crypto engine command interface. Zero external bus visibility.
Tamper Mesh

Active detection, not passive marking

Bastionchip's tamper mesh is not a passive security seal. It is an active metal structure continuously monitored for integrity. Any attempt to probe, delayer, or inject power is detected in hardware without requiring an external stimulus.

  • Sub-nanosecond zeroize. Key material erased from all storage elements in under 1 ns after tamper detection.
  • Cryptographic tamper log. Every tamper event is signed and stored in a hardware log readable by authorized auditors.
  • Always-armed. Mesh monitoring operates even at minimum power levels. No window of vulnerability during power transitions.
  • Side-channel hardening. RTL-level countermeasures against timing analysis, power analysis, and electromagnetic side-channel attacks.
Tamper Response Sequence
t=0 ns Mesh continuity break detected
<0.5 ns Zeroize signal asserted to Key Vault
<1 ns All key registers cleared
<2 ns Event signed and written to tamper log
DONE Device reports tamper state to host
PUF Characteristics
Uniqueness50% ± 2%
Reliability (0–85°C)>99.9%
Entropy (NIST SP 800-90B)256 bits
Bit error rate (worst-case)<0.1%
Physical Unclonable Function

Device identity from silicon randomness

Each Bastionchip die contains a PUF cell array that exploits manufacturing variation at the transistor level to derive a unique, reproducible device key. The key cannot be extracted from the die, cannot be cloned, and is never stored persistently.

Because no factory key injection is required, the Bastionchip supply chain has no key-injection attack surface. The device identity is created the first time the chip powers on, using entropy that exists nowhere else in the universe.

View full PUF specifications

Technical architecture review

NDA-gated architecture deep-dive available for qualified cloud, financial, and defense security teams. Full RTL architecture documentation on request.

Schedule Technical Briefing Full Specifications