Share

Dispelling the Myths Surrounding Antifuse OTP

Jim Lipman
Sidense

Explore Sidense IP here

Over the past few years, embedded antifuse one-time programmable (OTP) memory has gained a lot of traction as the storage mechanism of choice in many digital and mixed-signal applications, often replacing more traditional non-volatile memory (NVM) technologies such at ROM, eFuse and Flash. Based on a programming mechanism that depends on the irreversible breakdown of a thin oxide region, antifuse OTP IP offers a secure, low-cost and field-programmable way of storing information on a chip.

Several vendors offer some type of antifuse OTP and, since all have their differences, this has led to a number of ‘myths’ about what antifuse OTP is and isn’t. It’s time to address each of these myths and set the record straight about this type of embedded OTP.

Statement

All antifuse OTP IP is pretty much the same.

It’s a Myth

This has as much validity as saying that all microprocessors are pretty much the same. While all antifuse OTP IP is used to store information – data or code – on a chip, how a particular antifuse OTP product does it is based on the skills of the memory designers, including bit-cell architecture, array layout and peripheral circuit design. Of the two basic antifuse-based OTP bit-cell architectures used in OTP macro products, only Sidense has commercially available memory products based on a 1T bit cell, which provides distinct size, reliability and security advantages over competitive 2T bit-cell OTP products.

Statement

Antifuse OTP programming using oxide breakdown is unreliable.

It’s a Myth

This goes back to the basic bit-cell architecture – 1T vs. 2T. With a 2T bit cell, programming the cell can result in the oxide breaking down in one of three regions: the transistor channel (1), from gate to LDD region (2), and from gate to Halo (leakage reduction) implant (3). Oxide breakdown to the channel is the desirable mechanism, since it results in a more uniform and tighter current distribution for the programmed bit cells in a macro. Breakdown to the LDD region produces a resistive path from gate to substrate and a low-Vt tail, resulting in a current spread across bit cells in the array. Breakdown to the Halo implant produces a high-Vt tail and results in a second peak of cell current for programmed cells. Thus the three regions in a 2T structure produce a multi-modal current spread for bit cells in a macro.

With Sidense 1T-Fuse™ bit cells, there are no LDD or Halo regions on the edges of the thin-oxide transistor and no Vt tails. Breakdown occurs only from gate to transistor channel and the resultant current flow for the macro’s bit cells is very uniform with a narrow spread. In addition, Sidense bit cells show very little dependence on temperature and process variability, which simplifies macro scaling to new process nodes and foundry portability.

Statement

Antifuse OTP is vulnerable to reverse engineering.

It’s a Myth

Another NVM IP vendor has claimed, in a white paper, that antifuse OTP bit-cell security can be comprised by de-processing (reverse engineering) and atomic force microscopy techniques. In order to use atomic force microscopy to analyze individual transistors, these transistors have to be isolated. In the case of Sidense OTP, there is no gate, source and drain on the bit-cell transistor, only a gate and drain. In addition, the polysilicon gate is common for many cells and the drain contact is shared. If you assume that each contact connects to one programmed cell, there is no difference between the programmed and un-programmed state that can be detected.

The oxide breakdown region in an antifuse OTP is very small – on the order of tens of angstroms in diameter. Once the oxide breaks down (i.e., the cell is programmed), it cannot be de-programmed. There are no floating gate regions on which charge can be detected or altered. On the other hand, floating gate NVM is susceptible to Level I (non‐invasive) attacks such as power or data stream analysis and Level II (semi‐invasive) attacks such as UV, microscopy, fault injection, voltage scanning or current scanning.

Statement

A single-transistor (1T) antifuse OTP bit cell violates foundry design rules and increases chip yield loss.

It’s a Myth

Since the Sidense 1T bit cell comprises two oxide thicknesses (IO and gate) under a single polysilicon gate, topologically the device looks like a thin and a thick oxide transistor abutted and Sidense’s OTP bit cell does violate some layout design rules. For normal chip designs, this would be a design rule violation. However, several memory architectures have layouts that result in design rule violations, so the foundries grant waivers that allow the violations to occur. DRC violations for memory cells are well understood and easily handled by the foundries, since they’ve been dealing with floating gate and other devices that also generate DRC violations for years.

We work with all the top-tier foundries and several IDMs in various process nodes from 180nm down to 40nm and in various process flavors (G, LP, HV) with both 3.3V and 2.5V IO oxide. We have not had a single case where the customer, foundry or IDM rejected the design or that the design would not work. We have used the same 1T bit-cell architecture scaled throughout all process nodes. A bonus is that cell leakage is lower in 1T-Fuse structures than in a 2T cell, due to elimination of the LDD region of the transistor.

Statement

Antifuse OTP has scaling and temperature limitations similar to those of floating-gate NVM.

It’s a Myth

Floating gate NVM bit cells detect charge stored on the floating gate to differentiate between a 1 and a 0. The amount of stored charge, measured by the number of stored electrons, decreases as process nodes scale down. Due to leakage, which accelerates with rising temperature, there is a lower limit on the process node for which embedded floating gate NVM is viable. This limit is one-to-two process generations behind the leading-edge process nodes at which antifuse OTP can be implemented. Memory technology based on charge injection and storage on an insulator or in the sidewalls around a transistor’s gate also has high temperature limitations similar to those seen by floating gate based memory.

Since antifuse-based OTP does not depend on charge storage to define a programmed cell, the programming is permanent and is not adversely affected by temperatures up to 125-150°C. Furthermore, with no dependence on foundry-specific source and drain engineering, Sidense’s 1T OTP macros are very portable between foundries and scalable to 28nm and beyond, significantly below the capability of embedded floating-gate NVM.

Statement

When used in an emulated multi-time programmable application (eMTP), antifuse OTP scales proportionally with the number of times data or code must be rewritten in the memory.

It’s a Myth

This was a statement made by a few-time-programmable NVM competitor in a recent white paper. The statement completely ignores the fact the OTP arrays comprise bit-cell arrays along with peripheral circuitry such as sense amplifiers, decoders, level shifters and sometimes charge pumps for programming. Yes, if for example, an eMTP application requires up to seven rewrites of an OTP’s contents, the number of OTP bits that must be made available is 8x that of the initial writing – that would increase the area of the bit-cell portion of the OTP array eight times. However, if the bit-cell array accounts for 40% of the total OTP IP block, then the size needed for the seven-times-rewritable OTP increased less than 4x. If the few-times-programmable array is 4x the size of the antifuse OTP array or larger (which is quite possible), then the silicon area needed for the OTP array with 7x rewrite capability is less than that of the few-times-programmable NVM block. Since the bit-cell size of a 1T-Fuse-base OTP macro is very small – slightly larger than a mask ROM bit cell – in most eMTP applications, Sidense OTP macros do not have a significant impact on the size of the chip in which they are embedded.

Explore Sidense IP here

About the Author

Jim Lipman

Jim is Director of Marketing at Sidense, a developer and provider of low-cost, reliable and highly secure non-volatile memory IP. Prior to Sidense, he held a variety of public relations and editorial positions including Vice President of Client Services at Cain Communications, Content Director at TechOnLine and ASIC and EDA Editor at EDN.

Jim also has held marketing and engineering positions at VLSI Technology, Hewlett-Packard and Texas Instruments. He received his BSEE and MSEE degrees from Carnegie-Mellon University and his Doctorate in Electrical Engineering from Southern Methodist University. He also has a MBA from Golden Gate University in San Francisco.