With LatticeECP3 bit stream encryption, there is another level of security which prevents another unauthorized encrypted bit stream from being used. This is because an encrypted bit stream will only work with an FPGA containing the same Encryption Key used to secure the bit stream.
The One Time Programmable (OTP) fuses in LatticeECP3 devices are utilized to enable and store the Key Code that is programmed by the user. The Key code is needed to permit the proper deciphering of the encrypted bit stream allowing the secure design to be programmed correctly.
An important point is that you cannot change or disable the encryption key once it is first programmed. It only allows for the device to be re-programmed without the security provided by encryption. Users can reprogram a device with a normal (un-encrypted) bit stream on devices that the encryption key has been programmed. Even if a device’s encryption key is inadvertently programmed, it does not render the device totally useless. The only means to reprogram the device is a secure manner will be to only use the secured encryption key that was previously programmed.