Inferensys

Glossary

Device Identifier Composition Engine (DICE)

A hardware security standard that layers boot state measurements into a compound device identifier, enabling secure key derivation and attestation without requiring a full TPM.
Modern WeWork hardware lab area with product team collaborating around AI device prototypes, 3D printer in background, dramatic industrial lighting with product sketches on glass walls.
HARDWARE ROOT OF TRUST

What is Device Identifier Composition Engine (DICE)?

A hardware security standard that layers boot state measurements into a compound device identifier, enabling secure key derivation and attestation without requiring a full TPM.

The Device Identifier Composition Engine (DICE) is a hardware security standard that cryptographically combines a device's unique immutable secret with measurements of each successive layer of boot firmware and software. This layered hashing process generates a Compound Device Identifier (CDI), which uniquely represents the device's identity and its precise software state at any given moment.

Unlike a traditional Trusted Platform Module (TPM), DICE operates without dedicated security silicon, instead embedding the root of trust directly into the boot sequence. This enables lightweight remote attestation and secure key derivation for constrained IoT devices, ensuring that any unauthorized modification to the boot chain automatically produces a different cryptographic identity, thereby preventing access to sealed secrets.

HARDWARE-ROOTED IDENTITY

Key Features of DICE

The Device Identifier Composition Engine (DICE) establishes a cryptographically verifiable identity rooted in immutable hardware, enabling layered attestation without the cost or complexity of a discrete TPM.

01

Layered Boot Attestation

DICE creates a compound device identifier (CDI) by chaining measurements from each stage of the boot sequence. If any firmware or software component is modified, the derived CDI changes cryptographically.

  • First mutable code measures the next layer before execution
  • Each layer receives a unique identity secret based on the previous layer's measurement
  • A compromised bootloader automatically results in a different cryptographic identity
  • Enables remote verifiers to detect tampering by validating the CDI against a known-good value
02

Unique Device Secret (UDS)

The UDS is a statistically unique, non-extractable entropy value fused into the silicon during manufacturing. It serves as the root of trust for all subsequent key derivation.

  • Injected via physical unclonable function (PUF) or factory provisioning
  • Never directly accessible to firmware or software
  • Combined with the first mutable code measurement to derive the CDI
  • Provides hardware-bound identity without requiring stored keys in non-volatile memory
03

Symmetric Key Derivation Architecture

DICE uses HMAC-based key derivation functions (HKDF) to generate cryptographic keys deterministically from the CDI. This eliminates the need for key storage and enables on-demand key generation.

  • Keys are derived, not stored — they exist only when needed
  • Different keys for different purposes: attestation, sealing, identification
  • Forward secrecy is inherent: a compromised layer cannot derive keys for previous layers
  • Compatible with NIST SP 800-108 key derivation standards
04

TPM-Free Attestation

DICE provides hardware-rooted attestation without requiring a discrete Trusted Platform Module. This makes it ideal for cost-constrained, power-sensitive, and space-limited embedded devices.

  • Implements attestation in firmware using existing hardware capabilities
  • Reduces bill of materials (BOM) cost by eliminating dedicated security chips
  • Suitable for microcontrollers and IoT devices with minimal silicon area
  • Adopted by the Trusted Computing Group (TCG) as the DICE Architecture specification
05

Certificate-Based Identity

DICE enables the creation of device identity certificates anchored to the hardware root of trust. Each device can generate a self-signed certificate or a certificate signing request (CSR) tied to its unique CDI.

  • Supports X.509 certificate enrollment for enterprise PKI integration
  • Enables mutual TLS (mTLS) with hardware-bound client certificates
  • Device identity persists across reboots but changes if firmware is tampered with
  • Aligns with IEEE 802.1AR secure device identity standards
06

Recovery and Resilience

DICE defines a recovery policy that allows a device to restore a known-good state after a failed update or detected compromise. The architecture supports measured, verifiable rollback.

  • Recovery image is measured and attested before execution
  • Failed updates produce a different CDI, alerting verifiers to the change
  • Supports A/B boot partitions with cryptographically verified fallback
  • Prevents rollback attacks by binding version information into the measurement chain
HARDWARE IDENTITY COMPARISON

DICE vs. TPM: Key Differences

Comparing the Device Identifier Composition Engine (DICE) standard with a discrete Trusted Platform Module (TPM) across critical dimensions for IoT and embedded attestation.

FeatureDICEDiscrete TPMSoftware TPM (fTPM)

Hardware Cost

$0 (uses existing flash)

$2-5 per unit

$0 (uses CPU trusted zone)

Boot Time Impact

< 1 ms

50-200 ms

10-50 ms

Physical Attack Resistance

Remote Attestation Support

Sealed Storage for Keys

Layered Boot Measurement

Silicon Footprint

< 1 KB ROM

~1-2 mm² die area

~100 KB SRAM

Standardized API

DICE Layering Architecture (TCG)

TPM 2.0 (ISO/IEC 11889)

TPM 2.0 (ISO/IEC 11889)

DICE ARCHITECTURE

Frequently Asked Questions

Explore the foundational concepts of the Device Identifier Composition Engine (DICE), a hardware security standard that layers boot state measurements into a compound device identifier for secure key derivation and attestation.

The Device Identifier Composition Engine (DICE) is a hardware security standard defined by the Trusted Computing Group (TCG) that creates a cryptographically strong, layered device identity without requiring a full Trusted Platform Module (TPM). It works by breaking the boot process into discrete layers, where each layer receives a Unique Device Secret (UDS) fused into the silicon during manufacturing. The first boot layer combines the UDS with a hash of the next layer's code to derive a Compound Device Identifier (CDI). This CDI is then passed to the next layer, which repeats the process, mixing in its own code measurement. This chaining mechanism ensures that if any firmware or software component is modified, the final device identity changes, making it impossible to access sealed secrets. DICE is lightweight, requiring only a small amount of ROM and cryptographic logic, making it ideal for resource-constrained microcontrollers and IoT devices where a full TPM is cost-prohibitive.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.