Platform Architecture
OpenForge EDA is a cloud-native electronic design automation platform built on open-source foundations, specifically optimized for post-quantum cryptographic hardware development. This document describes the platform's layered architecture, from the user-facing orchestration interfaces down through the verification engine pods and data storage layer.
Architecture Overview #
The platform is organized into four horizontal layers. User requests enter through the Orchestration Layer, are scheduled by the Job Scheduler, dispatched to specialized Verification Engine Pods, and results are persisted in the Data & Results Layer.
Verifier
Simulator
Analyzer
Checker
Resilience
Contracts
Validator
Verifier
Orchestration Layer #
The Orchestration Layer provides four interfaces for interacting with OpenForge. All four interfaces communicate with the same backend API and job scheduler, ensuring consistent behavior regardless of access method.
Web UI (React + TypeScript)
The Web UI is a single-page application built with React, TypeScript, and Tailwind CSS. It integrates the Monaco Editor (the same editor powering VS Code) for in-browser RTL editing with SystemVerilog syntax highlighting and openforge.yaml schema validation. The waveform viewer renders VCD/FST traces using WebGL for high-performance display of large simulation runs.
| Component | Technology | Purpose |
|---|---|---|
| Editor | Monaco Editor | RTL source editing with SV syntax, linting, autocomplete |
| Waveform Viewer | WebGL canvas | VCD/FST trace rendering with pan/zoom/search |
| Coverage Maps | D3.js heatmaps | Per-file/per-line coverage overlaid on source code |
| Crypto Dashboard | Recharts + custom | TVLA plots, taint flow graphs, FIPS checklists |
| Job Monitor | WebSocket stream | Real-time log output and progress for running jobs |
REST API (FastAPI)
The REST API is the backbone of OpenForge. Built with FastAPI (Python), it provides full CRUD operations for projects, job submission and monitoring, result retrieval, webhook registration for CI/CD event notifications, and OpenAPI/Swagger documentation auto-generated from type annotations. Internal service communication between pods uses gRPC for performance-critical paths.
CLI Tool (Python)
The openforge CLI is a Python package distributed via pip. It wraps the REST API for terminal-based workflows and adds local-only capabilities like running verification directly on the host machine without the server infrastructure. The CLI supports both local and remote execution modes. See the CLI Reference for the full command catalog.
CI/CD Hooks
OpenForge provides native integration with GitHub Actions, GitLab CI, Jenkins, and Azure DevOps. CI/CD hooks trigger verification runs on push, pull request, or scheduled events. Results are reported back as check statuses, PR comments, and SARIF security findings. See the CI/CD Integration Guide for setup details.
Job Scheduler & Workflow Engine #
The Job Scheduler receives verification requests from the Orchestration Layer and dispatches them to the appropriate Verification Engine Pods. OpenForge supports three scheduling backends depending on deployment scale:
| Backend | Scale | Best For |
|---|---|---|
| Celery + Redis | Single machine to small cluster | Docker Compose deployments, development, small teams. Redis serves as both the message broker and result backend. |
| Kubernetes Jobs | Medium to large cluster | Production cloud deployments. Each verification task runs as a Kubernetes Job with resource requests/limits. HPA auto-scales worker pods based on queue depth. |
| Apache Airflow | Complex multi-stage pipelines | Enterprise deployments requiring DAG-based workflow orchestration, dependency management, retry policies, and SLA monitoring. |
Workflow Execution Model
A full verification run executes as a directed acyclic graph (DAG) of tasks. The scheduler respects dependencies — formal verification can start only after synthesis completes, but simulation and linting run in parallel from the start. The crypto security checks run in parallel with each other but depend on simulation completing first (to collect power traces for the side-channel simulator).
# Simplified workflow DAG for a full verification run
┌───────────â”
│ Lint │───────────────────────────────────────â”
└─────┬─────┘ │
│ (parallel) │
┌─────▼─────┠┌──────────────┠│
│Simulation │────▶│ Power Traces │──┠│
└─────┬─────┘ └──────────────┘ │ │
│ │ │
│ ┌──────────────┠┌─────▼──────┠│
│ │ CT Verifier │ │ SCA Sim │ │
│ └──────────────┘ └────────────┘ │
│ ┌──────────────┠┌────────────┠│
│ │ NTT Validate │ │ FIPS Check │ │
│ └──────────────┘ └────────────┘ │
│ ┌──────────────┠│
│ │Entropy Check │ │
│ └──────────────┘ │
│ │
┌─────▼─────┠┌────────────┠│
│ Synthesis │────▶│ Timing/STA │ │
└───────────┘ └──────┬─────┘ │
│ │
┌──────▼──────┠│
│ Aggregate │◀──────────────────┘
│ Results │
└─────────────┘Task Isolation
Each verification task runs in its own container with isolated filesystem, memory, and CPU allocation. This ensures that a runaway formal verification engine cannot starve simulation jobs, and provides multi-tenant isolation when multiple users share a cluster. The container images are pre-built with all required tools and pinned to specific versions for reproducibility.
Simulation Pod #
The Simulation Pod handles functional verification through simulation. It integrates five open-source tools, with Dyber extensions to Verilator for power trace instrumentation and taint tracking.
| Tool | Function | License | OpenForge Extensions |
|---|---|---|---|
| Verilator 5.028 | High-speed Verilog/SystemVerilog simulation (compiles to C++) | LGPL | Power trace instrumentation, taint tracking, SAIF export |
| Icarus Verilog | Event-driven Verilog simulation | GPL | Standard integration (fallback for non-synthesizable constructs) |
| GHDL | VHDL simulation and synthesis | GPL | Mixed-language co-simulation with Verilator via VPI |
| Cocotb 1.9.1 | Python-based testbench framework | BSD | NIST ACVP vector loader, reference comparison, power trace collection |
| PyVSC | Constrained random stimulus & functional coverage | Apache | Crypto-specific coverage models (algorithm coverage, key size coverage) |
The primary simulation flow uses Verilator for speed — it compiles RTL to optimized C++ that runs 10-100x faster than event-driven simulators. OpenForge adds a --power-trace flag that instruments the compiled model to record Hamming weight and Hamming distance per signal per clock cycle, generating the power traces used by the Side-Channel Simulator. The --taint-track flag propagates secret annotations through the dataflow graph at compile time to detect constant-time violations statically.
Formal Verification Pod #
The Formal Pod provides exhaustive property checking — proving that assertions hold for all possible inputs, not just the ones tested in simulation.
| Tool | Function | License | OpenForge Extensions |
|---|---|---|---|
| SymbiYosys | Formal property checking frontend | ISC | Crypto property library, automated assertion insertion |
| Yosys 0.42 | RTL synthesis for formal backends | ISC | Automated crypto assertion pass, FIPS compliance check pass |
| Z3 4.13.0 | SMT solver (bounded model checking) | MIT | Standard integration |
| Bitwuzla | SMT solver (optimized for bitvectors) | MIT | Preferred for NTT modular arithmetic properties |
| ABC | Logic synthesis & equivalence checking | BSD | PDR engine for unbounded proofs |
| Netgen | LVS (Layout vs. Schematic) | BSD | Post-synthesis equivalence checking |
OpenForge ships the Cryptographic Property Library — a collection of pre-written SVA (SystemVerilog Assertion) templates for common cryptographic verification patterns. These include constant-time execution properties, key handling properties (zeroization, isolation, write control), FSM integrity properties (valid states, valid transitions, sticky error states), and NTT/polynomial arithmetic correctness properties. The openforge-auto-assert Yosys pass automatically inserts appropriate assertions based on design analysis — detecting key registers, FSM state machines, and NTT butterfly patterns.
Analysis Pod #
The Analysis Pod handles physical implementation analysis: timing closure, power estimation, area estimation, and code quality linting.
| Tool | Function | License |
|---|---|---|
| OpenSTA 2.6.0 | Static timing analysis | GPL |
| OpenROAD | Place & route, clock tree synthesis, IR drop analysis | BSD |
| Yosys | Area estimation via synthesis (gate count, cell area) | ISC |
| Verible | SystemVerilog parser, linter, and formatter | Apache |
| Magic | Layout DRC and parasitic extraction | BSD |
| KLayout | Layout viewer/editor with DRC scripting | GPL |
The timing analysis flow synthesizes the design with Yosys targeting the specified PDK (SkyWater SKY130 or GlobalFoundries 22FDX), runs placement and routing through OpenROAD, then performs static timing analysis with OpenSTA. Power estimation uses switching activity data (SAIF files) generated by the Verilator simulation stage to provide realistic dynamic power numbers rather than worst-case estimates.
Supported PDKs
| PDK | Process | License | Use Case |
|---|---|---|---|
| SkyWater SKY130 | 130nm CMOS | Apache 2.0 (open-source) | Prototyping, academic research, open shuttle tapeouts |
| GlobalFoundries 22FDX | 22nm FD-SOI | Commercial NDA | Production tapeouts, US-based fabrication, CHIPS Act |
Cryptographic Security Pod #
The Cryptographic Security Pod is Dyber's proprietary contribution to OpenForge and the primary differentiator from commercial EDA tools. It contains eight specialized analysis engines that address security verification needs that no existing EDA vendor provides.
| Engine | Tool Name | What It Verifies |
|---|---|---|
| Constant-Time Verifier | openforge-ct | Control flow, memory access, and timing do not depend on secret data. Uses taint analysis + formal proof via SymbiYosys. |
| Side-Channel Simulator | openforge-sca | Pre-silicon power leakage estimation via Hamming weight/distance models. TVLA t-test and CPA attack simulation. |
| Entropy Analyzer | openforge-entropy | Entropy flows correctly from QRNG/TRNG sources to consumption points without reduction. Health test verification. |
| FIPS Compliance Checker | openforge-fips | FIPS 140-3 Level 2 requirements: key zeroization, self-test coverage, error output inhibition, approved algorithms, RNG health tests. |
| NTT/FFT Validator | openforge-ntt | NTT implementations match FIPS 203/204 reference. Twiddle factors, butterfly arithmetic, modular reduction, bit-reversal permutation. |
| Fault Injection Resilience | openforge-fi | Design resilience to clock glitching, voltage glitching, and laser fault injection attacks. |
| Leakage Contracts | openforge-leak | Formal verification that implementations satisfy specified leakage contracts (based on LeaVe framework). |
| Key Management Verifier | openforge-keymgmt | Key lifecycle verification: generation, storage, usage, rotation, and destruction paths are correct and complete. |
These engines run in parallel during the crypto verification stage. Each produces its own report, and results are aggregated into a unified crypto security dashboard. The engines connect to the open-source tools where needed — the Constant-Time Verifier generates SVA assertions and runs them through SymbiYosys, the Side-Channel Simulator consumes power traces from the instrumented Verilator simulation, and the FIPS Checker synthesizes the design with Yosys to verify structural properties.
For detailed usage of each engine, see the Crypto Verification Guide.
Data & Results Layer #
The Data & Results Layer persists all project metadata, verification results, waveforms, and metrics across four storage systems optimized for different data types.
| Store | Technology | Purpose | Typical Size |
|---|---|---|---|
| Metadata DB | PostgreSQL 16 | Project definitions, job history, user accounts, verification results, coverage summaries | ~100MB per 1000 projects |
| Object Storage | MinIO (S3-compatible) | VCD/FST waveforms, power trace CSVs, SAIF files, generated reports (HTML/PDF) | ~1-50GB per project (waveforms dominate) |
| Time-Series DB | TimescaleDB | Verification metrics over time — build durations, coverage trends, leakage scores, FIPS compliance progression | ~10MB per project per month |
| Cache / Queue | Redis | Job queue (Celery broker), incremental build cache, session tokens, real-time WebSocket state | ~256MB allocated |
Incremental Verification
OpenForge caches intermediate results in Redis and MinIO. When a design file changes, only the affected verification tasks re-run. The cache key includes a hash of the source files, tool versions, and configuration. This typically reduces re-verification time by 60-80% for incremental changes.
Technology Stack #
| Layer | Technology |
|---|---|
| Frontend | React, TypeScript, Tailwind CSS, Monaco Editor, D3.js, Recharts |
| API | FastAPI (Python), gRPC for internal pod communication |
| Orchestration | Celery + Redis (default), Kubernetes Jobs, Apache Airflow |
| Containers | Docker, Kubernetes, Helm charts |
| Databases | PostgreSQL 16 (metadata), TimescaleDB (metrics) |
| Object Storage | MinIO (S3-compatible) for waveforms and reports |
| CI/CD | GitHub Actions, GitLab CI, Jenkins, Azure DevOps |
| Monitoring | Prometheus (metrics), Grafana (dashboards), Loki (logs) |
| Authentication | Keycloak / Auth0 (OIDC/SAML) |
| Crypto Engines | Rust (openforge-ct, openforge-sca), Python (openforge-fips, openforge-entropy, openforge-ntt) |
Deployment Models #
OpenForge supports three deployment models depending on your security requirements, team size, and infrastructure.
Docker Compose (Local / Small Team)
All services run on a single machine via Docker Compose. Suitable for individual developers or teams of 1-5 engineers. Requires 8GB+ RAM and 50GB+ disk. This is the default deployment described in the Installation Guide.
Kubernetes (Cloud / Medium-Large Team)
Full Kubernetes deployment with Helm charts. Auto-scaling worker pods based on Celery queue depth via HPA custom metrics. Suitable for teams of 5-50+ engineers with shared verification infrastructure. Supports multi-tenant isolation with Kubernetes namespaces and RBAC.
Air-Gapped (Defense / Government)
Offline deployment for classified environments. All container images and PDKs are bundled for transfer via physical media. No external network access required. Supports ITAR/EAR compliance for export-controlled cryptographic hardware designs. This model uses the Celery + Redis backend since Kubernetes is often unavailable in air-gapped environments.
Scaling & Performance #
OpenForge is designed to scale horizontally. The primary bottleneck is verification compute — formal provers and large simulations are CPU-bound. The platform addresses this through parallelization at multiple levels:
| Level | Mechanism | Effect |
|---|---|---|
| Task parallelism | Independent verification tasks (lint, sim, formal, crypto) run concurrently on separate worker pods | Full pipeline completes in time of longest single task, not sum of all tasks |
| Data parallelism | Simulation test suites split across multiple Verilator instances. Formal engines run multiple properties in parallel. | 10x+ speedup for large test suites on multi-node clusters |
| Incremental caching | Hash-based result cache. Only changed files trigger re-verification. | 60-80% reduction in re-verification time for incremental changes |
| Pod auto-scaling | Kubernetes HPA with custom Celery queue metrics | Worker pods scale from 2 to 20+ based on queue depth |
For typical post-quantum cryptographic accelerator projects (5-20K lines of RTL), a full verification run including simulation, formal, and all crypto security checks completes in 5-15 minutes on a 4-core Docker Compose deployment, or 1-3 minutes on a Kubernetes cluster with 8+ worker pods.