Aris Richardson is a Winter Fellow at the Center for AI Governance who conducts research on AI and hardware policy. Onni Aarne is a consultant with the compute governance team at the Institute for AI Policy and Strategy.

If you want to build the world’s most advanced semiconductors, you can’t just start printing out chips at a factory. You’re going to need to design incredibly complicated chips using specialized chip-design software. Knowing this, the United States has used its monopoly on the chip-design software industry to restrict other countries’ semiconductor development for the past thirty years.

Notably, on October 7, 2022, the US Bureau of Industry and Security (BIS) introduced new export controls targeting Chinese Entity List companies, restricting their access to materials crucial for frontier AI development: AI chips, US semiconductor manufacturing equipment, and electronic design automation (EDA) software, which is used to design chips. But the round had arguably already begun, however, in August 2022, with controls on EDA for the most advanced manufacturing processes, called gate-all-around field-effect transistors (GAAFET) EDA.

GAAFET EDA provides more control over the energy in a chip by allowing chip designers to create circuits with gates surrounding the transistor current flow. With this innovative structure, GAAFET is the only type of EDA capable of designing 3nm and lower node chips. (A lower nm number indicates smaller transistors and thus a more advanced chip.)

Both sets of export controls attempt to force Chinese chip companies to rely on their own cruder, domestic EDA. China’s leading EDA company, Empyrean 华大九天, sells a full flow — an end-to-end suite of EDA software used to design chips — for 28nm chips. Meanwhile, American EDA company Cadence has been offering a similar 28nm full flow for thirteen years, while TSMC introduced its 28nm process in 2011 and currently has a 3nm process.

Conventional wisdom has it that the EDA controls have been devastating for Chinese industries. Earlier targets of EDA controls were ZTE in 2018 and Huawei in 2019 — and the targets were hit hard. According to Xiaomeng Lu, an analyst at the consultancy firm Eurasia Group, those restrictions were so successful that they inspired the 2022 export controls.

Similarly, Chinese forum writers have publicly lamented the impact of recent EDA controls on their chip industry. One industry veteran told Cailian 财联 that, among the four technologies added to the export control list, “the most concerning one is the discontinuation of GAAFET-related EDA tools. … The supply interruption of this technology will directly affect AI chips and other large computing devices with complex designs that require advanced process support.”

So if EDA controls are so effective, how did Huawei develop 7nm chips with controlled American EDA software in 2023?

We evaluate three possibilities:

1. Hacking EDA software outright;

2. Exploiting loopholes in the BIS restrictions to contract with American companies and acquire EDA; and

3. Using shell companies or other intermediaries to acquire American EDA before underfunded BIS regulators can stop them.

   ChinaTalk is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

   Subscribe

Theory #1: Hacking

Given the prominence of Chinese software piracy, one might assume that hacking is the most likely way Huawei accessed EDA. After all, even the largest EDA vendors can be hacked, as shown by InnoGrit’s successful hacking of license keys from EDA leader Synopsys.

But Chinese writers claim that pirating high-end EDA is technically infeasible and inefficient: 

In fact, for EDA software, cracking and piracy do not make much sense. The reason is that it is not a stand-alone software. The biggest feature of EDA software is that it has a high degree of linkage with chip manufacturing companies. [source]

Why can’t EDA be cracked? The reason is that EDA cracking is meaningless. … This update is synchronized with the foundry, that is, the EDA is updated, and the founder’s library is also updated. If you use the original old version, it will be out of sync with the foundry, and it will be compared during verification. Trouble. [source]

Specifically, these writers point out that piracy is prevented by the license verification mechanism inside the EDA’s process design kit (PDK). Foundries like TSMC make PDK, which is inside EDA and acts like a “bridge” between a customer’s EDA and the frequently updating technology in the foundry. PDK ensures that chip designers’ complicated designs are being simulated with the most up-to-date technology at the foundry and are printable. When the foundry releases an update to their PDK, the updates verify their customer’s software license. Since a foundry generally supports only the latest version of their PDK, a pirate attempting to fabricate their design without an up-to-date license will be obvious to the foundry.

Therefore, to fabricate a chip design at institutions that care about software piracy — such as TSMC — a pirate needs up-to-date PDK.

By examining claims from four writers (1, 2, 3, 4), we estimate that PDKs are updated, on average, around once a month; some may update PDKs every few weeks, while others may update only every three months or so. We further estimate that the lower bound for non-corporate EDA piracy is 28nm. This means it’s unlikely that an individual can hack advanced EDA, but leaves open the possibility for a well-resourced actor like Huawei to hack licenses.

Advanced node EDA is updated more frequently than legacy node EDA, making advanced node EDA more laborious to continuously crack. To be sure, Huawei is a well-resourced actor. But of the three possibilities we evaluate, it’s least likely that Huawei resorted to hacking: as an international company, Huawei could be sued for using pirated EDA while selling to foreign markets. So how else might have they built their new chips?

Theory #2: Exploiting Loopholes

Chinese chip companies could resort to hacking, but they probably don’t have to: there may be holes in export controls on chip-design software that they are already slipping through. An industry expert we spoke to claims that regulators with limited technical expertise may create regulations that sound effective but are nonetheless exploitable.

In response to the August 2022 restrictions on GAAFET EDA, Synopsys, Cadence, and Siemens — the three largest EDA producers — publicly called out contradictions and loopholes in the restrictions. It wasn’t clear to them whether, for instance, EDA software with GAAFET structures is controlled if it’s identical to software that also makes non-GAAFET circuits. That ambiguity has allowed EDA companies to tweak their EDA to be compliant with the GAAFET restrictions and continue selling similar replacements to Chinese engineers. True, these replacements wouldn’t have GAAFET capabilities — but decreasing a chip’s node isn’t the only way to improve performance, and these replacement softwares are still quite advanced chip-design tools that can be used to effectively design chips above a 3nm node.

Chinese companies might also attempt to avoid Entity List restrictions by exploiting the length of customer agreements that are made before export controls take effect. 

For instance, it’s possible that Huawei used legally purchased American EDA to produce its 7nm chips. As any customer does, Huawei can purchase EDA licenses by making a deal with EDA companies to access their software for a set amount of time. Although Huawei EDA contracts are typically only one year, contracts vary by vendor and circumstances; another source claims licenses typically last three years. While those estimates are years old, a source of ours shared a rumor that Huawei could have signed a multi-year contract right before the 2022 export controls took effect.

Theory #3: Shell Companies

The third, and likely most prominent, path to avoiding both Entity List and GAAFET EDA export controls is to set up shell companies and intermediaries to smuggle software, exploiting the limited capacity of the US regulatory officials.

Pirates can set up shell companies within days that can take years to be shut down. Meanwhile, BIS’s budget is far too low to monitor that illegal activity. According to a CSIS report, “the major government databases that [BIS staff] use to … identify suspicious activity can perform only a fraction of the needed functionality and crash routinely.”

Taking advantage of BIS’s limitations, EDA providers and Chinese chip companies can form joint ventures with foreign companies that can provide EDA tools to Chinese engineers through a string of intermediaries. These intermediaries attempt to obfuscate evidence of American EDA sales to Chinese customers — but such attempts have been observed by journalists. One example includes Huawei’s failed attempt to set up a “joint development” with French-Italian ST Microelectronics to share EDA licenses. Additionally, it’s been speculated that Synopsys’s joint venture with AMEDAC 全芯智造, formed in September 2019, was created for legal plausible deniability to allow Synopsys to sell EDA to Entity Listed companies

Can the Holes Be Plugged?

Given the difficulty of regulating corporate software smuggling, existing controls seem more likely to inconvenience the development of Chinese chips with American software than to stop it.

So why did expert analysts consider the 2018 and 2019 EDA export controls effective? Experts touting the effectiveness of EDA controls most likely misattributed the effects of hardware controls to restrictions onto EDA. To date, there have been no EDA export controls that have not been complemented by hardware export controls. For example, the 2019 Huawei ban cut off access to American-designed semiconductors and other hardware, including AMD and Intel processors, as well as TSMC’s crucial chip-fabrication services.

BIS’s chip export controls since October 2022 have disrupted Chinese chip development mostly by restricting China’s access to US semiconductor manufacturing equipment and foreign fabrication. For instance, within a year of the October export controls, SMIC ceased its 14nm manufacturing process due to lack of access to essential American manufacturing equipment.

In other words, physical hardware controls (though they can and have been circumvented) seem to have a tangible effect — which is more than what can be said about the Entity List EDA controls.

Is there any way to change the tide for EDA controls?

Because EDA is usually sold as downloadable software, analysts have suggested fixing the problem of software smuggling by moving EDA sales to the cloud, where EDA software is streamed and monitored with improved Know Your Customer (KYC) regulations.

Cloud EDA would also make customer activity visible to cloud providers, allowing visibility into suspicious customer activity such as license sharing and heavy activity in China. (Currently, Cadence, Synopsys, and Siemens offer EDA over the cloud, but are not fully cloud-based.) Even so, a semiconductor industry expert we spoke to remarked that cloud EDA alone cannot prevent noncompliance. Without additional measures such as onsite auditing, motivated customers can hide behind fake identity documents and VPNs and continue setting up intermediary companies to acquire cloud EDA.

While cloud EDA is far from a total solution for Entity List controls, cloud KYC for GAAFET EDA would place a much more minimal burden on companies. That’s because Samsung is the only company with an operational GAAFET process, and it has been struggling to attract customers; because of the extremely small number of chip companies actually taping out GAAFET chips, the number of firms working on designs for GAAFET processes is probably small as well. Admittedly, EDA companies may be financially incentivized to ignore red flags — so KYC policies must incentivize EDA companies to actually do their best to prevent export-control violations.

The US may continue to strengthen its EDA controls — after all, if you want to develop the world’s most advanced semiconductors, you’re going to need specialized chip-design software. But they should be sure the controls bite off only what they can chew. As a history of successful evasion shows, the software doesn’t have to be your own.