Abstract. Encryption of volatile FPGA bitstreams provides confidentiality to the design but does not ensure its authenticity. This paper motivates the need for adding authentication to the configuration process by providing application examples where this functionality would be useful. An examination of possible solutions is followed by suggesting a practical one in consideration of the FPGA’s configuration environment constraints. The solution proposed here involves two symmetric-key encryption cores running in parallel to provide both authentication and confidentiality while sharing resources for efficient implementation.