A Physically Unclonable Function (PUF) exploits variations, such as stochastic process variations in manufacturing, to generate secret keys used in cryptographic operations, chip authentication, and even random number generation. A device that supports a PUF yields different responses (e.g., binary responses) to different inputs, referred to as “challenges.” Authentication of a device using a PUF is performed by supplying a challenge input to the device to which the response of an authentic device is known. The response is a result of a function that, by definition, is not clonable. For example, a PUF may result from stochastic process variations in the production of otherwise identical devices. As a result of the process variations, the otherwise identical devices may respond with a different series of bits in response to a set of challenge input bits.
Currently, the most widely adopted silicon-based PUFs are based on establishing timing races and relying on arbiters to produce a rich set of responses. The PUF circuit can use random variations in the delay of circuit components to achieve an unpredictable mapping of challenges and responses. For example, given an input challenge, a race condition is set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a logical “1” or a “0”, depending on which transition comes first. When a circuit with the same layout mask is fabricated to result in different chips, the mapping between challenges and responses implemented by the circuit is different for each chip due to the random variations of delays.
Unfortunately, such PUFs show a vulnerability to machine-learning attacks due to the linear separability of the output function as a result of the additive nature of the timing delay along the paths.