1. Field of the Invention
The present invention generally relates to electronic circuits, and more specifically to circuits implementing cryptographic processes requiring the storage of identification or authentication keys.
The present invention more specifically applies to the generation of one or several keys in an integrated circuit.
2. Discussion of the Related Art
Many applications involve keys used in encryption algorithms or, more simply, integrated circuit identification keys. These may be keys used in exchanges with other circuits of the same product or of a distant product, authentication keys used to guarantee the origin of an integrated circuit, product identification keys, or any encryption or signature key. Most often, keys are derived from a main or master key to decrease risks of discovery of the master key.
The keys (including the master key) are generally recorded in a non-volatile memory of the integrated circuit and are read on demand. However, the simple fact that a key is contained in a non-volatile memory puts it at risk to be hacked.
To avoid storing a key in the non-volatile memory, a solution is to extract this key from a physical unclonable function (PUF). Such a method comprises causing the extraction of the key based on physical characteristics intrinsic to the integrated circuit, which are linked to its manufacturing. The data extracted to obtain the key are reproducible for a same circuit, but different from one circuit to another with a sufficient dispersion to be able to generate different keys. The physical characteristics on which the obtaining of the key is based may be of different natures. The unclonability results from the fact that the physical characteristics used vary from one circuit to the other according to the random dispersions during the circuit manufacturing process and are not controllable during the manufacturing either. The secret key is thus extremely difficult to hack. Further, in case of reverse engineering, either the cloned circuit will not be able to provide the same key, or an intrusive read attempt will modify the key.
Embodiments more specifically apply to a physical unclonable function which uses the state of cells of a volatile memory after powering-on of this memory. This phenomenon uses, as a physical parameter, mainly the threshold voltages of the transistors forming each cell and the dispersions between these threshold voltages. To a lesser extent, the saturation currents of the transistors also have an influence.
In operation, the programming of the memory cells forces state 0 or 1 of the cell. However, on powering-on of the memory plane (for example, after resetting of the product), each cell sets to a state 0 or 1 according to the imbalance between the threshold voltages of the transistors of this cell.
The reproducibility of the states of the cells of a memory in successive power-on operations is not the same for all the cells of such a memory. This usually leads to equipping the key extraction circuits with complex error correction codes to ensure the reproducibility of the extracted key according to error rates assigned to each cell.
Further, the state provided by a cell as it is powered on may vary over the lifetime of the product.