Reliable and efficient PUF-based key generation using pattern matching

Abstract

We describe a novel and efficient method to reliably provision and re-generate a finite and exact sequence of bits, for use with cryptographic applications, e.g., as a key, by employing one or more challengeable Physical Unclonable Function (PUF) circuit elements. Our method reverses the conventional paradigm of using public challenges to generate secret PUF responses; it exposes response patterns and keeps secret the particular challenges that generate response patterns. The key is assembled from a series of small (initially chosen or random), secret integers, each being an index into a string of bits produced by the PUF circuit(s); a PUF unique pattern at each respective index is then persistently stored between provisioning and all subsequent key re-generations. To obtain the secret integers again, a newly repeated PUF output string is searched for highest-probability matches with the stored patterns. This means that complex error correction logic such as BCH decoders are not required. The method reveals only relatively short PUF output data in public store, thwarting opportunities for modeling attacks. We provide experimental results using data obtained from PUF ASICs, which show that keys can be efficiently and reliably generated using our scheme under extreme environmental variation.