Cryptanalysis of Strong Physically Unclonable Functions

Abstract

Physically unclonable functions (PUFs) are being proposed as a low-cost alternative to permanently store secret keys or provide device authentication without requiring nonvolatile memory, large e-fuses, or other dedicated processing steps. In the literature, PUFs are split into two main categories. The so-called strong PUFs are mainly used for authentication purposes; hence, also called authentication PUFs. They promise to be lightweight by avoiding extensive digital post-processing and cryptography. The so-called weak PUFs, also called key generation PUFs, can only provide authentication when combined with a cryptographic authentication protocol. Over the years, multiple research results have demonstrated that Strong PUFs can be modeled and attacked by machine learning (ML) techniques. Hence, the general assumption is that the security of a strong PUF is solely dependent on its security against ML attacks. The goal of this article is to debunk this myth, by analyzing and breaking three recently published Strong PUFs (Suresh et al., VLSI Circuits 2020; Liu et al., ISSCC 2021; and Jeloka et al., VLSI Circuits 2017). The attacks presented in this article have practical complexities and use generic symmetric key cryptanalysis techniques.