A Physical Unclonable Function (PUF) can be any physical object that, for a given input and condition (challenge), provides a physically defined “digital fingerprint” output (response) that serves as a unique identifier, most often for a semiconductor device such as a microprocessor.

Our focus here is on the best-known subset of PUFs, which are silicon PUFs. As the name suggests, this type of PUF gets its instance-specific measurements from silicon, meaning these PUFs are part of an integrated circuit (IC).

Due to deep submicron manufacturing process variations, every transistor in an IC has slightly different physical properties. These variations lead to small but measurable differences in electronic properties, such as transistor threshold voltages and gain factor. Since these process variations are not fully controllable during manufacturing, these physical device properties cannot be copied or cloned.

By utilizing these inherent variations, PUFs are very valuable for use as a unique identifier for any given IC. They do this through circuitry within the IC that converts the tiny variations into a digital pattern of 0s and 1s, which is unique for that specific chip and is repeatable over time. This pattern is a “silicon fingerprint,” comparable to its human biometric counterpart..

How Does a Physical Unclonable Function Work?

Utilizing a PUF for security and identification purposes is done through very specific algorithms that turn the silicon fingerprint into a cryptographic key. This key is unique for that individual chip and is used as its root key. The root key is reliably reconstructed from the PUF whenever it is needed by the system, without a need for storing the key in any form of memory. When the device is powered off, no secret key is present in any form of memory; in effect, the root key is “invisible” to attackers, which makes the storage of keys with PUFs very secure.

So, PUF implementations require processing algorithms to turn the silicon fingerprint into a cryptographic root key. This is because the silicon fingerprint will be slightly noisy between different measurements, as in addition to innate process variations, the electronic properties will also be influenced by ambient conditions, such as temperature and power supply. Hence, a good PUF implementation needs to turn this noisy fingerprint into a fully stable and fully random string of 0s and 1s, for it to qualify as a cryptographic key. For this purpose, most PUF implementations use two processes:

  • Error correction to ensure that the derived key is the same every time the PUF is measured
  • Privacy amplification, to turn the fingerprint into a fully random string of 0s and 1s

Benefits of a Physical Unclonable Function

The benefits of using PUF technology are:

  • High Security: PUF technology provides a high level of security because the root keys of devices are never stored in persistent memory, which makes them unclonable and invisible to attackers. The technology has been stringently tested and certified, amongst others by the US Department of Defense, several EU Governments, and certification bodies.
  • High Flexibility: PUF technology is highly flexible because it removes the need for external key injection into devices. This significantly simplifies the supply chain by both removing the need for a trusted party to perform this injection and by allowing key programming to be possible at any stage of a device’s lifecycle. PUF technology is standard CMOS technology that can be used with any foundry and process-node technology, which allows designers to reuse their security architecture regardless of the nodes they are targeting.
  • Low Cost: PUF technology does not require dedicated security hardware (such as physically protected memories) or expensive components like charge pumps, so it comes at a very low cost compared to traditional methods for key protection. Also, traditional costs for provisioning keys to devices in trusted facilities do not apply since keys are derived securely inside devices themselves.

Usage of this technology varies from PUFs for IoT security, where the technology’s low cost and flexible implementation offer great benefits, all the way to PUFs for Aerospace & Government, proving that the technology is capable of delivering the highest level of security.

Physical Unclonable Functions and Synopsys

Synopsys offers industry-leading PUF IP solutions, including:

  • Synopsys PUF IP is the world-leading and certified PUF IP solution that enables device manufacturers and designers to secure their products with internally generated, device-unique cryptographic keys.
  • Synopsys AP PUF IP is a variant of PUF IP that has been developed following an ISO 26262 functional-safety-compliant flow and meets the ISO 26262 Automotive Safety Integrity Level (ASIL) B fault metric.
  • Synopsys PUF IP – Software is an embedded software solution that provides PUF technology and which democratizes hardware security by uncoupling it from silicon fabrication, ensuring IoT application developers can access, understand, and implement it at scale.
  • Synopsys PUF FPGA-X combines a Butterfly PUF with the Synopsys PUF helper data algorithms for use on programmable FPGA fabric. Since Synopsys PUF PFGA-X is part of the FPGA configuration file, it is a “soft PUF” implementation, and security functionality can be retrofitted on deployed devices, enabling remote “brownfield” installation of hardware-based security.

Synopsys Physical Unclonable Function (PUF) IP

Enabling Authentication with PUF-based Security

Continue Reading