METHOD FOR GENERATING A PHYSICAL UNCLONABLE FUNCTION RESPONSE

Abstract

Provided is a method for generating a physical unclonable function PUF response by a PUF circuit of an electronic device, said PUF circuit comprising pairs of electronic components called PUF primitives implementing said physical unclonable function, by obtaining a challenge (S1), generating PUF output bits (S2) by applying said physical unclonable function to said obtained challenge, and generating said PUF response (S3) from said generated PUF output bits verifying υ > δυ +|T| or υ < -δυ -|T| with δυ a predetermined threshold. In some embodiments it maximizes a PUF response entropy based only on the analog differential values generated by the comparators of the electronic device. Other embodiments disclosed.

Claims

1. A method for generating a physical unclonable function (PUF) response by a PUF circuit of an electronic device, said PUF circuit comprising pairs of electronic components called PUF primitives implementing said physical unclonable function and, for each PUF primitives pair, a comparator having as inputs electrical characteristic values of the PUF primitives of said PUF primitive pair, and configured for generating an analog differential value υ - T with υ a difference between said electrical characteristic values and T a non-zero current offset of said comparator, performing an analog to digital conversion of said analog differential value υ - T, and outputting a PUF output bit equal to the result of said analog to digital conversion, said method comprising: obtaining a challenge (S1), generating PUF output bits (S2) by applying said physical unclonable function to said obtained challenge, and generating said PUF response (S3) from said generated PUF output bits verifying υ > δυ +|T| or υ < -δυ —|T| with δυ a predetermined threshold.

2. The method according to claim 1, wherein the step of generation said PUF response (S3) comprises for each output PUF output bit: discarding (S31) the PUF output bit when |υ - T| < δυ, swapping (S32) said comparator inputs and discarding (S33) the PUF output bit when |υ + T| < δυ, and generating (S34) said PUF response from undiscarded PUF output bits.

3. The method according to claim 1, wherein δυ is a standard deviation of said difference υ among a plurality of PUF primitive pairs of the electronic device.

4. An electronic device comprising a processor, at least one memory, and a physical unclonable function (PUF) circuit, said PUF circuit comprising pairs of electronic components called PUF primitives implementing a physical unclonable function and, for each PUF primitives pair, a comparator having as inputs electrical characteristic values of the PUF primitives of said PUF primitive pair, and configured for generating an analog differential value υ - T with υ a difference between said electrical characteristic values and T a non-zero current offset of said comparator, performing an analog to digital conversion of said analog differential value υ - T, and outputting a PUF output bit equal to the result of said analog to digital conversion, said electronic device being configured to perform method steps of: the obtaining a challenge (S1), generating PUF output bits (S2) by applying said physical unclonable function to said obtained challenge, and generating said PUF response (S3) from said generated PUF output bits verifying υ > δυ +|T| or υ < -δυ -|T| with δυ a predetermined threshold.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0020] Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which:

[0021] FIG. 1 depicts schematically an example of an electronic device according to the present invention;

[0022] FIG. 2 depicts schematically an example of implementation of the circuits generating the PUF output bit puf_out for a pair of primitives MPi, MNi;

[0023] FIG. 3 is a schematic illustration of the bias induced by a comparator by adding a current offset when generating its output;

[0024] FIG. 4 is a schematic illustration of the selection of the output bits to be used for generating the PUF response inducing imbalance among zeros and ones among the PUF output bits as illustrated on FIG. 5 ;

[0025] FIG. 6 is a schematic illustration of a method for generating a physical unclonable function (PUF) response according to an embodiment of the present invention;

[0026] FIG. 7 depicts schematically is a schematic illustration of the selection of the output bits to be used for generating the PUF response according to an embodiment of the invention.

DETAILED DESCRIPTION

[0027] The invention aims at generating a physical unclonable function (PUF) response using a PUF circuit of an electronic device 10 in a way which ensures a stable PUF response and which at the same time increases the entropy of the PUF response compared to existing methods.

[0028] As shown on FIG. 1, the electronic device 10 includes a processor 11 and at least one memory 12. It also include a PUF circuit 13 implementing the physical unclonable function and generating a PUF response from a challenge. The PUF circuit includes a plurality of active electronic primitives 14, called PUF primitives in the rest of the description, from which the PUF response will be generated. In this document, a primitive is an active electronic unit or electronic component. Preferably, the primitive is a basic electronic unit. For example primitives may be transistors, vias, resistances, capacitors, ring oscillators or SRAM cells.

[0029] In the following examples, the electronic device is a chip but it could be any other kind of integrated circuit, system-on-a-chip (SOC) or printed circuit board (PCB). It may for example be a RFID tag.

[0030] Each bit of a PUF response of a device including a PUF function is usually generated based on a comparison between electrical characteristic values of two primitives of the device forming a primitive pair. Such electrical characteristic values may for example be currents, voltages, resistance, capacitor... In order to guarantee the unpredictability and uniqueness of the PUF function, such primitives are usually designed as identical but in fact behave slightly differently because of microstructure differences depending on random process variations during manufacture. The distribution of the electrical characteristics of a set of primitives usually follows a normal law. In order to perform such a comparison, the electronic device includes for each primitive pair a comparator 15 having as inputs electrical characteristic values of the PUF primitives of said PUF primitive pair. Such a comparator generates an analog differential value ν - T, with ν the difference between the electrical characteristic values of the primitive pair and T the offset of the comparator. It also performs an analog to digital conversion of the analog differential value ν - T which generates the PUF output bit for this pair of primitives.

[0031] An example of implementation of the circuits generating the PUF output bit puf_out for a pair of primitives MPi, MNi is given on FIG. 2. In this example, the PUF primitives are transistors and the electrical characteristic values of the PUF primitives are the currents IP and IN flowing through the transistors. The difference ν may for example be equal to IP - IN.

[0032] When generating its output, the comparator induces a bias by adding a current offset T. As a result, as shown on FIG. 3, the output of the comparator, which is the voltage puf_out on FIG. 2: [0033] is at a high level corresponding to an output bit equal to ′1′ when IP - IN -T > 0 ; [0034] is at a low level corresponding to an output bit equal to ′0′ when IP - IN -T < 0.

[0035] FIG. 3 shows the case where T>0, but T can equally be <0.

[0036] Since the assumption is made that the distribution of the electrical characteristics of a set of primitives follows a normal law, the difference ν also follows a normal law, centered on zero, as shown on FIG. 3, and when comparators of the PUF circuit output an output bit equal to ′1′ when ν > T only, there is an imbalance in the PUF output bits which are more often equal to ′0′ than equal to ′1′ when T>0, or more often equal to ′1′ than to ‘0’ when T<0.

[0037] An output bit of the PUF may be unstable if the result of such a comparison varies, for example depending on environmental conditions such as temperature. As a result only the most stable output bits of the PUF shall be used for generating a stable PUF response. A usual way to ensure the stability of the PUF response is to discard the output bits for which the analog differential value generated by the comparator is close to zero. For example, given a predetermined threshold δν, all the output bits for which | ν - T | < δν may be discarded. The PUF response is then generated from the PUF output bits which were not discarded. The predetermined threshold δν may for example be equal to the standard deviation of the difference ν among a plurality of PUF primitive pairs of the electronic device.

[0038] Nevertheless, such a selection of the output bits to be used for generating the PUF response still induces imbalance among zeros and ones among the PUF output bits since PUF output bits for which -δν + T < ν < δν + T are discarded, as shown on FIG. 4 when T>0. Such an imbalance of the selection amplifies the imbalance in the PUF response, as shown on FIG. 5, which reduces its entropy and can make it easier for an attacker to predict it.

[0039] In order to ensure a better entropy of the PUF response, the main idea of the method according to the invention is to discard additional PUF output bits compared to the selection method described above, such that statistically as many output bits for which ν < 0 are discarded than output bits for which ν > 0 are discarded. Such a selection will ensure that on average a PUF response will include as many ‘0’ than ‘1’ and has a maximum entropy.

[0040] The following paragraphs describe with more details the steps performed by the method according to the invention, as shown on FIG. 6.

[0041] In a first step S1, the PUF circuit obtains a challenge. Such challenge may be generated by the electronic device or it may be received by the electronic device from a remote device and transferred to the PUF circuit by the processor of the electronic device.

[0042] In a second step S2, the PUF circuit generates PUF output bits by applying the physical unclonable function to the obtained challenge. At this step, all the PUF output bits are generated by the comparators of the PUF circuit from the associated PUF primitives, regardless of how close the analog differential value ν - T generated by a comparator is close to zero.

[0043] In a third step S3, the PUF circuit generates the PUF response only from the generated PUF output bits verifying ν > δν +|T| or ν < -δν -|T| with δν a predetermined threshold. At this step, all the PUF output bits for which | υ |< δν + |T| are discarded and are not used for generating the PUF response. Such a selection of the PUF output bits is symmetrical with respect to zero, as shown on FIG. 7. Consequently, it induces no imbalance between ′0′ and ′1′ in the PUF response and it maximizes its entropy.

[0044] At the third step S3, the selection of the PUF output bits to be used for generating the PUF response is performed by the PUF circuit based on the analog differential value ν - T generated by each comparator. In order to determine the PUF output bits verifying ν > δν +|T| or ν < -δν -|T|, the third step may comprise the following steps, performed for each generated PUF output bit : [0045] In a first substep S31, the PUF circuit may discard the PUF output bit when the absolute value of the analog differential value is below the predetermined threshold : | ν - T | < δν. This is the usual selection operation presented here above, and which may induce a bias of the PUF response when no additional selection is performed. [0046] In a second subset S32, the PUF circuit swaps the inputs of the comparator generating the PUF output bit. By doing so, the analog differential value generated by each comparator is no more equal to ν - T but to - ν - T = - (ν + T). In order to preserve the value of the PUF output bit, the value of the output of the comparator may be inverted. [0047] In a third substep S33, the PUF circuit discards the PUF output bit when | υ + T | < δν. In order to do so, the PUF circuit just has to discard the PUF output bit when the absolute value of the analog differential value is below the predetermined threshold : | - ν - T | < δν which is equivalent to | υ + T | < δν.

[0048] After performing the substeps S31 to S33 for all the PUF output bits, the PUF circuit has discarded all the PUF output bits for which | ν - T | < δν or | ν + T | < δν. The remaining bits verify | ν - T | > δν and | υ + T | > δν; therefore they verify ν > δν +|T| or ν < -δν -|T|.

[0049] In a fourth substep S34 of the third step S3, the PUF circuit generates the PUF response from undiscarded PUF output bits.

[0050] According to a second aspect, the invention relates to an electronic device 10 comprising a processor 11, at least one memory 12, and a physical unclonable function (PUF) circuit 13, said PUF circuit 13 comprising pairs of electronic components called PUF primitives 14 implementing a physical unclonable function and, for each PUF primitives pair, a comparator 15 having as inputs electrical characteristic values of the PUF primitives of said PUF primitive pair, and configured for generating an analog differential value ν - T with ν a difference between said electrical characteristic values and T a non-zero current offset of said comparator, performing an analog to digital conversion of said analog differential value ν - T, and outputting a PUF output bit equal to the result of said analog to digital conversion, the electronic device being configured to perform the steps of the method for generating a PUF response described here above, as shown on FIG. 1.

[0051] Consequently, such a method enables to both ensure the stability of the PUF response and maximize its entropy.