PreprintPDF Available

Polynomial Bounds for Learning Noisy Optical Physical Unclonable Functions and Connections to Learning With Errors

Preprints and early-stage research may not have been peer reviewed yet.


It is shown that a class of optical physical unclonable functions (PUFs) can be learned to arbitrary precision with arbitrarily high probability, even in the presence of noise, given access to polynomially many challenge-response pairs and polynomially bounded computational power, under mild assumptions about the distributions of the noise and challenge vectors. This extends the results of Rh\"uramir et al. (2013), who showed a subset of this class of PUFs to be learnable in polynomial time in the absence of noise, under the assumption that the optics of the PUF were either linear or had negligible nonlinear effects. We derive polynomial bounds for the required number of samples and the computational complexity of a linear regression algorithm, based on size parameters of the PUF, the distributions of the challenge and noise vectors, and the probability and accuracy of the regression algorithm, with a similar analysis to one done by Bootle et al. (2018), who demonstrated a learning attack on a poorly implemented version of the Learning With Errors problem.
Polynomial Bounds for Learning Noisy Optical
Physical Unclonable Functions and Connections to
Learning With Errors
Apollo Albright, Boris Gelfand, and Michael Dixon
Abstract—It is shown that a class of optical physical unclonable
functions (PUFs) can be learned to arbitrary precision with arbi-
trarily high probability, even in the presence of noise, given access
to polynomially many challenge-response pairs and polynomially
bounded computational power, under mild assumptions about
the distributions of the noise and challenge vectors. This extends
the results of Rh¨
uramir et al. (2013), who showed a subset of
this class of PUFs to be learnable in polynomial time in the
absence of noise, under the assumption that the optics of the PUF
were either linear or had negligible nonlinear effects. We derive
polynomial bounds for the required number of samples and
the computational complexity of a linear regression algorithm,
based on size parameters of the PUF, the distributions of the
challenge and noise vectors, and the probability and accuracy of
the regression algorithm, with a similar analysis to one done
by Bootle et al. (2018), who demonstrated a learning attack
on a poorly implemented version of the Learning With Errors
The security of a cryptographic system depends on the
security of the keys and encryption mechanisms it uses.
Traditional cryptographic systems that store sensitive or pro-
prietary information in non-volatile memory are susceptible
to having this information copied to a malicious machine.
One solution to this problem is to use a physical unclonable
function (PUF) [1], [2]. A PUF is a type of one-way physical
system characterized by instance-specific random physical
properties arising from manufacturing process variations. A
PUF can be probed or challenged with external stimuli to
give specific responses, which depend on random variations
during the manufacturing process and are ideally impossible
to predict or invert without directly interrogating the PUF.
PUFs are often characterized by some form of randomness
or disorder inherent in the manufacturing process, which is
ideally impossible for any party to reproduce, or clone, exactly.
This unclonability property makes PUFs ideal for technology
protection, anti-tamper attestation, and cryptographic protocols
such as key generation that require an entropy source for
secure random number generation protocols since they cannot
be directly copied like digital keys or code stored in non-
volatile memory [1]–[3].
By sending the PUF a sequence of challenges and checking
that it returns the correct responses, one can verify the PUF’s
Apollo Albright, Boris Gelfand, and Michael Dixon are with Los Alamos
National Laboratory, Los Alamos, New Mexico (e-mail:;;
Apollo Albright is also with Reed College, 3203 SE Woodstock Blvd,
Portland, Oregon 97202 USA
integrity. One measure of the strength of a PUF is the number
of challenge-response pairs (CRPs), which are unique pairs
(C, R)of challenges Cand responses R. A PUF in which the
number of CRPs scales polynomially with a security parameter
n(which may be the physical size or number of inputs of
the system) is classified as “weak” since its behavior can be
fully determined by polynomial-time read-out attacks, whereas
a PUF that has exponentially many CRPs is classified as
“strong” since it is not vulnerable to these sorts of brute-force
attacks [4].
Many current PUF designs are implemented in electronic
circuits and use signal race conditions set by the inherent
randomness in silicon manufacturing [4]. Examples of silicon-
based PUFs include the Arbiter PUF [3], [5], [6], Ring Oscilla-
tor PUFs [7], and static random-access memory (SRAM) PUFs
[8]–[10]. Many of these designs, such as the Arbiter PUF and
its variants, have been demonstrated to be machine learnable
[11]–[20]. Once an adversary has a model of the PUF, they can
encode it in a separate chip to create a functional copy of it. In
addition, physical clones of SRAM PUFs were created using
a focused ion beam circuit edit in [21], further limiting the
application of silicon PUFs that rely on race conditions for
implementing secure and unclonable physical cryptographic
Optical PUFs, first introduced in [1], [22], were one of
the first suggested PUF designs. Optical PUFs consist of an
optical medium, typically some kind of resin, with strongly
scattering material, such as microscopic glass beads, randomly
distributed within. When coherent laser light hits the medium,
it undergoes many scattering events as it passes through the
sample, resulting in a noisy image called a speckle pattern on
the opposite side. A challenge for the optical PUF therefore
consists of the position and angle of incidence of the laser
source, and the response is an image of the speckle pattern.
While the optical PUFs presented in [1], [22] were experi-
mentally shown to be resistant to modeling attacks by Support
Vector Machines (SVMs) [23], they are still classified as weak
PUFs since they suffer from a polynomially bounded set of
CRPs due to the optical structure having nonzero correlation
lengths and angles [1], making very small changes in the
orientation of the incident laser result in highly correlated
speckle patterns [23]. The correlation lengths and angles can
be reduced greatly by using nonlinear optical media [1], [24];
however the number of CRPs is still polynomially bounded
by the precision of the laser alignment system. Because of
this polynomial bound on the number of available CRPs, an
arXiv:2308.09199v1 [cs.LG] 17 Aug 2023
Fig. 1. A schematic of an optical PUF with a mask. By varying the laser’s
position (x, y)and angle (θ, φ)relative to the scattering token and selecting
which blocks of the mask are transparent, one can control which areas of
the scattering pattern are illuminated. The resulting speckle pattern can be
recorded by a camera. In the integrated optical PUF design proposed in [23],
the laser’s position and angle are fixed, and in the original optical PUF of
[1], which did not feature a mask, the laser hits the scattering token directly.
adversary can efficiently generate a model of the PUF just by
enumerating every possible CRP, regardless of measurement
noise. Furthermore, the original optical PUFs require a very
precise token positioning system and are prone to misalign-
ment error, making them somewhat unreliable.
These issues were addressed in [23] with the introduction of
integrated optical PUFs. In the original non-integrated optical
PUFs, the relative position of the laser and the scattering
medium can be varied as part of the challenge. In contrast, an
integrated optical PUF fixes the relative positions of the laser,
the PUF, and the camera. In order to input different challenges,
the authors of [23] propose to send the incoming laser beam
through a collimating lens and a spatial light modulator,
such as a liquid-crystal display (LCD) mask, allowing parts
of the PUF’s surface to be selectively illuminated (Fig. 1).
Thus, a challenge for the integrated PUF in [23] consists
of a specific image on the mask, and the response is the
corresponding speckle pattern. Since the number of mask
images is exponentially large in the number of pixels, optical
PUFs with a mask have exponentially many CRPs, and are
thus classified as “strong”. Since integrated optical PUFs do
not have any moving parts, they are not as reliant on the exact
position and angle of the incident laser and are less susceptible
to environmental changes than the ones in [1], [22].
It was shown in [23] that, in the absence of external noise,
integrated optical PUFs using a mask and scattering media
with linear optical properties are susceptible to linear regres-
sion algorithms since the electric field amplitudes of speckle
patterns from different challenges add together linearly. By
generating a basis of the challenge space, it is possible for an
adversary to predict the behavior of a linear combination of
these basis challenges since the corresponding response will
be the same linear combination of the responses.
In this paper, we extend this result to show that optical
PUFs with a mask are also learnable in polynomial time when
the external noise either has a bounded magnitude or if it
follows a subgaussian distribution. Our analysis based on an
a proof in [25] for the solvability of the “Integer Learning
with Errors” problem, an easier variant of the Learning with
Errors (LWE) problem that does not use modular reduction in
the field Z/pZ. More specifically, in Section II-C we examine
the physics of the PUF and show that, within a linear optical
regime, the responses can be written as a linear function of
the challenges. In Section III, we describe how to reduce the
problem of learning an integrated optical PUF (or equivalently,
a particular challenge position of a non-integrated optical PUF)
with a mask from noisy CRPs to the equivalent problem of
solving a polynomially large system of noisy equations. We
prove a polynomial bound for the number of samples required
to learn the PUF, based on the number of pixels in the LCD
mask, the number of pixels in the output, the distribution
of the challenge and noise vectors, the accuracy to which
the PUF should be learned, and the desired probability of
learning. We conclude Section III-B by expressing this bound
asymptotically in Eq. 15 and the time complexity of the linear
regression algorithm in Eq. 16, and we extend this result to
include weakly nonlinear regimes in Section III-C. The effects
of Kerr nonlinearity on the resistance of optical PUFs to
physical cloning attacks was discussed in [26], however to our
knowledge there have been no studies on learning attacks of
nonlinear optical PUFs. Since the linear regression algorithm
runs in polynomial time and produces, with arbitrarily high
probability, an arbitrarily good approximation to the PUF, we
know these types of optical PUFs are learnable under the
probably approximately correct (PAC) framework, which has
previously been used to demonstrate the learnability of various
other PUF designs [15]–[20]. Table Igives results from the
literature as well as our contributions for the learnability of
optical PUFs.
A. Notation
For a vector xRn, the p-norm xpof x, for p1is
given by xp= (|x1|p+·· · +|xn|p)1/p. Unless otherwise
stated, xwill always refer to the Euclidean norm x2. For
a matrix ARm×n, the operator norm Aop is given by
Aop = sup
x= 1 Ax.
We denote the maximum real eigenvalue of a square matrix
Aby λmax(A), and similarly λmin (A)denotes the minimum
real eigenvalue. The transpose of a matrix Ais written as AT.
With this in mind, the operator norm of Acan be expressed
as its largest singular value,
Aop =qλmax (AAT).(1)
We write Xχto say a random variable Xis sampled
according to a distribution χ. The expectation of Xis denoted
E[X]and its variance Var(X) = E[X2]E[X]2. We denote
by Pr[Y]the probability of event Y.
B. Subgaussian Probabilitiy Distributions
A variable Xis called τ-subgaussian for some τ > 0if for
all sR,
E[exp(sX)] exp τ2s2
Design Illumination CRP Space Linear Weakly Nonlinear Strongly Nonlinear
Noiseless Noisy Noiseless Noisy Noiseless Noisy
Integrated No Mask 1trivial trivial trivial trivial trivial trivial
Non-Integrated No Mask O(poly(n)) [1], [23] [1], [23] Section III-A Section III-A Section III-A Section III-A
Integrated Mask O(exp(n)) [23] Section III-B Section III-C Section III-C ? ?
Non-Integrated Mask O(exp(n)) Section III-B Section III-B Section III-C Section III-C ? ?
Subgaussian random variables are very useful for our analysis
since they are subject to very strong tail bounds (at least as
strong as those for a Gaussian distribution). The following
lemmas describe useful properties of subgaussian distributions,
and they will be used in Section III to bound the error an
adversary would have when trying to learn the behavior of
the PUF. The proofs for Lemmas II.2,II.3,II.4, and II.6 can
be found in [25].
Lemma II.1 ( [27], Lemma 2.2).Any distribution over Rwith
mean zero and supported over a bounded interval [a, a]is
Lemma II.2 ( [25], Lemma 2.4).Aτ-subgaussian random
variable Xhas the following properties:
E[X] = 0 and E[X2]τ2.
Lemma II.3 ( [25], Lemma 2.6).Let Xbe a τ-subgaussian
random variable. Then for all t > 0,
Pr[X > t]exp t2
Lemma II.4 ( [25], Lemma 2.7).Let X1, . . . , Xnbe indepen-
dent random variables such that Xiis τi-subgaussian. For all
µ1, . . . , µnR, the random variable X=µ1X1+·· ·+µnXn
is τ-subgaussian, where
1+· ·· +µ2
A random vector xRnis called τ-subgaussian if for
all unit vectors uRn, the inner product u,xis a τ-
subgaussian random variable. By this definition, a random
vector xthat has components xithat are all independent τ-
subgaussian random variables is τ-subgaussian. Similarly to
subgaussian random variables, subgaussian vectors also have
strong tail bounds.
Lemma II.5. Let vbe a τ-subgaussian random vector in Rn.
Pr[v t]2nexp t2
Proof. v tonly if at least one of its components vi
satisfies |vi| t/n. However, vican be written as the inner
product v, ei, where eiis the i-th standard basis vector.
Similarly, vi=v,ei. Since the standard basis vectors are
unit vectors in Rn, and since vis τ-subgaussian, this means
that each of the components v1, . . . , vn,v1,...,vnis τ-
subgaussian. Fixing s=t/n, we can use Eq. 2to get
Pr[v t]Pr |v1| s+· ·· + Pr |vn| s
2nexp t2
Lemma II.6 ( [25], Lemma 2.9).Let xbe a τ-subgaussian
random vector in Rnand ARm×n. Then y=Ax is a
τ-subgaussian random vector in Rm, with τ=τ·
C. Physics of the PUF
In the absence of nonlinear optical effects, the behavior of
the PUF is governed by the linear wave equation
∂t2ε(r)Ψ(r, t) = J(r, t),(3)
where ε(r)is the dielectric of the scattering token at a position
r, which encodes values of the dielectric of the glass beads
used as scatterers, as well as the dielectric inside the optical
resin [24]. The resin and the scatterers are both assumed to
be locally isotropic, meaning that their dielectric coefficients
are independent of the direction of polarization. Ψ(r, t)is a
complex scalar field which encodes the amplitude and phase
of the electric field at a position (r)and a time t. Finally,
J(r, t)is a monochromatic source term such that J(r, t) =
J0(r) exp(0t)and Ψ(r, t) = ψ(r) exp(0t). Eq. 3can
then be rewritten as
c2ε(r)ψ(r) = J0(r),
where J0(r)is the amplitude of the source term at a given
location, ψ(r)is the amplitude of the electric field, and ω0is
the angular frequency of the source. Given the linearity of Eq.
3, if the PUF receives challenges c1and c2and gives responses
r1and r2, respectively, then if it receives the challenge c1+c2,
the corresponding response will be r1+r2.
Nonlinear optical effects occur in all optical media, but
they are usually insignificant if the magnitude of the elec-
tromagnetic field is much smaller than the fields within the
molecules and atoms of the material. When incident light is
of a sufficient intensity in a nonlinear medium, the polar-
ization of the medium begins to depend non-linearly on the
electromagnetic fields. For media that are locally isotropic,
this nonlinearity means the index of refraction depends on the
intensity of the transmitted electromagnetic fields [28]. This
gives the nonlinear wave equation
c2εr,|ψ(r)|2ψ(r) = J0(r).
In general, εcan be written as a power series in the field
intensity |ψ(r)|2. The nonlinear wave equation can thus be
rewritten according to [24], [29] as
εk(r)|ψ(r)|2k#ψ(r) = J0(r).(4)
In the limit as the nonlinear effects go to 0, such as if the
medium has weak nonlinear properties or if the laser in the
PUF is being run at lower intensities such that all the nonlinear
effects are small, the nonlinear component can be truncated
after the ε0(r)term, and Eq. 4is equivalent to Eq. 3. For
stronger nonlinearity or very high laser intensities, more terms
of the power series are necessary, though the nonlinear terms
are small corrections except for in very extreme cases, as each
successive εkterm is typically much smaller than the one
before it [28], [29].
D. Learning With Errors
Learning With Errors (LWE) is a computational problem
that has been used as a basis for the security of various
candidate post-quantum encryption schemes in lattice-based
cryptography [30]–[32]. In LWE, one is tasked with learning
a secret vector sZn
pgiven polynomially many pairs
(ai, bi)Zn+1
p, where bi=ai,s+eimod p, the aiare
uniformly distributed in Zn
p, and the eiare sampled from a
discrete Gaussian distribution on Zp. It was shown in [30]
that properly parameterized LWE is at least as hard as several
worst-case variants of lattice problems such as the Shortest
Independent Vectors Problem (SIVP), and the Gap Shortest
Vector Problem (GapSVP), which are conjectured to be hard
for both classical and quantum computers.
Continuous Learning With Errors (CLWE) was introduced
in [33] as a continuous variant of LWE, with quantum re-
ductions from the same lattice problems (SIVP, GapSVP, etc.)
that underlie the hardness of LWE. Later, the authors [34]
demonstrated polynomial-time reductions between LWE and
CLWE, showing that the two problems are equivalently hard.
In CLWEβ,γ, for parameters appropriate β , γ > 0, one needs
to find a secret unit vector sRngiven polynomially many
pairs of the form (ai,bi)Rn+1, where bi=γai,s+ei
mod 1, the aiare distributed according to a continuous
Gaussian distribution in Rnwith covariance matrix In/(2π),
and the error terms eiare sampled from a continuous Gaussian
distribution on Rwith variance β2/(2π).
E. PAC-Learning
The Probably Approximately Correct (PAC) framework is
a general model for evaluating the learnability of classes of
functions first described in [35]. The general idea behind
PAC learning is that in order to successfully learn a target
concept or function, one should, with high probability, produce
a hypothesis that is a good approximation of the target concept.
PAC learning has previously been used to prove the theoretical
learnability of various PUF designs [15]–[20]. In this work, we
use the agnostic PAC framework described in [36] to define
PAC-learnability as follows:
A class of functions H:XY, called the hypothesis
class, is said to be PAC-learnable if there exists an algorithm A
such that, for all ε > 0and δ(0,1), and any target concept
h0H, then with a set Sof m=O(poly(1/ε, 1/δ, n))
samples drawn according to a distribution Don X×Y, the
algorithm Awill output a hypothesis hS:XYsuch that
S∼D R(hS)inf
h∈H R(h)ε1δ,
according to some generalization error, or risk function R.
If the algorithm also terminates in O(poly(1/ε, 1/δ, n)) time,
then it is called an efficient PAC learning algorithm.
In our case, since we want to learn PUFs that essentially
encode linear systems, the functions in the hypothesis class
are just linear functions in nvariables. Since linear functions
in can be encoded as inner products of coefficient vectors h
and variable vectors x, we will set the risk function R(h)
to be the maximum difference between the value h,xof
the hypothesis function and h0,x, the value of the target
concept. Thus, the PAC condition can be rewritten as
S∼D max
xX|⟨hh0,x⟩| ε1δ. (5)
As we will show in Section III, a simple linear regression
algorithm can provably efficiently PAC-learn the PUF, under
the mild assumption that the error distribution is subgaussian
or can be shifted by a constant offset to produce a subgaussian
In order for a PUF design to be secure against polynomially
bounded adversaries, it cannot be efficiently PAC-learned. In
other words, any algorithm that satisfies the PAC condition
should either require exponentially many (in 1,1, or n)
samples or terminate after an exponentially long time. As
mentioned in Section II-D, appropriately parameterized LWE
and CLWE are conjectured to be hard to solve under hardness
assumptions for worst-case lattice problems [30], [33]. Thus,
under those hardness assumptions, they cannot be efficiently
PAC-learned since any algorithm that could efficiently PAC-
learn LWE or CLWE would be able to solve those worst-case
lattice problems in polynomial time.
Throughout this section, we will assume that the distribution
of measurement noise in the PUF responses is subgaussian.
Any nonzero mean in the noise terms will appear as a
constant term that can be discarded at the end of the learning
algorithm. If the noise is sampled from a distribution with
unbounded support, we can choose to reject samples with too
large of noise. By forcing all the responses to have bounded
noise, Lemma II.1 ensures that the noise distribution either is
subgaussian or can be shifted by a constant offset to give a
subgaussian distribution.
Fig. 2. In a non-integrated optical PUF, the laser’s position (x, y)and
direction of incidence (θ, ϕ)can be varied as aprt of the challenge. Positional
(±) and angular (±α) uncertainty in the alignment system means that
the number of distinct challenge orientations scales polynomially with the
physical size of the scattering token and the precision of the alignment system.
In Section III-C, we perform a perturbative analysis for the
PUF responses within a weakly nonlinear regime, where terms
of quadratic and higher order in the nonlinear correction are
considered negligible. This type of analysis implicitly assumes
that the PUF responses are dominated by linear effects, with
only a few low-degree nonlinear terms that make up a small
correction. This is true for optical PUFs containing lasers
of low power or using materials that have weak nonlinear
optical properties, such that the magnitude of the optical
electromagnetic field from the laser is much smaller than the
fields within the molecules and atoms of the material, and thus
can be treated as a small perturbation to the linear behavior
A. Learning Non-Integrated Optical PUFs
A non-integrated optical PUF, such as the original optical
PUF in [1], allows for the (x, y)position and (θ, ϕ)angular
orientation of the laser to be changed relative to the scattering
token as part of the challenge (Figure 2). Given a challenge
position and angle (x, y, θ, ϕ), assume that uncertainty in the
alignment system causes the actual position and angle of the
laser to vary by up to ±and ±α, respectively. Thus, in order
for a particular laser orientation to correspond to a unique
challenge, the positions of each challenge need to be separated
by a spatial distance of at least 2in the xand ydirections, and
by an angular distance of at least 2αin the θand ϕdirections.
Thus, if the scattering token can be illuminated over a surface
area A=L2, with an angle of incidence anywhere on a
hemisphere (θ, ϕ [0, π ]), the number of distinct orientations
of the laser relative to the scattering token is bounded above
#of distinct orientations π2L2
which scales polynomially in the physical size Lof the token,
as well as in the spatial and angular precisions 1/ℓ and 1
of the alignment system.
Because the position of the light source is fixed relative
to the scattering token in an integrated PUF, learning the
behavior of an integrated PUF is equivalent to learning the
behavior of a particular challenge position and orientation of
a non-integrated PUF that uses the same scattering token.
In particular, this implies that any algorithm that learns an
integrated optical PUF in polynomial time can be extended to
learn a non-integrated optical PUF in polynomial time simply
by applying that algorithm for each of the polynomially many
orientations of the non-integrated PUF.
B. Linear Scattering Media
A challenge to the PUF consists of a specific pattern on the
LCD mask, which determines what parts of the PUF medium
are illuminated by the laser (Fig. 1). We can describe the j-th
pixel in a particular challenge image on the mask by a real
number bjbetween 0 and 1 that describes what proportion
of the incident radiation gets transmitted through that pixel.
A challenge bto the PUF can then be written as a vector
b= (b1, . . . , bN)[0,1]N, where Nis the number of pixels
in the LCD screen.
At a given pixel in the detector, the complex amplitude aof
the electric field can be written as a function a(b)If the PUF
medium is linear, a(b)can be written as a linear function
a(b) = a(b1, . . . , bN) =
where the tjare complex transmission coefficients that encode
how the amplitude and phase of the light passing through
pixels bjis transmitted to that part of the detector. If the
speckle pattern is picked up with a charge-coupled device
(CCD) or a similar camera chip, then the response fPUF(b)
measures the intensity |a|2of the laser light at that location,
so it is quadratic in the bj:
fPUF(b) = |a(b)|2=
where t
kdenotes the complex conjugate of tk. We can
define the new vectors c= (1, c1, . . . , cn)[0,1]n+1 and
s= (s0, s1, . . . , sn)[0,1]n+1 such that fPUF(c) = c,s,
where each component ciis a monomial of total degree at
most 2in the bj, and where the first component in cand s
representing a constant offset. For an adversary to successfully
learn the PUF, they will need to determine an approximate
candidate vector ˆ
ssuch that |c,s c,ˆ
s| < ε. In other
words, they want to be able to approximate the PUF’s behavior
to within εfor any possible challenge c.
The problem of learning the PUF can thus be written
as a problem of determining ˆ
sfrom noisy CRPs. For any
given challenge ci, the adversary will have access to the
pair (ci,ci,s+ei), where without loss of generality, ei
is a τe-subgaussian random noise term, which could, for
example, arise from random measurement error or random
fluctuations in the transparency of the pixels in the LCD. If the
measurement noise eihas nonzero mean, then that will show
up in the s0constant term, which we can throw out at the end.
If the noise is sampled from a distribution with unbounded
support, we can choose to reject samples with too large of
noise. In particular, given α > 0such that Pr[|ei|< α]>1/2,
we can reject samples that we know have |ei|> α and then use
the same analysis as for distributions with bounded support. In
this case we will need (with overwhelming probability) around
twice as many CRPs as we would otherwise, and Eqs. 1518
will all pick up an extra factor of Msince for a given challenge
ci, the error |ei|may not be simultaneously less than αacross
all Mpixels in the CCD.
We can express a PUF response rias
and we can combine the expressions for a set of mCRPs to
Cs +e=r,
where ciis the i-th row of the m×nmatrix C, and likewise for
the error and response vectors eand r. While the pairs (ci, ri)
appear to be similar to samples generated for LWE or CLWE,
they are are not subject to modular reduction, which removes
key information about the risamples that can otherwise be
leveraged to learn s, as described in [25].
In order to learn s, we produce an estimate ˆ
signores the
error vector esuch that Cˆ
sr. Assuming that CTCis
invertible (and we will provide a condition for this to be true),
this is done by solving for ˆ
s, giving the least-squares estimate
Once we have our estimate, we can now bound the estimation
error εbetween a legitimate PUF response c,sand the
approximate PUF response c,ˆ
s. Since Cs +e=r, we get
the relation
which by Lemma II.6 is a τ-subgaussian random vector,
=τe· Mop ,
where M=CTC1CT. By Eq. 1, this is equal to
τ=τerλmax MMT=τe
pλmin (CTC).(7)
The matrix CTCcan be written as
a sum of mouter product matrices, one for each challenge.
By Lemma III.1, we can see that each of these matrices has
exactly one nonzero eigenvalue equal to ci2.
Lemma III.1. For any row vector xRn, the eigenvalues of
the outer product matrix xTxare x2and 0.
Proof. First note that if x= 0, then xTxis just the zero
matrix, which only has eigenvalue 0. Assume that x>0,
and let uRnbe a nonzero eigenvector of xTx. Then
xTxu =λufor some λC. If xu = 0, then we have
that xTxu =xT·0 = 0=λu. Since u>0, we know
that λ= 0. If xu = 0, multiplying on both sides by xgives
xxTxu =xλu. However, xxT=x2, and λcommutes
with xon the right side giving x2xu =λxu, from which
it follows that λ=x2.
Outer products of real vectors are always real and symmet-
ric. In addition, since none of their eigenvalues are negative
by Lemma III.1, the cT
iciare positive semidefinite. The
maximum eigenvalue of these matrices is λmax =ci2.
Since chas ncomponents, each within the interval [0,1],
we know that c2n. This combination of properties
(real symmetric, positive semidefinite, and bounded maximum
eigenvalue) allows us to use a matrix Chernoff bound to find
a bound on the minimum eigenvalue of their sum.
Proposition III.2 (Matrix Chernoff II [37]).Consider a finite
sequence {Ai}m
i=1 of independent, random, symmetric, and
positive semi-definite matrices of dimension dthat satisfy
λmax(Ai)R, for some R0. Compute the minimum
eigenvalue of the sum of expectations:
µmin := λmin m
Pr "λmin m
Ai!(1 α)µmin#dexp α2µmin
for all α[0,1].
To determine µmin, first note that since all the care
identically and independently distributed, their expectation is
the same. Thus, we have that
µmin =λmin m
EcTc!=m·λmin E[cTc].(8)
Since E[cTc]is a real symmetric matrix, by the spectral theo-
rem there exists an orthogonal matrix Psuch that PTE[cTc]P
is diagonal. Since the expectation operator is linear, this means
that E(cP)TcPis diagonal, and that the eigenvalues of
E[cTc]are λj=E[(cP)2
j]. Using P, we can rewrite an
individual response rias
with the matrix expression for mresponses
If there exists some jsuch that λj= 0, then for any
challenge ci, the component (ciP)j= 0, meaning that fPUF
is independent of the specific value of the j-th component of
PTs. Thus, we can instead work with the challenges ˜
and ˜
s=PTs, where the j-th components corresponding to
eigenvalues λj= 0 are removed. Let ˜
Cbe the matrix with
j-th row ˜
cj, and compute the estimate ˆ
sby taking
After obtaining ˆ
s, we can replace the removed indices ˆ
any number and left multiply by Pto obtain ˆ
sas before, where
for any challenge c, we have c,s=˜
s, and likewise for
the estimate. By switching to using ˜
ci, we can ensure that the
expected outer product is diagonal and has a nonzero minimum
eigenvalue. Since the eigenvalues of orthogonal matrices all
have modulus 1, and since ˜
chas at most as many components
as c, we can still fix R=nsince ˜
c c. Let ξ=
λmin E[˜
c]such that µmin = in Eq. 8.
Setting α= 1/2in Proposition III.2, we can bound the
minimum eigenvalue of ˜
Pr λmin ˜
If we want to pick msuch that the probability in Eq. 9is less
than or equal to exp(η), for η > 0, then it suffices to pick
msuch that
ξ(η+ ln n).(10)
So, if Eq. 10 is satisfied, we know that ˜
Cis invertible, and
we have from Eq. 7that, with probability at least 1exp(η),
In this case, by Lemma II.5, we have that
n2nexp ε2
If we pick msuch that the probability in Eq. 11 is less than
or equal to exp(η), then it suffices to pick msuch that
ε2ξ(η+ ln(2n)).(12)
Taking Eqs. 10 and 12 into account, we can see that if we set
mmax 8n
ξ(η+ ln n),4n2τ2
ε2ξ(η+ ln(2n)),(13)
then we know that, for any challenge c[0,1]n,
s⟩| =D˜
sE ˜
Thus, |⟨c,ˆ
s fPUF| ε, with probability at least (1
exp(η))2. Thus, the probability of simultaneously predict
fPUF to within εfor all Mpixels in the CCD is at least
(1exp(η))2M. If we want to achieve a good estimate with
probability at least 1δ, for δ(0,1), then since
(1 exp(η))2M12Mexp(η)
for all η > 0, then to have (1 exp(η))2M1δ, it
suffices to fix
ηln 2M
Substituting this value of ηinto Eq. 13 implies that it suffices
to fix
mmax 8n
ξln 2Mn
ε2ξln 4Mn
Since n=O(N2), Eq. 14 gives an asymptotic bound on the
required number of CRPs of
ε2ξln MN 2
In order to obtain ˆ
s, we need to compute the product
which has time complexity O(n2m)with basic matrix mul-
tiplication. Computation of the inverse ˜
O(n3)time using Gaussian elimination, as does diagonal-
ization of E[cTc]using a singular value decomposition [38].
Thus, the overall time complexity for learning the PUF for all
Mpixels in the speckle pattern is asymptotically given by
ε2ξln MN 2
which is polynomially bounded in N,M,ε, and δ. In
particular, this means that the PUF is efficiently PAC-learnable
if it uses linear scattering media.
It should be noted that the approach here cannot be used to
solve appropriately implemented instances of LWE or CLWE.
In particular, from Eq. 6, we can see that the difference
between the actual value for the secret sand the least-squares
estimate ˆ
smultiplies the error by CTC1CT. Because in
LWE Cis sampled uniformly from Zm×n
p, and all operations
in LWE take place in Zp, this acts to magnify the error vector
e, which leads to ˆ
ssbeing distributed according to very wide
Gaussian distribution. When reduced mod p, this distribution
becomes computationallly indistinguishable from the uniform
distribution on Zp[30]. It is also clear that this approach
cannot be applied CLWE since multiplicative inverses in R/Z
are not well-defined, so CTC1cannot even be computed
in principle.
C. Nonlinear Scattering Media
Because nonlinear optical effects are generally small, we
will analyze the case where the PUF contains a weakly
nonlinear dielectric using a perturbative approach, which as-
sumes that the characteristic size of the nonlinear effects is
much smaller than the characteristic size of the linear effects,
and that terms of quadratic or higher order in the small
parameters are of negligible size. In Eq. 4, we will simplify
by moving the factor of ω2
0/c2into the εkterms. Suppose
that ψ=ψL+δψNL can be written as a linear term ψLand
a small nonlinear term δψNL , where δψNL ψLsuch that
|ψ|k |ψL|k(1 + kδψNL L), and where ψLsolves the linear
wave equation
2+ε0(r)ψL(r) = J0(r).
Further, assume that the dielectric behaves mostly linearly,
with ε=ε0+δεNL , where again δεNL ε0with small
measurable nonlinear effects up to degree d. Cancelling terms
quadratic in the small parameters gives
ε0+δεNL =ε0+
Substituting into Eq. 4and simplifying by keeping only terms
at most linear in the small parameters gives an expression for
ψNL in terms of powers of ψL:
2+ε0(r)δψNL (r) =
As we saw in the linear case, ψLcan be written as a complex
linear combination of the coefficients bj. Because ψis linear in
the bj,|ψL|2kis a polynomial of degree 2kin the bj, meaning
that ψis a polynomial of degree 2d+1 in the bj. Thus, fPUF
|ψ|2is a polynomial of degree 4d+ 2 in the bj. From here,
we can follow the same procedure as in the linear case by
encoding the challenge vector cwhich has n=O(N4d+2)
components, each of which is a monomial of total degree at
most 4d+ 2 in the bj. We can use the same bounds as before
to get an asymptotic bound on the required number of CRPs
ε2ξln MN 4d+2
as well as a time complexity bound of
ε2ξln MN 4d+2
While these bounds grow much more quickly than for the
linear case, they are still polynomial for a fixed value of d
(generally d= 1 or 2 [29]), so the PUF is still efficiently
A. Results
In Section II, we examined the underlying physics of
integrated optical PUFs with masks and demonstrated that,
with linear optics, the PUF acts as a quadratic polynomial of
the challenge components bi. We introduced the PAC-learning
framework, under which the task of learning the behavior
of PUF in the presence of random noise, is equivalent to
the problem of learning a noisy linear system in O(N2)
dimensions. By making this reduction, we were able to show in
Section III-B the convergence of a linear regression algorithm,
based on mild assumptions about the noise distribution. We
found an asymptotic bound in Eq. 15 for the number of CRPs
required to learn the PUF behavior, based on the size Nof
the LCD mask, the number of pixels Min the speckle pattern
detector, the accepted error εin learning the PUF behavior,
and the probability 1δof learning the PUF, as well as
the distributions of the challenge vectors and random sample
noise. The time complexity for a naive implementation of this
algorithm was computed in Eq. 16 to be
ε2ξln MN 2
In particular, this means that optical PUFs with linear optics
are efficiently PAC-learnable since they can be represented
exactly by a polynomial. Finally, in Section III-C we did a
perturbative analysis of PUF designs containing dielectrics
with nonlinear optical properties. We showed that, under the
assumption that the nonlinear effects were relatively small, the
PUF still acts as a polynomial in the challenge components bi,
with the degree of the polynomial determined by the highest
order of polarization susceptibility, and thus can be learned
with access to polynomially many CRPs in polynomial time
(Eqs. 17,18).
Since the computational complexity of the regression al-
gorithm is polynomial, learning the PUF is not hard for an
adversary with polynomially-bounded computational resources
who has access to the challenges and noisy speckle data.
While the bounds given in Eqs. 1518 grow very quickly
with N, it should be noted they are generic polynomial
bounds for a particular type of learning algorithm and are just
intended to show that the optical PUFs considered are PAC-
learnable with a polynomial sample and time complexity. A
more sophisticated analysis of the linear regression algorithm
may provide tighter bounds, and more sophisticated learning
approaches would likely require a much smaller sample set to
learn the PUF in less time.
B. Future Work
In order for an integrated or non-integrated optical PUF
to be plausibly secure against these types of adversaries, it
cannot just use linear or weakly nonlinear scattering media.
To increase security, the raw speckle patterns could be cryp-
tographically hashed, although this approach is susceptible to
side-channel attacks if an adversary can avoid the hashing op-
eration to access the raw speckle patterns. In order to maintain
security while avoiding a post-processing step, different PUF
architectures or materials need to be used. If alignment of the
optical tokens is not an issue, the non-integrated optical PUFs
described in [1], [22] were shown to be resilient to machine
learning attacks by Support Vector Machines with linear
kernels in [23]. However, the total number of CRPs in non-
integrated optical PUFs only scales polynomially with the PUF
size and alignment precision, which permits polynomial time
read-out attacks, though such attacks may not be practically
feasible due to limited read-out speed when aligning the PUF
scattering tokens [1].
One possible approach that retains the integrated design is
to dope the scatterers in linear optical systems with “quantum
dot” materials such as those described in [29]. These are
nanoparticles of semiconductor material that exhibit strong
nonlinear properties at low light intensities. Nonlinear optical
systems are harder to model than linear systems since Eq. 4,
the nonlinear wave equation governing the behavior of these
systems, requires higher degree polynomials to approximate,
making the task of learning the system much more difficult. In
addition, increasing the power of the laser will also increase
the strength of the nonlinear effects and make the higher-order
nonlinear terms more relevant, again increasing the required
degree of a polynomial approximation. Furthermore, if the
nonlinear optical effects are comparable in size to the linear
ones, the perturbative technique used in Section III-C is no
longer applicable, meaning the PUF may be much harder to
Another option is to use nonlinear materials that are not
centrosymmetric such that their scattering properties are de-
pendent on the polarization of the light passing through them
[28], [29]. Because the dielectric constants of such materials
are dependent on orientation, one must treat the electric field
within the material as the laser propagates as a full vector
field instead of a scalar field. Furthermore, when using nonlin-
ear non-centrosymmetric media, the perturbative technique in
Section III-C gives an expression for the nonlinear term which
contains a square root of a polynomial, meaning it cannot be
reduced to a high degree linear system in the monomial terms
like it could with isotropic materials.
In an ideal PUF design, one would embed a general
case of an appropriately parameterized cryptographically hard
problem within the PUF’s behavior. This approach is partially
used in the Lattice PUF [39]; however all of the arithmetic
required to implement such a cryptographic protocol should
ideally be performed physically within the PUF structure itself,
rather than just using the PUF to store a secret key. If a PUF
framework is designed with this methodology, in order for an
adversary to learn an instance of the PUF, they need to solve
a general case of the cryptographic hard problem. Thus, either
the adversary’s learning attack cannot run in polynomial time
(as that would provide a general polynomial time solution to
the cryptographic problem) or the hardness assumptions for
that problem cannot hold. In order to embed LWE or CLWE in
an optical PUF, one would need to perform modular arithmetic
operations directly within the optical system, which requires
further research. Modular reduction could also be achieved in a
post-processing step; however any post-processing step opens
up opportunities for side-channel attacks if an adversary can
avoid it.
This research was supported by the Information Science
and Technology Institute, the Nuclear Weapons Cyber As-
surance Laboratory (NWCAL), and the Laboratory Directed
Research and Development program of Los Alamos National
Laboratory (LANL) under project numbers 20210529CR-
IST and 20220800DI. LANL is operated by Triad National
Security, LLC, for the National Nuclear Security Admin-
istration of the U.S. Department of Energy (Contract No.
89233218CNA000001). Approved for unlimited public re-
lease: LA-UR-23-29328.
[1] P. S. Ravikanth, Physical One-Way Functions. PhD thesis, Massachusetts
Institute of Technology, 2001.
[2] B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Controlled phys-
ical random functions,” in 18th Annual Computer Security Applications
Conference, 2002. Proceedings., pp. 149–160, 2002.
[3] G. E. Suh and S. Devadas, “Physical unclonable functions for device
authentication and secret key generation, in Proceedings of the 44th
annual design automation conference, pp. 9–14, 2007.
[4] T. McGrath, I. E. Bagci, Z. M. Wang, U. Roedig, and R. J. Young,
“A PUF taxonomy,” Applied Physics Reviews, vol. 6, no. 1, p. 011303,
[5] B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, “Silicon physical
random functions,” in Proceedings of the 9th ACM Conference on
Computer and Communications Security, pp. 148–160, 2002.
[6] J. Lee, D. Lim, B. Gassend, G. Suh, M. van Dijk, and S. Devadas, A
technique to build a secret key in integrated circuits for identification
and authentication applications,” in 2004 Symposium on VLSI Circuits.
Digest of Technical Papers (IEEE Cat. No.04CH37525), pp. 176–179,
[7] L. Bossuet, X. T. Ngo, Z. Cherif, and V. Fischer, “A PUF based on a
transient effect ring oscillator and insensitive to locking phenomenon,
IEEE Transactions on Emerging Topics in Computing, vol. 2, no. 1,
pp. 30–36, 2014.
[8] J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls, “FPGA intrinsic
PUFs and their use for IP protection,” in Cryptographic Hardware and
Embedded Systems - CHES 2007 (P. Paillier and I. Verbauwhede, eds.),
(Berlin, Heidelberg), pp. 63–80, Springer Berlin Heidelberg, 2007.
[9] D. E. Holcomb, W. P. Burleson, and K. Fu, “Power-up SRAM state as
an identifying fingerprint and source of true random numbers,” IEEE
Transactions on Computers, vol. 58, no. 9, pp. 1198–1210, 2008.
[10] R. Maes, P. Tuyls, and I. Verbauwhede, “Intrinsic PUFs from flip-flops
on reconfigurable devices, in 3rd Benelux workshop on information and
system security (WISSec 2008), vol. 17, p. 2008, Citeseer, 2008.
[11] D. Lim, J. Lee, B. Gassend, G. Suh, M. van Dijk, and S. Devadas,
“Extracting secret keys from integrated circuits, IEEE Transactions on
Very Large Scale Integration (VLSI) Systems, vol. 13, no. 10, pp. 1200–
1205, 2005.
[12] U. R¨
uhrmair, F. Sehnke, J. S¨
olter, G. Dror, S. Devadas, and J. Schmidhu-
ber, “Modeling attacks on physical unclonable functions, in Proceed-
ings of the 17th ACM conference on Computer and communications
security, pp. 237–249, 2010.
[13] S. Tajik, H. Lohrke, F. Ganji, J.-P. Seifert, and C. Boit, “Laser fault
attack on physically unclonable functions,” in 2015 Workshop on Fault
Diagnosis and Tolerance in Cryptography (FDTC), pp. 85–96, 2015.
[14] F. Ganji, J. Kr¨
amer, J.-P. Seifert, and S. Tajik, “Lattice basis reduction
attack against physically unclonable functions,” in Proceedings of the
22nd ACM SIGSAC Conference on Computer and Communications
Security, pp. 1070–1080, 2015.
[15] F. Ganji, S. Tajik, and J.-P. Seifert, “Why attackers win: on the
learnability of XOR arbiter PUFs,” in Trust and Trustworthy Computing:
8th International Conference, TRUST 2015, Heraklion, Greece, August
24-26, 2015, Proceedings 8, pp. 22–39, Springer, 2015.
[16] F. Ganji, S. Tajik, F. F¨
aßler, and J.-P. Seifert, “Strong machine learning
attack against PUFs with no mathematical model,” in Cryptographic
Hardware and Embedded Systems–CHES 2016: 18th International Con-
ference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings 18,
pp. 391–411, Springer, 2016.
[17] F. Ganji, S. Tajik, and J.-P. Seifert, “PAC learning of arbiter PUFs,
Journal of Cryptographic Engineering, vol. 6, pp. 249–258, 2016.
[18] F. Ganji, S. Tajik, F. F¨
aßler, and J.-P. Seifert, “Having no mathematical
model may not secure PUFs,” Journal of Cryptographic Engineering,
vol. 7, pp. 113–128, 2017.
[19] F. Ganji, On the learnability of physically unclonable functions.
Springer, 2018.
[20] D. Chatterjee, D. Mukhopadhyay, and A. Hazra, “Interpose puf can be
pac learned.” Cryptology ePrint Archive, Paper 2020/471, 2020. https:
[21] C. Helfmeier, C. Boit, D. Nedospasov, and J.-P. Seifert, “Cloning phys-
ically unclonable functions,” in 2013 IEEE International Symposium on
Hardware-Oriented Security and Trust (HOST), pp. 1–6, 2013.
[22] R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, “Physical one-way
functions,” Science, vol. 297, no. 5589, pp. 2026–2030, 2002.
[23] U. R ¨
uhrmair, C. Hilgers, S. Urban, A. Weiersh¨
auser, E. Dinter,
B. Forster, and C. Jirauschek, “Optical PUFs reloaded, Cryptology
ePrint Archive, 2013.
[24] S. E. Skipetrov and R. Maynard, “Instabilities of waves in nonlinear
disordered media,” Phys. Rev. Lett., vol. 85, pp. 736–739, Jul 2000.
[25] J. Bootle, C. Delaplace, T. Espitau, P.-A. Fouque, and M. Tibouchi,
“LWE without modular reduction and improved side-channel attacks
against BLISS,” in Advances in Cryptology ASIACRYPT 2018
(T. Peyrin and S. Galbraith, eds.), (Cham), pp. 494–524, Springer
International Publishing, 2018.
[26] G. M. Nikolopoulos, “Effects of kerr nonlinearity in physical unclonable
functions,” Applied Sciences, vol. 12, no. 23, p. 11985, 2022.
[27] S. Boucheron, G. Lugosi, and P. Massart, Concentration Inequalities:
A Nonasymptotic Theory of Independence. Oxford University Press, 02
[28] G. New, Introduction to Nonlinear Optics. Cambridge University Press,
[29] D. F. Eaton, “Nonlinear optical materials, Science, vol. 253, no. 5017,
pp. 281–287, 1991.
[30] O. Regev, “On lattices, learning with errors, random linear codes,
and cryptography, in Proceedings of the Thirty-Seventh Annual ACM
Symposium on Theory of Computing, STOC ’05, (New York, NY, USA),
p. 84–93, Association for Computing Machinery, 2005.
[31] V. Lyubashevsky, C. Peikert, and O. Regev, “On ideal lattices and
learning with errors over rings, J. ACM, vol. 60, nov 2013.
[32] A. Bogdanov, M. C. Noval, C. Hoffmann, and A. Rosen, “Public-
key encryption from continuous LWE.,” IACR Cryptol. ePrint Arch.,
vol. 2022, p. 93, 2022.
[33] J. Bruna, O. Regev, M. J. Song, and Y. Tang, “Continuous LWE,
in Proceedings of the 53rd Annual ACM SIGACT Symposium on
Theory of Computing, STOC 2021, (New York, NY, USA), p. 694–707,
Association for Computing Machinery, 2021.
[34] A. Gupte, N. Vafa, and V. Vaikuntanathan, “Continuous LWE is as hard
as LWE & applications to learning gaussian mixtures, arXiv preprint
arXiv:2204.02550, 2022.
[35] L. G. Valiant, “A theory of the learnable, Communications of the ACM,
vol. 27, no. 11, pp. 1134–1142, 1984.
[36] M. Mohri, A. Rostamizadeh, and A. Talwalkar, Foundations of machine
learning. MIT press, 2018.
[37] J. A. Tropp, “User-friendly tail bounds for sums of random matrices,
Foundations of Computational Mathematics, vol. 12, pp. 389–434, aug
[38] M. Holmes, A. Gray, and C. Isbell, “Fast SVD for large-scale matrices,”
in Workshop on Efficient Machine Learning at NIPS, vol. 58, pp. 249–
252, 2007.
[39] Y. Wang, X. Xi, and M. Orshansky, “Lattice PUF: A strong physical
unclonable function provably secure against machine learning attacks,
Apollo Albright Apollo Albright is completing his undergraduate studies at
Reed College in Portland, Oregon, USA, where he is majoring in mathematics
and physics. He is also an undergraduate research associate with the Analytics,
Intelligence, and Technology Division of Los Alamos National Laboratory.
His research interests include classical and post-quantum cryptography, com-
binatorics, graph theory, and quantum and many-body physics.
Boris Gelfand Dr. Gelfand is a security researcher and systems engineer at
Los Alamos National Labs and has many years’ experience working as a
contractor with DoD, DOE, and the IC. Notably he was the chief designer
and architect of the National Cyber Range and has been the PI of advanced
research programs including many from DARPA. He holds a PhD in computer
science, as well as degrees in mathematics and physics. Prior to coming to
Los Alamos, he worked for Lockheed Martin in the Advance Technologies
Michael Dixon Michael J. Dixon is a senior cyber security research scientist
and principal investigator in LANL’s Advanced Research in Cyber Systems
group and Nuclear Weapons Cyber Assurance Laboratory specializing in
applied cryptography, secure machine learning and artificial intelligence, anti-
tamper technologies, and provable security using formal methods. Michael
holds a Bachelor of Science and Engineering in Computer Science from
the University of Michigan, College of Engineering, and attended MIT for
graduate studies as an Advanced Study Program Fellow researching post-
quantum and lattice-based cryptography.
ResearchGate has not been able to resolve any citations for this publication.
Full-text available
We address the question of whether the presence of Kerr nonlinearity in multiple-scattering optical media offers any advantage with respect to the design of physical unclonable functions. Our results suggest that under certain conditions, nonlinear physical unclonable functions can be more robust against the potential cloning of the medium relative to their linear counterparts that have been exploited in the context of various cryptographic applications.
Full-text available
Although numerous attacks revealed the vulnerability of different PUF families to non-invasive Machine Learning (ML) attacks, the question is still open whether all PUFs might be learnable. Until now, virtually all ML attacks rely on the assumption that a mathematical model of the PUF functionality is known a priori. However, this is not always the case, and attention should be paid to this important aspect of ML attacks. This paper aims to address this issue by providing a provable framework for ML attacks against a PUF family, whose underlying mathematical model is unknown. We prove that this PUF family is inherently vulnerable to our novel PAC (Probably Approximately Correct) learning framework. We apply our ML algorithm on the Bistable Ring PUF (BR-PUF) family, which is one of the most interesting and prime examples of a PUF with an unknown mathematical model. We practically evaluate our ML algorithm through extensive experiments on BR-PUFs implemented on Field-Programmable Gate Arrays (FPGA). In line with our theoretical findings, our experimental results strongly confirm the effectiveness and applicability of our attack. This is also interesting since our complex proof heavily relies on the spectral properties of Boolean functions, which are known to hold only asymptotically. Along with this proof, we further provide the theorem that all PUFs must have some challenge bit positions, which have larger influences on the responses than other challenge bits. Security in Telecommunications,
Conference Paper
Full-text available
Due to successful modeling attacks against arbiter PUFs (Physically Unclonable Functions), the trend towards consideration of XOR arbiter PUFs has emerged. Nevertheless, it has already been demonstrated that even this new non-linear structure, with a restricted number of parallel arbiter chains, is still vulnerable to more advanced modeling attacks and side channel analyses. However, so far the security of XOR arbiter PUFs with a large number of parallel arbiter chains has not been appropriately assessed. Furthermore, as another countermeasure against modeling and physical attacks, the concept of controlled PUFs, i.e., with a limited access to challenges and responses, has also been developed. Towards a better understanding of the security of XOR arbiter PUFs, the present paper simultaneously addresses all above mentioned countermeasures by introducing a novel attack, which is a combination of a lattice basis reduction attack and a photonic side channel analysis. We present how our new attack can be successfully launched against XOR arbiter PUFs with an arbitrarily large number of parallel arbiter chains. Most interestingly, our attack does not require any access to challenges or responses. Finally, by conducting an exhaustive discussion on our experimental results, the practical feasibility of our attack scenario is proved as well.
Conference Paper
Full-text available
Physically Unclonable Functions (PUFs) are introduced to remedy the shortcomings of traditional methods of secure key storage and random key generation on Integrated Circuits (ICs). Due to their effective and low-cost implementations, intrinsic PUFs are popular PUF instances employed to improve the security of different applications on reconfigurable hardware. In this work we introduce a novel laser fault injection attack on intrinsic PUFs by manipulating the configuration of logic cells in a programable logic device. We present two fault attack scenarios, where not only the effectiveness of modeling attacks can be dramatically increased, but also the entropy of the targeted PUF responses are drastically decreased. In both cases, we conduct detailed theoretical analyses by considering XOR arbiter PUFs and RO PUFs as the examples of PUF-based authenticators and PUF-based random key generators, respectively. Finally we present our experimental results based on conducting laser fault injection on real PUFs, implemented on a common complex programmable logic device manufactured in 180 nm technology.
Full-text available
The general concept of physically unclonable functions (PUFs) has been nowadays widely accepted and adopted to meet the requirements of secure identification and key generation/storage for cryptographic ciphers. However, shattered by different attacks, e.g., modeling attacks, it has been proved that the promised security features of arbiter PUFs, including unclonability and unpredictability, are not supported unconditionally. However, so far the success of existing modeling attacks relies on pure trial and error estimates. This means that neither the probability of obtaining a useful model (confidence), nor the sufficient number of CRPs, nor the probability of correct prediction (accuracy) is guaranteed. To address these issues, this work presents a probably approximately correct (PAC) learning algorithm. Based on a crucial discretization process, we are able to define a Deterministic finite automaton (of polynomial size), which exactly accepts the regular language corresponding to the challenges mapped by the given PUF to one responses.
Full-text available
This paper presents a new silicon physical unclonable function (PUF) based on a transient effect ring oscillator (TERO). The proposed PUF has state of the art PUF characteristics with a good ratio of PUF response variability to response length. Unlike RO-PUF, it is not sensitive to the locking phenomenon, which challenges the use of ring oscillators for the design of both PUF and TRNG. The novel architecture using differential structures guarantees high stability of the TERO-PUF. The area of the TERO-PUF is relatively high, but is still comparable with other PUF designs. However, since the same piece of hardware can be used for both PUF and random number generation, the proposed principle offers an interesting low area mixed solution.
Conference Paper
As system security demands continue to evolve, Physically Unclonable Functions (PUFs) are a promising solution for secure storage on Integrated Circuits (ICs). SRAM PUFs are among the most popular types of PUFs, since they require no additional circuitry and can be implemented with on-die memories such as caches and data memory that are readily available on both ASICs and FPGAs. This work demonstrates that SRAM PUFs are not well suited as PUFs, as they do not meet several requirements that constitute an ideal PUF. The compact nature of SRAM, standard interconnects and resiliency to environmental effects make SRAM PUFs particularly easy to clone. We consider several ways in which SRAM PUFs can be characterized and demonstrate a Focused Ion Beam circuit edit with which we were able to produce a physical clone of our Proof-of-Concept SRAM PUF implementation. As a result of the circuit edit, when challenged, the physical clone produced an identical physical response to the original device. To the best of our knowledge, this is the first work in which a physical clone of a Physically Unclonable Function was produced.
Intermittently powered applications create a need for low-cost security and privacy in potentially hostile environments, supported by primitives including identification and random number generation. Our measurements show that power-up of SRAM produces a physical fingerprint. We propose a system of fingerprint extraction and random numbers in SRAM (FERNS) that harvests static identity and randomness from existing volatile CMOS memory without requiring any dedicated circuitry. The identity results from manufacture-time physically random device threshold voltage mismatch, and the random numbers result from runtime physically random noise. We use experimental data from high-performance SRAM chips and the embedded SRAM of the WISP UHF RFID tag to validate the principles behind FERNS. For the SRAM chip, we demonstrate that 8-byte fingerprints can uniquely identify circuits among a population of 5,120 instances and extrapolate that 24-byte fingerprints would uniquely identify all instances ever produced. Using a smaller population, we demonstrate similar identifying ability from the embedded SRAM. In addition to identification, we show that SRAM fingerprints capture noise, enabling true random number generation. We demonstrate that a 512-byte SRAM fingerprint contains sufficient entropy to generate 128-bit true random numbers and that the generated numbers pass the NIST tests for runs, approximate entropy, and block frequency.