The Best Paper Award 2012

The Best Paper Award

Glitch PUF:Extracting Information from Usually Unwanted Glitches

Koichi SHIMIZU , Daisuke SUZUKI , Tomomi KASUYA

（英文論文誌A　平成24年1月号掲載）

Koichi SHIMIZU

Daisuke SUZUKI

Tomomi KASUYA

　This paper proposes a new type of PUF (Physical Unclonable Function) that exploits glitch phenomenon occurring in transient states of logic circuits. PUFs have been attracting attention as a promising technique for achieving tamper resistance in general-purpose LSI circuits, which makes it possible to securely store secret information essential for use in cryptography. A PUF is a function that, given an input, returns an output that depends on the physical characteristics of an artificial object that is difficult to clone. It thereby makes it possible to generate unique information for each artificial object that is difficult to forge or clone.
　At present, PUFs on general-purpose LSI are classified into two major kinds: SRAM PUFs, which exploit the characteristics of memory cells, and Delay PUFs, which exploit delay variation in circuits. Delay PUFs have the advantages that they have no timing constraints for generating unique information, and their performance can be evaluated at the design stage relatively easily. However, it is known that some Delay PUFs can be represented by linear models, and are thus capable of being broken by machine learning methods. While there have been improvements to these, through the introduction of non-linear post-processing, some of these new devices are still vulnerable to machine learning attacks. This paper describes the construction of a new type of Delay PUF that exploits a different non-linear phenomenon. The paper focuses on a phenomenon called a glitch, in which pulses occur while the output signals of a logic circuit are transitioning. Because the exact nature of how a glitch occurs depends on the circuit delay characteristics of each LSI, and a glitch is a non-linear phenomenon, it is arguably possible to make use of glitches to realize a PUF which is resistant to machine learning attacks.
　This paper proves the feasibility of Glitch PUFs by showing a concrete example of a circuit structure which operates as follows. It first uses the S-box circuit of the AES cipher for the purpose of generating a large number of glitches as a source of unique information, and then uses a sampling circuit capable of capturing fast transient waveforms like glitches. The paper also presents a small and fast circuit using toggle flip-flops which can generate bits from glitches, in case the actual glitch waveforms are not needed. Finally, the paper provides an evaluation of the implementation on FPGAs, which proves that Glitch PUFs have adequate performance. The contribution of this paper can therefore be appreciated from both theoretical and practical points of view.