Frequently Asked Questions
General PUF Questions
What is a Physical Unclonable Function?
A Physical Unclonable Function, or PUF, is a device that utilizes intrinsic manufacturing variances of the integrated circuit (IC) manufacturing process to produce random unique signatures.
What are PUFs used for?
Today, the most common use for PUFs is to produce unique random signatures that can be used like a cryptographic key. It is often used solely as a more secure drop-in replacement for a cryptographic key solution.
Depending on the architecture, there are also many other uses for a PUF. The other applications for exponential PUFs include:
- authentication
- anti-counterfeiting
- true random number generation
Why are PUFs better for unique keys than current solutions?
Today, the most common method for a unique signature of a device is to have a cryptographic key. Cryptographic keys are instantiated during the design process, and is known by the designer and the manufacturer, as it is hardcoded into the device and stored permanently in non-volatile memory.
This exposes the device to three large risks: (1) the ability for a bad actor to steal the key during the design and/or manufacturing process, (2) the ability for a bad actor to hack the hardware and find where the key is stored, or (3) the ability for a bad actor to hack the design source of the product and steal the key.
In contrast, with a PUF the unique signature is created during the manufacturing process using tiny manufacturing discrepancies. No designer or manufacturer is aware of what the unique signature or key is. Secondly, the “key” is not physically stored in the hardware, so it’s not hackable in the same ways as common cryptographic keys.
Is there a limit to the number and size of keys in a PUF?
The number of keys and the size of the keys a PUF can generate depends on the type of PUF.
Linear PUFs, like an SRAM PUF, can only provide a limited number of keys at limited sizes; many SRAM PUFs only offer one key per PUF at a limited key size.
Exponential PUFs, like GMT’s Giga-PUF, can provide a nearly limitless number of keys at nearly any size of each key, all on a single PUF.
Can PUFs be hacked?
PUFs are a much more secure solution for unique signature and keys than common cryptographic solutions. However, certain measures may be needed to guard against spurious access to the unique signature of a PUF. Man-in-the-middle attacks are the most common form of attempts to break the cryptographic key.
The likelihood of a successful attack on a PUF depends in large part on the number of data bits available for the generation of the unique signature of the PUF. The more security data bits available, the more secure the signature from all types of attacks.
The most common PUF architectures today are memory-based. Memory PUFs, like the SRAM PUF, are linear PUFs. Linear PUFs have a limited number of data bits available for securing the unique signature. Thus, in most cases SRAM PUFs are heavily wrapped in additional cryptographic algorithms to ensure that attackers can’t access the unique signature.
Logic-based architectures, like the Giga-PUF, are exponential in nature. This gives them an exponential number of data bits available for securing the unique signature, making them significantly less reliant on additional cryptographic algorithms, and making them overall more secure, and natively resistant to all types of attacks. Further, the exponential space makes it nearly impossible for a malicious observer to characterize and predict PUF responses.
What is an exponential PUF?
An exponential PUF is one that can grow the number of output data bits (entropy bits) exponentially through linearly incorporating additional circuit elements. This is important for many reasons:
- An exponentially large number of entropy bits makes the PUF incredibly secure. So secure, that it makes characterization of the entire bit space impossible, and makes it natively resistant to attacks, including machine learning attacks.
- An exponentially large number of entropy bits relieves the need for heavy cryptographic algorithmic support, like is needed for linear PUFs.
- An exponentially large number of entropy bits creates versatility in applications, allowing a PUF to be used for more than just a drop-in replacement for cryptographic keys.
What is a linear PUF?
A linear PUF is a PUF that can only grow the number of output data bits (entropy bits) linearly through linearly incorporating additional circuit elements in the PUF. Since entropy bits are what secures a PUF from adversarial attacks, there is a limited number of bits available for security. This makes the characterization of the entire bit space possible by an adversary, and opens PUFs up to attacks.
Most linear PUF providers combat this risk through additional heavy cryptographic algorithmic support around the PUF. This adds significant compute, area, and power resources, but does secure the PUF better than it otherwise would be.
The most common instantiation of the linear PUF is the SRAM PUF.
What makes a 'good' PUF?
When used for cryptographic key replacement, all PUFs are ‘good’ as they provide a better solution for protection of the unique signature of a device than the most common methods used today.
What makes one PUF better than another depends on the type of PUF and its versatility in application. Typically, exponential PUFs are better than linear PUFs, as they are more secure, have much higher diversity in application, use less area and less power, and are less reliant on cryptographic algorithmic support.
Further, metrics such as stability, uniqueness, and uniformity help measure the quality of a PUF.
Are there metrics to measure the quality of a PUF?
PUFs have quality metrics to ensure that the PUF will produce expected results. The three most common quality measurements for a PUF are (1) stability, (2) uniqueness, (3) uniformity.
(1) Stability. Stability is the most important metric for a PUF, as it measures a PUFs ability to produce the expected outcome when queried. The stableness of a data bit can erode due to various factors. If data bits become unstable, the unique signature of a PUF can be compromised. Thus, it is important to make sure that a PUF has very high stability, and is also why most companies offering commercial PUFs have some form of error correction software or technology to ensure stable results. The optimal stability for a PUF is 100%.
(2) Uniqueness. Uniqueness measures the ability of a PUF to uniquely distinguish a particular physical copy of the PUF from others of the same type. Ideally, every PUF should be unique, and the closer the results are to full uniqueness of each individual PUF, the better the results. Uniqueness is measured by the average hamming distance between response of a pair of PUFs to the same challenge, and the ideal value would be 50%, meaning given a large data space half of the bits will differ between any two PUFs.
(3) Uniformity. Uniformity measures the randomness of responses of a PUF. It estimates the balance between 1’s and 0’s in responses to a PUF challenge. The more random, the better. The ideal value for uniformity is 50%, which would be represented as half the data bits being a 1 and the other half being a 0.
What are the compute, power, and area resources for a PUF?
All PUFs are very small devices and use relatively small amounts of compute resources, circuit area, and operational power. However, some types of PUFs are better than others.
When compared to exponential PUFs, linear PUFs tend to use (1) more compute resources due to a larger amount of supporting cryptographic algorithms, (2) larger area due to more hardened IP components and memory cell usage, and (3) larger operational power due to the (1) and (2) above.
What is a challenge-response pair (CRP)?
A Challenge-Response Pair (CRP) is used primarily for PUF solutions that include enrollment and authentication. Since the most common use for linear PUFs is immutable hardware keys, the CRP concept may not be common for those who regularly use PUFs.
For enrollment and authentication, a server issues challenges to a device in the form of a bitstream, and the device uses the manufacturing variances of the device to return a response. As long as the response matches the expected response to any given challenge, the device is authenticated. For an overview of this process with pictures, please review the Giga-ID page here.
GMT's Giga-PUF Questions
What is the Giga-PUF?
The Giga-PUF is GMT’s version of PUFs built using GMT’s patented Equipotential Timing technology. The Giga-PUF is an exponential PUF. This provides it with many benefits over more commonly used linear PUFs:
- Much more secure, with an exponentially large number of data bits
- Synthesizable, delivered as soft IP at any technology node and foundry
- Natively resistant to machine learning attacks
- Versatile, enables additional applications beyond use as a unique key
- Key flexibility, enabling a large amount of keys at various sizes
- Smaller circuit area, power, and compute resources over competing solutions
What applications can be used with the Giga-PUF?
Due to the large number of entropy bits in the Giga-PUF, there are many different applications. The most common are:
- Unique signature and key generation
- Enrollment and authentication
- True random number generation
- Anti-counterfeiting
There are two core products GMT offers: the Giga-Key, which provides unique signature and key generation, and the Giga-ID, which provides enrollment and authentication as well as anti-counterfeiting.
Customers can also elect to add to their PUF a true random number generator, that is compatible with both Giga products and included for a small additional cost.
How does the Giga-PUF compare to other products?
The Giga-PUF has been compared to the most common PUF products sold today. You can review this comparison here.
Giga-Key PUF Questions
What is the Giga-Key product used for?
The Giga-Key is a drop-in replacement for cryptographic keys that are used for security purposes in many devices. The Giga-Key secures the unique keys of a device much more securely than common cryptographic solutions, as it is not stored on the device.
It is also much more secure and much more versatile than competing PUF solutions based on memory components.
How secure is the Giga-Key?
The Giga-Key is one of the most secure PUFs on the market due to the large number of entropy bits available. It is also a much more secure and eloquent solution compared to current cryptographic key solutions, as the keys are not stored anywhere on the device, and are never hardcoded by a foundry.
Is the Giga-Key resistant to machine learning attacks?
Yes. The Giga-Key is natively resistant to machine learning attacks due to the large number of entropy bits. This makes it impossible to characterize the whole set of bits over a given time period.
How many keys does the Giga-Key offer?
The Giga-Key offers a nearly limitless number of keys out of a single PUF.
What size of keys can the Giga-PUF offer?
The Giga-PUF offers keys of nearly limitless sizes.
Is the Giga-Key implementable on FPGA?
Yes. The Giga-Key can be implemented on most FPGAs.
Can I add a True Random Number Generator (TRNG) to the Giga-Key?
Yes. The Giga-TRNG can be added on to the Giga-Key for a small additional cost.
Is the Giga-Key tied to a foundry and/or tech node?
No. The Giga-Key is foundry and technology node agnostic. It can be implemented at any foundry on any technology node.
Is the Giga-Key delivered as soft IP or hard IP?
The Giga-Key is a soft IP that can be synthesized at any node and at any foundry. Upon a customer’s request, it can also be converted into a hardened IP by GMT for an additional cost.
Giga-ID PUF Questions
What is the Giga-ID product used for?
The Giga-ID is used for enrollment and authentication of devices, and is particularly useful for hardware root-of-trust environments where devices need to be authenticated on the edge and are exposed to potential threats.
The Giga-ID is also used as an anti-counterfeiting product, validating the authenticity of a product.
How secure is the Giga-ID?
The Giga-ID is one of the most secure PUFs on the market due to the large number of entropy bits available. This allows the product to have such a large number of challenge-response pairs (CRP) that it would be nearly impossible for an adversary to determine the signature of the PUF through brute force over a finite time frame.
Is the Giga-ID resistant to machine learning attacks?
Yes. The Giga-ID is natively resistant to machine learning attacks due to the large number of entropy bits. This makes it impossible to characterize the whole set of bits over a given time period.
Is the Giga-ID implementable on FPGA?
Yes. The Giga-ID can be implemented on most FPGAs.
Can I add a True Random Number Generator (TRNG) to the Giga-ID?
Yes. The Giga-TRNG can be added on to the Giga-ID for a small additional cost.
Is the Giga-ID tied to a foundry and/or tech node?
No. The Giga-ID is foundry and technology node agnostic. It can be implemented at any foundry on any technology node.
Is the Giga-ID delivered as soft IP or hard IP?
The Giga-ID is a soft IP that can be synthesized at any node and at any foundry. Upon a customer’s request, it can also be converted into a hardened IP by GMT for an additional cost.
Get Started Today
Interested in what GMT’s Physical Unclonable Function technology can do to help secure your IC? Contact GMT today to start your PUF implementation to outpace the competition.
Additional Resources
Learn More About the Giga-PUF