Puff Daddy or PUF Data? Physically Unclonable Functions for Your Post-Quantum Computing Toolbox
If you have never heard of physically unclonable functions, or PUFs, this piece should capture your interest. The quantum cryptographic application of PUFs is intriguing. Full piece is at the source, below. Because Quantum is Coming. Qubit
Making Sense Of PUFs
+ As security becomes a principal design consideration, physically unclonable functions (PUFs) are seeing renewed interest as new players emerge onto the market. PUFs can play a central role in hardware roots of trust (HRoTs), but the messaging in the market can make it confusing to understand the different types of PUF as well as their pros and cons.
Crypto Quantique is using its PUF to create a private key for use with public-key infrastructure (PKI). Their provisioning process sends that key to their server, which creates a certificate with the accompanying public key based on that private key.
+ PUFs leverage some uncertain aspect of some natural phenomenon to generate a unique, unpredictable, repeatable, random number. As described in a paper, “PUFs at a Glance” by Rührmair and Holcomb, “Their key idea is to exploit the ‘random physical disorder’ or the ‘manufacturing variations’ that occur in almost all physical systems on small length scales.” The generated number must be readable reliably, regardless of the temperature, voltage, or any other condition. Critically, they must be impossible to read by an unauthorized entity. The fact that no one can determine or guess the value is what makes them “unclonable.” PUFs are therefore usually heavily tamper-proofed to thwart efforts to learn the PUF value or values.
+ PUF: Quantum-tunneling PUFs
+ Quantum-tunneling PUFs leverage something close to breakdown, but it’s not the hard, destructive breakdown that an OTP anti-fuse would experience. In an IEEE paper from Imec and KU Leuven, the authors describe their use of “soft breakdown” that leverages “trap-assisted tunneling.” eMemory is also changing its description from oxide rupture to quantum tunneling. Finally, newcomer Crypto Quantique has debuted its quantum-tunneling PUF.
+ Crypto Quantique is using its PUF to create a private key for use with public-key infrastructure (PKI). Their provisioning process sends that key to their server, which creates a certificate with the accompanying public key based on that private key.
+ There is one possible source of confusion based upon Crypto Quantique’s claims of having a post-quantum-safe approach. While most concerns about quantum computers breaking security relate to factoring public keys to determine a private key, this notion is different. It’s about quantum computers cracking the PUF key. The company claimed to be the only one with a “future-proof” PUF approach and that other PUFs could be cracked through quantum computers. The papers it sent explaining the concern, however, relate to modeling attacks against strong PUFs. These quantum-tunneling PUFs are weak PUFs, so modeling attacks don’t apply. Intrinsic ID, Maxim Integrated, and eMemory all confirmed there are no known successful non-physical attacks against weak PUFs.
Content may have been edited for style and clarity.