On the Response Entropy of APUFs

TL;DR

This work analyzes the CRP correlation structure of Arbiter PUFs by introducing response similarity, a closed-form probability that two challenges yield the same response, and the induced similarity bins. It derives a complete PMF for the response given one or two known CRPs, enabling exact conditional entropy calculations and optimal single- and two-anchor predictors. The framework defines entropy bins and two-anchor neighborhoods, providing exact bin sizes, construction algorithms, and scalability limits due to Gaussian orthant probability constraints. Collectively, these tools give a precise, analytical handle on how knowledge of CRPs affects predictability of other responses, with clear implications for PUF-based authentication protocols and security guarantees.

Abstract

A Physically Unclonable Function (PUF) is a hardware security primitive used for authentication and key generation. It takes an input bit-vector challenge and produces a single-bit response, resulting in a challenge-response pair (CRP). The truth table of all challenge-response pairs of each manufactured PUF should look different due to inherent manufacturing randomness, forming a digital fingerprint. A PUF's entropy (the entropy of all the responses, taken over the manufacturing randomness and uniformly selected challenges) has been studied before and is a challenging problem. Here we explore a related notion -- the response entropy, which is the entropy of an arbitrary response given knowledge of one (and two) other responses. This allows us to explore how knowledge of some CRP(s) impacts the ability to guess another response. The Arbiter PUF (APUF) is a well-known PUF architecture based on accumulated delay differences between two paths. In this paper, we obtain in closed form the probability mass function of any arbitrary response given knowledge of one or two other arbitrary CRPs for the APUF architecture. This allows us to obtain the conditional response entropy and then to define and obtain the size of the entropy bins (challenge sets with the same conditional response entropy) given knowledge of one or two CRPs. All of these results depend on the probability that two different challenge vectors yield the same response, termed the response similarity of those challenges. We obtain an explicit closed form expression for this. This probability depends on the statistical correlations induced by the PUF architecture together with the specific known and to-be-guessed challenges. As a by-product, we also obtain the optimal (minimizing probability of error) predictor of an unknown challenge given access to one (or two) challenges and the associated predictability.

Figures (6)

• Figure 1: Illustration of the delay elements
• Figure 2: Accuracy, probability of same, Min-entropy and Shannon entropy of a second challenge response ${\bf \Phi_2}$ when we know 1 challenge ${\bf \Phi_1}$'s response, as a function of the ${S}({\bf \Phi_1, \Phi_2})$. Non-integer values of $S({\bf \Phi_1, \Phi_2})$ occur when $\phi_{1,1}\neq \phi_{2,1}$.
• Figure 3: Similarity bin sizes (number of challenges) in function of ${S}({\bf \Phi_1, \Phi_2})$. Not integer values of S means that $\phi_{1,1}\neq \phi_{2,1}$.
• Figure 4: Min-entropy and Shannon entropy when knowing 2 challenges
• Figure 5: Illustration of the sizes of the difference index sets $S_{12}, S_{13}, D_{12}, S_{23}$ and integer $K$ representing the number of indices in $S_{12}$ that we keep the same in ${\bf \Phi_3}$. In this example we assume the first bit is the same in all three ${\bf \Phi_{1,2,3}}$.

Theorems & Definitions (6)

• Lemma 2.1
• Theorem 3.1: Response similarity of APUFs.
• Lemma 3.2
• Corollary 3.2.1
• Corollary 4.0.1
• Theorem 5.1