# A Robust SRAM-PUF Key Generation Scheme Based on Polar Codes

###### Abstract

Physical unclonable functions (PUFs) are relatively new security primitives used for device authentication and device-specific secret key generation. In this paper we focus on SRAM-PUFs. The SRAM-PUFs enjoy uniqueness and randomness properties stemming from the intrinsic randomness of SRAM memory cells, which is a result of manufacturing variations. This randomness can be translated into the cryptographic keys thus avoiding the need to store and manage the device cryptographic keys. Therefore these properties, combined with the fact that SRAM memory can be often found in today’s IoT devices, make SRAM-PUFs a promising candidate for securing and authentication of the resource-constrained IoT devices. PUF observations are always effected by noise and environmental changes. Therefore secret-generation schemes with helper data are used to guarantee reliable regeneration of the PUF-based secret keys. Error correction codes (ECCs) are an essential part of these schemes. In this work, we propose a practical error correction construction for PUF-based secret generation that are based on polar codes. The resulting scheme can generate -bit keys using SRAM-PUF bits and helper data bits and achieve a failure probability of or lower for a practical SRAM-PUFs setting with bit error probability of . The method is based on successive cancellation combined with list decoding and hash-based checking that makes use of the hash that is already available at the decoder. In addition, an adaptive list decoder for polar codes is investigated. This decoder increases the list size only if needed.

## I Introduction

The Internet of Things (IoT) is a network, in which billions of devices are connected. While such a network is expected to bring tremendous economic benefits to industry and society, its use also comes with security problems. Most of IoT devices operate in resource-constrained and distributed environments. As a result traditional password-based security and centralized key management systems with costly secure elements cannot be easily deployed in IoT networks.

Physical unclonable functions (PUFs) are low-cost hardware intrinsic security primitives that possess an intrinsic randomness (unique device ‘fingerprint”) due to the inevitable process variations during manufacturing. Therefore, PUFs can be used to realize cryptographic applications, such as identification, authentication and cryptographic key generation [1, 2], that require random, unique and unpredictable keys. Since the device-unique randomness can be translated into a cryptographic key, PUFs can act as trust anchors avoiding the need for key storage.

There are several types of structures to realize PUFs, such as Flip-Flops PUFs [3], Butterfly PUFs [4], Ring Oscillator PUFs [5] and static random-access memory (SRAM) PUFs [6]. Among them, SRAM-PUFs are one of the most popular PUF constructions because they are easy to manufacture and do not require extra investments. SRAM-PUFs also enjoy the properties that, while being easily evaluated (after a device power-up), they are unique, reproducible, physically unclonable and unpredictable [7]. However, SRAM-PUFs cannot be straightforwardly used as cryptographic keys, since their observations are not exactly reproducible due to environmental condition changes such as time, temperature, voltage and random noise. Therefore, error correction techniques are necessary to mitigate these effects and generate reliable keys.

Error correction techniques become essential blocks of secret-generation schemes [8, 9, 10]. In these schemes two terminals observe measurements of the same PUF. The encoder (first terminal) creates a secret-key and a so-called helper data, based on its PUF observation. This helper data facilitates reconstruction of the secret key from the noisy observation of the PUF at the decoder (second terminal). Since the helper data is communicated from the encoder to the decoder, the secrecy leakage (information that it provides about the secret key) should be negligible.

For practical implementation of key generation schemes on resource-constrained PUF devices, especially for IoT applications, it is crucial to construct good error correction codes to maintain a good trade-off between reliability, implementation complexity and secrecy leakage. Most of existing works [10, 11, 12, 13, 14] that use simple error correction codes are impractical for real applications, where environmental variations lead to error rates of up to in PUF observations. These high error rates require (simple) ECCs of low rates. On the other hand, security applications impose requirements on the minimum (fixed) secret key size that need to be generated from a given finite block-length SRAM cells. As a result, one need to use powerful high-rate ECCs, which typically have high complexity.

Therefore, in this work we propose to use polar codes that are capacity-achieving and have low encoding and decoding complexity. Polar codes have been also investigated for the Slepian-Wolf problem [15] and key generation [16]. For finite block-length, it was shown that good performance of polar codes can be achieved by implementing enhanced decoding algorithms based on the classical successive cancellation decoder (SCD) [17, 18, 19].

Here we propose a new and efficient key generation building block for SRAM-PUFs key generation based on application of polar codes in a syndrome-based secret-generation scheme [20]. To guarantee the performance in terms of reliability and security, and to decrease the required memory size of this scheme, we (1) exploit the efficient decoding algorithm based on successive cancellation and list decoding to reliably regenerate the secret, (2) prove zero-leakage for the proposed scheme, and (3) use a puncturing scheme to shorten the code length and reduce the complexity. Our simulation results show that key regeneration failure probability can be achieved with less SRAM-PUF and helper data bits than before. Using puncturing for polar coding schemes results in flexibility in getting the required code rates, which is crucial since key sizes in practical applications are typically fixed.

## Ii Secret Generation based on SRAM-PUFs

SRAM-PUFs are a result of the read-outs of the power-up state of an SRAM array. The cell values of SRAM array after power up go into one of two states: or . It has been experimentally demonstrated [21] that due to the independent random nature of process variations on each SRAM cell, SRAM patterns demonstrates excellent PUF behavior, i.e. empirical probability of number of cells that go in state is close to . Therefore in this paper we assume that SRAM-PUFs are binary-symmetric, hence for enrollment and authentication PUF pairs it holds that

(1) |

where and and .

It is our goal to share a PUF-based secret key between a PUF-device and a server, see Fig. 1. During the enrollment phase, the encoder observes SRAM-PUF measurement and based on it generates a secret key and helper data as Here is an encoder mapping. Since the key is used for cryptographic purposes, it has to be uniformly distributed. Moreover, the helper data is assumed to be publicly available, and thus it should leak no information about the key, i.e. .

Next during the secret regeneration phase, the decoder observes the authentication SRAM-PUF measurement and the corresponding helper data The decoder now forms an estimate of the secret key as with being a decoder mapping. To make an authentication decision the server compares the hash of the estimated secret key, with ^{1}^{1}1A one-way cryptographic hash function is used to generate a hash value of the key and verify whether the key is recovered exactly.
The design and security properties of such one-way cryptographic hash functions is beyond the scope of this paper.
The authentication decision is positive only if the hashes are the same and thus the secret reconstruction was successful. Hence to ensure the system reliability, the error or failure probability should be small.

The secret-generation problem is closely related to the Slepian-Wolf coding problem and is often realized using syndrome construction, where the helper data is the syndrome of the enrollment observation. Due to high error rates in SRAM-PUFs, , combined with demands of having of in practical application, powerful codes are required for reliable key generation. In this paper we explore the use of polar codes for SRAM-PUF secret generation based on syndrome construction.

## Iii Polar Codes

As a family of linear block codes, a binary polar code can be specified by , where is the block length, is the number of information bits encoded per codeword, is a set of indices for the frozen bits positions from and is a vector of frozen bits. The frozen bits are assigned by a fixed binary sequence, which is known to both the encoder and the decoder.

### Iii-a Code Construction of Polar Codes

Polar codes are channel specific codes, which means that a polar code designed for a particular channel might not have an optimal performance for other channels. Therefore, calculation of channel reliability and selection of good channels is a critical step for polar coding, which is often referred to as polar code construction. The original construction of polar codes is based on the Bhattacharyya bound approximation [17]. Later works [22, 23] improve on this approximation, however, at the cost of higher complexity.

### Iii-B Encoding of Polar Codes

For an polar code, the encoding operation for a vector of information bits, , is performed using a generator matrix,

(2) |

where and denotes the Kronecker product. Given the data sequence , the codewords are generated as

(3) |

where corresponds to the non-frozen bits indices. Then is the data sequence, and are the frozen bits, which are usually set to zero.

### Iii-C Decoding of Polar Codes

Polar codes achieve the channel capacity asymptotically in code length, when decoding is done using the successive-cancellation (SC) decoding algorithm, which sequentially estimates the bits , where .

When polar decoder decodes the th bit, is estimated based on the channel output and the previous bit decisions , denoted by . It uses the following rules:

(4) |

where is the th likelihood ratio (LR) at length , which determines the probability of a non-frozen bit. LRs can be computed recursively using two formulas:

(5) |

and

(6) |

where and denote, respectively, the odd and even indices part of . Therefore, calculation of LRs at length can be reduced to calculation of two LRs at length , and then recursively broken down to block length 1. The initial LRs can be directly calculated from the channel observation.

Since the cost of implementing these multiplications and divisions operations in hardware is very high, they are usually avoided and performed in the logarithm domain using the following and functions:

(7) | |||||

(8) |

(9) |

where and are log-likelihood ratios (LLRs). In practical implementations, the minimum function can be used to approximate the function, according to (8).

## Iv Secret-Generation Schemes based on Polar Codes

In this section we show how secrets and helper data can be constructed using a polar code in PUF-based key generation schemes. A generic secret-generation system is illustrated in Fig. 1. There is a PUF measurement during enrollment and is a noisy PUF measurement at authentication, which are observed by the encoder and decoder, respectively. First, in Section IV-A, we present the secret-generation system based on syndrome construction using the polar coding. Then, in Section IV-B we discuss how the decoding for secret generation can be redesigned to optimize the system performance for PUF applications. Finally, Section IV-C provides our security analysis for the proposed construction.

### Iv-a Polar Codes based Syndrome Construction

Fig. 2 illustrates the polar code based syndrome coding scheme that realizes an enrollment phase (encoder) and key regeneration phase (decoder).

#### Iv-A1 Enrollment phase

In the enrollment phase, a codeword is generated for each PUF observation . Then, the syndrome encoder selects the secret key and helper data based on the constructed codeword.
Since , the helper data and the secret key are generated during a polar encoding procedure by extracting the bits as^{2}^{2}2
The difference compared to conventional polar codes is that the helper data specifies a coset of the linear polar code instead of fixed all-zeros.

(10) | ||||

where and are the index sets for the syndrome and the secret key. These sets are defined as

(11) | ||||

where and .

An example of the syndrome encoding procedure for a (8,3,{1,2,3,4,6}) polar codes is shown in Fig. 3, where the data flows from right to left. Due to flexibility of the polar code construction, an arbitrary code rate can be selected without re-constructing the code.

#### Iv-A2 Key regeneration phase

### Iv-B Decoder Optimization for PUF-based Secret Generation

Note that although the SC decoder could asymptotically achieve channel capacity as increases, the performance of the SC decoder is still not good enough at short and moderate block length size for error correction in PUFs due to the poor polarization. Therefore, next we present hash-aided SC list (HA-SCL) decoding that allows us to achieve good trade-off between error-correction performance and complexity.

In order to optimize the error-correction performance, we would like to track multiple possible decision paths instead of only one as the SC decoder does. However, considering the all possible paths is impractical and too complex. The SCL decoding algorithm [19] uses a breadth search method to explore the possible decoding paths efficiently while saving most reliable paths as candidates at each level. Thus this technique also allows us to restrict the decoding complexity.

Next note that in the SCL decoding process, the correct codewords are on the decoding list but they are not always the most likely ones, which leads to decoding errors. This issue can be solved by combining the SCL algorithm with a cyclic redundancy check (CRC) code, which could further improve the error correction performance [18]. For security purposes, we replace the CRC function by a more secure hash function, which is already part of the authentication system. This hash is used to detect and select the valid path from the output of list decoder. In this way, our HA-SCL decoder outputs candidate sequences and selects the hash-valid sequence.

By using the HA-SCL decoder, bits hash value is produced by the hash function at the encoder and is used at the decoder. Since the decoder knows and in advance, it could recover the secret key by performing the polar decoding, as shown in Fig. 2, using

(13) |

where is the polar decoder with the SCL decoding algorithm of [19].

### Iv-C Security Analysis

In this section, we analyze the secrecy for the proposed syndrome based polar coding scheme. Note that security of our construction is characterized by the information that the helper data leaks about the generated secret key. Therefore we must show that . We re-write (10) as

(14) | ||||

where generator matrix for frozen bits (helper data) and generator matrix for information bits (key) with dimensions and are obtained by selecting the corresponding columns of . Then, we obtain

where in (a) we use the uniformity of the SRAM-PUF observations; in (b) the fact that the generator matrices are linearly independent, as and are non-overlapping, since . Thus we prove that the proposed polar syndrome coding scheme has zero-leakage.

## V Performance and Complexity Comparisons

In this section, we present the performance results of the polar code based error correction schemes for SRAM-PUFs with average bit error probability between and . Inputs to the polar decoder, including the information set, frozen bit vector and channel output vector, determine the error correction ability and computational complexity. In order to create reliable PUF-based secret generation systems, we focus on the scheme with 128-bit keys and failure probabilities in the range of to .

We construct polar codes with block length . In order to provide a flexible code rate and use less SRAM-PUFs bits in PUF-based secret generation with fixed size key, arbitrary block-length polar codes can be obtained by puncturing. For any puncturing pattern, PUFs bits and random bits used as punctured bits are the input to the polar encoder. At the decoder, zero-valued LLRs for decoding are assigned to the corresponding punctured bits. In the following sections, both SC and HA-SCL decoding algorithms for polar codes and punctured polar codes are simulated to compare the resulting error correction performance and complexity.

### V-a Failure Probability

The most important performance criterion for PUF-based secret generation is the error or failure probability of the key regeneration. Fig. 4 shows the performance of polar code based syndrome coding schemes with the SC and HA-SCL decoding algorithms.

We can see that the failure rate for polar codes with SC decoding is close to at and HA-SCL decoding can further reduce the failure rate to less than at as list size increases. However, the latter comes at the cost of extra computational complexity and memory. We can also observe that punctured polar codes with block lengths not being a power of two achieve similar failure rates as conventional polar codes by using larger for performance compensation. For strong reliability applications, the proposed polar code with and the punctured polar code with can be used to achieve an error rate of at error probability of .

Code construction | Failure probability | PUF (bit) | Helper Data (bit) | |
---|---|---|---|---|

Code-Offset RM-GMC[11] | 1536 | 13952 | 15% | |

Compressed DSC [14] | 974 | 1108 | 15% | |

Polar SC | 1024 | 896 | 15% | |

Punctured polar HA-SCL, L=2 | 896 | 896 | 15% | |

Punctured polar HA-SCL, L=4 | 800 | 896 | 15% | |

BCH Rep. [12] | 2226 | 2052 | 13% | |

GC RM [13] | 2048 | 2048 | 14% | |

GC RS [13] | 1024 | 1024 | 14% | |

Polar HA-SCL, L=2 | 1024 | 896 | 15% | |

Punctured polar HA-SCL, L=4 | 974 | 896 | 15% |

### V-B Complexity and Memory Requirements

The number of required SRAM-PUF bits and helper data size is another important performance criterion closely related to implementation complexity. The proposed polar code based syndrome coding scheme requires SRAM-PUF bits and helper data bits, if we implement the SC decoding algorithm. The corresponding decoding computational complexity is given by for this case. Since a list decoder outputs a group of reliable candidates, the decoding computational complexity of the HA-SCL algorithm increases to .

Table I summarizes performance properties for the proposed polar codes and reference designs, including the achievable key regeneration failure rate, the required SRAM-PUF size, helper data size and error probability of the SRAM-PUFs. An SRAM-PUF with an error probability of or lower and failure rates and are targeted for different use cases. From Table I, we can clearly see that our polar code based schemes outperform the previous designs in terms of the error correction performance, SRAM-PUF bits and helper data bits requirements. Note that the required SRAM-PUF size could be further reduced by using punctured polar codes and increasing the list size , but at the cost of computational and memory complexity for decoder.

### V-C Adaptive Decoder

The HA-SCL decoding algorithm achieves a good performance but has higher complexity than SC decoding, as and increase, and as a consequence relatively high latency. The complexity issue of the SCL can be improved by using an adaptive decoder, which consists of two components, SC and SCL decoders. This adaptive decoder, only implements the SCL decoder and increases the value of , when the SC decoder output has an invalid hash vector.

Fig. 5 shows the comparison of complexity between the adaptive decoder, single SC decoder and single HA-SCL decoder with different . Computational complexity is defined in terms of the average number of metric update operations and in (7) and (9). The maximum is set to to ensure the reliability and security. As expected, the SC decoder has the lowest complexity with poor performance with respect to the failure rate; and the SCL decoder has higher complexity in terms of . Furthermore, we see that the average number of computations of the adaptive decoder is drastically reduced as the error probability decreases.

The adaptive decoder also reduce the effect of decoding latency, since there is very little chance to use the complex SCL decoder. Therefore, the adaptive decoder could achieve the same reliability with a single SCL decoder and provide similar computational complexity and decoding latency with a single SC decoder when is small.

## Vi Discussion

Note that another way to realize PUF-based authentication is using the code-offset construction. In this construction, a selected error correction codes is used to encode a key chosen during the enrollment phase into codeword . The helper data is defined as the offset . During the key regeneration phase, the helper data is added to a PUF authentication sequence . The decoder observe a codeword corrupted with the measurement noise , i.e., . Therefore, polar codes based code-offset construction can also be directly applied to realize a secret-sharing system with chosen secret keys.

By designing the same polar code construction, the two secret key generation schemes with the syndrome construction and code-offset construction are equivalent in terms of error correction performance but they differ in their helper data storage requirements. In particular, the syndrome construction requires less storage for the helper data. Moreover, the proposed polar codes based syndrome coding construction potentially has more applications, since the secret keys need not be known to the manufacturer, while the code-offset construction requires the key to be assigned to the PUF devices during the manufacturing process.

## Vii Conclusion

In this paper, we investigated practical secret-generation schemes based on polar code with syndrome construction that treat the SRAM-PUF observations as a codeword of a polar code and generate helper data as a syndrome of SRAM-PUFs using frozen bits of the polar code. Our simulation results show that with this approach high secret generation reliability can be achieved together with high security. Furthermore, the proposed scheme requires less SRAM-PUF bits and helper data bits compared to existing schemes, which leads to the reduction in memory requirements.

The proposed scheme has higher complexity requirements on hardware than simple algebraic codes used in the previous schemes. Therefore it can be used in the scenarios for secret key generation between small IoT devices and servers, which have sufficient resources for decoding. For future work, we intend to investigate the techniques for encoder and decoder optimization to further reduces the complexity of decoding thus making it also suitable for small IoT devices.

## Acknowledgment

This work was funded by Eurostars-2 joint programme with co-funding from the EU Horizon 2020 programme under the E! 9629 PATRIOT project.

## References

- [1] G. E. Suh and S. Devadas, “Physical unclonable functions for device authentication and secret key generation,” in 2007 44th ACM/IEEE Design Automation Conference, June 2007, pp. 9–14.
- [2] S. U. Hussain, M. Majzoobi, and F. Koushanfar, “A built-in-self-test scheme for online evaluation of physical unclonable functions and true random number generators,” IEEE Trans. on Multi-Scale Computing Systems, vol. 2, no. 1, pp. 2–16, Jan 2016.
- [3] R. Maes, P. Tuyls, and I. Verbauwhede, “Intrinsic PUFs from flip-flops on reconfigurable devices,” in 3rd Benelux workshop on information and system security, vol. 17, 2008, p. 2008.
- [4] S. S. Kumar, J. Guajardo, R. Maes, G. J. Schrijen, and P. Tuyls, “The butterfly PUF protecting IP on every FPGA,” in IEEE Int. Workshop on Hardware-Oriented Security and Trust, June 2008, pp. 67–70.
- [5] B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Silicon physical random functions,” in 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 2002, pp. 148–160.
- [6] J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls, “FPGA intrinsic PUFs and their sse for ip protection,” in Cryptographic Hardware and Embedded Systems (CHES), Vienna, Austria, 2007, pp. 63–80.
- [7] R. Maes and I. Verbauwhede, Physically unclonable functions: a study on the state of the art and future research directions, 2010, pp. 3–37.
- [8] U. M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Trans. on Inf. Theory, vol. 39, no. 3, pp. 733–742, May 1993.
- [9] R. Ahlswede and I. Csiszar, “Common randomness in information theory and cryptography. i. secret sharing,” IEEE Trans. Inf. Theory, vol. 39, no. 4, pp. 1121–1132, Jul 1993.
- [10] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: How to generate strong keys from biometrics and other noisy data,” in Int. Conf. on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004, pp. 523–540.
- [11] R. Maes, P. Tuyls, and I. Verbauwhede, “Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs,” in Cryptographic Hardware and Embedded Systems (CHES), Lausanne, Switzerland, 2009, pp. 332–347.
- [12] R. Maes, A. Van Herrewege, and I. Verbauwhede, “PUFKY: A fully functional PUF-based cryptographic key generator,” in Cryptographic Hardware and Embedded Systems (CHES), Leuven, 2012, pp. 302–319.
- [13] S. Puchinger, S. Müelich, M. M.Bossert, M. Hiller, and G. Sigl, “On error correction for physical unclonable functions,” in Int. ITG Conf. on Systems, Communications and Coding, 2015, pp. 1–6.
- [14] M. Hiller, M. D. Yu, and G. Sigl, “Cherry-picking reliable PUF bits with differential sequence coding,” IEEE Trans. on Inf. Forens. and Sec., vol. 11, no. 9, pp. 2065–2076, Sept 2016.
- [15] S. B. Korada and R. Urbanke, “Polar codes for Slepian-Wolf, Wyner-Ziv, and Gelfand-Pinsker,” in IEEE Information Theory Workshop on Information Theory (ITW), Cairo,Egypt, Jan 2010, pp. 1–5.
- [16] R. A. Chou, M. R. Bloch, and E. Abbe, “Polar coding for secret-key generation,” IEEE Trans. on Inf. Theory, vol. 61, no. 11, pp. 6213–6237, Nov 2015.
- [17] E. Arikan, “Channel polarization: A method for constructing capacity-achieving codes for symmetric binary-input memoryless channels,” IEEE Trans. Inf. Theory, vol. 55, no. 7, pp. 3051–3073, July 2009.
- [18] K. Niu and K. Chen, “CRC-aided decoding of polar codes,” IEEE Communications Letters, vol. 16, no. 10, pp. 1668–1671, October 2012.
- [19] I. Tal and A. Vardy, “List decoding of polar codes,” IEEE Trans. Inf. Theory, vol. 61, no. 5, pp. 2213–2226, May 2015.
- [20] S. C. Draper, A. Khisti, E. Martinian, A. Vetro, and J. S. Yedidia, “Using distributed source coding to secure fingerprint biometrics,” in IEEE Int. Conf. on Acoustics, Speech and Signal Processing (ICASSP), vol. 2, April 2007, pp. 129–132.
- [21] G.-J. Schrijen and V. van der Leest, “Comparative analysis of SRAM memories used as PUF primitives,” in Conf. on Design, Automation and Test in Europe, San Jose, CA, USA, 2012, pp. 1319–1324.
- [22] R. Mori and T. Tanaka, “Performance and construction of polar codes on symmetric binary-input memoryless channels,” in IEEE Int. Symp. Inf. Theory, June 2009, pp. 1496–1500.
- [23] I. Tal and A. Vardy, “How to construct polar codes,” IEEE Trans. Inf. Theory, vol. 59, no. 10, pp. 6562–6582, Oct 2013.