新一代硬件安全：第四章-物理不可克隆函数的非线性特性

Chapter 4
Nonlinearity for Physically Unclonable
Functions

4.1 Chapter Introduction
Authentication and other security schemes have, already for many decades, leveraged
the randomized manifestations of selected physical, biological, or other
phenomena. For example, biometric identification and authentication are based
on the unique patterns of fingerprints, retinas, voices, or even walking pace, and
motion [TŠK07]. For electronic circuits, the corresponding notion of physically
unclonable functions (PUFs) has been established around 2002 [Pap+02, MV10,
Her+14, CZZ17]. A PUF should exhibit a device-specific and decorrelated, yet
reproducible, output behavior. That is, even under varying environmental conditions,
the responses should be reproducible for the very same PUF instances
but should differ across different PUF instances and devices, even for the same
PUF design. The core working principle of PUFs is to leverage the process
variations inherent to microelectronics fabrication and operation and to boost these
variations purposefully. Prominent types of PUFs are ring oscillators, arbiters,
bistable rings, and memory-based PUFs [MV10, Her+14, Gan17, CZZ17]. Such
PUFs are relatively simple to implement and integrate in CMOS technology, even
for advanced processing nodes. However, for CMOS implementations of such
PUFs, the underlying variations and the related PUF properties (i.e., uniqueness,
unpredictability) can be limited and may be predicted. In fact, various attacks have
been demonstrated on CMOS PUFs, with machine learning emerging as the most
powerful approach [CZZ17, Rüh+13a, Liu+18, Gan17]. In contrast, PUFs built
from emerging technologies can be more promising, as they may leverage harder-topredict
variations and randomness of emerging technologies that often exhibit some
inherently nonlinear behavior.

第四章 物理不可克隆函数的非线性特性

4.1 简介

数十年来，身份验证相关的安全方案一直是在利用所选物理、生物等现象特征的随机化表现。
例如，生物识别和认证是基于指纹、视网膜、声音、甚至步速与运动的独特模式 [TŠK07]。
对于电子电路而言，物理不可克隆函数（PUF）的相应概念早在2002年左右就已确立[Pap+02, MV10, Her+14, CZZ17]。PUF应该具备与器件绑定、可重复且去相关的输出行为。
也就是说，对于同一个PUF实例，即使在不同的环境条件下，其输出响应也应该是可重复的；
但即使对于相同批次的PUF设计，不同的PUF器件实例之间的响应也必须不同。
PUF的核心工作原理是利用微电子制造和操作过程中固有的工艺变化，并有针对性地增强此类变化。
主流的PUF 类型包括环形振荡器、仲裁器、双稳态环和基于存储器的PUF [MV10、Her+14、Gan17、CZZ17]。 此类PUF易于通过CMOS技术实现与集成，即使对于依赖先进工艺处理的节点，亦是如此。
然而，对于此类PUF的CMOS实现，与PUF性质（即唯一性、不可预测性）相关的潜在变化是有限的，并且可预测。事实上，对CMOS PUF的各种攻击已被证实，其中最强有力的攻击利用了机器学习技术[CZZ17, Rüh+13a, Liu+18, Gan17]。相比之下，由新兴技术构建的PUF更富前景，因为新兴技术相关特性的的变化性和随机性更加难以预测，而且往往表现出内在的非线性行为。

In this chapter, we first discuss concepts for PUFs using emerging technologies.
Then, we review selected prior art of PUFs using emerging technologies. Finally,
we present a case study on plasmonics-enhanced optical PUFs.

在本章中，我们首先讨论了基于新兴技术的PUF的概念。然后，我们对部分现有的新兴PUF技术进行了回顾。最后，我们展示了一个关于等离子体增强型光学PUF的案例研究。

4.2 Concepts for Physically Unclonable Functions Using
Emerging Technologies

The desired properties for PUFs are uniqueness, unclonability, unpredictability,
reproducibility, and tamper-resilience. The following provides some background
and context for emerging technologies:

4.2 基于新兴技术的物理不可克隆函数的概念

PUF的期望性质包括唯一性、不可克隆性、不可预知性、可再现性和抗篡改性。关于PUF相关的部分新兴技术的背景描述，如下所示：

Uniqueness: For the same PUF concept and design, different instances are
expected to behave differently, i.e., to provide different responses, even for
the same inputs. Uniqueness is commonly quantified by Hamming distances
(HD) for outputs of multiple PUF instances; the ideal HD value for uniqueness
is 50%. Uniqueness is limited by the particular PUF design as well as the
device technology and inherent variations. For traditional CMOS technology,
the underlying process variations are typically well controlled, which inherently
limits CMOS-based PUFs to some degree. In contrast, by their heterogeneous
and more varied nature, emerging technologies can offer various sources of
process variations. For example, Wang et al. [WYM14] propose combining
different PUF designs for 3D ICs, and Smith et al. [SS17] leverage metallic
nanomaterials for optical tagging.

1. 唯一性：对于相同批次的PUF设计，不同的器件实例会有不同的表现行为，即使针对相同的输入，也会产生不同的输出响应。 多PUF实例输出的唯一性，通常可通过汉明距离(HD)来量化描述，唯一性的理想HD值是50%。唯一性受制于特定的PUF设计、器件技术、以及工艺制造的内在变数。对于传统的 CMOS 技术，底层工艺的不确定性通常可得到很好的控制，但在本质上，这反而在某种程度上限制了基于 CMOS 的 PUF的发展与应用。相比之下，由于其异质性以及更为丰富的不确定性质，新兴技术可以提供更多不同来源的处理变数。例如，Wang等人[WYM14]提出将不同的PUF设计结合起来用于实现3D IC，而Smith等人[SS17]则利用金属纳米材料进行光学标记。

Unpredictability: PUFs should behave truly randomly, i.e., without any bias.
This property has become more important over the years, given the rise of
powerful machine learning frameworks that are well capable of learning and
predicting various kinds of PUFs. Truly random behavior can be rooted in the
underlying device itself; emerging technologies appear promising toward that
end, as demonstrated in more detail in this chapter as well as in Chap. 5.

2. 不可预知性：PUF的行为表现应该满足真随机性，即没有任何规律可循。多年来，随着机器学习技术的兴起，攻击者可利用某些强大的机器学习技术框架较为有效地学习和预测各种PUF的行为，所以不可预知性对PUF而言尤为重要。对于新兴器件而言，其先进性在于真随机性可根植与器件本身的内在特性，关于这一点我们将本章和第五章中详细说明。

Unclonability:This is the key property for PUFs. It represents a somewhat
abstract property by itself, but its practical implications are to be carefully studied
for any particular PUF of interest. More specifically, unclonability bifurcates into
(1) physical unclonability, as in impossibility to manufacture the very same PUF
instance multiple times, and (2) mathematical unclonability, as in impossibility
to fully model the behavior of a particular PUF instance. Truly unclonable PUFs
need to fulfill both aspects, and there are few PUF approaches or technologies
that may truly meet these aspects (e.g., those based on quantum physics).
Nevertheless, the resilience of particular PUFs can be extraordinary in practice,
which is then often considered sufficient for most security requirements. With
the help of emerging technologies, the notion of unclonability may be improved
over state-of-the-art CMOS-based PUFs. For example, memristors make good
candidates for PUFs, given their underlying stochastic operation with nonlinear
conductance variations and post-manufacturing tunability [Nil+18].

3. 不可克隆性： 这是PUF的关键性质。它本身是一个较为抽象的性质，但其实际意义要结合具体PUF技术具体分析得出。具体而言，不可克隆性可分为 (1) 物理不可克隆性，即不可能重复制造出相同的PUF实例，以及(2)数学不可克隆性，即不可能针对特定PUF实例的行为进行完整建模。真正的不可克隆PUF 需要同时满足这两方面的要求，而安全能满足此条件的PUF技术（例如，基于量子物理学的方法）却少之又少。然而，在具体实践中，PUF都表现出了卓越的抵抗攻击的韧性，通常可认为足以应对大多数安全需求。借助新兴技术，PUF的不可克隆性能比先进的CMOS技术还要更上一层楼。如[Nil+18]中所述，由于忆阻器在非线性电导率变化和制造后可调谐方面具备随机可操作性，使之成为PUF的首选。

Reproducibility: This property can also be understood as reliability, i.e.,
whether one is able to observe the same response/behavior for the same
PUF instance. Reproducibility is commonly quantified by HD for the same
PUF instance; the ideal HD for reproducibility is 0%. Reproducibility can be
significantly undermined by ambient conditions, like temperature and voltage
variations or electromagnetic interference, but also by time-dependent phenomena
like aging of the underlying devices. These concerns are prominent already
for CMOS-based PUFs and, depending on the maturity of the manufacturing
processes, even more so for emerging technologies. Still, this statement cannot
be generalized and each PUF design has to be studied for reproducibility.

4. 可再现性： 这一属性也可以理解为可靠性，即人们是否能够重复观察到同一PUF实例的相同响应与行为。PUF实例。可再现性通常是通过同一PUF实例的汉明距离来量化的，PUF的理想汉明距离是0%。 诸如温度、电压变动和电磁干扰等环境条件，以及基础器件老化等时间相关因素，都会极大影响可在再现性。基于CMOS的PUF深受这些问题的困扰，而新兴技术由于受制于工艺的成熟度，可能更有甚之。然而对于具体PUF类型的可再现性却不能一概而论，要根据其设计具体问题具体分析。

Tamper-resilience: This property is typically understood as follows. Any
tampering of a PUF instance is likely to affect the PUF itself; such tampering
should in principal be detectable through alterations of the PUF behavior.
Still, tampering would naturally impact the other properties as well, and it is
important to understand which type and degree of tampering would undermine
these properties without being readily detectable. For example, fault injection
is a concern for most CMOS-based PUFs, where the attacker has relatively
good control of the degree of faults and resulting bias being introduced for
the PUFs, which can allow an attacker to subsequently better learn the PUFs’
behavior [Taj17]. Some emerging technologies, like phase change memories, can
offer inherent tamper-resilience as well [Rah+17].

5. 抗篡改性: 这一属性通常可被理解为对PUF实例的任何
   篡改很可能会影响到PUF本身，这种篡改原则上可通过检测PUF行为的变化来识别。
   不过，对PUF的篡改也自然会影响PUF的其他属性，关键是要了解哪种类型和程度的篡改会破坏这些属性而又不容易被发现。例如，故障注入是大多数基于CMOS的PUF应关注的问题，因为攻击者可以较为精准地控制对PUF造成的故障的危害程度以及由此产生的数据偏差，这使得攻击者可更好地学习和理解PUF的行为[Taj17]。一些新兴的技术，如相变存储器，可提供内在的防篡改能力[Rah+17]。

Most if not all PUF implementations, irrespective of whether they are based on
CMOS or emerging technologies, have some limitations for these properties. Still,
emerging technologies appear more promising than CMOS technology to meet these
properties, albeit with inherent trade-offs becoming more relevant. For example,
process variations tend to be more pronounced for most emerging technologies—
such stronger variations serve well for uniqueness/entropy of PUFs, but may hinder
reproducibility at the same time. Overall, any PUF design, irrespective of their
use of CMOS or some emerging technology, requires detailed studies, initially
for the conceptual and simulation level as well as subsequently for prototypes and
measurements.

大多数PUF的实现，无论是基于CMOS还是新兴技术，对于上述五个维度的性质的满足都存在一些的局限。尽管对PUF而言，这些性质间的取舍平衡更为关键，但新兴技术总体而言比CMOS技术更有希望满足这些性质。例如，
对于大多数新兴技术而言，工艺处理导致的变化往往更加显著，这种较强的变化有助于提升PUF的唯一性，
但同时也会对可再现性带来负面影响。总体而言，对于任何PUF的设计，无论是使用CMOS或新兴技术，都需要进行详细的研究，包括最初的概念建模与仿真以及后续的原型构建和度量。

4.3 Review of Selected Emerging Technologies and Prior Art
4.3.1 Memristive Devices
The potential for using memristors toward hardware security schemes has been
recognized already some years ago, e.g., for PUFs leveraging the process variations
and the stochastic operation of memristors in 2013 [Ros+13].

4.3 对所选新兴技术和现有技术的回顾

4.3.1 忆阻器件

将忆阻器在硬件安全方面的潜力在几年前就得到了业界的认可，例如，在2013年， [Ros+13]中描述了利用工艺处理变化和忆阻器随机运行机制的PUF的方案。

More recently, another memristive device-based PUF has been proposed
[Nil+18], which leverages the nonlinear I-V characteristics of memristors
(“pinched hysteresis”) and applies analogue tuning of the memristor conductance.
This is done to increase the performance and practicality of such PUFs and to
reduce the complexity of the peripheral circuitry. The authors of [Nil+18] provided
an experimental demonstration and measurement results for their PUF concept.
More specifically, their demonstrated circuit uses two vertically integrated 10 × 10
metal oxide memristive crossbar circuits (Fig. 4.1). As with memristor devices in general, the manufacturing is compatible with back-end-of-line processing along
with regular CMOS manufacturing. The measurement results indicate a uniqueness
near ideal 50%, as well as high reproducibility or low bit-error rates (1.5 ± 1%).
The authors furthermore conduct machine learning-based attacks, indicating strong
resilience against such attacks as well (owing to the underlying nonlinearities).

最近，有人提出了另一种基于忆阻器的PUF [Nil+18]，它利用了忆阻器的非线性I-V特性 (“夹滞滞后”)，并应用了忆阻器电导率的模拟调谐。这样做是为了提高这种PUF的性能和实用性，并减少外围电路的复杂性。[Nil+18]的作者还为其PUF概念提供了一个实验演示和测量结果。具体而言，他们使用垂直集成的10×10 金属氧化物忆阻器阵列构成交叉开关（crossbar）电路（图4.1）。与一般的忆阻器件一样，其制造流程兼容与后道工序与常规CMOS的制造工序。测量结果表明，其唯一性接近理想值的50%，同时具有高可再现性与低比特错误率（1.5±1%）。作者进一步实施了基于机器学习的攻击，实验结果表明，得益于忆阻器的非线性特性，该PUF对机器学习类攻击具有很强的防护韧性。

Fig. 4.1 Concept of a memristive crossbar PUF, as proposed in [Nil+18].
Memristors are embedded at the junctions of rows and columns

图4.1 [Nil+18] 中提出的忆阻交叉阵列 PUF 的概念。其中，忆阻器嵌入在行和列的交界处。

4.3.2 Carbon Nanotube Devices
In [LHH18], the authors propose PUFs that leverage the manufacturing variability of
CNTs, along with the notion of Lorenz chaotic systems. The latter serves to enhance
the decorrelation of inputs and outputs and, thus, renders these PUFs more resilient
against machine learning attacks.

4.3.2 碳纳米管器件

在[LHH18]中，作者提出了利用CNT的制造变异性的PUF以及洛伦兹混沌系统的概念。
后者的作用是增强输入和输出的去相关性，从而使此类PUF在对抗机器学习攻击方面更富韧性。

More specifically, the authors propose a crossbar structure with CNTs at its
heart and their imperfections serving as a source of randomness. The crossbar
structure is augmented with digital to analog converters (DACs) for inputs and
vice versa for outputs, as well as current measurement and comparator circuitry
(Fig. 4.2). Accordingly, the input/output behavior is mapped from the digital domain
to the physical, as threshold-driven currents through imperfect CNTs, and back for
evaluation. While this basic crossbar structure is difficult to clone by manufacturing,
it is relatively easy to clone by modeling. Accordingly, an important subsequent
stage is a Lorenz chaotic system module, which introduces the necessary resilience
against machine learning attacks and others. A Lorenz chaotic system exaggerates
the differences for output response across similar inputs. The strength/degree of this chaotic behavior is dictated by the system parameters; for better resilience, the
authors derive these from the intermediate response coming from the CNT crossbar
structure itself. In their experimental evaluation, the authors demonstrate that such
a compound scheme (which could be well leveraged for other devices aside from
CNT crossbar structures) limits various machine learning models to around 55% bit
prediction, which is only marginally better than random guessing.

具体而言，作者提出了一个以CNT为核心的交叉（crossbar）结构，并以其不完美作为随机性的来源。该交叉结构的输入端有数模转换器（DAC），输出端有与之对应的模数转换器，还包括电流测量和比较器电路(图4.2)。由此，输入/输出行为将从数字领域映射到物理领域，并以阈值驱动电流的形式通过不完美的CNT，然后再返回进行测量评估。虽然这种基本的交叉结构很难通过制造来克隆，但通过建模则相对容易克隆。 因此，后续处理的关键需要依赖洛伦兹混沌系统模块，它可提供针对机器学习类攻击的防御韧性。洛伦兹混沌系统放大了雷同输入信号所对应输出响应的差异，这种混沌行为的强度与程度可由系统参数决定；为了获得更好的韧性，作者从CNT交叉结构自身的中间响应中得出这些参数。在其实验评估中，作者证明了这种复合方案（除了CNT交叉结构外，还适用于其他器件）将各种机器学习模型限制在55%左右的比特预测范围内，只比随机猜测稍好。

Fig. 4.2 Concept of a CNT crossbar PUF, along with signal processing based on
Lorenz chaotic system, as proposed in [LHH18]. CNTs are embedded at the junctions
of rows and columns. DACs and ADCs, along with comparator circuitry, are used
for challenging and reading the PUF

图 4.2 [LHH18]中所提出的，基于洛伦兹混沌系统的信号处理的CNT交叉结构PUF的概念。其中，CNT嵌入在行和列的交界处，DAC和ADC以及比较器电路用于挑战和读取PUF。

Aside from the particular PUF proposal above, we note that in [Rah+17], the
authors review the use of CNTs for PUFs, TRNGs, and also propose the technology
to be used for novel sensors for detecting microprobing or other invasive attacks.

除了上述特定的PUF提议之外，我们还注意到在[Rah+17]中作者回顾了CNT在PUF、TRNG中的应用，还提出了可用于检测微探测等其他入侵性攻击的新型传感器技术。

4.3.3 3D Integration
The integration of multiple chips into 3D/2.5D stacks—discussed in more detail in
Chap. 6—also seems beneficial for advancing the notion of PUFs. This is because
the individual chips/active layers within such stacks are subject to independent
process variations. One can build up PUFs that combine these multiple sources of
entropy at the 3D/2.5D system level, along with additional coupling effects arising
for 3D/2.5D stacks as well.

4.3.3 3D集成

将多个芯片集成到3D/2.5D堆栈中（第6章中将有更详细的讨论），似乎也有利于推进PUF的技术概念。这是因为这些堆栈中的各个芯片/有源层都受工艺处理中若干独立变化因素影响。我们可以通过在3D/2.5D系统层面上结合这些多源熵以及3D/2.5D堆栈的额外耦合效应来构建PUF。

Fig. 4.3 Ring oscillator PUFs. (a) Regular structure, implemented in 2D ICs. (b) Advanced
structure, implemented in 3D ICs, as proposed in [Wan+15a]. The oscillator comprises active
devices across multiple chips (dashed boxes) as well as TSVs (cylinders), which all contribute their
individual variations. Furthermore, there are coupling phenomena across the oscillator components
(arrows)

图 4.3 环形振荡器PUFs。(a) 常规结构，在2D集成电路中实现。(b) [Wan+15a]中提出的高级
结构，在3D集成电路中实现。振荡器由跨越多个芯片（图中虚线框）和TSV（图中圆柱体）的有源器件组成，其中每个器件都贡献了自身的变化。此外，振荡器组件之间还存在着耦合现象(耦合关系如图中箭头所示)

For example, in [WYM14, Wan+15a], two such schemes have been proposed.
These schemes are based on ring oscillators [Wan+15a] (Fig. 4.3) and clock-skew
arbiter structures [WYM14], respectively. While generic in principle, the scheme
in [WYM14] suggests 3D integration as a particularly promising implementation
option, whereas [Wan+15a] explicitly leverages, aside from regular process variations,
the process variations of through-silicon vias (TSVs), i.e., large metal plugs
running through chips in their entirety, to interconnect these chips across the 3D
stack. Based on technology simulation, the authors of [Wan+15a] find that their
scheme improves both uniqueness as well as reproducibility, i.e., when compared to
various other PUF architectures implemented in regular 2D ICs.

例如，在[WYM14, Wan+15a]中已经提出了两个此类的方案，这两个方案分别基于环形振荡器[Wan+15a]（图4.3）和时钟偏移仲裁器结构[WYM14]。 虽然在原则上是通用的，但[WYM14]中的方案表明3D集成是特别有前途的实施方案。而[Wan+15a]中的方案除了利用常规的工艺变化外，还明确利用了硅通孔（TSV）处理的工艺变化（硅通孔即贯穿整个芯片的大型金属插头，以使这些芯片在三维堆栈中互连）。通过技术模拟，[Wan+15a]的作者发现相较于其他基于普通2D集成的PUF架构，其方案对PUF的唯一性和可再现性有显著增强。

Although promising in principle, these studies did not consider state-of-the-art
machine learning attacks. While one may expect some increase of resilience from
the compounding action of multiple entropy sources, the key question is whether
such entropy is only linearly superimposed or intertwined in a more complex
manner. Given the fact that there are various physical phenomena in 3D/2.5D stacks
that are intertwined across chips/layers (e.g., various coupling effects for TSVs,
active devices, substrate, wires across the stack; nonlinear heat conduction paths
due to heterogeneous material composition; thermo-mechanical stress induced by
TSVs that impacts carrier mobility; et cetera), there is some promise, but detailed
studies are required in any case.

尽管在理论上颇具前景，但这些研究并没有考虑最先进的机器学习攻击。虽然研究人员期望可从多个熵源的复合作用中获得一些额外的防护韧性，但关键问题在于确定这些熵的结合是线性叠加，还是以更复杂的方式交织在一起的。 鉴于在3D/2.5D堆栈中存在跨芯片与跨层的多种物理现象交叠，（例如TSV、有源器件、基板、跨堆栈的导线的各种耦合效应；由于异质材料组合而产生的非线性热传导路径；影响载流子移动性的热机械应力等等），因此利用多熵源的组合来增强防护韧性具有一定的技术前景，但无论如何还需要进一步深入研究。

4.3.4 Optical Devices
There are various studies as well as prototypes for PUFs based on optical phenomena
[Pap+02, Rüh+13b, TŠ07, MV10, Gru+17b]. The most commonly pursued
approach is to manufacture an “optical token.” In addition to structural variations
inherently present in the optical media of the tokens, these may further contain randomly
included materials, e.g., microscopic particles. The fundamental underlying
phenomena of an optical PUF are scattering, reflection, coupling, and absorption of
light within the optical token. Depending on the materials used for the token and the
inclusions, as well as the design and structure of the token itself, these phenomena
can be highly nonlinear and chaotic by nature [Gru+17b, KZ12].

4.3.4 光学器件

[Pap+02, Rüh+13b, TŠ07, MV10, Gru+17b]中提供了各种基于光学现象的PUF的研究与原型。
对于光学PUF的构建，最常见的方法是制造一个 “光学标记”。在此类光学标记中，除了包含光媒介内在的结构变化之外，还可以进一步包含诸如微观粒子等随机性材料。光学PUF所依赖的基本物理现象是光线在光学标记内的散射、反射、耦合和吸收。这些现象在本质上是高度非线性和混沌的，具体取决于标记的构成材料和内含物 [Gru+17b, KZ12]。

In 2002—for the very first PUF proposal in the literature—Pappu et al.
[Pap+02] devised an optical token from transparent epoxy with randomly inserted,
micrometer-sized glass spheres. That token was illuminated by an external laser,
whereupon the resulting speckle pattern was visually recorded, filtered, and
digitized (Fig. 4.4). In 2013, Rührmair et al. [Rüh+13b] first replicated and
confirmed the findings by Pappu et al. and then prototyped an integrated optical
PUF based on the same working principle. Tuyls et al. [TŠ07] discussed integrated
optical PUFs in 2017, albeit only in theory, without any experimental evaluation.
Also in 2017, Grubel et al. [Gru+17b] demonstrated a resonator-based PUF with
pseudo-randomized structures but with inherently nonlinear behavior, due to the
use of silicon as optical medium.

Pappu等人在2002年提出了有史以来第一个正式记录在案的PUF概念[Pap+02]。在该方案中，其设计了一个透明环氧树脂材质的标记，且其中随机插入了微米大小的球状玻璃。该标记经由外部激光照射可产生可视、可过滤、可数字化的斑点状图案 (图 4.4)。在2013年，Rührmair等人首先复现并证实了Pappu等人的研究成果，然后基于相同的工作原理构建了一个集成光学PUF原型[Rüh+13b]。在2017年，Tuyls等人也讨论了集成光学PUF [TŠ07]，但该研究仅停留在理论层面，没有任何实验评估。同样在2017年，Grubel等人展示了一种基于谐振器的PUF [Gru+17b]，该PUF拥有伪随机结构，但由于使用硅作为光学介质，它也具备内在的非线性行为。

Prior art on optical PUFs has some practical limitations, e.g., the use of linear
media, external and exposed optical tokens, the need for complex and sensitive
setups, or the need to customize manufacturing steps for different PUF tokens.
More specifically, concerning the early works on external optical PUFs [Pap+02,
Rüh+13b], a major shortcoming is the use of linear materials that can be modeled
[Rüh+13b]. Furthermore, their respective setups are relatively complex. Thus,
these PUFs are not only sensitive to environmental parameters like variations of temperature and supply voltages, which is the case for any type of PUF, but also to
mechanical vibrations, laser alignment, etc. Besides, exposing the token can result in
wear and tear; an external PUF may become irreproducible after some time. Even
more concerning, an external PUF can arguably never be completely trusted—an
attacker can take hold of the token and, subsequently, (a) reuse it for authenticating
of counterfeit chips, or (b) explore its challenge-response behavior for modeling
attacks. The more recent waveguide PUF [Gru+17b], while certainly an advancement,
still has limitations. For one, it requires sophisticated external optoelectronic
components, e.g., pulse pattern generators and programmable spectral filters. For
another, this PUF relies on pseudo-randomized structures within the resonator;
this requires customizing the manufacturing steps for different PUFs that may be
impractical.

基于现有技术的光学PUF在实际应用中存在一些局限性，例如使用线性介质、对外暴露的光学标记、依赖高度复杂和敏感的安装设置，或必须为不同的PUF令牌定制制造步骤。具体而言，早期外部光学PUF [Pap+02,Rüh+13b]的一个关键缺陷是采用可被建模的线性材料[Rüh+13b]。此外，这些早期的外部PUF的安装设置也相对复杂，不仅对任何类型PUF都会涉及的通用的环境参数敏感，如温度和电源电压的变化等，还会受机械振动、激光对准等因素的影响。而且，PUF对外暴露会导致磨损，使得器件在使用一段时间后逐渐丧失“可再现性”。更有甚之，外部PUF的可信性存在硬伤，攻击者可以控制令牌，然后将之用于伪造芯片的验证，或者探究其挑战-响应行为，用以模拟攻击。相比而言，最近的波导PUF [Gru+17b]虽然有所进步，但仍然存在局限性。其一，它需要复杂的外部光电元器件，如脉冲模式发生器和可编程光谱过滤器；其二，这种PUF依赖于谐振器内的伪随机结构，需要为不同的PUF定制制造步骤，这是不切实际的。

Fig. 4.4 Concept for an optical PUF, as proposed in [Pap+02] and verified in [Rüh+13b]
图 4.4 [Pap+02]中提出并在[Rüh+13b]中验证的光学PUF的概念

4.4.3.3 Uniqueness and Reproducibility
Two further key properties for any PUF are uniqueness and reproducibility [MV10].
Both uniqueness and reproducibility are to be measured on pairs of PUF outputs
resulting from the same challenge. Uniqueness describes the difference of outputs
across two PUF instances, whereas reproducibility describes the similarity of
outputs for the same PUF instance, but under different operating conditions.
Therefore, reproducibility can also be thought of as reliability. The FHD, short for
fractional Hamming distance, is used to quantify both properties.

4.4.3.3 唯一性与可再现性

PUF的另外两个关键性质是唯一性和可再现性[MV10]。PUF的唯一性和可再现性要根据同一对挑战和响应信息进行测量评估。唯一性描述了两个PUF实例的输出差异，而可再现性则描述了同一PUF实例在不同操作条件下的输出相似性。因此，可再现性也可以被认为是可靠性，分数汉明距离（FHD）可用于量化这两种性质。

Regarding FHD for uniqueness, also known as inter-FHD, the ideal value is 50%;
regarding FHD for reproducibility, also known as intra-FHD, the ideal value is 0%.
Since the inter- and intra-FHD can vary depending on the applied challenge/helper
data, Knechtel et al. report Gaussian FHD distributions along with their histograms,
mean values μ, and standard deviations σ, as suggested in [MV10]. It is important
to note that deviations from ideal inter-/intra-FHD values are tolerable as long as
their distributions remain reasonably separated.

唯一性的FHD也被称为片间FHD（inter-FHD），其理想取值是50%，而对于可再现性的FHD，也被称为片内FHD( intra-FHD)，理想取值是 0%。由于片间FHD和片内FHD的变化取决于所应用的挑战和帮助数据，Knechtel 等人在 [MV10] 中报告了FHD 的高斯分布及其直方图、平均值 μ 和标准差 σ。值得注意的是，片内与片间FHD与理想取值的偏差只要在合理分布范围内，就是可以容忍的。

Next, peo-PUFs are investigated for two critical operation parameters, namely
input pulse width and ambient temperature.

接下来，我们将研究 peo-PUF 的两个关键操作参数，即输入脉冲宽度和环境温度。

Knechtel et al. contrast the FHD distribution for different pulse widths in
Fig. 4.10. That is, the authors assume that the input may exhibit some noise which
peo-PUFs should be able to tolerate, at least to some degree. More specifically, the
authors consider the scenario Pulse100fs versus Pulse 50fs as tolerable fluctuations
for one and the same input challenge, i.e., concerning reproducibility and intra-
FHD. Another scenario, Pulse200fs versus Pulse50fs, is considered as comparing
two different peo-PUFs with different laser setups, i.e., concerning uniqueness and
inter-FHD. Now, from Fig. 4.10, one can note that the FHD distributions for these
two scenarios are clearly distinct. Hence, the peo-PUFs are (a) reproducible for
small input variations, around 50 fs, and (b) unique for different laser setups.

在图 4.10中，Knechtel 等人对比了不同脉冲宽度的 FHD 分布，即作者假设在一定程度上，peo-PUF 应该能够容忍一些输入信号噪声。具体而言，对于可再现性指标（片内FHD），作者将100飞秒与50飞秒脉冲的对比场景视为对同一个输入挑战的可容忍波动。而200飞秒与50飞秒脉冲的对比场景，则被用于比较两种不同的 peo-PUF（具有不同的激光设置）的唯一性指标（片间FHD）。从图 4.10中可以看出这两种场景下的FHD分布截然不同。由此，可以得出： (a) peo-PUF在的输入变动较小的情况下（大约50飞秒）仍能保持可重现性； (b) 不同激光设置下的peo-PUF是独一无二的，即可保证唯一性。

Fig. 4.10 Intra- and inter-FHD for different input pulses

图 4.10 不同输入脉冲下的片内与片间FHD

Fig. 4.11 Intra-FHD for different ambient temperatures but for the same peo-PUF, versus inter-
FHD for different peo-PUFs. For the latter, note that the underlying spectra are provided in Fig. 4.9

图 4.11 相同 peo-PUF在不同环境温度下片内FHD 与不同 peo-PUF 的片间FHD。其中，不同 peo-PUF的基础光谱提供可参见图4.9。

The ambient temperature impacts the reproducibility of most, if not all, types
of PUFs [MV10, CZZ17, Her+14]. In Fig. 4.11, the intra-FHD for the same peo-
PUF (with one gold NP) is contrasted at 300K versus 350K ambient temperature,
after applying correlation-based shifting of the wavelength spectra. While one
can observe more noise than in the case for the reproducibility under input pulse
fluctuations, the intra-FHD distribution still remains separated from another inter-
FHD distribution (Si5umAu60nm versus Si5um) that was obtained from different
peo-PUFs. Hence, peo-PUFs can tolerate some temperature fluctuations, although
further compensation measures may be required in practice, where other noises such
as voltage glitches may play some role as well.

参见[MV10、CZZ17、Her+14]，环境温度会影响大多数类型PUF的可再现性 。
在图 4.11 中，针对同一个PUF（内含一个黄金纳米粒子），在应用了基于相关性的波长光谱偏移后，进一步对比了其在 300K 和 350K 环境温度下的片内FHD。当观测到相对于输入脉冲波动场景可再现性指标出现更多噪声的同时，片内FHD的分布依然与从两个不同peo-PUF （其设置分别是Si5umAu60nm与 Si5um）对比获取的片间FHD的分布保持了差异。因此，peo-PUF确实可容忍某种程度的温度波动，尽管该技术在实际应用中还需要采取额外的补偿措施 ，包括考虑诸如电压故障等噪声信号的影响。

Fig. 4.12 Inter-FHD for five NPs. The underlying spectra are provided in Fig. 4.13
图 4.12 基于五个纳米粒子的片间FHD，相关光谱可参见图4.13。

Regarding uniqueness, besides the configurations already covered in Figs. 4.10
and 4.11, Knechtel et al. investigated further peo-PUFs. In Fig. 4.12, the authors
provide three inter-FHD distributions for exemplary arrangements of five NPs. The
mean values range from 0.4 to 0.56, with reasonably low standard deviations of
0.03. The distributions attest to the potential for strong uniqueness of peo-PUFs. It
should be emphasized again that, in reality, considerably more number of NPs will
be present. Therefore, the inter-FHD distributions and uniqueness can be expected
to improve even further. The transmission plots as well as one arrangement of NPs
related to Fig. 4.12 are illustrated in Fig. 4.13. Note that most of the NPs were placed
in the middle of the SDR (inset Fig. 4.13b), where the interaction of the propagating
photonic mode with NPs is relatively weak. This interaction can be largely enhanced
through simple manufacturing means, e.g., by placing a metallic scatterer inside the
SDR, to raise the uniqueness of peo-PUFs even further

关于唯一性，除了图4.10与4.11中已经涵盖的构型外，Knechtel等人还进一步研究了peo-PUF。在图4.12中，
作者展示了由五个纳米粒子的典型组合所构成的peo-PUF的三组片间PHD分布对比，其均值范围为0.4 ~ 0.56，标准差较为
理想，取值为0.03。该分布证实了peo-PUF具有强唯一性的潜质。值得再次强调的是，在现实中peo-PUF的组成将包含更多
的纳米粒子，这会在更大程度上改善片间FHD的分布指标并增强了唯一性。传播曲线以及图4.12中纳米粒子的组合情况可参见
图4.13。请注意，大多数纳米粒子都被放置于硅基圆盘谐振器（SDR）的中间(见图4.13b)，其中光子传播模式与纳米粒子间的相互作用较弱。这种相互作用可以通过简单的制造方法得到极大的增强，例如，在硅基圆盘谐振器（SDR）中放置一个金属散射器，这将进一步提升
peo-PUF的唯一性指标。

4.5 Closing Remarks
PUFs have become increasingly important for applications ranging from key
generation and authentication to cryptographic protocols like oblivious transfer and
multi-party computation [GAA20]. Hence, it is important to examine their key properties of unpredictability, unclonability, uniqueness, reproducibility, and tamper resilience and assess their shortcomings against upcoming machine learning-based
attacks. This chapter expounded on the problem of limited randomness in CMOSbased PUFs, which can be addressed by adopting emerging technologies that
have proved to be more promising with regard to their intrinsic entropy and
nonlinearity. This chapter further shed light on some seminal emerging technologybased PUF implementations in the literature and presented a detailed case study on a plasmonics-enhanced optical PUF, which works on the principle of (1) light
propagation in a silicon disk resonator and (2) surface plasmon generation from
nanoparticles arranged randomly on top of the resonator.

Fig. 4.13 Transmission plots
for different peo-PUF tokens
with five NPs. The red, blue,
and green curves correspond
to the setups
Si5umAu60nm(5),
Si5umTiN60nm(5), and
Si5umTiN(5), respectively, as
described in Table 4.1. The
inset in (b) shows the spatial
arrangement of NPs for
Si5umTiN60nm(5), with NPs
labeled as “metal disk”

图 4.13 具有五个纳米粒子的不同peo-PUF的传播曲线。如表4.1所示，红色、蓝色与绿色曲线分别对应的设置为
Si5umAu60nm (5),Si5umTiN60nm (5)与Si5umTiN(5)。其中，(b)中的插图显示了Si5umTiN60nm(5)中纳米粒子的空间排列，
这些纳米粒子在图中被标记为"金属盘"(metal disk)。

4.5 结束语

PUF已经变得越来越重要，应用范围从密钥生成和验证加密协议，例如不经意传输（oblivious transfer）和多方计算[GAA20]。
因此，重点是要审视PUF的不可预测性、不可克隆性、唯一性、可再现性和防篡改性等关键性质，并针对即将到来的基于机器学习攻击评估其技术短板。本章阐述了基于CMOS的PUF中的有限随机性问题，该问题可通过一系列新兴技术来解决，这些技术得益于其内在熵和非线性特性，因此更富前景。本章进一步阐述了文献中所提到的一些基于开创性新兴技术的PUF实现，并详细介绍了一个关于等离子体增强（plasmonics-enhanced）光学PUF的研究案例。该案例的工作原理为：(1)光线在硅盘振荡器中传播 ，(2)表面等离子体从随机排列在振荡器顶部的纳米粒子中产生。

三级标题

四级标题

五级标题

六级标题