/
gong18pitfall

gong18pitfall

Owned by Sara Faour
May 01, 2025
6 min read

Title of the paper: Pitfall of the Strongest Cells in Static Random Access Memory Physical Unclonable Functions

Available at: https://www.mdpi.com/1424-8220/18/6/1776

(This works is the most similar work to TMVS in terms of developing a repetition code-like algorithm than has less entropy loss)

Abstract

Static Random Access Memory (SRAM) Physical Unclonable Functions (PUFs) are some
of the most popular PUFs that provide a highly-secured solution for secret key storage. Given that
PUF responses are noisy, the key reconstruction must use error correcting code (ECC) to reduce the
noise. Repetition code is widely used in resource constrained systems as it is concise and lightweight,
however, research has shown that repetition codes can lead to information leakage. In this paper we
found that the strongest cell distribution in a SRAM array may leak information of the responses of
SRAM PUF when the repetition code is directly applied. Experimentally, on an ASIC platform with
the HHGRACE 0.13 m process, we recovered 8.3% of the measured response using the strongest
cells revealed by the helper data, and we finally obtained a clone response 79% similar to weak
response using the public helper data. We therefore propose Error Resistant Fuzzy Extractor (ERFE),
a 4-bit error tolerant fuzzy extractor, that extracts the value of the sum of the responses as a unique
key and reduces the failure rate to 1.8 x 10-8 with 256 bit entropy.

Introduction

(very relevant introduction)

Repetition code is simple, efficient, and requires only a small number of logic cells, being generally used as outer code to decrease the error rate of measured responses.

Koeberl et al. studied the entropy characteristics of PUFs [15]. They found that using repetition
codes would reduce the leftover entropy to zero when the entropy of the PUF responses was less than
66%. Since a small decrease in PUF entropy can result in zero leftover entropy, high entropy is required
in PUF design and application. The authors theoretically showed the risk of low entropy, but they did
not provide scenarios with low entropy or the factors that may decrease the entropy.

(physical attacks: side-channel attacks and fault injection attacks)

Delvaux et al. attacked the arbiter PUF using side channel modeling [19] and found that the
physical information leaked in the side channel attack could be used to train the ML algorithm,
resulting in higher ML prediction accuracy.
Helfmeier et al. proposed a method of cloning the responses of a SRAM using a focused ion beam
(FIB) [20]. By learning the characteristic parameters of the SRAM array, they trained the corresponding
transistors on the target SRAM using FIB, so that the target SRAM had the same responses as the
cloned SRAM. This cloning method requires the use of expensive and complex FIB devices, and hence
complicating the cloning of the responses of a large SRAM array.


Xiao et al. found that strong cells exist in SRAM arrays. Cells having the same response during
every power-on are strong cells and they proposed a scheme of extracting strong cells as a PUF key [21].
This PUF uses a strong cell with low bit error rate, significantly decreasing the overhead of the error
correcting code.

In this paper, we analyze the distribution of the SRAM power-on values. We found that SRAM
PUFs have weak responses when a repetition code is directly used, and the distribution of the strongest
cells in the SRAM array further reduces the leftover entropy of the PUF. Using the helper data generated by the repetition code, combined with the distribution of the strongest cells, we recovered 8.3% of the data from the responses of the SRAM PUF. The information leakage of the PUF caused by weak
responses and strongest cell distribution led to zero leftover entropy [15]. In addition, we propose
Error Resistant Fuzzy Extractor (ERFE), a lightweight extractor that does not leak the information of
the strongest cells.

Related Work

Definition of repetition code

The repetition code Crep(n, k, t) [16], where n
is the length of the input data, k is the dimension of the input data and t is the number of errors it can
correct, can be implemented with only 2 (n - 1) exclusive OR (XOR) gates. Therefore, repetition
code is very efficient for use in PUFs as one of the error correction codes.

Definition of Entropy

image-20250501-181802.png

Cloning SRAM Power-on Value

image-20250501-181723.png

3.2. Effect of Strongest Cell Distribution in a SRAM Array on PUF Security

The correlation between cell S(i,j) and its closest cells is higher than with cells farther away: i is
the row number of SRAM array and j is the column number. The correlation decreases with increasing
distance. It is highly probably that a strongest cell is surrounded by cells with the same power-on
value. According to this feature, we designed the following recovery algorithm.

Proposed New Fuzzy Extractor

image-20250501-182839.png
image-20250501-182853.png
image-20250501-182927.png
image-20250501-183007.png
image-20250501-183317.png
image-20250501-183617.png
image-20250501-183900.png
image-20250501-183955.png
image-20250501-184221.png

Experiment and Analysis

Leakage of Strongest Cells:

In this experiment, let Tth = 0.9, meaning a cell with Ph < 0.1 and Ph > 0.9 is a strong cell.

image-20250501-184754.png

Based on the clone matrix obtained from the weak response, the similarity increased by 8.3%, 5.9%
and 7.7% respectively. Moreover, the greater the strongest-cells exist in the SRAM array, the greater the
similarity increase.
Notably, the above repair process can be performed only when the cloned matrix and SRAM
array meet the relationship shown in Figure 4. The strongest cells distribution characteristics also fully
or partially appears in matrix E.

Results of ERFE

image-20250501-185019.png
image-20250501-185227.png

(chatgpt analysis: During this process, 128 bits of entropy are lost — possibly due to noise, bias in the PUF, or the cost of making the output key uniformly random and secure.)

ERFE almost requires the same slice resources as repetition code as shown in Table 7. However,
the BCH algorithms themselves are much more complex: thus, that their hardware complexity is
expected to be similarly higher. We estimate that ERFE is much more efficient than Hard FE in terms
of hardware resource requirements. Our proposed ERFE is space efficient and suitable for use in
resources-limited device such as Radio Frequency Identification (RFID) and IoT and so on.

Conclusion

In this paper, we analyzed the physical challenge space of SRAM PUFs, and found a weak response
in the SRAM PUF based on a repetition code. The presence of strongest cells in SRAM can cause public
helper data generated by a repetition code to leak more information about the responses. Using the
helper data generated by the weak responses, the leftover entropy of PUF was zero. Our research
experimentally confirmed that the pitfall of using repetition codes [15 ] exists, and the distribution of
strongest cells causes helper data to reveal more information about PUFs’ responses, which further
decreases the leftover entropy of the PUF based on repetition codes. We proposed ERFE which does not
leak information of the strongest cells. ERFE uses cells’ sum value as the key with 4-bit error tolerance
ability. ERFE is as lightweight as a repetition code, and is also very suitable for implementation
in FPGA or software. Future work will include reducing the size of Npuf , and testing ERFE with
additional types of SRAM chips and other types of PUFs.