CN102546149A - Crypto chip system and secret key extraction method - Google Patents

Crypto chip system and secret key extraction method Download PDF

Info

Publication number
CN102546149A
CN102546149A CN201210013772XA CN201210013772A CN102546149A CN 102546149 A CN102546149 A CN 102546149A CN 201210013772X A CN201210013772X A CN 201210013772XA CN 201210013772 A CN201210013772 A CN 201210013772A CN 102546149 A CN102546149 A CN 102546149A
Authority
CN
China
Prior art keywords
key
bit
owf
dapuf
tlr
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210013772XA
Other languages
Chinese (zh)
Other versions
CN102546149B (en
Inventor
邹候文
唐韶华
唐屹
唐春明
彭俊好
苏胡双
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Guangzhou University
Original Assignee
South China University of Technology SCUT
Guangzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT, Guangzhou University filed Critical South China University of Technology SCUT
Priority to CN201210013772.XA priority Critical patent/CN102546149B/en
Publication of CN102546149A publication Critical patent/CN102546149A/en
Application granted granted Critical
Publication of CN102546149B publication Critical patent/CN102546149B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a crypto chip system and a secret key extraction method. The system comprises a public key crypto engine, a symmetry crypto engine, a HASH engine, a one-way function engine, a nonvolatile memory, an execution engine, t secret key assistant management parties and a double-arbiter physical unclonable function module DAPUF. The other purpose of the invention aims at providing a secret key extraction method of the crypto chip system. The method comprises the steps of (1) a secret key generation stage, and (2) a secret key reconstruction stage. According to the invention, an effective bit is selected by an exclusive-or result of the DAPUF, and in combination with the steps and under a condition that multiple challenge/response characteristics are provided, the system and the method enable the obtained response to have the characteristics of no 01 deviation on probability, reliable reconstruction certainty, low average time complexity, small challenge and response redundancy, physical invasion attack sensation and the like.

Description

A kind of crypto chip system and key extraction method
Technical field
The present invention relates to the crypto chip security fields in the information security, particularly the crypto chip system of high safety grade reaches the key extraction method based on this crypto chip system.
Background technology
The high safety grade key is stored in band usually and distorts in the volatile memory that detects network; Volatile memory is deposited key needs long-term power supply; Still can keep the data long period after when low temperature, cutting off the power supply, it is distorted and detects low also also once the mistake by physics invasion attack PIA experiment confirm of network cost is not unbreakable.
Can not clone the module PUF from physics and to extract key and replace the key storage scheme to receive researcher's concern.PUF is a kind of complicated physical system of utilizing the production process deviation, and its input is called challenge (C), is output as and replys (R), R=PUF (C).Owing to have deviation in the production process, cause production firm can't produce consistent complicated physical system, so the opponent also be difficult to clone such physical system.Just because of uncontrollable this deviation in the production process, make replying of PUF inherent have randomness, singularity, can not clone property, and distort damage property.
For the high safety grade key, from silicon technology PUF, extract key and have following advantage than the RAM storage scheme of being with the sensing detection network:
1) cost advantage: the RAM storage needs long-term power supply, and PUF can adopt the CMOS technology of standard;
2) be difficult to the clone: the foundation of PUF is the uncontrollable deviation of production firm, and production firm can't produce identical PUF, so the opponent is difficult to the clone;
3) can improve the complexity that invasion is attacked effectively: be that key only just occurs with digital form when needed on the one hand; Attacking PUF on the other hand can only modeling and forecasting (ignoring the hardware wooden horse); And that modeling and forecasting need obtain enough challenge responses is right; Utilize the sensitive circuit cloth of PUF to be set as cage structure, then needing the opponent to break through cage structure and do not destroy the sensitive circuit of PUF and can wiretap can modeling and forecasting.
4) more new key is convenient: concerning PUF, only need fresh key sequence number of outside input to get final product, the public-key cryptography sequence number does not influence the fail safe of its corresponding key, and the RAM storage then needs external module to send new key safely to.
Replying by sensitive circuit of silicon PUF produces, and receives factor affecting such as temperature voltage and chip are aging, for identical challenge, possibly there are differences between resulting the replying constantly in difference, mainly reduces the probability (error rate) of reconstruction failure at present through error correction.The expense of error correction is not low, and the error rate is low more, and its expense is also high more.For the key of high safety grade, it not is good solution that extraction key in probabilistic ground is made mistakes.In addition, for the high safety grade key, the fail safe that frequent replacing can improve key, it is right therefore to require PUF can produce a large amount of challenge responses, and has good randomness.Generally speaking, replacement key memory requirement PUF ability certainty is rebuild, randomness is good, challenge response is many, and in addition, expense also is an importance.
In the existing P UF scheme; People such as Abhranil Maiti have provided a kind of oscillation rings PUF of high randomness of the FPGA of being suitable for realization in Improved Ring Oscillator PUF:An FPGA-friendly Secure Primitive (CRO scheme) literary composition; Experimental result shows to rebuild near 100% probability replys; But the right quantity of the challenge response of their scheme is few; Also slightly inadequate for high-grade key near 100% on reliability, therefore be inappropriate for and substitute high-grade key storage.Be oscillation rings PUF equally; The schemes of people in Secure and Robust Error Correction for Physical Unclonable Functions (IBS scheme) literary composition such as Meng-Day (Mandel) YU can realize that many challenge responses are right, also reach high at random with higher reliability.Yet, be to use error correction algorithm after all, increased expense on the one hand, its reliability is also hard to say infinitely near 1 on the other hand.
According to the experimental result of people in Extracting Secret Keys From Integrated Circuits one literary composition such as Daihyun Lim; The sheet differences rate that the arbitration physics that does not have a feedforward can not be cloned modules A PUF is that 23% (deviation=1-2*23%=52%), difference (error rate) is about 4.8% in the sheet; The sheet differences rate of the APUF of band feedforward is that 38% (deviation=1-2*38%=24%), the error rate is about 9.8%.Randomness of two kinds of APUF schemes (deviation is big) and reliability (error rate is high) all can't satisfy the requirement of high-grade key.People such as G.Edward Suh utilize APUF and oscillation rings PUF as key source in AEGIS:A single-chip secure processor; Used BCH (255,63,30) error correcting code to make the error rate reach the 1e-6 rank among the APUF; Because their the APUF sheet differences rate of usefulness has only 23%; Therefore, at random part was no more than 46% during it was replied, and existed to be not less than 52% bit or to be fixed as 1; Be fixed as 0, uncertain key bit number is about 64*46%=29.44 (total acknowledgement bit is 255 bits); Used BCH (127,64,21) and preliminary treatment measure to reach the very low error rate among the oscillation rings PUF, but the same challenge response that exists with the CRO scheme of this scheme is to few problem.
In sum, present PUF solution is difficult to satisfy the demand of high safety grade key on reliability and efficient.
Summary of the invention
The shortcoming that the objective of the invention is to overcome prior art is with not enough, and design dual arbiter physics can not be cloned module DAPUF, provides a kind of invasion to physics based on DAPUF to attack the responsive crypto chip system that satisfies the high safety grade demand.
Another object of the present invention is to, the key extraction method of a kind of above-mentioned crypto chip system is provided, make key to rebuild successfully with very low average time complexity certainty.
In order to reach above-mentioned first purpose, the present invention adopts following technical scheme:
A kind of crypto chip of the present invention system; Comprise that public key cryptography engine, symmetric cryptography engine, HASH engine, one-way function engine, nonvolatile storage, execution engine, a t key assistant manager side and dual arbiter physics can not clone module DAPUF; The sensitive circuit of DAPUF is laid in the periphery of crypto chip; Form cage structure and be surrounded all execution engines, t key assistant manager square tube crossed the IO bus and is connected with the crypto chip system, and nonvolatile storage is integrated in the chip.
Said public key cryptography engine is used to carry out encryption and the checking to message, and the extraction key is deciphered and signed from DAPUF, also is used to carry out at the cryptographic operation of key generation phase to the effective response share.
Said symmetric cryptography engine is used for information is carried out encryption and decryption, and employed key can be the key of interim exchange, also can from DAPUF, extract.
Said HASH engine is used to generate the public key cryptography signature and verifies required eap-message digest, and from DAPUF, extracts key generation message authentication code.
Said one-way function engine is used to carry out three parametrization one-way functions, and said parametrization one-way function is irreversible function; Three parametrization one-way functions are respectively the first parametrization one-way function OWF 1, the second parametrization one-way function OWF 2With the 3rd parametrization one-way function OWF 3
Said nonvolatile storage is used for the anti-XOR DAXOR as a result that arbitrates of just arbitration that storage key sequence number KEYN, the hash result SETLR of effective response, DAPUF reply.
Described execution engine is used to carry out key generation phase flow process and key phase of regeneration flow process, and uses the Shamir threshold schemes that effective response is divided into t part, perhaps uses the Shamir threshold schemes to be merged into effective response to t part effective response share.
The PKI of said t key assistant manager side is used to encrypt the effective response share after cutting apart, and obtains the effective response share that t part is encrypted; When the owner of crypto chip files an application and the effective response share of encryption is provided; After the inspection of at least one side's key assistant manager side does not exist the physics invasion to attack; T key assistant manager side uses private key deciphering effective response separately, and sends back to crypto chip to decrypted result.
Said dual arbiter physics can not be cloned module DAPUF and comprised m group delay circuit, and m positive moderator formed with m anti-moderator, and the challenge C of a n bit of input obtains the m bit and just arbitrating and reply LR and instead arbitrate with the m bit and reply RR; Every group of delay circuit is made up of the path selector that n individual two advances scene 2 among the DAPUF; The pumping signal path of each path selector is by the bit control among the challenge C; Pumping signal is divided into up and down, and two paths arrive first path selector simultaneously; If first bit of challenge is 0 then the straight-through output of two paths of signals, otherwise intersect output; After two paths of signals is through n the path selector of being controlled by the n bit of challenge; Two paths of signals is delivered to anti-moderator after directly delivering to positive moderator and intersection up and down; Positive moderator and anti-moderator basis be the sequencing of two paths of signals arrival up and down; Arrive first if set out on a journey then export 1, otherwise export 0.
Preferably; The m bit is just being arbitrated and is being replied the anti-arbitration of LR and m bit and reply the RR XOR and obtain positive and negative XOR DAXOR, is that 1 the corresponding response position of bit is a significant bit among the DAXOR, otherwise is invalid bit; Abandon just arbitrate the invalid bit of replying after, obtain effective response TLR.
Preferably, the said first parametrization one-way function OWF 1Be used for key sequence number KEYN is carried out hash, the hashed value that obtains is as the challenge C of DAPUF, i.e. C=OWF 1(KEYN); The said second parametrization one-way function OWF 2Be used for that effective response TLR is carried out hash and obtain SETLR, be i.e. SETLR=OWF 2(TLR); Said the 3rd parametrization one-way function OWF 3Also be used for TLR is carried out hash, the result of gained is as key K EY, i.e. KEY=OWF 3(TLR).
In order to reach above-mentioned second purpose, the present invention adopts following technical scheme:
The key extraction method of a kind of crypto chip of the present invention system comprises the steps:
S1: key generation phase:
S11: select a fresh Bit String to be designated as KEYN, with the KEYN warp first parametrization one-way function OWF 1The hashed value that obtains is as the challenge C of DAPUF, obtain the m bit and just arbitrating and reply LR and RR is replied in the anti-arbitration of m bit, the i bit of LR and RR by i group delay circuit through positive moderator and anti-moderator arbitration generation;
S12: repeat once hashed value with KEYN as challenge, the m bit that obtains is just being arbitrated and is being replied LR1, returns step S11 if LR1 is not equal to LR, otherwise gets into step S13;
S13:LR and RR XOR obtain DAXOR, and DAXOR result is that 1 pairing position is an effective bit, otherwise is invalid bit, if invalid bit surpasses the s position, then return step S11; The invalid bit that abandons LR obtains effective response TLR, TLR as the second parametrization one-way function OWF 2Input obtain hashed value SETLR; Be stored in KEYN, SETLR and DAXOR in the nonvolatile storage as a tuple, so that phase of regeneration accurately recovers TLR;
S14: TLR is divided into t effective response share with the Shamir threshold schemes, deposits in addition behind the public key encryption with t key assistant manager side respectively;
S15: output key K EY=OWF 3(TLR).
S2: key phase of regeneration:
S21: with the challenge as DAPUF of the hashed value of KEYN, obtaining replying and be LR1 and RR1, is 0 position among the DAXOR that preserves according to generation phase, and the invalid bit that abandons LR1 obtains TLR1;
S22: calculate SETLR1=OWF 2(TLR1), if SETLR1=SETLR, then TLR=TLR1 exports key K EY=OWF 3Otherwise execution in step S23 (TLR1) and finish phase of regeneration;
S23: the XOR result who calculates LR1 and RR1 gets DAXOR1, finds the position of the difference bit between DAXOR1 and the DAXOR, the relevant position of negate LR1 and abandon invalid bit after obtain TLR2, calculating SETLR2=OWF 2(TLR2), if SETLR=SETLR2 then TLR=TLR2, output KEY=OWF 3(TLR2) and finish phase of regeneration, add up the number of times that this step carries out else and if then return step S21 less than q time, otherwise; Execution in step S24;
S24: the position of the difference bit that obtains according to step S23, and supposition has k bit there are differences, to each difference bit position, at every turn with 0 to 2 kNumber in-1 converts the k bit binary number to, and the value of corresponding difference bit position abandons invalid bit and obtains TLR3 among the replacement LR1; A bit among each negate TLR3 obtains TLRi3 (wherein not negate first), calculates SETLR4=OWF 2(TLRi3), if SETLR4=SETLR, then TLR=TLRi3 exports key K EY=OWF 3(TLRi3) and finish phase of regeneration, S24 carries out less than w time and then returns S21 else if, otherwise execution in step S25;
S25: crypto chip is issued t key assistant manager side and request deciphering with t effective response share of encrypting, and key share is separately deciphered and beamed back in t key assistant manager side after at least one side confirms not exist the physics invasion to attack; Use the Shamir threshold schemes to recover effective response TLR after collecting the key share, output key K EY=OWF 3(TLR) and finish phase of regeneration.
The present invention has following advantage and effect with respect to prior art:
1, key can certainty be rebuild: step S25 guarantees that key can rebuild.
2, average behavior is good:
According to 64 groups of time-delay access in (xc5vlx30-2ff324 and the xc5vlx50-2ff324) of Xilinx company FPGA; 64 selectors of every group of path; Carry out 6,300,000 times altogether and generated and rebuild experiment, analyzed the experimental result that draws correlation step in the key extraction method.
For the generation phase flow process, the time complexity of S11 is 1 one-way function computing, and the probability that LR1 and LR equate among the S12 is about 90%, and the probability that therefore jumps to S11 is 10%; Among the step S13, be 20% of LR length if set s, the probability that then produces redirect is lower than 4%; Therefore time complexity is not higher than 4 one-way function computings and 1 Shamir threshold schemes is cut apart in generation phase.Concerning the generation phase of error correction scheme, wherein also essential to 2 one-way function computings of challenging and replying key to the key sequence number, select BCH (63 for use with the IBS scheme; 30; 6) be example, the coding of generation phase also need 63 bits polynomial multiplication, delivery and addition each once (though the CRO scheme rebuild successfully near 100%, for high-grade key; Its error rate is hard to say to meet the demands, and the challenge response of this scheme is few to quantity).
The error rate p1 of step S22 is not higher than 0.08, and the error rate p2 of step S23 is not higher than 0.004.Step S21-S23 is averaged the estimation of time complexity:
Circulation for the first time: 1* (1-p1)+2*p1;
Circulation for the second time: 3*p2* (1-p1)+4*p2*p1;
Suppose q=2, then the estimation error rate of step S21-S23 is p2 2=1.6E-5, the averaging of income time complexity is less than 1.1 OWF 2Computing.
Account temperature voltage differences, and factor affecting such as chip is aging, the actual error rate of step S21-S23 does not estimate that the result is so little, its reason is not have to consider to make mistakes simultaneously and cause the situation of DAXOR=DAXOR1 owing to positive and negative moderator.One tunnel positive and negative moderator is replied the experiment probability of makeing mistakes simultaneously and is not higher than 0.004 less than 1e-4 (one tunnel positive and negative moderator is replied to make mistakes and occurred 617 times in 6,300,000 times 64 tunnel experiments, two-way or abovely not have to occur) and k greater than 1 probability, and step S24 is needs 2 at most k* 65 OWF 2Computing (wherein once not negate, all the other are for 64 times each negate one bit) therefore expects that computational complexity is less than 0.1 OWF 2Computing.
One tunnel positive and negative moderator replys why low probability of errors is simultaneously; Its reason is: be divided into moderator noise and delay circuit noise (overall noises of 64 selectors of experiment middle finger) to noise; If causing just to arbitrate, the delay circuit noise replys upset; Can prove that then it is more stable that this noise can let anti-arbitration reply, vice versa; Only very little, and positive moderator and the anti-phase of anti-moderator noise and absolute value be when all very big at the delay circuit noise, positive and negative arbitration can occur and reply simultaneously and make mistakes.
Because the experiment probability that the positive and negative moderator of two-way is made mistakes simultaneously is not higher than 1.6e-7 (not occurring in 6,300,000 experiments), the probability that step S25 carries out is very low, and its contribution to the average calculating operation complexity can be ignored.
Therefore, suitably select q value and the w value among the S24 among the S23, the probability of carrying out threshold schemes can be arbitrarily near 0, and the expectation computational complexity of key phase of regeneration flow process is not higher than 3.5 one-way function computings (1.2 OWF 1+ 1.2 OWF 2+ 1 OWF 3Computing).
If S12 does not allow to jump to S11, q among the S23 and the w among the S24 can not be greater than 1, and the probability of then carrying out S24 is high slightly, but the statistical average time complexity of this moment is not higher than 4 one-way function computings yet.If S13 does not allow to return S11 yet, possibly make that then some significant bit in replying is less, once occurred in the experiment up to 23 invalid bits, average invalid bit is about 7.6.
Generation in the key-extraction and the basis that rebuilds computing are that the bit XOR relatively abandons and one-way function, and one-way function can utilize symmetric cryptography or HASH to construct, thus can realize high-speed and area multiplexing.Error correction scheme (IBS select for use the coding of BCH (n=63,30, t=6)) need the n bit polynomial multiplication, delivery and addition each once, the complexity of decoding approximately needs n bit addition of polynomial and each 2t of multiplication (n+t) inferior (n here and t are the parameters of BCH).Certainly, similar with the generation phase of error correction scheme, the phase of regeneration of error correction scheme also needs 2 one-way function computings.
The complexity of generation phase is higher than the reconstruction stage in the key extraction method of the present invention, and error correction is then opposite.Because concerning a key, generation phase only needs once, and phase of regeneration is repeatedly, so this has also improved whole efficiency.
3, randomness is good: can prove the delay inequality (be called for short the arbitration time difference) of the output bias (output more than 1 to 0 or more than 0 to 1) of APUF from two input pins of moderator, after DAPUF removes invalid bit, be equivalent to remove the part of deviation.Arbitrate difference (two arbitration time differences subtract each other) in practice and be not equal to zero; Therefore concerning concrete device, still there is less output bias, but for different components, because the arbitration difference can just can be born; Therefore concerning a large amount of devices, there is not deviation in its total output; In addition, concerning individual devices,, there is not deviation in this sense because the output result who is effectively just arbitrating and instead arbitrating is opposite fully yet.
4, the challenge response of DAPUF is to many: according to experimental result, surpass 96% the significant bit of replying above 80%, therefore, estimate that total challenge response is to reaching 0.96*2 64>2 64*80%=2 51Right, this is conservative estimation, if by 7.6 calculations of average invalid bit of testing, then total challenge response is to reaching 2 56.4To ° further right quantity of challenge response that increases of bit number meeting that increases the bit number of challenge and just arbitrating anti-arbitration, if the bit number of challenge is u, the bit number of just arbitrating is v, estimates that then challenge response is approximately min (0.96*2 to quantity u, 2 V*80%).
5, challenge and reply redundant lacking.Rebuild successfully although error correction scheme can't reach certainty, error correction still can realize being lower than the error rate of 1e-6.Same output v bit significant bit; The DAPUF scheme needs 20% redundancy; Promptly need the positive and negative arbitration of v*1.25 bit to reply and get final product, and IBS needs
Figure BDA0000131194420000071
* 63 bits to reply (every bit is replied by 8 pairs of oscillation rings difference on the frequencies and produced).Set identical minimum entropy, then reply redundant the minimizing and mean the also corresponding minimizing of area that the PUF sensitive circuit is consumed.For challenge, DAPUF comprises about 4% redundancy, and the IBS scheme has 87.5% redundancy.
6, responsive more to PIA: if PIA destroys the PUF circuit that surpasses one road significant bit; Then the DAPUF scheme causes reconstruction failure (average every destruction 2.5 tunnel postpones the PUF circuit that path will cause destroying the two-way significant bit) owing to be no less than side's key assistant manager side refusal deciphering TLR share; And error correction scheme still might be reconstructed into merit destroying not to be higher than under the situation that can correct number of bits; Concerning the IBS scheme, destroy above 6 bit PUF circuit and still can rebuild successfully with high probability.
Description of drawings
Fig. 1 is the structural representation of crypto chip of the present invention;
Fig. 2 is the structural representation of the APUF that proposes of people such as Daihun Lim;
Fig. 3 is the structural representation of DAPUF of the present invention;
Fig. 4 is a key generation phase flow chart of the present invention;
Fig. 5 is a key phase of regeneration flow chart of the present invention.
Embodiment
Below in conjunction with embodiment and accompanying drawing the present invention is described in further detail, but execution mode of the present invention is not limited thereto.
Embodiment
Crypto chip as shown in Figure 1; Comprise public key cryptography engine, symmetric cryptography engine, HASH engine, one-way function engine, nonvolatile storage, execution engine, a t key assistant manager side and dual arbiter physics and can not clone module DAPUF; The sensitive circuit of DAPUF is laid in the periphery of crypto chip, forms cage structure and is surrounded all execution engines.T password assistant manager square tube crossed the IO bus and is connected, and nonvolatile storage is integrated in the chip.
Said public key cryptography engine is used to carry out encryption and the checking to message, and the extraction key is deciphered and signed from DAPUF, also is used to carry out at the cryptographic operation of key generation phase to the effective response share.
Said symmetric cryptography engine is used for information is carried out encryption and decryption, and employed key can be the key of interim exchange, also can from DAPUF, extract.
Said HASH engine is used to generate the public key cryptography signature and verifies required eap-message digest, and from DAPUF, extracts key generation message authentication code.
Said one-way function engine is used to carry out three parametrization one-way functions, and said three parametrization one-way functions are respectively the first parametrization one-way function OWF 1, the second parametrization one-way function OWF 2With the 3rd parametrization one-way function OWF 3, the said first parametrization one-way function OWF 1Be used for key sequence number KEYN is carried out hash, the hashed value that obtains is as the challenge of DAPUF; The said second parametrization one-way function OWF 2Then be used for the effective response bit string TLR of DAPUF is carried out hash, the SETLR as a result of gained is stored in KEYN; Said the 3rd parametrization one-way function OWF 3Also be used for TLR is carried out hash, the result of gained is as key K EY.Hash result SETLR, the DAPUF that said nonvolatile storage is used for storage key sequence number KEYN, effective response just arbitrating XOR that anti-arbitration replys DAXOR as a result.
Described execution engine is used to carry out key generation phase flow process and key phase of regeneration flow process, and uses the Shamir threshold schemes that effective response is divided into t part, perhaps uses the Shamir threshold schemes to be merged into effective response to t part effective response share.
The PKI of said t key assistant manager side is used to encrypt the effective response after cutting apart, and obtains the effective response that t part is encrypted; When the owner of crypto chip files an application and the effective response share of encryption is provided; After the inspection of at least one side's password assistant manager side does not exist the physics invasion to attack; T key assistant manager side uses private key deciphering effective response separately, and sends back to crypto chip to decrypted result.
Said dual arbiter physics can not be cloned module DAPUF increases an anti-moderator on the basis of APUF; The original moderator of APUF is called positive moderator; Positive moderator and the parallel connection of anti-moderator and two paths of signals exchange up and down obtain respectively just arbitrating with anti-arbitration and reply; DAPUF with n bit challenge information C as input, C=OWF wherein 1(KEYN), the m bit that obtains is just being arbitrated and is being replied with the m bit anti-arbitration and reply, and just arbitrating and replying XOR with anti-arbitration is that 1 the corresponding response position of bit is an effective bit as a result among the DAXOR, is just arbitrating bit string TLR that the effective bit of replying forms through OWF 2The hashed value SETLR that obtains, TLR is through OWF 3The hashed value that obtains is as the corresponding key K EY of key sequence number, and KEYN, SETLR and DAXOR are stored in together, so that when rebuilding, judge whether to obtain correct KEY.
The dual arbiter physics that present embodiment proposes can not be cloned module DAPUF can not clone modules A PUF improvement by arbitration physics, and APUF is proposed in Extracting Secret Keys From Integrated Circuits one literary composition by people such as Daihyun Lim.A given challenge C can obtain one and reply R from PUF.As shown in Figure 2, APUF is made up of delay circuit and a moderator that n selector formed, is called n stage A PUF.The challenge C=c of APUF 0, c 1, L, c nIn selector of each bit control, work as c iBe 0 o'clock, c is worked as in the straight-through output of the two paths of signals of selector iBe 1 o'clock, the two paths of signals of selector intersects to be exported.When a rising edge pumping signal was transferred to first selector, for this selector, the rising edge of two paths of signals arrived simultaneously up and down.Signal is through first selector, because the deviation of circuit manufacture procedure changes the sequencing of two-way output signal.Behind n selector, two paths of signals arrives moderator, and its priority sequence number has determined the output of moderator, if the signal of setting out on a journey arrives earlier, then moderator output 1, otherwise exports 0.
The structure of DAPUF is as shown in Figure 3, and Fig. 3 is the sketch map of No. one delay circuit, and available d type flip flop, only need duplicate multichannel and get final product when the many bits of needs are replied as moderator.In FPGA experiment, the rising edge pumping signal is produced by register, and promptly register is set to entirely 0 in advance, writes register to complete 1 then and produces the rising edge pumping signal.The purpose of doing like this is the synthesis tool abbreviation circuit for fear of FPGA.On the basis of the APUF as shown in Figure 1 through theory analysis; Process is just being arbitrated for 6,300,000 times altogether in (xc5vlx30-2ff324 and the xc5vlx50-2ff324) of Xilinx company FPGA at every turn and replied and instead arbitrate and reply all is the experimental verification of 64 bits, and the error rate of the significant bit of DAPUF shown in Figure 3 is lower than 0.08.In 6,300,000 experiments, occur one the tunnel and just arbitrating that to reply the number of times of makeing mistakes simultaneously with anti-arbitration be 617 times; Just arbitrating that replying makes mistakes one the tunnel has 478555 times, two-way to have to have for 19453 times, the three tunnel to have for 506 times, the four tunnel and have 1 time for 16 times, the five tunnel, surpassing 5 the tunnel and just arbitrating the situation of makeing mistakes and and do not occur.According to theory analysis and experimental result, we propose like summary of the invention " key generation phase " and " key phase of regeneration " described key extraction method, in 6,300,000 experiments, needing not to occur the Shamir threshold schemes to recover the situation of key.
As long as it is irreversible that the one-way function that present embodiment is carried satisfies, can be as required with symmetric cryptographic algorithm or HASH algorithm construction.
The DAPUF performance evaluation:
Wherein the structure of APUF is as shown in Figure 2, and the time-delay time difference of remembering each selector is a Δ i, the note moderator is to the time-delay time difference of two paths of signals is a Δ up and down a, ignore noise effect time difference of then always delaying time and be:
Θ=(Δ 12+,L,+Δ na)
=Δ da
In the formula (1), Δ dThe TF of expression delay circuit.The output of arbitration can be expressed as:
r = 1 Θ > 0 0 Θ ≤ 0
= 1 Δ d > - Δ a 0 Δ d ≤ - Δ a
The time missionary society of two pins of moderator causes that the output of moderator produces deviation, | Δ a| more little then deviation is more little.Work as Δ a<0 o'clock, moderator was output as 0 deviation (replying of producing of random challenge, 0 quantity is than more than 1), works as Δ a>0 o'clock, moderator was output as 1 deviation.
The time-delay absolute value of moderator is more little, and the number of stages of delay circuit is many more, and the randomness of its output is good more.
Because the time-delay absolute value of moderator determines by system, can not infinitely reduce (if too little certainly or equal 0 also be unfavorable for improving reliability), the number of stages of delay circuit can not infinitely increase.For effectively improving randomness, present embodiment proposes to adopt DAPUF as shown in Figure 3, its objective is the difference through two moderators, removes 0 deviation or 1 deviation, thereby effectively improves the randomness and the reliability of output.
Like the circuit of Fig. 3, for two moderators:
(1) works as Δ a>0 o'clock, the output of two moderators can be 11,01 and 10, can not occur 00;
(2) work as Δ a<0 o'clock, the output of two moderators can be 00,01 and 10, can not occur 11.
No matter be situation 1 or situation 2, only two identical situation of moderator output need be rejected that then will there be deviation in the output of moderator.DAPUF rejects two identical situation of moderator output, thereby rejects the deviation in the output just through difference.This is the equal resulting result of the pin time difference of two moderators of supposition, and unequal when the pin time difference of two moderators, the randomness of DAPUF receives | Δ A1A2| influence.
During the consideration of noise problem, can reduce the reliability of moderator output.Yet the part of rejecting owing to DAPUF more is subject to noise effect and has low reliability, so the output of DAPUF is improved significantly than the reliability of the output of APUF.Be designated as Δ to noise Nd, Δ n A1And Δ Na2, represent the noise of delay circuit, positive moderator noise and anti-moderator noise respectively.The noise that then influences positive moderator output reliability is a Δ Nd+ Δ Na1, the noise that influences anti-moderator output reliability is-Δ Nd+ Δ Na2, therefore, if | Δ Nd| when very big, will cause that a moderator output changes, the stability of another moderator output is but strengthened, and only exists | Δ Nd| very little, and | Δ Na1| with | Δ Na2| when all very big, can cause that just the output of two moderators changes simultaneously.
Table 1
Figure BDA0000131194420000111
Annotate 1: generate in the original text and rebuild all not mention and use 2 unidirectional computings, if but with the PUF scheme in the original text as key source, then unidirectional computing is essential.
Annotate the 2:CRO scheme at the error rate and challenge response to quantitatively all being difficult to satisfy the requirement of high-grade key.
The performance that table 1 has been listed DAPUF (this case) that present embodiment puies forward and diplomatic scheme relatively.1 probability subtracted the absolute value of 0 probability during deviation referred to reply; Deviation is 0 to be the necessary condition of randomness; Evenly with under the distributional assumption, the provable deviation of this case is 0 in the selector time delay, considers moderator time delay difference and saves resource problem; Deviation can be up to 2% in the single-chip experiment, the then basic Normal Distribution of multicore sheet experiment.The error rate is meant rebuilds the error probability of replying.CRPs refers to the quantity that the challenge response in the scheme is right.Expense comprises computing cost and replys redundancy, and in preliminary treatment, IBS and CRO calculate number and do subtraction cycle of oscillation, and each bit is replied the difference on the frequency that needs to calculate 8 pairs of oscillation rings, and this case is then for XOR with abandon invalid response; Error correction coding need n bit (n refers to total bit number that PUF replys here) polynomial multiplication, delivery and addition each once, the complexity of decoding approximately needs n bit addition of polynomial and each 2t of multiplication (n+t) inferior.Error correction is abandoned in this case, has adopted and has repeated to rebuild comparison and combine threshold schemes, and the average calculating operation expense is that mainly (the key generation phase has used Shamir threshold schemes to cut apart to one-way function; The probability that needs in the reconstruction to use the Shamir threshold schemes to recover can be arbitrarily near 0; Concerning a key, only generating needs once, rebuilds and then can in the life cycle of this key, use repeatedly); One-way function can be constructed with symmetric cryptography; Also available HASH structure only need satisfy irreversible get final product, and the employing threshold schemes guarantee that the sure reconstruction of present embodiment replys; The multiple of acknowledgement bit is meant the ratio of replying total bit number and effective response bit number.
Present embodiment comprises key generation phase and key phase of regeneration based on the key extraction method of above-mentioned crypto chip system, below with regard to these two stages concrete analyses.
As shown in Figure 4, the key generation method of present embodiment crypto chip system key method for distilling is following:
S11: select a fresh Bit String to be designated as KEYN, with the KEYN warp first parametrization one-way function OWF 1The hashed value that obtains is as the challenge C of DAPUF, obtain the m bit and just arbitrating and reply LR and RR is replied in the anti-arbitration of m bit, the i bit of LR and RR by i group delay circuit through positive moderator and anti-moderator arbitration generation;
S12: repeat once hashed value with KEYN as challenge, the m bit that obtains is just being arbitrated and is being replied LR1, returns step S11 if LR1 is not equal to LR, otherwise gets into step S13;
S13:LR and RR XOR obtain DAXOR, and DAXOR result is that 1 pairing position is an effective bit, otherwise is invalid bit, if invalid bit surpasses the s position, then return step S11; The invalid bit that abandons LR obtains effective response TLR, TLR as the second parametrization one-way function OWF 2Input obtain hashed value SETLR; Be stored in KEYN, SETLR and DAXOR in the nonvolatile storage as a tuple, so that phase of regeneration accurately recovers TLR;
S14: TLR is divided into t effective response share with the Shamir threshold schemes, deposits in addition behind the public key encryption with t key assistant manager side respectively;
S15: output key K EY=OWF 3(TLR).
It is following to describe key generation phase flow process with algorithm pattern:
Figure BDA0000131194420000121
Figure BDA0000131194420000131
As shown in Figure 5, present embodiment comprises the steps: based on the key reconsul construction method of crypto chip system key method for distilling
S21: with the challenge as DAPUF of the hashed value of KEYN, obtaining replying and be LR1 and RR1, is 0 position among the DAXOR that preserves according to generation phase, and the invalid bit that abandons LR1 obtains TLR1:
S22: calculate SETLR1=OWF 2(TLR1), if SETLR1=SETLR, then TLR=TLR1 exports key K EY=OWF 3Otherwise execution in step S23 (LR1) and finish phase of regeneration;
S23: the XOR result who calculates LR1 and RR1 gets DAXOR1, finds the position of the difference bit between DAXOR1 and the DAXOR, the relevant position of negate LR1 and abandon invalid bit after obtain TLR2, calculating SETLR2=OWF 2(TLR2), if SETLR=SETLR2 then TLR=TLR2, output KEY=OWF 3(TLR2) and finish phase of regeneration, add up the number of times that this step carries out else and if then return step S21 less than q time, otherwise execution in step S24;
S24: the position of the difference bit that obtains according to step S23, and supposition has k bit there are differences, to each difference bit position, at every turn with 0 to 2 kNumber in-1 converts the k bit binary number to, and the value of corresponding difference bit position abandons invalid bit and obtains TLR3 among the replacement LR1; A bit among each negate TLR3 obtains TLRi3 (wherein not negate first), calculates SETLR4=OWF 2(TLRi3), if SETLR4=SETLR, then TLR=TLRi3 exports key K EY=OWF 3(TLRi3) and finish phase of regeneration, S24 carries out less than w time and then returns S21 else if, otherwise execution in step S25;
S25: crypto chip is issued t key assistant manager side and request deciphering with t effective response share of encrypting, and key share is separately deciphered and beamed back in t key assistant manager side after at least one side confirms not exist the physics invasion to attack; Use the Shamir threshold schemes to recover effective response TLR after collecting the key share, output key K EY=OWF 3(TLR) and finish phase of regeneration.
It is following to describe key phase of regeneration flow process with algorithm pattern:
Figure BDA0000131194420000151
The foregoing description is a preferred implementation of the present invention; But execution mode of the present invention is not restricted to the described embodiments; Other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; All should be the substitute mode of equivalence, be included within protection scope of the present invention.

Claims (4)

1. crypto chip system; It is characterized in that; Comprise that public key cryptography engine, symmetric cryptography engine, HASH engine, one-way function engine, nonvolatile storage, execution engine, a t key assistant manager side and dual arbiter physics can not clone module DAPUF; The sensitive circuit of DAPUF is laid in the periphery of crypto chip; Form cage structure and be surrounded all execution engines, t key assistant manager square tube crossed the IO bus and is connected with the crypto chip system, and nonvolatile storage is integrated in the chip;
Said public key cryptography engine is used to carry out encryption and the checking to message, and the extraction key is deciphered and signed from DAPUF, also is used to carry out at the cryptographic operation of key generation phase to the effective response share;
Said symmetric cryptography engine is used for information is carried out encryption and decryption, and employed key can be the key of interim exchange, also can from DAPUF, extract;
Said HASH engine is used to generate the public key cryptography signature and verifies required eap-message digest, and from DAPUF, extracts key generation message authentication code;
Said one-way function engine is used to carry out three parametrization one-way functions, and said parametrization one-way function is irreversible function; Three parametrization one-way functions are respectively the first parametrization one-way function OWF 1, the second parametrization one-way function OWF 2With the 3rd parametrization one-way function OWF 3
Said nonvolatile storage is used for the anti-XOR DAXOR as a result that arbitrates of just arbitration that storage key sequence number KEYN, the hash result SETLR of effective response, DAPUF reply;
Described execution engine is used to carry out key generation phase flow process and key phase of regeneration flow process, and uses the Shamir threshold schemes that effective response is divided into t part, perhaps uses the Shamir threshold schemes to be merged into effective response to t part effective response share;
The PKI of said t key assistant manager side is used to encrypt the effective response share after cutting apart, and obtains the effective response share that t part is encrypted; When the owner of crypto chip files an application and the effective response share of encryption is provided; After the inspection of at least one side's key assistant manager side does not exist the physics invasion to attack; T key assistant manager side uses private key deciphering effective response separately, and sends back to crypto chip to decrypted result;
Said dual arbiter physics can not be cloned module DAPUF and comprised m group delay circuit, and m positive moderator formed with m anti-moderator, and the challenge C of a n bit of input obtains the m bit and just arbitrating and reply LR and instead arbitrate with the m bit and reply RR; Every group of delay circuit is made up of the path selector that n individual two advances scene 2 among the DAPUF; The pumping signal path of each path selector is by the bit control among the challenge C; Pumping signal is divided into up and down, and two paths arrive first path selector simultaneously; If first bit of challenge is 0 then the straight-through output of two paths of signals, otherwise intersect output; After two paths of signals is through n the path selector of being controlled by the n bit of challenge; Two paths of signals is delivered to anti-moderator after directly delivering to positive moderator and intersection up and down; Positive moderator and anti-moderator basis be the sequencing of two paths of signals arrival up and down; Arrive first if set out on a journey then export 1, otherwise export 0.
2. DAPUF according to claim 1; It is characterized in that the m bit is just being arbitrated replys the anti-arbitration of LR and m bit and replys the RR XOR and obtain positive and negative XOR DAXOR; Be that the corresponding response position of 1 bit is a significant bit among the DAXOR; Otherwise be invalid bit, abandon just arbitrate the invalid bit of replying after, obtain effective response TLR.
3. crypto chip according to claim 2 system is characterized in that the said first parametrization one-way function OWF 1Be used for key sequence number KEYN is carried out hash, the hashed value that obtains is as the challenge C of DAPUF, i.e. C=OWF 1(KEYN); The said second parametrization one-way function OWF 2Be used for that effective response TLR is carried out hash and obtain SETLR, be i.e. SETLR=OWF 2(TLR); Said the 3rd parametrization one-way function OWF 3Also be used for TLR is carried out hash, the result of gained is as key K EY, i.e. KEY=OWF 3(TLR).
4. based on the key extraction method of the said crypto chip of claim 3 system, it is characterized in that, comprise the steps:
S1: key generation phase:
S11: select a fresh Bit String to be designated as KEYN, with the KEYN warp first parametrization one-way function OWF 1The hashed value that obtains is as the challenge C of DAPUF, obtain the m bit and just arbitrating and reply LR and RR is replied in the anti-arbitration of m bit, the i bit of LR and RR by i group delay circuit through positive moderator and anti-moderator arbitration generation;
S12: repeat once hashed value with KEYN as challenge, the m bit that obtains is just being arbitrated and is being replied LR1, returns step S11 if LR1 is not equal to LR, otherwise gets into step S13;
S13:LR and RR XOR obtain DAXOR, and DAXOR result is that 1 pairing position is an effective bit, otherwise is invalid bit, if invalid bit surpasses the s position, then return step S11; The invalid bit that abandons LR obtains effective response TLR, TLR as the second parametrization one-way function OWF 2Input obtain hashed value SETLR; Be stored in KEYN, SETLR and DAXOR in the nonvolatile storage as a tuple, so that phase of regeneration accurately recovers TLR;
S14: TLR is divided into t effective response share with the Shamir threshold schemes, deposits in addition behind the public key encryption with t key assistant manager side respectively;
S15: output key K EY=OWF 3(TLR);
S2: key phase of regeneration:
S21: with the challenge as DAPUF of the hashed value of KEYN, obtaining replying and be LR1 and RR1, is 0 position among the DAXOR that preserves according to generation phase, and the invalid bit that abandons LR1 obtains TLR1;
S22: calculate SETLR1=OWF 2(TLR1), if SETLR1=SETLR, then TLR=TLR1 exports key K EY=OWF 3Otherwise execution in step S23 (TLR1) and finish phase of regeneration;
S23: the XOR result who calculates LR1 and RR1 gets DAXOR1, finds the position of the difference bit between DAXOR1 and the DAXOR, the relevant position of negate LR1 and abandon invalid bit after obtain TLR2, calculating SETLR2=OWF 2(TLR2), if SETLR=SETLR2 then TLR=TLR2, output KEY=OWF 3(TLR2) and finish phase of regeneration, add up the number of times that this step carries out else and if then return step S21 less than q time, otherwise; Execution in step S24;
S24: the position of the difference bit that obtains according to step S23, and supposition has k bit there are differences, to each difference bit position, at every turn with 0 to 2 kNumber in-1 converts the k bit binary number to, and the value of corresponding difference bit position abandons invalid bit and obtains TLR3 among the replacement LR1; A bit among each negate TLR3 obtains TLRi3 (wherein not negate first), calculates SETLR4=OWF 2(TLRi3), if SETLR4=SETLR, then TLR=TLRi3 exports key K EY=OWF 3(TLRi3) and finish phase of regeneration, S24 carries out less than w time and then returns S21 else if, otherwise execution in step S25;
S25: crypto chip is issued t key assistant manager side and request deciphering with t effective response share of encrypting, and key share is separately deciphered and beamed back in t key assistant manager side after at least one side confirms not exist the physics invasion to attack; Use the Shamir threshold schemes to recover effective response TLR after collecting the key share, output key K EY=OWF 3(TLR) and finish phase of regeneration.
CN201210013772.XA 2012-01-16 2012-01-16 Crypto chip system and secret key extraction method Expired - Fee Related CN102546149B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210013772.XA CN102546149B (en) 2012-01-16 2012-01-16 Crypto chip system and secret key extraction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210013772.XA CN102546149B (en) 2012-01-16 2012-01-16 Crypto chip system and secret key extraction method

Publications (2)

Publication Number Publication Date
CN102546149A true CN102546149A (en) 2012-07-04
CN102546149B CN102546149B (en) 2014-12-03

Family

ID=46352172

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210013772.XA Expired - Fee Related CN102546149B (en) 2012-01-16 2012-01-16 Crypto chip system and secret key extraction method

Country Status (1)

Country Link
CN (1) CN102546149B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188075A (en) * 2013-02-01 2013-07-03 广州大学 Secret key and true random number generator and method for generating secret key and true random number
CN103338108A (en) * 2013-06-13 2013-10-02 北京华大信安科技有限公司 Secret key generating method, secret key generating device and chip
CN104838385A (en) * 2012-12-28 2015-08-12 英特尔公司 Device authentication using physically unclonable function based key generation system
CN105550600A (en) * 2013-03-13 2016-05-04 英特尔公司 Community-based de-duplication for encrypted data
CN106503721A (en) * 2016-10-27 2017-03-15 河海大学常州校区 Hash algorithm and authentication method based on cmos image sensor PUF
CN108243008A (en) * 2016-12-23 2018-07-03 智能Ic卡公司 It is generated using the privacy key of the unclonable function of high reliability physics
CN109564553A (en) * 2016-09-13 2019-04-02 英特尔公司 Multistage memory integrity method and apparatus
CN110096909A (en) * 2019-04-19 2019-08-06 深圳忆联信息***有限公司 A kind of method and its system guaranteeing EFUSE code key stability
CN110869997A (en) * 2017-07-10 2020-03-06 本质Id有限责任公司 Secure key generation by biased physical unclonable functions
CN111884799A (en) * 2020-07-30 2020-11-03 中物院成都科学技术发展中心 CRPs library construction method and system based on RO-PUF
CN113158172A (en) * 2021-02-26 2021-07-23 山东英信计算机技术有限公司 Chip-based password acquisition method, device, equipment and storage medium
CN116451188A (en) * 2023-06-16 2023-07-18 无锡沐创集成电路设计有限公司 Software program operation safety protection method, system and storage medium
CN117592129A (en) * 2024-01-19 2024-02-23 湖北工业大学 High-reliability modeling-resistant double-layer APUF circuit structure based on feedforward circuit

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100447763C (en) * 2003-05-29 2008-12-31 联想(北京)有限公司 Safety chip and information safety processor and processing method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100447763C (en) * 2003-05-29 2008-12-31 联想(北京)有限公司 Safety chip and information safety processor and processing method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DAIHYUN LIM 等: "Extracting Secret Keys From Integrated Circuits", 《IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION(VLSI) SYSTEMS》 *
G.EDWARD SUH 等: "Physical Unclonable Functions for Device Authentication and Secret Key Generation", 《DESIGN AUTOMATION CONFERENCE,DAC 2007 ACM》 *
MD YU 等: "Secure and robust error correction for Physical Unclonable Functions", 《IEEE DESIGN & TEST OF COMPUTERS》 *

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104838385A (en) * 2012-12-28 2015-08-12 英特尔公司 Device authentication using physically unclonable function based key generation system
CN104838385B (en) * 2012-12-28 2018-03-02 英特尔公司 Use the device authentication of the key generation system based on the unclonable function of physics
CN103188075A (en) * 2013-02-01 2013-07-03 广州大学 Secret key and true random number generator and method for generating secret key and true random number
WO2014117695A1 (en) * 2013-02-01 2014-08-07 广州大学 Key, true random number generator, and method for generating key and true random number
CN103188075B (en) * 2013-02-01 2016-01-06 广州大学 A kind of method of key and real random number generator and generation key and true random number
CN105550600A (en) * 2013-03-13 2016-05-04 英特尔公司 Community-based de-duplication for encrypted data
US10402571B2 (en) 2013-03-13 2019-09-03 Intel Corporation Community-based de-duplication for encrypted data
CN105550600B (en) * 2013-03-13 2019-05-31 英特尔公司 For the community-based deduplication of encrypted data
CN103338108A (en) * 2013-06-13 2013-10-02 北京华大信安科技有限公司 Secret key generating method, secret key generating device and chip
CN103338108B (en) * 2013-06-13 2016-09-21 北京华大信安科技有限公司 Generate the method for key, device and chip
CN109564553B (en) * 2016-09-13 2023-10-31 英特尔公司 Multi-stage memory integrity method and apparatus
CN109564553A (en) * 2016-09-13 2019-04-02 英特尔公司 Multistage memory integrity method and apparatus
CN106503721B (en) * 2016-10-27 2019-07-16 河海大学常州校区 Hash algorithm and authentication method based on cmos image sensor PUF
CN106503721A (en) * 2016-10-27 2017-03-15 河海大学常州校区 Hash algorithm and authentication method based on cmos image sensor PUF
CN108243008A (en) * 2016-12-23 2018-07-03 智能Ic卡公司 It is generated using the privacy key of the unclonable function of high reliability physics
CN108243008B (en) * 2016-12-23 2021-03-16 智能Ic卡公司 System and method for generating secret information
CN110869997B (en) * 2017-07-10 2023-08-11 本质Id有限责任公司 Electronic encryption device, electronic registration and reconstruction method, and computer-readable medium
CN110869997A (en) * 2017-07-10 2020-03-06 本质Id有限责任公司 Secure key generation by biased physical unclonable functions
CN110096909A (en) * 2019-04-19 2019-08-06 深圳忆联信息***有限公司 A kind of method and its system guaranteeing EFUSE code key stability
CN111884799A (en) * 2020-07-30 2020-11-03 中物院成都科学技术发展中心 CRPs library construction method and system based on RO-PUF
CN111884799B (en) * 2020-07-30 2021-03-30 中物院成都科学技术发展中心 CRPs library construction method and system based on RO-PUF
CN113158172B (en) * 2021-02-26 2022-03-22 山东英信计算机技术有限公司 Chip-based password acquisition method, device, equipment and storage medium
CN113158172A (en) * 2021-02-26 2021-07-23 山东英信计算机技术有限公司 Chip-based password acquisition method, device, equipment and storage medium
CN116451188A (en) * 2023-06-16 2023-07-18 无锡沐创集成电路设计有限公司 Software program operation safety protection method, system and storage medium
CN116451188B (en) * 2023-06-16 2023-08-29 无锡沐创集成电路设计有限公司 Software program operation safety protection method, system and storage medium
CN117592129A (en) * 2024-01-19 2024-02-23 湖北工业大学 High-reliability modeling-resistant double-layer APUF circuit structure based on feedforward circuit
CN117592129B (en) * 2024-01-19 2024-04-16 湖北工业大学 High-reliability modeling-resistant double-layer APUF circuit structure based on feedforward circuit

Also Published As

Publication number Publication date
CN102546149B (en) 2014-12-03

Similar Documents

Publication Publication Date Title
CN102546149B (en) Crypto chip system and secret key extraction method
Yang et al. Ferret: Fast extension for correlated OT with small communication
US9806718B2 (en) Authenticatable device with reconfigurable physical unclonable functions
Bösch et al. Efficient helper data key extractor on FPGAs
EP3265943B1 (en) Authentication system and device including physical unclonable function and threshold cryptography
US20150134966A1 (en) Authentication System
Wu et al. A tag encoding scheme against pollution attack to linear network coding
CN102393890A (en) Crypto chip system for resisting physical invasion and side-channel attack and implementation method thereof
Wang et al. Lattice PUF: A strong physical unclonable function provably secure against machine learning attacks
Cascudo et al. Additively homomorphic UC commitments with optimal amortized overhead
Al Ibrahim et al. Cyber-physical security using system-level PUFs
Esfahani et al. Secure blockchain-based energy transaction framework in smart power systems
Qin et al. Privacy-preserving wildcards pattern matching protocol for IoT applications
Jia et al. A New Method of Encryption Algorithm Based on Chaos and ECC.
Hemavathy et al. Arbiter puf—a review of design, composition, and security aspects
CN103220146A (en) Zero knowledge digital signature method based on multivariate public key cryptosystem
Chatterjee et al. Physically related functions: Exploiting related inputs of PUFs for authenticated-key exchange
Nilesh et al. Quantum blockchain based on dimensional lifting generalized gram-schmidt procedure
Huang et al. Key-based data deduplication via homomorphic NTRU for internet of vehicles
Bykovsky A multiple-valued logic for implementing a random oracle and the position-based cryptography
Zhang et al. Antiquantum privacy protection scheme in advanced metering infrastructure of smart grid based on consortium blockchain and rlwe
Dai et al. A private data protection scheme based on blockchain under pipeline model
Le et al. Auditing for distributed storage systems
Cao et al. New quantum key agreement protocol with five-qubit Brown states
de Souza et al. Randsolomon: Optimally resilient random number generator with deterministic termination

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20141203

Termination date: 20170116