Paper 2019/388

Towards Secret-Free Security

Ulrich Rührmair

Abstract

While digital secret keys appear indispensable in modern cryptography and security, they also routinely constitute a main attack point of the resulting hardware systems. Some recent approaches have tried to overcome this problem by simply avoiding keys and secrets in vulnerable systems. To start with, physical unclonable functions (PUFs) have demonstrated how “classical keys”, i.e., permanently stored digital secret keys, can be evaded, realizing security devices that might be called “classically key-free”. Still, most PUFs induce certain types of physical secrets deep in the hardware, whose disclosure to adversaries breaks security as well. Examples include the manufacturing variations that determine the power-up states of SRAM PUFs, or the signal runtimes of Arbiter PUFs, both of which have been extracted from PUF-hardware in practice, breaking security. A second generation of physical security primitives, such a SIMPLs/PPUFs and Unique Objects, recently has shown promise to overcome this issue, however. Perhaps counterintuitively, they would enable completely “secret-free” hardware, where adversaries might inspect every bit and atom, and learn any information present in any form in the hardware, without being able to break security. This concept paper takes this situation as starting point, and categorizes, formalizes, and surveys the currently emerging areas of key-free and, more importantly, secret-free security. Our treatment puts keys, secrets, and their respective avoidance into the center of the currently emerging physical security methods. It so aims to lay the foundations for future, secret-free security hardware, which would be innately and provably immune against any physical probing and key extraction.