Abstract-The concept of Secret Unknown Ciphers SUCs was introduced a decade ago as a new visionary concept without devising practical real-world examples. The major contribution of this work is to show the feasibility of "self-mutating" unknown ciphermodules for physical security applications in a non-volatile FPGA environment. The mutated devices may then serve as clone-resistant physical units. The mutated unpredictable physical digital modules represent consistent and low-cost physical identity alternatives to the traditional analog Physically Unclonable Functions (PUFs). PUFs were introduced two decades ago as unclonable analog physical identities which are relatively complex and suffer from operational inconsistencies. We present a novel and practical SUCcreation technique based on pre-compiled cipher-layout-templates in FPGAs. A devised bitstream-manipulator serves as "mutation generator" to randomly-manipulate the bitstream without violating the FPGA design rules. Two large cipher classes (class-size larger than 2 1000 ) are proposed with optimally designed structure for a nonvolatile FPGA fabric structure. The cipher-mutation process is just a simple random unknown-cipher-selection by consulting the FPGA's internal True Random Number Generator (TRNG). The security levels and qualities of the proposed ciphers are evaluated. The attained security levels are scalable and even adaptable to the post-quantum cryptography. The hardware and software complexities of the created SUCs are experimentally prototyped in a real field FPGA technology to show very promising results.
ciphers which nobody knows? Many use-cases for such ciphers were shown in making devices physically unclonable or cloneresistant for a large class of IoTs applications [8] [9] [10] .
This work demonstrates for the first time one not ultimate however, possible practical approach towards creating such ciphers in real-field non-volatile FPGA devices. The expected possible realization approaches for unknown ciphers seem to be unlimited. Admittedly, FPGA fabrics allowing even the proposed approach do not contemporarily exist however are expected to emerge soon. This work was presented first in [11] .
As the concept of unknown ciphers is not well known in the common literature, and to make the paper self-contained, the key ideas of the visionary unknown cipher concept are summarized in section II.
Contributions:
The main contributions of this work can be summarized as follows: First, showing that creating unknown ciphers in VLSI technology is a feasible task. Second, a novel and efficient concept for embedding a practical selfreconfiguring-manipulator in SoC FPGAs is proposed. It is based on creating cipher-templates in the fabric and NVmemory and internal bitstream manipulators without violating the FPGA design rules. Third, two new large classes (class size ≈ 2 1234 and 2 1350 ) of random ciphers adapted to best-fit into the non-volatile SoC FPGAs fabric structure are presented. The created cipher in a device is considered as unknown as an internal true random generator is ensuring to select just one unknown choice out of 2 1234 /2 1350 ciphers. Fourth, the resulting unknown ciphers are shown to be secure against most classical attacks and being scalable even for post-quantum cryptography with adequate complexity. The implementation complexity is evaluated by sample prototyping in Microsemi SmartFusion®2 SoC FPGA technology, showing the feasibility and efficiency of the concept and the required FPGA bitstream controller changes to allow such self-creation process.
II. THE NEW PARADIGM OF MUTATING UNKNOWN CIPHERS
The term "Unknown-Cipher" seems for the first moment as a contradiction, as at least the one who designed the cipher should know it? The authors postulated that the emerging VLSI technology would allow practical self-creation of unknown entities and introduced a first visionary bio-inspired mutation process within VLSI devices that was called a "digital mutation" in [7] . Such intended mutations (hypermutations for immunity), should allow creating permanent unknown cryptographic entities such as secrets ciphers or hash functions etc. within VLSI devices [12] [13] in a post-fabrication process. To attain such usable unknown functions, a smart infrastructure with self-reconfiguration capability in non-volatile (NV) FPGA
Digitally Mutating NV-FPGAs into Physically
Clone-Resistant Units Ayoub Mars and Wael Adi
T > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
2 environment is then required. Such technologies do not yet really exist. However, are expected to emerge in a near future VLSI devices. The following key-concepts are presented as backgrounds for the secret unknown cryptography.
A. Unknown-Ciphers Paradigm and Kerckhoffs's Principle
A traditional secret is something known to somebody as a privilege allowing that person to have exclusive access rights. Such secret can be willingly duplicated and forwarded to another entity to share that privileged access. If a secret is not known like a Physical Unclonable Function (PUF), then it should be physically forwarded to allow privilege sharing. In that case, the privileged-owner would lose his or her access rights. PUFs are born natural properties which are somehow equivalent to weak unknown hash functions. To our knowledge, there are no natural physically born unknown ciphers (permutations) such as PUFs. Our visionary concept in unknown cryptography is to create unknown ciphers. The concept of unknown ciphers is not to be confused with "obscured ciphers". Therefore, the proposed unknown cipher or possibly unknown cryptographic functions should not lead to "security by obscurity". Kerckhoffs's principle assumes that any used ciphers are impossible to be kept secret and the only secrets are the keys shared by both communicating parties.
We postulate that the only perfect secret or cryptographicfunction is the one which nobody knows or capable to predict.
Therefore, attacking such secrets is equivalent to an exhaustive search over the whole possible keys and/or functions space. We expect that VLSI technology would reach soon the capability to create practical entities incorporating "unpredictable" unknown cryptographic functions. We start with the attempt to set concepts for creating secret unknown ciphers SUCs.
A Secret Unknown Cipher SUC:
If a cipher is designed by a cryptographer and is then kept secret in production, then this leads to the typical case of "Security by Obscurity". Such cases failed so far practically in all known applications as the security concepts violate Kerckhoffs's principle. However, if the cipher creator/generator itself cannot predict the generated cipher, then the cipher is deemed as not known.
Bounds on Unknown Ciphers:
The unpredictability of a designed cipher is upper bounded. A secret unknown cipher (SUC) of n-to-n bits is seen to be perfectly created, if it is a nonpredictable (unknown) choice out of all possible 2 n ! n-bit permutations. To get an idea about the huge space of that cipher-choice for a small n as n=10. The number of all possible invertible 10-to-10 bits mappings including trivial cases is 2 n ! = 1024! ≈ 2 8192 choices.
Interesting VLSI-FPFA-specific practical examples: Assume that a NV FPGA would allow internal selfreconfiguration. Fig. 1 shows a generic SUC creation concept. A single-event process triggers a True Random Generator TRNG leading to select/create randomly one unpredictable and unknown cipher Cj from a large class of a cipher-data-base {C1, C2 … CS} having S possible ciphers. For generality, a secret unknown key Zi may be similarly also created. After this singleevent process, all dashed entities in Fig. 1 are then irreversibly deleted and should never be possible to act again. The resulting cipher is a secret, however unknown and a nonrepeatable selection. It is even unknown to the cipher designer himself. Therefore, the designation Secret Unknown Cipher (SUC). Notice that for the functionality of the concept, no need to publish the SUC creation program of the cipher-class which is designated later as the GENIE. In worst case, according to Kerckhoffs's principle, the GENIE is considered as published. Notice that the GENIE is fully seeded by the non-predictable bits of a True Random Number Generator (TRNG). 
Constructing four 4-LUTs as (4-to-4 bits mapping) allows

C. SUC Security and Clonability Bounds
Selecting unpredictable key Zi from the TRNG output bitstream is basically a trivial process. However, designing unpredictable operational cipher is a very challenging task. The following objectives represent the first obvious challenges and bounds:
1. SUC-Cloning Resistance: Basically, something can be cloned if it is known to somebody. The Unclonability of a cipher comes from the fact that nobody knows it. The first obvious challenge that the cipher designer faces is how to create a cipher which the designer himself cannot predict?
The first idea is to design a large cipher class from which one unknown cipher is selected. The size S of a cipher-class having n-bit as input-size is upper bounded by Smax=2 n !. Smax is the number of all possible n-to-n bit permutations including trivial ciphers. Applying Stirling's approximation [14] : > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 
D. VLSI Hard-wired One-Way Functions
The emerging VLSI technology was the driving motivation towards the SUC concept. Self-creating of irreversible, permanent and unknown mappings became first thinkable by the emerging modern non-volatile VLSI technology.
The breakthrough concept of the public-key cryptography introduced in 1976 was based on claimed mathematical oneway functions. All such claimed one-way functions, from which the public-key cryptography still lives are not provably one-way functions and a prove of one-way perfectness may never become possible in the future. Let us define similar functions in VLSI structures.
Assume that the emerging VLSI technology would offer the capability of creating physically one-way hard-wired (permanent) functions in the sense that: they are hard (or even impossible) to reverse, change or remove. We postulate that this would become feasible within future VLSI structures through internal self-reconfiguration. Triggering a device-internal, single-event process without being able to predict/trace the created functions seems to become feasible. In that case; a oneway physical unknown function is created. Assume that it is technologically infeasible/hard to reveal and change that created unknown physical digital entity, then an unclonable physical entity is created. As a result, the device incorporating that entity becomes unclonable.
In difference to mathematical one-way functions, physical oneway VLSI functions as "encapsulated-secrets" may practically be kept as secret and "unknown mappings" within the devices. Internal one-way-locks as irreversible-locks seem also to be practically realizable as in the case of anti-fuse VLSI technology. Recent technologies as memristors may emerge in 3D constellations to new interesting permanent VLSI structures having smart one-way physical locking capabilities.
A pragmatic-security and practically interesting property of such structures is that, attacking hardwired physical functions require physical invasive attacks which may practicallyfrustrate attackers by being more expensive and occasionally impossible. Moreover, analytical and side channel attacks on unknown locked physical structures is much more complex especially if the physical layout locations of the structures are also not known.
In Summary: Our key-concept assumes that future nonvolatile VLSI technologies would become smart-enough to allow self-creating/mutating of permanent unknown secrets or even operational and usable unknown cryptographic functions at unknown physical locations. We further assume that invasive physical attacks on such devices would become practically infeasible especially when creating hard-to-trace physical oneway functions in 3D technologies. The resulting systems may be considered as practically-perfect if invasive attacks do not pay off. This is a very essential aspect for mass products as those in consumer and vehicular technology.
A new paradigm like the mathematical one-way functions in public-key cryptography is mapped conceptually into the physical VLSI environment. Physical entities are expected to offer even much larger operational space than mathematical functions as physics is dealing with additional dimensions like space and time compared to the mathematical functions which are limited to abstract mappings. 
E. The Use of Unknown Ciphers and their Advantages
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 4
There is, to the knowledge of the authors, no PUF-like natural born unknown cipher mappings in our physical environment. Artificially created SUCs, as one-to-one invertible mappings would offer much larger full-usability-space compared with the non-invertible PUFs mappings. A generic use-protocol to identify a physical unknown cipher module is described later in section IV.D. Refined SUCs use-protocols were shown to exhibit new applications and superior efficiency and manageability compared with the traditional PUFs as demonstrated in [17] [8] . However, the most obvious and practical striking advantage of unknown ciphers compared with PUFs, is their "digital structure" exhibiting ultimate operational consistency over the whole lifetime of the digital VLSI device. In comparison, traditional analog PUFs are highly temperature, operation conditions and aging sensitive leading to very complex realization countermeasures to compensate for such drawbacks. There is a crying need for such consistent, cloneresistant and low-cost physical modules in a large class of contemporary digital mass products. One very important property when deploying SUCs as post-fabrication entities, is that their security is manufacturer-independent as the whole security issues are shifted to the responsibility of the end-user or application manager.
F. SUC Creation Challenges and Difficulties
Manufacturers of non-volatile-FPGA like Microsemi stated that the most challenging self-reconfiguration requirement may become technically possible and available soon. However, more challenges would be facing the design and realization of SUCs in VLSI environment. The following challenges are identified:
1. How to design a GENIE as cipher creating software package and/or cipher database of size S (S→2 n !) with practical time and memory complexities to be executed just one time within the SoC unit.
2. How to place/diffuse the selected cipher structure at possibly unknown locations in the FPGA-fabric to confuse attackers without violating the design rules of the VLSI structure. This seems to be the most challenging and possibly a very hard to solve task! 3. How to make the fabric-and memory resources consumed by the SUC module practically as small as possible.
The design challenges seem at the first sight to frustrate both cipher designers and FPGA programmers. In total, a highly challenging engineering and scientific task. [18] and intellectual property protection [19] . Most PUFs response spaces are noisy resulting with limited identity entropy. As a remedy to this problem, fuzzy extractors were proposed to stabilize the output response of each PUF [15] [16] . Fuzzy extractors generate and store helper-data during the enrollment phase, which will be used for error correction in the reconstruction phase when the PUF response is noisy to reproduce the correct response by automatic error correction. Such error correction mechanisms are complex, costly and require a large number of logic gates, for instance Intrinsic ID' Quiddikey plus requires 42 K Gates [20] . Compared to PUFs, SUCs do not require any error correction mechanism due to their digital structures. Moreover, SUCs result with lower hardware complexity and less latency.
Many attacks on PUFs have been recently proposed. They are targeting both weak PUFs and strong PUFs; weak PUFs have few challenges, commonly only one challenge per PUF instance. Hence, it is assumed that access to the weak PUF response is restricted. However, semi-invasive means have been used to reveal the state of memory-based PUFs [21] . The second major PUFs types are Strong PUFs having large number of Challenge-Response Pairs (CRPs) and are assumed to be unpredictable. Hence, protecting the challenge-response interface is not necessary. Strong PUFs are less susceptible to cloning and invasive attacks as weak PUFs. However, modeling attacks represent a strong threat in cloning such PUFs. D. Lim introduced the first attack to model an Arbiter-Based PUF [18] and later on Majzoobi et al. analyzed linear and feed-forward PUF structures [22] . Recently, Rührmair et al. demonstrated PUF modeling attacks on many PUFs by using machine learning techniques [23] . In [24] , side channel attack was used to analyze PUFs architecture and fuzzy extractor implementations by deploying power analysis. Recent attack trends combine both side channel and modeling attacks [25] [26] to facilitate machine learning deployed for modeling attack. In [27] , a hybrid attack is presented, combining side channel analysis and machine learning for attacking especially weak PUFs which prohibit attackers to observe their outputs. The same attack method can also be applied to strong PUFs. It was also shown that fuzzy extractors are also vulnerable to power analysis. This shows in general that traditional PUFs suffer from high-complexity and inherent inconsistency.
IV. THE CONCEPT OF SECRET UNKNOWN CIPHERS AS DIGITAL PHYSICALLY CLONE-RESISTANT FUNCTIONS
A. Early Work on Secret Unknown Ciphers
In [28] , a first attempt towards SUC realization was proposed as a secret and unknown random stream cipher deploying Tfunctions as key stream generators with random S-Boxes. In [29] , a new family of stream ciphers was proposed to be used > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 5 as SUCs, the design is based on combining Nonlinear Feedback Shift Registers (NFSRs) with randomly selected feedback functions from a set of Boolean functions ensuring maximum period NFSRs. Both SUC designs are based on random stream ciphers. One of the objectives of this work is to create new efficient and large block cipher classes which can be easily embedded/mutated as SUCs in modern SoC FPGA devices. Such SUCs may serve as digital-PUFs at adequate cost and time complexities. SUCs based on random block ciphers can be efficiently deployed in a wide spectrum of smart vehicular security applications such as security-critical over the air software update [8] . SUC was also proposed as central building block for end-to-end device-to-device authentication in 5G network [9] . Another SUC-based solution for highly secure implantable medical devices was proposed in [10] .
B. Conceptual Definition of SUC
Secret Unknown Cipher is a randomly internally selfgenerated cipher inside a chip, where the user has no access or influence on its creation process. Even the device manufacturer should not be able to back-trace the creation process and deduce or predict the created random cipher. An individual unknown cipher is created in each unit after a non-repeatable single event non-reversible process. Each generated SUC is an invertible unknown Pseudo Random Function (PRF); defined as follows:
and its inverse mapping as:
A SUC when designed as a block cipher, requires that mn  . For lowest implementation complexity, an Involutive-SUC (I-SUC) is a good choice. In that case
For optimum space utilization mn = , (input and output spaces are equal) the cipher is then defined as a Pseudo Random Involution PRI:
where
. That is, encryption and decryption operations use the same mappings resulting with minimized realization complexity. package called "GENIE" that contains an algorithm for creating internally secure random ciphers. Possibly, a Cipher Data Base CDB of cryptographically strong functions is included to support selecting the SUCs. The TA uploads the GENIE for a short time into each SoC FPGA unit to be used for just one time.
C. Basic SUC Creation Concepts and Use Scenario
• Step 2: After being loaded into the chip, the GENIE is triggered to create a permanent (non-volatile) and unpredictable random cipher. The cipher design components are completely randomly selected by deploying random bits from a True Random Number Generator (TRNG) within the chip.
• Step 3: After completing the SUCu creation, the GENIE is completely deleted • Step 4: by completing step 3, the SoC FPGA unit u contains its unique and unpredictable SUCu. TA then personalizes/enrolls the unit u by challenging its SUCu with a plaintext challenge-set {Xu,0, Xu,1 … Xu,(t-1)} to gets the corresponding ciphertext response-set {Yu,0, Yu,1 … Yu,(t-1)}. The two sets are stored securely as secret records in the Units Individual Records (UIR) labeled by the Serial Number of the device SNu. UIRs are kept secret by TA. A secret key KTA may be added to the SUC design for multi TA usage. The X/Y pairs can be used later by TA to identify and authenticate devices.
SUC u
GENIE
Trusted Authority
Created Secret Cipher known only to the chip
Load a Smart Cipher
Creator "GENIE" (Software package)
Secured "Units Individual Records" UIRs (to be kept secret!) 
D. Generic Physical Identification Protocol for SUC Units
After finalizing the personalization process (Step-4 in Fig. 2 ), TA has for each SoC FPGA a secret record in the UIR including X/Y pairs. In reference to X X = then the unit is deemed to be authentic and can be accepted. Otherwise u is not authentic and should be rejected. The pair Xu,i/Yu,i is marked as consumed and should not be used later for highest security performance. The concept is comparable to a PUF with the advantage that SUC based design is capable to recover X from Y by using the inverse function SUC -1 . This property was used in [8] to build > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 6 a physical chain of trust for a secured over the air vehicular software update.
Trusted Authority
Notice: !! never use the pair X u,i ,Y u,i again !!
SN u
Physical Unit u
One-time ticket
Secured "Units Individual Records" UIRs (to be kept secret!)
Fig . 3 . Generic use protocol for a secret unknown cipher SUC
E. Requirements for SUC-Creation
The most difficult and challenging task in creating SUCs is how to devise and run a "GENIE" software with acceptable complexity in memory and time in the target SoC units. This is highly dependent on the existing technology infrastructure.
The requirements for an ultimate creation environment can be summarized as follows: That is, a secured one-way locking mechanism to prohibit later self-reconfiguration capability is necessary. 3. Low GENIE runtime for cipher creation. 4. Low software complexity and runtime in downloading and deleting the GENIE. 5. The locations of the created SUC functions should be hard to find or to predict. 6. The selected SUC functions, their parameters and their operation sequence and contents should be unpredictable and analytically hard to attack. 7. The attained SUC security-level should be acceptable even when the "GENIE" is completely published, disclosed or somehow become known to the attackers.
V. A NEW CONCEPT FOR SUCS CREATION IN FPGA DEVICES
This section presents a novel technique for high-speed creation procedure of SUCs in SoC FPGAs. The creation concept is based on Bitstream-manipulation in a pre-defined FPGA layout template.
A. New Key-Concept for Template-Based SUCs Creation
The key idea of the creation concept and targets are illustrated in Fig. 4 . According to Fig. 4 (a) , the design compiler of the FPGA investigates the floorplan of the existing used application area and seeks free gaps of unused FPGA-cells. A designer may also reserve some free layout areas/blocks as freearea to allocate the SUC structures there in a later incremental design compilation. The free areas (dashed area in Fig. 4 (a) ) are then routed and interconnected as an SUC-design-template with default design-rules-safe contents. This SUC-designtemplate is downloaded in the bitstream completely equally for all units to be personalized. A layout for the free templates is shown in Fig. 4 (a) . In the personalization process, and when downloading the FPGA-bitstream into each individual unit as in Fig. 4 (b) , a random selection of cipher mappings and their parameters is programmed/configured in the free software/hardware templates respectively to make each unit differently unique. The GENIE should create completely differently allocated, and occupied with unpredictable and unknown ciphers as shown in Fig. 4 (b) , units 1 to n. Notice that the SUC-design-template contains mappings and functionalities which may be or may not be used in the final generated SUC inside each individual unit. The software mappings, constituting the SUC program, are distributed also randomly in blocks in the reserved non-volatile memory locations. The use and parameter selections of all reserved templates are completely randomly selected by the random bits generated by the TRNG module within the SoC unit. As the TRNG bits are completely unpredictable, the resulting ciphers SUC1 to SUCn are fully unknown, different and unpredictable in their locations, contents and parameters as symbolically indicated in Fig. 4 (b) . Again, the SoC FPGA configuration bitstream is manipulated by the GENIE affecting only the dedicated SUC-designtemplate locations according to the TRNG random source bits. Therefore, as shown for example in Fig. 4 (b) , the unit of SUC1 has less blocks and are differently occupied at different locations compared with the unit of SUCn. Fig. 5 illustrates a possible internal personalization process. It is also describing a concept for partially self-reconfiguring SoC FPGAs. During the personalization process, the Manipulating GENIE modifies the corresponding bits of the cryptographic mappings by randomly selecting ciphering blocks from the Cipher Data Base (CDB). The blocks are filled up also directly by randomly selected contents from CDB. All random selections are controlled by the TRNG bit source to deliver unpredictable selections. In Fig. 5 , the SoC FPGA > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 7 configuration bitstream BS is modified to BS' to accommodate the default SUC-design-template into it. For FPGA personalization process, BS' is usually encrypted to EBS' for better production security in the user environment. Fig. 5 illustrates the personalization process that proceeds as follows: or Sg= 2 1234 (see section VI and 0) resulting with probability of equal SUCs approaching zero.
B. Technical Realization of a Template-Based SUC Creation
3.
' u BS is now stored in both the non-volatile software part and in the FPGA-fabric to permanently-program the device individually. This process represents a single-event "electronic mutation" within each SoC-FPGA device.
After completing the personalization of u SUC , the Manipulating GENIE is deleted and a "possible" reconfiguration-lock is irreversibly activated to prohibit any later changes on the FPGA-fabric or the NV-software. The unit would include at this stage a permanent and operational Secret Unknown Cipher u SUC which nobody knows. This makes an individual FPGA device physically unique with a probability approaching 100%. The only entity which can encrypt and decrypt according to the unknown cipher u SUC is that individual unit without any possible substitute. Even the trusted authority TA do not know the cipher and cannot fabricate any physically equal unit. Notice also that, the locations of the used templates are not known. An invasive complicated attack is required to read the manipulated bitstream to be able to clone the unit. Each unit needs to be attacked individually, as cloning one unit would not make cloning another unit less complex. 
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 8
represented by 4 blocks of 16-bits as in the example of Fig. 6 . That is, the total configuration bits (bitstream bits) required to implement such 4-bit S-Box is 64 bits.
D. Inspiring SUC Structures from FPGA Resources
To attain the highest resource utilization the mapping boxes deployed for a cipher should have the same input-size as the LUTs. Consequently, the existing FPGA elements in their most efficient operation and interconnection mode should define and dictate the structure of the mapping operations to be used in the created SUCs. Possible strategies and rules for ultimate creation of SUCs in future programmable VLSI technologies can be summarized as follows:
1. Recycle the existing unused free resources in a modern FPGA application device to come up with minimum and possibly zero-cost SUC design. 2. Let the existing free logical resources define and dictate the basic cipher mapping functions to be used in designing the GENIE cipher classes. 3. Design new crypto-mappings to optimally use such ready and free existing FPGA functions. 4. The implementation complexity is seen to be zero if the unused free FPGA resources are consumed in the created SUC structure. 5. SUCs are accessed rarely in many applications. In such cases, a trade-off between execution time and consumed hardware resources may optimize the whole system performance. The smaller the hardware structure is, the easier is hiding and managing it within the FPGA fabric. 6. Investigate completely new non-conventional ciphering structures based on the free unused FPGA mapping resources. This may result with novel cipher-classes which are otherwise not considered by standard cipher designers due to their unacceptable high-complexity.
E. Design-Flow for Creating SUCs in Microsemi SoC FPGAs
To check the feasibility of the proposed SUC creation concept, a sample real FPGA environment is selected as a possible future target technology. SUC concept requires nonvolatile FPGA devices to make sure that the created SUCs as units' identities are permanent and not removable. Modern SoC FPGAs incorporate an FPGA fabric together with at least a microcontroller core. Microsemi FPGA technology is to our knowledge, the only contemporary non-volatile FPGA technology having the non-volatile configuration memory cells distributed over the whole NV-FPGA fabric area. This makes an invasive attack more difficult if the bitstream is not readable as the whole fabric area need to be attacked. In contrary to that, volatile RAM-based FPGAs, can be attacked when reloading the bitstream in the start-up after every power-off case. That is, the attack can focus on the flash memory accommodating the bitstream and possibly its usually deployed encryption mechanism. Non-volatile technology does not require to reload bitstreams after power-off offering much higher physical security level. Repeated transfer of secrets is a serious security threat in all practical systems. Volatile FPGAs can only be securely used to accommodate SUC modules if the operational lifetime of the unit's identity is just the time between a single switch-on and off phase. This represents a dramatic limitation for most physical security applications. Fig. 7 1. The user application core is locked after compilation. Its layout can also be locked to avoid any influence on the original application tasks and performance.
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 9
2. The SUC design template is added in HDL to the locked Application Core.
3. The FPGA design-compiler routes incrementally the designed SUC-Templates.
A new encrypted bitstream EBS'
including the application core together with the free SUC templates is created.
The same EBS' should be generated in encrypted form for each device to be programmed/enrolled. The SUC-templates are generated according to the GENIEcreated cipher class. Two sample SUC cipher-classes are proposed in the following sections.
Necessary
VI. A NON-INVOLUTIVE SUC STRUCTURE PROPOSAL
For efficient performance, SUC should consume low software and hardware FPGA resources to be implemented possibly at zero cost in the free available FPGA resources. This section describes a first proposed SUC class coined as a NonInvolutive SUC (NI-SUC).
A. A New Concept for Non-Involutive SUC Design Structure
The proposed non-Involutive SUC (NI-SUC) is a random cipher based on Substitution Permutation Network (SPN) structure designed to optimally use the FPGA resources. Fig. 9 describes the overall NI-SUC cipher structure having a block size of 64 bits. The cipher includes R=31 rounds where 1 + R keys are generated by a key scheduling algorithm. For each round, a round key Ki is XORed before the substitution layer and after the last round. The substitution layer includes 16 randomly 4-to-4-bit mappings selected from the list of all optimal 4-bit S-Boxes. Optimal 4-bit S-Boxes were designed and investigated in [30] to be optimal against differential, linear and algebraic attacks. The diffusion stage is implemented as fixed bit permutation. 
B. Optimal 4-bit S-Boxes for the Creation GENIE Library
C. Non-Involutive SUC Bit Permutation Mapping
To attain adequate hardware efficiency, we propose to use a bit permutation stage which deploys only the interconnections fabric for the diffusion layer. A new fixed bit-permutation is devised and investigated to be deployed in the NI-SUC design. 
D. Proposed Key Scheduling Algorithm
The LUTs in a non-volatile technology can be deployed to efficiently store keys. Fig. 10 shows a novel Random Key Scheduling Algorithm for NI-SUC ( NI RKSA ), to accommodate 32 fully random keys of length 64 bits in 64 LUTs. It is based on using random 4 to 1 mappings : E. The Cardinality of NI-SUC Cipher Class NI-SUCs deploy 16 randomly selected 4-bits S-Boxes from the set of all optimal 4-bits S-Boxes and a fixed bit permutation. Each resulting SUC depends on the randomly selected S-Boxes and the bits of the key scheduling algorithm. For NI-SUC, with a block size of N-bits and number of different substitution layers |SL|, using 4-bit optimal S-Boxes, the cipher class cardinality with r-different rounds is: 
VII. INVOLUTIVE SUC CREATION CONCEPT
A. Involutive SUC Structure
This section describes an involutive SUC coined as I-SUC. The ciphers structure is also inspired from the existing FPGA fabric resources. The cipher is also an SPN design structure with 32-rounds (R=32). Fig. 11 describes the proposed I-SUC block structure. I-SUC uses in difference to the former cipher class 16 randomly selected however, only Involutive 4-bit S-Boxes (IS0 to IS15). Moreover, I-SUC deploys a fixed involutive diffusion layer. Notice that the final round includes only a substitution layer. 15 Fig. 11 . I-SUC using micro involutive S-Boxes
IS
1 IS 0 IS Ciphertext/ Plaintext 5 IS 0 K Involutive Diffusion Layer (Permutation P) i K 2 R K −
B. A Library for Involutive S-Boxes
In [31] , all the 4-bit involutive (self-inverse) S-boxes with linear, differential and almost resilient analysis were investigated. According to [31] , the number of such optimal involutive 4-bit S-Boxes is found to be 17.15 1 20 2 45 9 
C. Involutive Diffusion Layer
To use the same structure for both encryption and decryption operations, the diffusion layer should also be an involution. An involutive linear transformation from [32] is modified for the proposed cipher as shown in Fig. 12 and described formally in equations (7) 
Each 4-bits output (Outi) of the permutation is defined as:
The overall involutive diffusion layer P is defined as: 
D. Conditions on I-SUC to Yield an Involutive Cipher
For R rounds I-SUC, let SLi with 01   − iR be a random involutive Substitution Layer i, and the fixed diffusion layer P. Let X be the input plaintext and Y be the output ciphertext, then:
..
For an I-SUC to be involutive, the decryption function should be the same as the encryption function however with reversed key order, that is:
If P and key XORing operations commute, such that
in any round r (see the necessary conditions in the theorem and key deriving equation (14) below) then : ... (11) In that case the same hardware mappings can be used for encryption and decryption by just reversing the key order.
To fulfill (11) , and let I-SUC be involutive, the substitution layers need to fulfill the following conditions:
Designing I-SUC according to (12) results with a large class of I-SUCs since a new set of the involutive S-Boxes can be randomly selected in about 50% of the cipher rounds. However, this would result with high hardware complexity. Hence, we propose to use the same random substitution layer 0 SL equally in all rounds.
To fulfill the required Commutative Property between P and the XORed Key, the following theorem followed by deriving design requirements. Theorem. Let P denotes the diffusion layer of I-SUC, and let the key of round r be 15 14 0
If 15
Proof. Let ...
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 
VIII. SECURITY ANALYSIS OF THE PROPOSED SUC CLASSES
The proposed cipher classes are ciphers with unknown SBoxes and keys. Therefore, first the traditional known attacks on ciphers with similar structures are presented.
At Eurocrypt 2001, Biryukov and Shamir investigated the security of AES-like ciphers with key dependent S-Boxes and affine transformation, they successfully cryptanalyzed two and half rounds [33] . The attack was improved in [34] In [35] , Borghoff et al. proposed several attacks on C2 algorithm, which has a secret 8 to 8 bits S-Box and a 56 bits key. The attack reverses firstly the S-Box with complexity of 24 2 C2 encryptions and then the key with a complexity of 2 48 . In [36] , Borghoff et al. deployed similar manners with differential-style attack to break Maya with a number of rounds up to 28. Maya [37] is a PRESENT-like cipher with key dependent S-Boxes. The attack model described in [36] suggests that it is possible to break up to 28 rounds before reaching the bound 2 64 of possible plaintexts. The attack was extended to break PRESENT-like ciphers with secret components (S-Boxes or bit permutation), and randomly chosen components up to 16 rounds with data complexity less than 2 64 . This type of differential-style attack exploits the weak differential properties of key dependent S-Boxes or randomly selected S-Boxes. We propose to deploy only a set of optimal S-Boxes characterized by strong differential and linear properties to prohibit the differential-style attack of [36] for both NI-SUC or I-SUC.
To cryptanalyze NI-SUC, an adversary should reverse the randomly selected optimal S-Boxes and apply a known attack such as differential/linear cryptanalysis to break one NI-SUC.
In the following, for both linear and differential cryptanalysis, only the second part of the attack on NI-SUC and I-SUC are investigated.
A. Linear Cryptanalysis
This section presents the security analysis of the proposed random block ciphers against linear cryptanalysis [38] . Table I , the number of S-Boxes involved in any 2-Rounds of a linear approximation is greater than or equal to 4.
Lemma 1. For NI-SUC, by deploying the bit permutation in
Lemma 2.
For I-SUC, by deploying the involutive diffusion layer of Fig. 12 , the number of involutive S-Boxes involved in any 2-Rounds of a linear approximation is greater than or equal to 2.
The maximal bias of a linear approximation of an optimal n-bit S-Box (n=4) is: 
For NI-SUC or I-SUC having over 30 rounds, NL is greater than or at least 2 120 , which fulfills the contemporary security level requirement.
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 13
B. Differential Cryptanalysis
Differential cryptanalysis was firstly introduced by Biham and Shamir in [39] . It has been used to break many ciphers such as the full 16 round DES-like cipher [40] . It exploits the high probability of certain occurrences of plaintext differences and differences into the last round of the cipher. Lemma 3. For the NI-SUC, by deploying the bit permutation in Table I , the number of S-Boxes involved in any 2-Rounds of a differential characteristic is greater than or equal to 4.
Proof. Optimal 4-bit S-Boxes have the characteristic that, changing a single input bit would change at least two output bits. The proposed bit-permutation in Table I interconnects such that the input bits of any S-Box come from 4 distinct S-Boxes or equivalently any 4 output bits of an S-Box go to 4 distinct SBoxes.
Lemma 4.
For the I-SUC, after mapping through the involutive diffusion layer in Fig. 12 , the number of involutive S-Boxes involved in any 2-Rounds of a differential characteristic is greater than or equal to 4.
The maximum XOR pair probability of the S-Boxes used in the NI-SUC or I-SUC is equal to 2 -2 . Hence, the number of plaintext/ciphertext pairs required for differential cryptanalysis of an R rounds NI-SUC or I-SUC can be approximated by:
For NI-SUC or I-SUC having at least 30 rounds, the number of Plaintext/Ciphertext pairs required for differential cryptanalysis is greater than or equal to 2 120 .
C. Post-Quantum Cryptanalysis
In 1994, Shor developed new quantum polynomial-time algorithms for the discrete logarithm and integer factoring problems [41] . Shor's algorithm can be used, by an adversary armed with a quantum computer, to break the widely used RSA cryptosystem, DSA and ECDSA. However, there are many classes of cryptography that are beyond RSA, DSA and ECDSA that are not vulnerable to Shor's algorithm such as [42] : Hash-based cryptography, Code-based cryptography, Lattice-based cryptography, Multivariate-quadratic-equations cryptography and Secret-key cryptography. In [43] , Grover proposed a quantum algorithm that can find an element in a set of N completely randomly ordered elements with a complexity ( ) ON . Grover's algorithm is the only known quantum algorithm threatening symmetric cryptography [44] . It is not shockingly fast as Shor's algorithm, for instance, AES-128/AES256 provide a post-quantum security level of 64-bit/128-bit. For I-SUC and NI-SUC, the effective attackcomplexity is 2 274 and 2 326 respectively (without considering the cardinality of the key scheduling for NI-SUC). That is, the attack complexity of Grover's algorithm is ( ) 
D. Statistical Analysis of I-SUC and NI-SUC Classes
This section shows some statistical cipher-performance figures for both proposed designs: I-SUC and NI-SUC.
1) Simulated Avalanche Behavior of I-SUC and NI-SUC
Few experimental simulations were conducted to investigate the effect of the number of rounds on the avalanche characteristics of both I-SUC and NI-SUC designs. One thousand randomly generated inputs were used to measure the avalanche characteristics for both SUCs as a function of the number of rounds. Fig. 14 and Fig. 15 show the experimental results for the number of output bit changes as a function of the number of rounds for both I-SUC and NI-SUC respectively. The results show that I-SUC reaches a perfect avalanche characteristic after only 3 rounds, while NI-SUC requires 7 rounds. This is due to the linear transformation which significantly improves the avalanche characteristic of I-SUC. • One thousand optimal 4-bit S-Boxes are selected to generate thousand NI-SUCs • One thousand involutive optimal 4-bit S-Boxes are selected to generate thousand I-SUCs To evaluate the avalanche characteristics for each resulting SUC, 100 random messages are used, where each time one bit of the message is flipped. Fig. 16 and Fig. 17 show the ranges of the measured number of output bit changes when changing one input bit for thousand I-SUCs and NI-SUCs respectively. The SUCs are labeled as S0, S1, …, S999. Fig. 16 shows that for all randomly selected I-SUCs, the expected number of output bit changes is bounded between 28 and 35. Whereas, it is bounded by 22 and 31 for NI-SUC in Fig. 17 . 
IX. PERFORMANCE AND COMPLEXITIES
A. Hardware Complexity of the Created SUCs
Hardware complexity was one of the main objectives of this work. NI-SUC uses a bit permutation mapping that does not consume logic resources (and no additional area in our example). However, only the encryption operation is prototyped and when needed (such as for identification protocol in Fig. 3 ), the decryption algorithm should be additionally implemented. The decryption module requires about 64-LUT less than the encryption one because both encryption and decryption designs use the same key scheduling. I-SUC is an involution and hence both encryption and decryption operations can be performed by using the same structures. When designing the proposed SUCs, the highest resource efficiency was targeted to optimally exploit the provided resources in Microsemi FPGAs. The proposed random SUCs are lightweight and could be used as physical identities adding a security value (possibly for free) in existing SoC FPGA applications. Fig. 18 shows an area optimized implementation method for the proposed NI-SUC. I-SUC can be implemented similarly by using the 64-bit register after the substitution layer since the last round does not include a diffusion stage. Table II shows the prototyped hardware complexities of the proposed SUC modules in SmartFusion®2 SoC FPGAs. It shows that the I-SUC version is a more efficient design (as involutive cipher) requiring much less resources for both encryption and decryption compared with the NI-SUC version.
B. Complexity of a Pure Software SUC
The implementation of NI-SUC and I-SUC in pure software form is prototyped on the ARM Cortex-M3 core embedded in SmartFusion®2 SoC FPGA. X. SOFTWARE HARDWARE AND TIME COMPLEXITIES OF THE GENIE The most challenging task when dealing with the SUC concept is in designing an efficient GENIE program. The runtime complexity is one of the most challenging tasks for industrial applications. The necessary memory for the GENIE's program and data should be accommodated completely within the target SoC device for highest security.
A. Software Memory Complexity
Assume that the GENIE would be allowed to insert a bitstream manipulator tool that can manipulate the configuration bitstream. The bitstream to be manipulated contains an application core design together with the SUC templates. The software GENIE contains:
• A Configuration Bitstream Manipulation Tool (BMT) • Mappings storage: such as the class of optimal S-Boxes The memory complexity of the GENIE is described as follows:
SW C C =+
Where BMT C denotes the memory complexity of the bitstream manipulator tool which need to store all templates address locations.
BMT C is relatively small in most cases.
SM C represents the major memory complexity of the stored mappings. Each S-Box consumes 64 bits, for example storing the total set of optimal involutive S-Boxes in the software GENIE requires 8.90625
SM C Mbits = .
B. Hardware Complexity
When the GENIE is realized inside a system controller as that of SmartFusion®2 SoC FPGA, the overhead hardware complexity is expected to be negligible since all required actions can be realized by BMT.
C. Time Complexity
During the personalization, the GENIE selects random mappings and then manipulates the configuration bitstream accordingly. This requires getting random number from the TRNG. The required number of bits from the TRNG for I-SUC and NI-SUC are 
TRNG
It is expected that, the TRNG can generate the required number of bytes in real-time. Otherwise, such small number of random bits can be generated and stored in a dead-time before running the personalization process to save latency time in the enrollment phase.
XI. CONCLUSION
A novel concept allowing self-creation of unknown cipher modules in SoC NV-FPGAs is presented. Such created so called Secret Unknown Cipher (SUC) converts the hosting device physically into a non-replaceable or hard to clone unit. The concept is based on pre-compiled cipher templates in the FPGA's bitstream to avoid design-rules violations. Two cipher classes with cardinalities exceeding 2 1000 are proposed. A noninvolutive and an involutive cipher classes. A prototype implementation in Microsemi SmartFusion®2 SoC FPGA technology is evaluated for both ciphers. The proposed concept shows also the feasibility of self-creation process of unknown functions as a paradigm towards future trends in a technologyoriented cryptography. The attained sample practical security levels and area complexities are very promising. Even when the required FPGA infrastructure for such techniques are not available today, it is shown that the necessary FPGA-changes seem to be feasible in future NV-FPGA technologies. Many other new promising application proposals deploying the same new paradigm are in progress.
