ABSTRACT Most of the current security key generation schemes for static random access memory physical unclonable function (SRAM PUF) are based on a fuzzy extractor. However, it is difficult to deploy the fuzzy extractor in resource-constrained systems since the implementation of error correcting codes is complicated and requires huge processing resources. To this end, we propose a novel security key generation method for SRAM PUF based on a Fourier analysis. The SRAM PUF Boolean function is introduced to describe the power-up behavior of an SRAM device, which is followed by its Fourier spectrums. By exploring spectrums of the SRAM device, it is observed that the sign-bits of Fourier coefficients at certain generalized frequency points are randomly distributed and noise resistant. As such, the generalized frequency points as well as the sign-bits are suggested for security key generation in conjunction with a sign-bit encoding algorithm. The proposed method is well compared with the conventional fuzzy extractor. It is highlighted that error correcting code will not be involved in the whole lifecycle. Consequently, the method is suitable for the resource-constrained system applications. The proposed method is performed through couple of real measurements on two different platforms. The experimental results show that 8-kB SRAM cells have sufficient entropy for 128-bit security key generation.
I. INTRODUCTION
Static Random Access Memory Physical Unclonable Function (SRAM PUF) is a promising security key source that is capable of counteracting physical attack effectively [1] , [2] . The challenge to an SRAM PUF is a memory address, while the response is the content of the uninitialized memory cells at this address. The Mapping between challenge and response is determined by random physical mismatch of the cells and stochastic noise. Compared with conventional security key source, SRAM PUF benefits from numerous technical advantages such as unique, reproducible, unclonable, unpredictable, free of storage and easy measurement, etc... SRAM PUF can be widely applied in diverse security areas such as Internet of Things and industrial wireless sensor network for security purpose [3] , [4] .
Since SRAM PUF response is inherently noisy and nonuniform distributed, it is typically combined with fuzzy extractor [5] for security key derivation processing. Typically, a fuzzy extractor scheme consists of a secure sketch and a randomness extractor. The secure sketch includes a sketching procedure and a recovery procedure. In the sketching procedure a public helper data is obtained. In the recovery procedure the noise in response is eliminated by the helper data as well as the error correcting code. The randomness extractor generates a nearly uniform distribution security key from the noise eliminated PUF response. The deployment limitation of fuzzy extractor in resource-constrained system is that the error decoding algorithms are typically complicated and a large number of processing resources and long execution times are required.
Entropy loss introduced by the public helper data is another major issue in fuzzy extractor schemes. A helper data as well as a key is obtained in the enrollment phase of the fuzzy extractor. In the conventional code-offset construction method, the helper data is the bitwise XOR (exclusive or) result of a random error correcting code codeword and a reference PUF response. The security key is also extracted from the same reference PUF response. Consequently, the public helper data may leak some information about security key. Potential security issues can arise with these key generators when their input (i.e. the PUF response) does not have full entropy [6] , which is also emphasized strongly in [7] . To prevent entropy leakage, several 'debiasing' methods are proposed in literature [8] . Those methods can effectively increase the entropy in the PUF response .However, more PUF response are needed for 'debiasing' purpose, which limit the deployment of those methods in resource-constrained system.
In this work, we propose a novel method for SRAM PUF security key generation based on Fourier analysis. A new Boolean function is defined to investigate intrinsic properties of SRAM PUF. By exploring spectrums of the SRAM PUF Boolean function, it can be observed that the sign-bits of certain Fourier coefficients are random and noise resistant. This spectral characteristic is employed for key generation in our method. As a result, the error correcting code is no longer needed in the whole processing phases. There are two major advantages of the proposed method:
1) Less hardware resources are employed for key generation, which will meet the requirements of resourceconstrained system applications.
2) The entropy loss introduced by noise elimination is zero. It can be proved that the sign-bits of certain Fourier coefficients are truly random even given the helper data.
The main contribution of our work includes:
1) The Fourier spectrum of SRAM PUF is deeply analyzed.
2) The underlying noise resistance capability is studied in the SRAM PUF spectrum.
3) The key generation skeleton for SRAM PUF based on Fourier analysis is established.
The rest of this paper is organized as follows: section II provided a brief literature review of the conventional security key derivation process for SRAM PUF. Section III studied the Fourier spectrum of SRAM PUF, as well as the provision of the novel method theoretically. Section IV validated the method from practical level. Finally the conclusion is drawn in section V.
II. RELATED WORK
The concept of SRAM PUF has been introduced by Guajardo [9] and a similar idea has been proposed by Holcomb et al. [10] . An SRAM cell is logically constructed as two cross-coupled inverters. The power-up pattern of SRAM device is determined by both manufacturing process variations in each cell and the run-time random noises. The SRAM cells can be divided into three categories by their power-up behaviors. The '0'-skewed cells referring to their power-up states are always '0'. The '1'-skewed cells referring to their power-up states are always '1'. Both '0'-skewed cells and '1'-skewed cells are called fixed-skewed cells. The neutral-skewed cells referring to their power-up states are random. Combined with simple Hamming distance matching and PH (a variation universal hash function) universal hash [11] , the SRAM power-up patterns were used as identify fingerprint and source of true random numbers. The experimental results [10] show that 8-byte fingerprints can uniquely identify SRAM chips among a population of 5,120 instances and a 512-byte SRAM fingerprint contains sufficient entropy to generate 128-bit true random numbers. Compared to other chip identification and true random number generation methods, the SRAM PUF is able to be easily implemented as the SRAM device is the standard component in the target system, no extra circuits are required.
In [12] the SRAM PUF is combined with fuzzy extractor for security key derivation. The fuzzy extractor mainly consists of error correcting code and privacy amplification, aimed at extracting a nearly uniform distributed security key from noisy and non-uniform distributed SRAM PUF response. From the error correcting code aspect, new architectures for the decoders of Reed-Muller and Golay codes were introduced to eliminate the noise in SRAM PUF response. In terms of the privacy amplification, a LFSR (Linear Feedback Shifting Register) -based Toeplitz matrix was employed which was multiplied by the reconstructed SRAM PUF response. The result of the multiplication was the security key. The overall fuzzy extractor was implemented on Spartan-3E family FPGA device -XC3S500 where nearly 1000 slices are needed. Various effective implementations of fuzzy extractors were presented in [13] and [14] . In their fuzzy extractor scheme, some lightweight error correcting codes are employed. The hardware resource requirements in fuzzy extractor were further optimized.
In [15] reverse fuzzy extractor was proposed, aimed at enabling lightweight mutual authentication for PUF-enabled RFIDs. The fuzzy extractor worked in two phases. In the enrolment phase, an algorithm Gen produced a key r and a public helper data p by employing a reference SRAM PUF response w. In the reconstruction phase, an algorithm Rep reconstructed the original key r by using the helper data p and a noisy SRAM PUF response w . However, the Gen algorithm and Rep algorithm were asymmetric complicated: Gen was less complex than Rep. The reverse fuzzy extractor moved computationally intensive Rep algorithm to reader side of the RFIDs system which was more powerful. At the token side, a noisy SRAM PUF response w and a new helper data p were generated each time when the SRAM PUF was queried. The token sent new helper data p to the reader. The reader updated reference value w to the noisy SRAM PUF response w . Both token and reader shared the same noisy SRAM PUF response w , which can be used for mutual authentication. However, none of the security keys were generated in the reverse fuzzy extractor scheme.
In [16] and [17] PUFs are represented as Boolean function. By the new presentation, the Fourier analysis can be performed on PUFs to explore the inherent properties of BR-PUF (Bistable Ring PUF). Those properties are observed in practice, which have not been precisely and mathematically described. Based on the spectral properties of BR-PUF Boolean functions as well as the extensive experiments, they further provide the theorem that all PUFs must VOLUME 6, 2018 have some challenge bit positions, which have larger influences on the responses than other challenge bits. Along with their new theorem, a novel PAC (Probably Approximately Correct) learning framework for strong machine learning attack is proposed to precisely describe the characteristics of these PUFs
III. PROPOSED SECURITY KEY GENERATION METHOD A. A BRIEF REVIEW TO FOURIER ANALYSIS
Classical Fourier analysis is a powerful tool in studying intrinsic properties of Boolean functions. In this paper, we used some definitions directly. More details about Boolean function and Fourier analysis can be referred to literature [18] .
The notation {0, 1} n refers to the space of all the bit strings with length n. x denotes a bit string, and x i denotes the ith bit in the bit string.
Generally, an n-dimensional Boolean function is a map from a domain of {0, 1} n into the set of real numbers. It is defined by
Consider f and g are two Boolean functions, both functions are defined over {0, 1} n . The inner product of f and g is defined by
Given a bit sting V ∈ {0, 1} n , a parity function maps every bit sting x ∈ {0, 1} n to ±1 by
According to the definition, the parity function is a Boolean function. It has the following properties [18] . 1) If all elements in bit string V is zero, namely V is Ø, the output of parity function is always '+1' for all input bit strings.
2) For any bit string V except Ø, there is a pair of input bit strings m and n with the opposite outputs of the parity function specified by the same bit string V .
3) The set of all parity functions X V forms an orthonormal basis for the space of all Boolean functions. i.e.,
The outputs of all parity functions defined over {0, 1} 2 are listed in TABLE 1 For any Boolean functions f , another function F : {0, 1} n → R can be defined by Every Boolean function f can be uniquely expressed as a multilinear polynomial
Equation (6) For example, suppose n = 2 and f = Xor 2 , i.e. the ''Exclusive-OR'' function on 2 bits:
According to TABLE 1, (5) and (7), the Fourier coefficients of f for all bit strings V ∈ {0, 1} 2 are calculated by
The Xor 2 can be expressed as a multilinear polynomial by
B. THE FOURIER SPECTRUM OF SRAM PUF
To obtain the Fourier spectrum of SRAM PUF, a Boolean function should be firstly defined based on the power-up behaviors of SRAM devices. The SRAM PUF is described in challenge-response pairs. The challenge is the address of memory cell, and the response is its startup value. Each address can be represented as an n bits string ranged from 0 to 2 n − 1. The response can be denoted by one bit, whose value is either '0' or '1'. Therefore, the SRAM PUF Boolean function can be defined as a mapping from the address of each cell to its startup value.
According to the definition of SRAM PUF Boolean function, the Fourier coefficient of SRAM PUF Boolean function for any bit string V can be obtained by (5) . However, the investigation of characteristic of SRAM PUF spectrum via (5) is not straightforward, with two reasons: firstly, the Fourier coefficient is a function of the bit string V . Since V is an n-dimensional bit vector, it is difficult to present the mapping via two-dimensional graph effectively. Secondly, all the Fourier coefficients are real numbers. It would consume large amount of hardware resources during storing and calculation for real numbers, which can't be realized in resourcerestrained embedded system.
To facilitate demonstrating and analyzing spectrum of SRAM PUF Boolean function, we optimize (5) by two steps.
Firstly, we introduce the concept of generalized frequency. For every bit string V with length n, we can define a nonnegative integer by
v i is the ith bit of bit string V. This non-negative integer m is defined as generalized frequency of bit string V . The bit string V can be treated as the binary representation of the generalized frequency m while the generalized frequency m can be viewed as the index number of bit string V . According to the definition, the generalized frequency m and the bit string V are equivalent. The bit string V in (5) can be equivalently replaced by its index number-generalized frequency m. In such a way, the Fourier spectrum can be illustrated by two-dimensional graph. Secondly, all the Fourier coefficients in (5) are amplified by 2 n times. Such operations will transfer the Fourier coefficients from real number to integer number. The transformation decreases the hardware resource overhead during spectral computation. Additionally, the relative proportional relationship between each Fourier coefficient will remain the same after amplification.
After optimization, the Fourier coefficient of SRAM PUF Boolean function at generalized frequency m is defined by Fig. 1 (b) . The x-coordinate is the bit address ranged from 0 to 63. The y-coordinate is the power up state. Fig. 1 (c) is the Fourier spectrum of the SRAM PUF Boolean function mentioned in Fig. 1 (b) , where x-coordinate is generalized frequency and y-coordinate is Fourier coefficient of SRAM PUF Boolean function. According to (11) , the Fourier coefficient at zero generalized frequency point equals to the total number of cells whose power-up state is logic '1'.The zero generalized frequency point is excluded in Fig. 1 (c) ,which will be discussed in the following sub-section.
The Fourier spectrums of the same SRAM device are varying due to the inherently noisy characteristics of SRAM PUF responses. The neutral-skewed cells in SRAM PUF responses are noise sensitive. Their power-up state may flip from '0' to '1' or from '1' to '0'. Consequently, the responses of SRAM PUF will be slightly different after each power-up. According to (11) Let p i denote the probability of the power-up state of the neutral-skewed cell at address i that is '1'. The probability of the power-up state of the neutral-skewed cell at address i flipping from '1' to '0'could be mathematically expressed by
Similarly, the probability of the power-up state of the neutral-skewed cell at address i flipping from '0' to '1' is VOLUME 6, 2018 mathematically expressed by
By comparing (12) and (13), it can be concluded that probabilities of two flipping patterns occurred at each neutralskewed cell are equal, which is irrelevant to the power-up preference of the cell.
Let v i denote the probability the X V (i) is equal to '+1'. Based on categories 1) and 3), the probabilities of Fourier coefficient increased by one could be calculated by
The probability of Fourier coefficient decreased by one can be obtained in the same way. The result indicates that the probabilities of Fourier coefficient increased by one and decreased by one are both 50%, which is irrelevant to the probability of the output X m (i), which is either '+1' or '−1'.
To sum up, the fluctuation of Fourier coefficient introduced by a single neutral-skewed cell can be served as a discrete random variable that takes values on '+1' and '−1' with equal probability. The total fluctuation introduced by all neutral-skewed cells is the sum of individual fluctuation random variables with the assumption that memory cells are independent which is a common assumption on memorybased PUFs [3] .
There is a native biases in Fourier coefficients introduced by fixed-skewed SRAM cells. According to (11) , the native bias originated from a single '1'-skewed cell located at address i can be divided into two categories.
1) If the '1'-skewed cell is located at address i while X m (i) is '+1', the bias will increase by one.
2) If the '1'-skewed cell is located at address i while X m (i) is '−1', the bias will decrease by one.
The 0-skewed cells bring a zero native bias to the Fourier coefficient. The native biases in the Fourier coefficients are stable and chip-dependent because the locations of SRAM cells with different power-up behaviors are fixed and unique.
C. THE UNDERLYING NOISE RESISTANCE CAPABILITY
The underlying noise resistance capability in Fourier spectrum is originated from the imbalance in the total number of '1'-skewed cells and neutral-skewed cells. Practical measurements indicate the percentage of between 5 and 20 percent cells are neutral-skewed. The remaining cells are either '0'-skewed or '1'-skewed with equal chances [18] . It can be inferred that the number of '1'-skewed cells is more than twice the number of neutral-skewed cells. As a result, at some generalized frequency points their Fourier coefficients are biased at a relative high level due to the majority '1'-skewed cells. Compared to the bias, the fluctuation introduced by all neutral-skewed cells might be so limited that the sign-bits of those Fourier coefficients remain the same. Namely, the signbits of Fourier coefficients at certain generalized frequency points can be regarded as noise-immune. Those generalized frequency points are called noise resistance generalized frequency points (NRGFPs). It can be observed that:
1) The spectrums of four responses generated from the same SRAM device are fluctuated.
2) The Fourier coefficient at zero generalized frequency point is always positive. Its value is equal to the Hamming weight of the response. Additionally, it is the greatest Fourier coefficient among the spectrums.
3) The sign-bits of Fourier coefficients for different responses are likely to flip when the absolute values of Fourier coefficients are less than three.
4) When the Fourier coefficient biased at a high level, for example the absolute values of Fourier coefficients are greater than five, it seems that the sign-bits of Fourier coefficients will be stable for different responses.
We use the computing model shown in Fig. 3 to perform a quantitative analysis of the noise resistance capability of the sign-bit of Fourier coefficient at generalized frequency m.
Taking n = 6 as an example, suppose the SRAM PUF response consists of 12 neutral-skewed cells, 26 '1'-skewed cells and 26 '0'-skewed cells. For any non-zero generalized frequency point, the addresses of SRAM cells ranged The noise resistance capability is determined by the bias as well as the fluctuation. If the absolute value of the bias is greater than the absolute value of the fluctuation, the sign-bit will not flip, namely it is noise resistance. If the absolute value of the bias is less than the absolute value of the fluctuation and the sign-bits of the bias and fluctuation are different, the sign-bit flips with different probabilities. The probability of sign-bit flips can be calculated via TABLE 4 shows a preliminary result of the noise resistance capability. Furthermore, the noise resistance capability can be obtained by investigating the practical bias as well as the practical fluctuation via mass experimental measurements with higher accuracy. A nearly non-fluctuating response which is the bit-wise AND result of mass responses measured from the same SRAM device is used for the investigation. Due to the bit-wise AND operation, the power-up states of neutralskewed cells in the nearly non-fluctuating response are almost zero. According to (11) , The Fourier coefficients of the nearly non-fluctuating response are approximately equal to the practical biases. Furthermore, the Hamming weight of nearly non-fluctuating response can be regarded as the number of practical 1-skewed cells. The Hamming distance between a latent response and the nearly non-fluctuating response is the number of actual flipped neutral-skewed cells. In the worst case, the absolute value of practical fluctuation is equal to the number of all actual neutral-skewed cells with the assumption that those cells flip simultaneously while the outputs of the corresponding parity functions are all '+1' or '−1' . The following inequality is applied to identify the NRGFPs VOLUME 6, 2018 if the latent response and the non-fluctuating response are measured from the same SRAM device.
F(NRGFP)
Several Fourier coefficients obtained from latent responses measured from other SRAM devices may satisfy the inequality (16) with a certain probability. Suppose the latent response is divided into j blocks. Each block can be regarded as a bit string with length 2 n · m represents the Hamming weight of bit string. Let L and U represent the lower and upper bound in inequality (16) .
The number of possible assignments of each block is estimated by
It can be inferred that The Fourier coefficient for every block is ranged from '−m' to '+m'. The number of possible assignments with Fourier coefficient ranged from '−U' to '−L' and from '+L' to '+U' in a single block is given by
The probability of error identification for a latent response could be upper bounded by (20) .
m j is the Hamming weight of block j. While the lower bound of the correct identification probability for a latent response is
More blocks can be used to improve the correct identification probability.
D. THE CONCEPT OF SIGN-BIT ENCODING ALGORITHM
The sign-bit encoding algorithm aims at extracting nearly uniformly distributed security key from the sign-bits of Fourier coefficients at NRGFPs. However, at certain NRGFPs the sign-bits can't be used as key source for security purpose. The Fourier coefficient at zero generalized frequency point is equal to the total number of cells whose power-up state is logic '1'. Obviously the sign-bit of Fourier coefficient at zero generalized frequency point is always positive for any SRAM device. It contains none information. Thus the zero generalized frequency point cannot be used for security key generation.
For some brand SRAM devices, the generalized frequency point which is equal to the data bus width of the device cannot be used for security key generation. As shown in Fig. 4 , there is a common characteristic of the power-up pattern for those SRAM devices.Bold dashed line is applied to divide both power-up patterns into several vertical regions. The width of each region is equal to the data width of the devices. In the adjacent regions, the periodicity in the number of both black pixels and white pixels are quite obvious. As a result, a special black-white pattern is periodically represented in Fig. 4 . This phenomenon can be reproduced in lots of chips of the same brand. According to (3) , the output of the corresponding parity functions defined by the generalized frequency point which is equal to the data bus are listed in According to (11) , lots of chips will share the same sign-bit of Fourier coefficient at this NRGFP, which is a potential risk of key leakage.
To further improve randomness and noise resistance capability of the sign-bits, the sign-bit encoding algorithm excludes the generalized frequency points which are equal to zero or the data bus width and choose the NRGFP, whose Fourier coefficient is largest for key derivation. The most robust NRGFP are selected by mass measurements.
Each spectrum will yield to one sign-bit and a combination of the most robust NRGFP, the absolute value of its practical bias and Hamming weight. The sign-bits originated from several spectrums are converted to a binary string as follow: A positive sign-bit is encoded to '1' while a negative signbit is encoded to '0'. The min-entropy of the binary string is estimated to ensure the randomness of the security key. Finally the binary string is hashed to the security key by LFSR-based Toeplitz matrix.
E. THE IMPLEMENTATION OF PROPOSED METHOD
To generate security key from the spectrum of SRAM PUF, registration and reconstruction phases are employed in the proposed method. Register phase constitutes four steps: 1) Establishing the SRAM PUF Boolean function. The value of n must be firstly determined. Then the SRAM device is divided into S blocks. The address ranges of each block are from 0 to 2 n − 1. The SRAM PUF Boolean functions are defined based on the power-up behavior of each block. The SRAM device can be described by a set of SRAM PUF Boolean functions.
2) Estimating the nearly non-fluctuating response for each block by mass measurements.
3) Extracting the combination of the most robust NRGFP, the absolute value of its practical bias and Hamming weight of nearly non-fluctuating response as helper data. The helper data are stored in a non-volatile memory for security key reconstruction. The number of combinations is determined by the randomness of the sign-bits of the Fourier coefficient at the most robust NRGFP.
4) Collecting sign-bits of the Fourier coefficient at the most robust NRGFP for each block. The security key is extracted from those sign-bits by sign-bit encoding algorithms.
In the reconstruction phase, noisy SRAM PUF Boolean functions are obtained from the same blocks of the SRAM device. The helper data and inequality (16) are used to validate the SRAM device.
If the spectrums are obtained from the blocks of the same SRAM device, there will be no doubt that all the Fourier coefficients at the most robust NRGFP given by the helper data satisfy the constraint in (16) . However, if the spectrums are originated from the blocks of different SRAM device, the probability of error identification could be estimated by (21). If any absolute value of Fourier coefficient at the most robust NRGFP of the recalculated spectrum fails to pass the verification, the SRAM device will not be the original SRAM device which cannot be used for security key reconstruction. After validation, the security key is reconstructed by the same way in the register phase.
F. ENTROPY LOSS
In the proposed method, the helper data will not leak any information about the key source. The public helper data is the combination of the most robust NRGFP, the absolute value of its practical bias and Hamming weight of nearly non-fluctuating response. The key source is the sign-bits of the Fourier coefficients at the most robust NRGFPs.
Considering the SRAM PUF response is unknown to the attacker, the sign-bit of the Fourier coefficient at any generalized frequency point may be positive or negative with equal chance. From the attacker's point of view, the actual value of the sign-bit is uncertain.Once the helper data is public, the attacker can exclude some responses since it is impossible to extract such helper data from those responses. For example, the Fourier coefficients obtained from those responses don't satisfy the inequality (16) . However, the attacker can't confirm the sign-bits based on the public helper data since there is always a pair of responses with the same helper data and opposite sign-bits in the remaining responses.
The responses pair can be investigated via the computing model in Fig. 3 .Suppose X and Y are bit strings with length of 2 n defined by nearly non-fluctuating SRAM PUF responses. α is the most robust NRGFP. β is Hamming weight of nearly non-fluctuating response of X and Y . The addresses of SRAM PUF responses ranged from 0 to 2 n − 1 are partitioned into two subsets based on the output of parity function determined by α:
For response X , suppose the number of SRAM cells whose addresses belong to subset A is γ . The number of SRAM cells whose addresses belong to subset B is equal to β-γ . The Fourier coefficient at m is
For response Y , suppose the number of SRAM cells whose addresses belong to subset B is γ . The number of SRAM cells whose addresses belong to subset A is equal to β-γ . The Fourier coefficient at m is
Compared (24) and (25), it can be inferred that
The responses pair makes it difficult for the attacker to predict the sign-bits based on the public helper data.
Compared with the methodology of deceasing entropy loss specified in [8] , the proposed solution eliminates the relationship between helper data and key source from theoretical perspective. Thus, the entropy loss by public helper data will be zero.
IV. EXPERIMENT A. EXPERIMENTAL SETUP
The proposed method is performed through experiments on two platforms. The first platform is ''IS62WV25616BLL'' with 4M bit SRAM cells organized as 256K words by 16 bits. The chip is an SRAM memory chip produced by ISSI.
VOLUME 6, 2018
The second platform is a universal 32-bit embedded processor ''STM32F407VGT6'' with 196K embedded SRAM. The chip is a microcontroller produced by ST Microelectronics which is based on ARM Cortex-M4 core. Both of them are widely used in various embedded systems. In each platform, we randomly choose four chips for each brand to test. The SRAM PUF Boolean functions are defined with n = 6 and n = 8. All tested chips are divided into 128 blocks. The address range of each block is equal to 2 n /8 in byte. Once power-up the spectrum of each block is calculated .The NRGFP as well as sign-bit of corresponding spectrum is recorded. The characteristics of Fourier spectrum, the randomness of the sign-bits as well as hardware computational complexity are studied.
B. THE CHARACTERISTICS OF FOURIER SPECTRUM
The location pattern of the most robust NRGFP and the sign-bits of the Fourier coefficients at those NRGFP for a single IS62WV25616BLL chip are shown in Fig. 5 . The x-coordinate is the block index. The y-coordinate of Fig. 5(a) is the location index. The y-coordinate of Fig. 5(b) is the signbits of the Fourier coefficients at those NRGFP. For STM32F407VGT6 chips, nearly 90 percent of the most robust NRGFPs are located at 32 with n = 6 and the sign-bits of the Fourier coefficients at those NRGFP are all negative. By switching the value of n from 6 to 8, all the most robust NRGFP are located at 32 and all sign-bits are negative. The results show that the power-up patterns of the tested chips are approximately periodic.
For security key generation, the generalized frequency points which are equal to the data bus width of the device are excluded from the most robust NRGFP. The location pattern of the optimized NRGFPs and the sign-bits of the Fourier coefficients at those NRGFPs for a single IS62WV25616BLL chip are shown in Fig. 6 .
It can be observed that the optimized NRGFP are randomly located from 1 to 63 for n = 6. By switching the value of n FIGURE 6. The location pattern of the optimized NRGFP and the sign-bits of the Fourier coefficients at those NRGFP for a singleIS62WV25616BLL chip. from 6 to 8, the locations of the optimized NRGFPs change. We compare the location pattern of optimized NRGFPs for all the tested chips. The result shows that all the tested chips have different location patterns of the optimized NRGFPs.
The noise resistance capability of the partial optimized NRGFPs are shown in Fig. 7 . The x-coordinate is the powerup index and the y-coordinate is the Fourier coefficients at partial optimized NRGFPs. All the tested chips are repeatedly powering-up for 50 times. The Fourier coefficients at all optimized NRGFPs are recorded. The experimental data shows that the absolute value of Fourier coefficients at all optimized NRGFPs are greater or equal than the 6. By switching the value of n from 6 to 8, the noise resistance capability becomes more notable. 
C. THE RANDOMNESS OF THE SIGN-BITS
While min-entropy provides a lower bound on the amount of randomness contained in the key generated from the sign-bits of the Fourier coefficients at optimized NRGFPs, these signbits are also tested using the collision test, partial collision test, Markov test, compression test, and frequency tests from the NIST suite [20] . Since 128 sign-bits originated from 1024 SRAM bytes are not sufficient for the test, we extracted 1024 sign-bits from 8k bytes SRAM to perform the testing. The sign-bits were organized as 1024 1-bit random numbers. The measurement result is shown in Fig. 8 . From Fig. 8 , it can be observed that the min-entropy per sign-bit is about 0.21, and the overall min-entropy in the 1024 sign-bits extracted from 8k bytes SRAM is about 218 bit. As such, the 8kB SRAM cells have enough minentropy for 128-bit security key generation. The overhead of SRAM cells for extract a 128-bit cryptographically secure key is compared in TABLE 5. Compared to [9] and [10] , more SRAM cells are needed in the proposed method as the security key are extracted from different entropy sources. Using n=6 as an example, 64 cells are employed to generate a sign-bit. According to the min-entropy rate, at least 610 sign-bits are needed to obtain 128 random and uniformly key. The lower bound of the total overhead of SRAM cells is about 4876 Bytes. Thus, 8KB SRAM cells is a conservative estimation.
D. HARDWARE COMPUTATIONAL COMPLEXITY
The performance of the proposed method is analyzed in terms of hardware resource utilization. Taking account of computational security, the reconstruction phase needs implementing in resource restricted devices, while the registration phase is likely processed by other more powerful devices, such as PC. It is noted that the complexity of PUF algorithm defines as the hardware overhead of key reconstruction [12] .
A basic circuit for reconstruction phase in the proposed method is shown in Fig 9. The 64-bit SRAM PUF response block and the helper data are inputted to the circuit. The valid signal assert when the absolute value of Fourier coefficient at NRGFP obtained from response satisfy inequality (16) . The sign-bit port reflects the sign-bit of Fourier coefficient at NRGFP obtained from response.
The reconstruction circuit was implemented via verilog on the Spartan-3E 500 FPGA with full designing functionality described in Fig. 9 and Xilinx ISE v14.7 was employed for our tooling. The performances of proposed method are listed in Table 6 . The total slices consumed by the circuit are 54 and VOLUME 6, 2018 the latency cycles for the reconstruction are 67584. Given the clock of 50MHz, it will take about 1.3e-3 seconds for 128-bit key reconstruction.
Compared to the performances of error correcting code in fuzzy extractor [12] , our proposed algorithm surpasses from both hardware resources and execution time perspective under the premise of generating the secret key of the same length.
V. CONCLUSION
In this paper, we proposed a novel method for SRAM PUF security key generation based on Fourier analysis. The SRAM PUF Boolean function is applied to describe to power-up behavior of SRAM chip. The Fourier spectrums of SRAM PUF Boolean functions originated from practical SRAM chips are studied. We explore the impact of fixed-skewed cells and neutral-skewed cells on Fourier spectrum. It is observed that the sign-bits of Fourier coefficients at certain generalized frequency points are random and noise resistant. The underlying noise resistance capability of the sign-bits is originated from the imbalance in the total number of '1'-skewed cells and neutral-skewed cells. In conjunction with sign-bit encoding algorithms, this characteristic can be used for key generation. The proposed method is validated through real measurements on two platforms. The experimental results indicate that the power-up patterns of all tested chips are approximately periodic. We enhance the randomness of the sign-bits by choosing the optimized NRGFPs. Furthermore, to generate a 128 bit security key, 8kB SRAM cells are needed. The advantage of the proposed method is that none of the error decoding algorithms are needed. Consequently, the method is suitable for resource-constrained system applications. Future research will focus on validating this method on other PUF, such as Arbiter PUF and Ring Oscillator PUFs. 
