A formal definition and a new security mechanism of physical unclonable functions

The characteristic novelty of what is generally meant by a "physical unclonable function" (PUF) is precisely defined, in order to supply a firm basis for security evaluations and the proposal of new security mechanisms. A PUF is defined as a hardware device which implements a physical function with an output value that changes with its argument. A PUF can be clonable, but a secure PUF must be unclonable. This proposed meaning of a PUF is cleanly delineated from the closely related concepts of "conventional unclonable function", "physically obfuscated key", "random-number generator", "controlled PUF" and "strong PUF". The structure of a systematic security evaluation of a PUF enabled by the proposed formal definition is outlined. Practically all current and novel physical (but not conventional) unclonable physical functions are PUFs by our definition. Thereby the proposed definition captures the existing intuition about what is a PUF and remains flexible enough to encompass further research. In a second part we quantitatively characterize two classes of PUF security mechanisms, the standard one, based on a minimum secret read-out time, and a novel one, based on challenge-dependent erasure of stored information. The new mechanism is shown to allow in principle the construction of a "quantum-PUF", that is absolutely secure while not requiring the storage of an exponentially large secret. The construction of a PUF that is mathematically and physically unclonable in principle does not contradict the laws of physics.Comment: 13 pages, 1 figure, Conference Proceedings MMB & DFT 2012, Kaiserslautern, German

Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack

Quantum key distribution can be performed with practical signal sources such as weak coherent pulses. One example of such a scheme is the Bennett-Brassard protocol that can be implemented via polarization of the signals, or equivalent signals. It turns out that the most powerful tool at the disposition of an eavesdropper is the photon-number splitting attack. We show that this attack can be extended in the relevant parameter regime such as to preserve the Poissonian photon number distribution of the combination of the signal source and the lossy channel.Comment: 4 page

Coin Tossing is Strictly Weaker Than Bit Commitment

We define cryptographic assumptions applicable to two mistrustful parties who each control two or more separate secure sites between which special relativity guarantees a time lapse in communication. We show that, under these assumptions, unconditionally secure coin tossing can be carried out by exchanges of classical information. We show also, following Mayers, Lo and Chau, that unconditionally secure bit commitment cannot be carried out by finitely many exchanges of classical or quantum information. Finally we show that, under standard cryptographic assumptions, coin tossing is strictly weaker than bit commitment. That is, no secure classical or quantum bit commitment protocol can be built from a finite number of invocations of a secure coin tossing black box together with finitely many additional information exchanges.Comment: Final version; to appear in Phys. Rev. Let

Cheat Sensitive Quantum Bit Commitment

We define cheat sensitive cryptographic protocols between mistrustful parties as protocols which guarantee that, if either cheats, the other has some nonzero probability of detecting the cheating. We give an example of an unconditionally secure cheat sensitive non-relativistic bit commitment protocol which uses quantum information to implement a task which is classically impossible; we also describe a simple relativistic protocol.Comment: Final version: a slightly shortened version of this will appear in PRL. Minor corrections from last versio

Practical Quantum Bit Commitment Protocol

A quantum protocol for bit commitment the security of which is based on technological limitations on nondemolition measurements and long-term quantum memory is presented.Comment: Quantum Inf. Process. (2011

Unconditionally Secure Bit Commitment

We describe a new classical bit commitment protocol based on cryptographic constraints imposed by special relativity. The protocol is unconditionally secure against classical or quantum attacks. It evades the no-go results of Mayers, Lo and Chau by requiring from Alice a sequence of communications, including a post-revelation verification, each of which is guaranteed to be independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev. Let