FPGAs are used in place of ASICs for an increasing number of applications. Traditionally seen primarily as devices with programmable gates, FPGAs have progressively evolved since year 2000 into "platform" devices with many integrated system-on-a-chip features, including components such as Ethernet MACs, DSP engines, microcontrollers, clock management circuitry, I/Os with reconfigurable signaling standards and terminations, and facilities supporting Bitstream encryption to prevent reverse engineering of designs.

This article expands the application areas covered by FPGAs by introducing a new class of primitives called "Soft PUFs." By exploiting the silicon uniqueness of each FPGA device and incorporating a special circuit (using existing FPGA fabric) to extract these "silicon biometrics", FPGAs can be used for new security-oriented applications that were not previously possible.

Physical Unclonable Functions
Physical Unclonable Functions (PUFs) are circuits that extract chip-unique signatures based on semiconductor fabrication variations that are very difficult to control or reproduce. These chip-unique signatures can be used to identify chips (a form of "silicon biometrics"), and can be used to generate "volatile" cryptographic keys. These keys disappear when the device is powered off; they can be bit-accurately restored, with aid of error correction, on subsequent power-ups.

An example of PUF circuit is shown in Fig 1. The circuit consists of N stages, followed by an arbiter. Each stage contains a cross-bar switch. A race condition is created between two paths, and the paths are determined by N Challenge bits that feed the mux select lines for each stage.

1. A simplified version of the PUF circuit.

An arbiter digitizes the race condition to determine a "1" output bit or "0" output bit for each Challenge applied. What is formed is the following function:

F_{PUF_INSTANCE}: {0,1}^N ý' {0,1}

Here, F_{PUF_INSTANCE} depends on the manufacturing instance of the device containing the PUF circuit, and is different for each device. Multiple single bit outputs can be concatenated together to form a multi-bit response. Challenge bits C_N to C₁ can be based on an initial Challenge phase that is run through a mixer (for example, a linear feedback shift register) to produce subsequent instantaneous Challenge phases, with each instantaneous Challenge phase being used as C_N to C₁ to produce a 1 bit output for that phase.

Hard versus Soft PUFs
In the case of ASIC implementations, Hard PUFs are implemented directly into the ASIC silicon. By comparison, in the case of FPGAs, Soft PUFs are implemented using a very small amount of the FPGA's standard programmable resources, such as Lookup Tables, Registers, and Memories.

These circuits can be implemented without modifications to existing FPGA silicon or existing FPGA design tools. Successful implementation requires careful placement and routing to ensure tight "race" conditions. Fig 2 shows the results of Soft PUFs implemented in Xilinx Virtex-4 FPGAs using standard Xilinx ISE design tools.

2. Inter-PUF / Intra-PUF characteristics of Soft-PUFs in Xilinx FPGAs.
(Click this image to view a larger, more detailed version)

Each of the three plots contains two curves. The middle curves, centered around block size / 2, is obtained by comparing hamming distances of Responses from different FPGA devices given the same Challenge applied across these devices. This curve is thus called "Inter-PUF" curve and is a measure of cross-correlation of different Responses across different chips given same Challenge.

The left curve is the "Intra-PUF" curve, which shows hamming distance of Responses on a device given repeated Challenge on that same device. It is an auto-correlation measurement. The chasm between the two curves indicates that this design implementation is useful as a PUF circuit. Specifically, a hamming threshold can be set to identify one FPGA device from other. Cryptographic key generation can be achieved using an error correction code that can account for Intra-PUF (auto-correlation) variations.

The Inter-PUF curve also peaks very close to ideal value of block size / 2, indicating that the PUF is a good entropy source with excellent DC bias to provide virtually uncorrelated keys across different FPGAs. To put this another way; identical Bitstreams programmed across different devices produce different and virtually uncorrelated keys on those devices.