Security analysis of index-based syndrome coding for PUF-based key generation

Physical Unclonable Functions (PUFs) as secure providers for cryptographic keys have gained significant research interest in recent years. Since plain PUF responses are typically unreliable, error-correcting mechanisms are employed to transform a fuzzy PUF response into a deterministic cryptographic key. In this context, Index-Based Syndrome Coding (IBS) has been reported as being provably secure in case of identical and independently distributed PUF responses and is therefore an interesting option to implement a highly secure key provider. In this paper we analyze the security of IBS in combination with a k-sum PUF as proposed at CHES 2011. Since for a k-sum PUF the assumption of identical and independently distributed responses does not hold, the notion of leaked bits was introduced at CHES 2011 to capture the security of such constructions. Based on a refined analysis using hamming distance characterization and machine learning techniques, we show that the entropy of the key obtained is significantly lower than expected. More precisely, we obtained from our findings that even the construction from CHES with the highest security claims only achieves a bit entropy rate of 0.39.