ISSCC 2020: Secure chip will not make a mistake in your lifetime, probably
PUFs are blocks within chips whose characteristics only manifest when powered. They are inherently and unpredictably randomised by process variation as they are made, in a way that makes each chip uncontrollably unique, but once manufactured the characteristic is reliably invariant.
This particular PUF is made in 28nm FDSOI for 256‑bit secure key generation and satisfies both AEC‑Q100 Grade 1 and ISO26262 ASIL-B across -40 to 150°C junction temperature.
Key error rate can be an astounding 1.41×10-64 at the worst process-voltage-temperature (PVT) conditions, even after 15 years of high-temperature-simulated ageing.
Each individual bit of the PUF is a pair of NAND gates connected in a way that compares their threshold voltages. “The threshold voltage of NAND cells has a Gaussian distribution,” according to the presenters of ISSCC 2020 paper 27.4, ‘Physically unclonable function in 28nm FDSOI technology achieving high reliability for AEC-Q100 Grade 1 and ISO26262 ASIL-B’.
If the threshold difference is less than the local noise amplitude, the devices might not read reliably, so gate pairs with little threshold difference are weeded out (~25% of devices) by a validity checker that measures them all multiple times at different temperatures.
The PUF key is generated using remaining valid pairs, majority voting and BCH (Bose-Chaudhuri-Hocquenghem) error correction.
A bit error rate of 8.62% among the pairs corresponds to the target KER of 2.11×10-15, which corresponds to <1ppm during the lifecycle of 15 years if one key is generated every second, according to the presentation.
To increase reliability:
- The chip has a watchdog timer that sets an alarm if key generation takes longer than expected
- A message authentication code (MAC) initially derived from the PUF key is stored in non-volatile memory – this is compared with a MAC generated key after each subsequent key generation to check validity
- Three registers store the generated PUF key, allowing correction by majority voting
- Dual flip-flops are used throughout the data path for fault detection – the registers for processing PUF responses are duplicated to store both the normal value and inverted value so when a fault occurs in the registers, it is detected by checking the two values
The PUF key passes the NIST SP 800‑22 randomness test. Power consumption is 0.38mW dynamic and 0.28μW static.