Periodic Reporting for period 1 - SQPRIM (Secure post-quantum cryptographic primitives)
Reporting period: 2023-07-01 to 2025-06-30
Digital identity enables the identification of devices to provide security in the cyberspace. Such identity comprises a set of attributes that allow the authentication of devices by means of a trusted verification process. Authenticating devices is essential for controlling access to networks and ensuring privacy in communications, while also preventing counterfeit and detecting manipulation. However, with an increasing reliance of society in the cyberspace and an upscaling number of cyberattacks, uniquely and univocally identifying digital devices is becoming more challenging. This is particularly problematic considering the advent of quantum computers, with the potential of solving complex problems in just a fraction of the time it takes to the most powerful supercomputers today. With conventional public key infrastructure (PKI) cryptography at risk, we face the task of securing our digital systems with the development of new cryptographic primitives for the post-quantum era.
To reinforce security in the cyberspace, hardware-based security techniques are being developed to generate strong digital identifiers. In this case, the set of identification attributes are based on physical features that can uniquely represent a specific entity. For example, manufacturing variability inherent to microelectronic circuits can be exploited to derive a digital footprint. Silicon Physical unclonable functions (PUFs) are circuits responsible for generating a digital identity for the device. In essence, a PUF is the hardware implementation of a mathematical one-way function, i.e. a numerical function where the mapping from input to output is nonlinear (this is also known as challenge-response pair, CRP). The nonlinear mapping is realised by the physical uncertainties, which are intrinsically unique for each entity. Moreover, this allows an easy probing of the PUF while the non-invertibility of the one-way function prevents the prediction of the output, which makes the digital identity strong. In electronics, common cost-effective implementations of PUFs exploit the random power-up bias of memory cells or the statistical delay variations of identical circuits. However, these electronic PUFs have been classified as weak, since the underlying physical scrambling mechanism of the one-way function is rather simplistic, which makes them vulnerable to modelling attacks. In addition, with the expecting capabilities of future quantum computing, stronger solutions are required.
Optical implementations are a viable alternative for realising strong PUFs for the post-quantum era. Current implementations propose exploiting complex physical mechanisms with high entropy, such as multiple scattering or multimode interference inside disordered three-dimensional microstructures. The outputs are typically optical intensity maps or transmission spectra that are later converted through a digital process into an identity, i.e. a bit string used in authorisation protocols. These physical mechanisms are computationally difficult to simulate and thus these PUFs are more robust against modelling attacks. However, the systems employed to derive the digital identity from those PUFs are typically complex, bulky and prone to error. Most works propose methods for probing the PUFs which require the physical displacement of the laser beam, rotation of the PUF, or costly equipment such as tunable lasers and spectrometers.
This project aimed to make a contribution in the development of optical cryptographic primitives that remain safe in the post-quantum era. In particular, the project addressed three of the main challenges ahead for making optical PUFs a reality: improving reliability, enhancing robustness and enabling miniaturisation.
To reinforce security in the cyberspace, hardware-based security techniques are being developed to generate strong digital identifiers. In this case, the set of identification attributes are based on physical features that can uniquely represent a specific entity. For example, manufacturing variability inherent to microelectronic circuits can be exploited to derive a digital footprint. Silicon Physical unclonable functions (PUFs) are circuits responsible for generating a digital identity for the device. In essence, a PUF is the hardware implementation of a mathematical one-way function, i.e. a numerical function where the mapping from input to output is nonlinear (this is also known as challenge-response pair, CRP). The nonlinear mapping is realised by the physical uncertainties, which are intrinsically unique for each entity. Moreover, this allows an easy probing of the PUF while the non-invertibility of the one-way function prevents the prediction of the output, which makes the digital identity strong. In electronics, common cost-effective implementations of PUFs exploit the random power-up bias of memory cells or the statistical delay variations of identical circuits. However, these electronic PUFs have been classified as weak, since the underlying physical scrambling mechanism of the one-way function is rather simplistic, which makes them vulnerable to modelling attacks. In addition, with the expecting capabilities of future quantum computing, stronger solutions are required.
Optical implementations are a viable alternative for realising strong PUFs for the post-quantum era. Current implementations propose exploiting complex physical mechanisms with high entropy, such as multiple scattering or multimode interference inside disordered three-dimensional microstructures. The outputs are typically optical intensity maps or transmission spectra that are later converted through a digital process into an identity, i.e. a bit string used in authorisation protocols. These physical mechanisms are computationally difficult to simulate and thus these PUFs are more robust against modelling attacks. However, the systems employed to derive the digital identity from those PUFs are typically complex, bulky and prone to error. Most works propose methods for probing the PUFs which require the physical displacement of the laser beam, rotation of the PUF, or costly equipment such as tunable lasers and spectrometers.
This project aimed to make a contribution in the development of optical cryptographic primitives that remain safe in the post-quantum era. In particular, the project addressed three of the main challenges ahead for making optical PUFs a reality: improving reliability, enhancing robustness and enabling miniaturisation.
The project contributed to making optical PUFs more reliable by increasing their understanding. This was achieved by studying the implementation of an optical PUF based on multiple scattering of light using a range of scattering elements and substrates. The uniqueness, randomness and reliability of these devices in the context of hardware security was assessed. For this aim, a process for deriving cryptographic keys from the transmitted speckle patterns was developed. Moreover, the stability of the optical PUFs against external variations such as temperature and vibration and against aging of the materials was also studied. Overall, the results demonstrated the suitability of all the optical PUFs studied to provide robust security in the post-quantum era given the uniqueness and randomness of their responses. These results can be used to develop cryptographic primitives to create IDentity of Things (IDoT), which are required for building lightweight encryption and robust authentication procedures in the fast-growing digital environment of interconnected devices of the Internet of Things (IoT).
The project contributed to developing strong PUFs by demonstrating a method to operate optical PUFs which allowed a high number of CRPs. The acousto-optic effect was used to control the travel path of a light beam transmitted through a scattering medium to generate unique patterns. This was due to the photoelastic properties of materials, by which the strain of an acoustic plane wave travelling through a medium causes variations in the refractive index of that medium. As a result, the acoustic waves create an optical grating, the characteristics of which depend on the photoelasticity of the medium, the strain of the acoustic wave, and its frequency. The acousto-optic effect has been exploited to develop a series of devices such as optical modulators, beam deflectors, and frequency shifters. However, it has never been employed in the field of hardware security to develop physical unclonable functions. This novel method can potentially generate a high number of unique patterns while reducing the cost and complexity compared to current systems exploiting optical PUFs. In addition, this method is compatible with the miniaturisation of the device, which is of relevance to enable its application to miniaturised devices such as IoT.
The project contributed to developing strong PUFs by demonstrating a method to operate optical PUFs which allowed a high number of CRPs. The acousto-optic effect was used to control the travel path of a light beam transmitted through a scattering medium to generate unique patterns. This was due to the photoelastic properties of materials, by which the strain of an acoustic plane wave travelling through a medium causes variations in the refractive index of that medium. As a result, the acoustic waves create an optical grating, the characteristics of which depend on the photoelasticity of the medium, the strain of the acoustic wave, and its frequency. The acousto-optic effect has been exploited to develop a series of devices such as optical modulators, beam deflectors, and frequency shifters. However, it has never been employed in the field of hardware security to develop physical unclonable functions. This novel method can potentially generate a high number of unique patterns while reducing the cost and complexity compared to current systems exploiting optical PUFs. In addition, this method is compatible with the miniaturisation of the device, which is of relevance to enable its application to miniaturised devices such as IoT.
•Advancing in the understanding of optical physical unclonable functions to generate unique and unpredictable keys for cybersecurity by studying a range of materials.
•Proposing the exploitation of porosity at nanometric scale as a reliable source of entropy for deriving physical identity.
•Assessing the confidentiality, survivability, and integrity of cryptographic keys generated by optical PUFs, by studying the impact of external conditions.
•Demonstrating a novel method for operating PUFs based on the acousto-optic effect which can lead to the miniaturisation of the solutions and their future commercial exploitation.
•Exploration of the implementation of optical PUFs in photonic integrated devices to enable their use in Internet-of-Things (IoT) devices.
•Proposing the exploitation of porosity at nanometric scale as a reliable source of entropy for deriving physical identity.
•Assessing the confidentiality, survivability, and integrity of cryptographic keys generated by optical PUFs, by studying the impact of external conditions.
•Demonstrating a novel method for operating PUFs based on the acousto-optic effect which can lead to the miniaturisation of the solutions and their future commercial exploitation.
•Exploration of the implementation of optical PUFs in photonic integrated devices to enable their use in Internet-of-Things (IoT) devices.