阅读说明：本技术 Puf电路、芯片、设备及挑战响应对生成方法 (PUF circuit, chip, device and challenge response pair generation method ) 是由 申小龙 闫鑫 赵俊峰 薛晓勇 唐文涛 于 2020-05-29 设计创作，主要内容包括：本申请提供一种PUF电路、芯片、设备及挑战响应对生成方法,该PUF电路包括：RRAM单元、测量电路和存储器；测量电路分别与RRAM单元和存储器连接。测量电路用于检测RRAM单元在预设限制电流以及预设电压下处于易失存储状态的时间,并生成与时间对应的数字量；存储器用于将数字量作为PUF的响应进行存储,并确定与响应对应的挑战,实现了一种具有大量CRP,同时CPR之间没有相关性,可以容忍建模攻击的PUF。(The application provides a PUF circuit, a chip, a device and a challenge response pair generation method, wherein the PUF circuit comprises: an RRAM cell, a measurement circuit, and a memory; the measurement circuit is connected to the RRAM cell and the memory, respectively. The measuring circuit is used for detecting the time of the RRAM unit in a volatile storage state under the preset limiting current and the preset voltage and generating a digital quantity corresponding to the time; the memory is used for storing the digital quantity as the response of the PUF and determining the challenge corresponding to the response, so that the PUF with a large number of CRPs and no correlation between CPRs can be tolerated to model attacks is realized.)

1. A Physically Unclonable Function (PUF) circuit, comprising: the RRAM comprises a Resistive Random Access Memory (RRAM) unit, a measuring circuit and a memory; the measurement circuit is respectively connected with the RRAM unit and the memory;

the measuring circuit is used for detecting the time of the RRAM unit in a volatile storage state under a preset limiting current and a preset voltage and generating a digital quantity corresponding to the time;

the memory is configured to store the digital quantity as a response to the PUF and to determine a challenge corresponding to the response.

2. The circuit of claim 1, wherein the measurement circuit comprises a random number detection circuit and a counter;

the random number detection circuit is used for inputting a preset voltage to the RRAM unit, detecting the current change of the RRAM unit under the preset voltage and outputting a corresponding indication signal;

the counter is used for generating the digital quantity corresponding to the time of the RRAM unit in a volatile storage state according to the indication signal.

3. The circuit of claim 2, wherein the measurement circuit further comprises a cutoff circuit; the cut-off circuit is respectively connected with the counter and the memory;

the truncation circuit is used for truncating the back M bits of the digital quantity;

and the memory is used for storing the digital quantity obtained after interception as the response of the PUF.

4. The circuit of claim 1, wherein the memory is further configured to determine an address at which the response is stored as a challenge corresponding to the response.

5. The circuit of any of claim 2, wherein the RRAM cell comprises a RRAM device and a first switching tube;

the first end of the first switch tube is connected with a power supply, and the power supply is used for controlling the preset current limit of the RRAM unit; the second end of the first switch tube is grounded, the third end of the first switch tube is connected with the lower electrode of the RRAM device, and the upper electrode of the RRAM device is connected with the random number detection circuit.

6. The circuit of claim 5, wherein the random number detection circuit comprises a second switching tube, a third switching tube, a fourth switching tube, a mirror constant current source, a comparator and a NAND gate;

the first end of the third switching tube is connected with a control signal; the control signal is a high level signal or a low level signal; the second end of the third switching tube is connected with a first preset voltage signal; the third end of the third switching tube is connected with the first end of the second switching tube;

the first end of the fourth switching tube is connected with the control signal; the control signal is a high level signal or a low level signal; the second end of the fourth switching tube is connected with a second preset voltage signal; the third end of the fourth switching tube is connected with the first end of the second switching tube; the second preset voltage signal is smaller than the first preset voltage signal;

the second end of the second switch tube is connected with the mirror image constant current source; the third end of the second switch tube is connected with the upper electrode of the RRAM device;

the mirror image constant current source is connected with a first input end of the comparator; the second input end of the comparator is connected with a reference power supply;

the output end of the comparator is connected with the first input end of the NAND gate; the second input end of the NAND gate is connected with the test signal; the test signal and the control signal have opposite levels;

and the output end of the NAND gate is connected with the counter.

7. The circuit of claim 6, wherein the counter starts counting when the output of the nand gate changes from high to low and stops counting when the output of the nand gate changes from low to high.

8. The circuit of any of claims 1-7, wherein the memory is further configured to output a corresponding response based on the received challenge.

9. A chip comprising a PUF circuit according to any one of claims 1 to 8.

10. An electronic device comprising the chip of claim 9.

11. A challenge response pair generation method of a Physical Unclonable Function (PUF), wherein the PUF comprises a Resistive Random Access Memory (RRAM) unit, the method comprising the following steps:

inputting a preset voltage to the RRAM unit, and controlling the RRAM unit to work under a preset limiting current;

detecting the time of the RRAM unit in a volatile storage state under the preset limiting current and the preset voltage, and generating a digital quantity corresponding to the time;

the digital quantity is determined as a response of the PUF and a challenge corresponding to the response is determined.

12. The method of claim 11, wherein said generating a digital quantity corresponding to said time comprises:

generating a first digital quantity corresponding to the time, wherein the length of the first digital quantity is N;

intercepting the rear M bits of the first digital quantity to form a second digital quantity, wherein M is smaller than N;

correspondingly, said determining said digital quantity as a response of the PUF comprises:

determining the second digital quantity as the response.

13. The method of claim 11 or 12, wherein the determining a challenge corresponding to the response comprises:

determining an address at which the response is stored as a challenge corresponding to the response.

14. The method according to claim 11 or 12, characterized in that the method further comprises:

receiving a challenge instruction, wherein the challenge instruction comprises a target challenge;

outputting a response corresponding to the target challenge.

Technical Field

The present application relates to information security technologies, and in particular, to a PUF circuit, a chip, a device, and a challenge response pair generation method.

Background

Physical Unclonable Functions (PUFs) are hardware fingerprints generated by random process variations of an integrated circuit that are uncontrollable during the manufacturing process, and have uniqueness, randomness, and unclonability. The PUF is receiving more and more attention as a hardware method applied to information security of terminal devices in the internet of things.

When queried with an input called a Challenge (Challenge), a PUF produces a measurable output called a Response (Response), the corresponding Challenge and Response constituting a Challenge-Response Pair (CRP). PUFs can be classified into two categories, strong PUFs and weak PUFs, according to the relationship between the number of CRPs and the size of the physical entity. Strong PUFs are generally based on a comparison of two combinations of a certain number of cascaded logic devices to produce a response, typical examples include Arbiter (arbiters) PUFs and Ring Oscillator (Ring Oscillator) PUFs based on gate-level delay variations. A strong PUF with a large number of CRPs is advantageous for a wide range of security applications, however, the resource reuse of such a strong PUF leads to correlations between different CRPs, making it vulnerable to modeling attacks that can derive a numerical model from all CRP subsets of a PUF and predict its future response to other challenges. Weak PUFs are based on parameter mismatch between a pair of identical devices or circuits to produce a response, typical examples include butterfly PUFs and flip-flop PUFs, among others. The weak PUFs are typically only provided with a small number of CRPs, which leads to limited applications and are not available in application scenarios where a large number of CRPs are required.

Therefore, how to provide a PUF which can generate a large amount of CRPs and tolerate modeling attacks is a problem to be solved.

Disclosure of Invention

The application provides a PUF circuit, a chip, equipment and a challenge response pair generation method, which can realize PUF capable of generating a large amount of CRP and tolerating modeling attack.

In a first aspect, the present application provides a physically unclonable function, PUF, circuit comprising: the RRAM comprises a Resistive Random Access Memory (RRAM) unit, a measuring circuit and a memory; the measurement circuit is respectively connected with the RRAM unit and the memory;

the measuring circuit is used for detecting the time of the RRAM unit in a volatile storage state under a preset limiting current and a preset voltage and generating a digital quantity corresponding to the time;

the memory is configured to store the digital quantity as a response to the PUF and to determine a challenge corresponding to the response.

In one possible implementation, the measurement circuit includes a random number detection circuit and a counter;

the random number detection circuit is used for inputting a preset voltage to the RRAM unit, detecting the current change of the RRAM unit under the preset voltage and outputting a corresponding indication signal;

the counter is used for generating the digital quantity corresponding to the time of the RRAM unit in a volatile storage state according to the indication signal.

In one possible implementation, the measurement circuit further comprises a cutoff circuit; the cut-off circuit is respectively connected with the counter and the memory;

the truncation circuit is used for truncating the back M bits of the digital quantity;

and the memory is used for storing the digital quantity obtained after interception as the response of the PUF.

In one possible implementation, the memory is further configured to determine an address at which the response is stored as a challenge corresponding to the response.

In one possible implementation, the RRAM unit includes a RRAM device and a first switching tube;

the first end of the first switch tube is connected with a power supply, and the power supply is used for controlling the preset current limit of the RRAM unit; the second end of the first switch tube is grounded, the third end of the first switch tube is connected with the lower electrode of the RRAM device, and the upper electrode of the RRAM device is connected with the random number detection circuit.

In a possible implementation manner, the random number detection circuit includes a second switching tube, a third switching tube, a fourth switching tube, a mirror constant current source, a comparator and a nand gate;

the first end of the third switching tube is connected with a control signal; the control signal is a high level signal or a low level signal; the second end of the third switching tube is connected with a first preset voltage signal; the third end of the third switching tube is connected with the first end of the second switching tube;

the first end of the fourth switching tube is connected with the control signal; the control signal is a high level signal or a low level signal; the second end of the fourth switching tube is connected with a second preset voltage signal; the third end of the fourth switching tube is connected with the first end of the second switching tube; the second preset voltage signal is smaller than the first preset voltage signal;

the second end of the second switch tube is connected with the mirror image constant current source; the third end of the second switch tube is connected with the upper electrode of the RRAM device;

the mirror image constant current source is connected with a first input end of the comparator; the second input end of the comparator is connected with a reference power supply;

the output end of the comparator is connected with the first input end of the NAND gate; the second input end of the NAND gate is connected with the test signal; the test signal and the control signal have opposite levels;

and the output end of the NAND gate is connected with the counter.

In one possible implementation, the counter starts counting when the output of the nand gate changes from high to low, and stops counting when the output of the nand gate changes from low to high.

In a possible implementation, the memory is further configured to output a corresponding response according to the received challenge.

In a second aspect, the present application provides a chip comprising a PUF circuit as defined in any one of the above first aspects.

In a third aspect, the present application provides an electronic device comprising a chip as described in the second aspect above.

In a fourth aspect, the present application provides a challenge response pair generation method for a physically unclonable function PUF, including a Resistive Random Access Memory (RRAM) cell, the method including:

inputting a preset voltage to the RRAM unit, and controlling the RRAM unit to work under a preset limiting current;

detecting the time of the RRAM unit in a volatile storage state under the preset limiting current and the preset voltage, and generating a digital quantity corresponding to the time;

the digital quantity is determined as a response of the PUF and a challenge corresponding to the response is determined.

In one possible implementation, the generating a digital quantity corresponding to the time includes:

generating a first digital quantity corresponding to the time, wherein the length of the first digital quantity is N;

intercepting the rear M bits of the first digital quantity to form a second digital quantity, wherein M is smaller than N;

correspondingly, said determining said digital quantity as a response of the PUF comprises:

determining the second digital quantity as the response.

In one possible implementation, the determining the challenge corresponding to the response includes:

determining an address at which the response is stored as a challenge corresponding to the response.

In one implementation, the method further comprises:

receiving a challenge instruction, wherein the challenge instruction comprises a target challenge;

outputting a response corresponding to the target challenge.

The application provides a PUF circuit, a chip, a device and a challenge response pair generation method, wherein the PUF circuit comprises: an RRAM cell, a measurement circuit, and a memory; the measurement circuit is connected to the RRAM cell and the memory, respectively. The measuring circuit is used for detecting the time of the RRAM unit in a volatile storage state under the preset limiting current and the preset voltage and generating a digital quantity corresponding to the time; the memory is configured to store the digital quantity as a response to the PUF and to determine a challenge corresponding to the response. The PUF circuit utilizes the duration of a volatile storage state of the RRAM unit when the limiting current is small, namely the randomness of short-time memory time, the RRAM unit is used as a random source, the short-time memory time is used as a random number of the PUF, the PUF is not easy to attack, and meanwhile, the erasable times of the RRAM unit are greatly improved when the limiting current is small, so that a large number of random numbers can be generated by one RRAM unit, a large number of CRPs are realized, meanwhile, no correlation exists between CPRs, and the PUF capable of tolerating modeling attack can be realized.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.

FIG. 1 is a schematic diagram of a security chip;

fig. 2 is a first schematic structural diagram of a PUF circuit provided in the present application;

fig. 3 is a schematic structural diagram of a PUF circuit according to the present application;

fig. 4 is a schematic structural diagram of a PUF circuit provided in the present application;

fig. 5 is a timing diagram of a PUF circuit provided in the present application;

fig. 6 is a schematic structural diagram of a PUF circuit provided in the present application;

fig. 7 is a schematic diagram of a PUF authentication process provided in the present application;

fig. 8 is a schematic flowchart of a challenge response pair generation method of a PUF according to the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

With the development of integrated circuit technology and information security technology, the application field of security chips has been comprehensively popularized and applied to daily life of society from important departments such as traditional politics, economy, military and diplomatic, such as identity authentication, financial charging, automobile anti-theft, logistics tracking, anti-counterfeiting identification, and the like.

The safety chip is used as a completely closed hardware device and has the characteristics of good closure, high cracking difficulty and high cracking cost. Because the processor module, the memory module and the cryptographic algorithm module are integrated in the security chip, the operations such as key generation, encryption and decryption and the like can be independently performed, and the services such as data security protection, identity authentication and the like can be completed. The security chip will play an increasingly important role in the field of information security in the future.

However, as attack techniques are developed, security chips are increasingly threatened, as shown in fig. 1. These threats can be broadly classified as software attacks, physical attacks, software and physical joint attacks, where physical attacks include both invasive attacks and non-invasive attacks. The intrusive attack is also called as a brute force attack, and comprises micro detection, laser cutting and the like, and key information is illegally cloned through a hardware reverse technology, so that key information is stolen or illegal authentication is realized. Non-invasive attacks generally refer to various side-channel information, such as runtime, energy consumption, electromagnetic radiation, etc., associated with the key itself that is revealed by a physical device during execution of a cryptographic algorithm, and an attacker uses the side-channel information to attack the cryptographic device to steal the key.

In addition, a plurality of attack modes are combined at present, including hardware trojan, reverse engineering, register strong write attack and the like, so that the destructiveness of the attack technology is further improved, and the requirements on the security chip are higher and higher along with the evolution of the attack modes. Secure chips based on PUF circuits are receiving increasing attention due to their uniqueness, randomness and unclonability.

In the prior art, PUFs are generally classified into strong PUFs and weak PUFs. Strong PUFs typically produce a response based on a comparison of two combinations of a certain number of cascaded logic devices, typical examples including arbiters based on gate-level delay variations (PUFs and ring oscillator PUFs, while weak PUFs typically produce a response based on parameter mismatches between a pair of identical devices or circuits, typical examples including butterfly PUFs and flip-flop PUFs, etc.

A strong PUF with a large number of CRPs is advantageous for a wide range of security applications, however, the resource reuse of such a strong PUF leads to correlations between different CRPs, making it vulnerable to modeling attacks that can derive a numerical model from all CRP subsets of a PUF and predict its future response to other challenges. Furthermore, strong PUFs typically require complex hardware, resulting in significant power consumption by a single response bit, which easily exceeds the limits of the electronic device. The weak PUFs are typically only provided with a small number of CRPs, which leads to limited applications and are not available in application scenarios where a large number of CRPs are required. Therefore, in consideration of the power constraints of the device, in order to realize the application of the PUF to the actual security authentication, a fundamental challenge is also faced on how to provide a PUF which has a large number of CRPs and no correlation between CPR and can tolerate modeling attacks.

In order to solve the above problems, the present application provides a PUF circuit, which uses a Resistive Random Access Memory (RRAM) unit as a Random source for generating a Random number, and generates the Random number by using randomness of a duration time of a volatile storage state of the RRAM unit when a limiting current is small, so that the PUF is not easily attacked, and meanwhile, since an erasable number of times of the RRAM unit is greatly increased when the limiting current is small, a large number of Random numbers can be generated by using one RRAM unit, thereby implementing a PUF having a large number of CRPs, having no correlation between CPRs, and being capable of tolerating modeling attacks.

The characteristics of the RRAM cell will first be described in detail below. When the limiting current of the RRAM cell is large, that is, the maximum current passing through the RRAM is large, after the set voltage is applied to the RRAM cell, the RRAM cell becomes a low resistance state, and the retention time of the RRAM cell can reach 10 years or even longer, thereby realizing nonvolatile storage.

However, when the limited current is small, after the set voltage is applied to the RRAM cell, the RRAM cell also becomes the low resistance state, but the set voltage is removed, and when a small voltage is applied thereto, the RRAM cell returns to the high resistance state over a period of time, that is, the retention time of the RRAM cell is short, and the RRAM cell exhibits a volatile memory characteristic of short-term memory. For example, the smaller limiting current may be smaller than 50 μ a, the smaller voltage may be a voltage of about 0.5V, and the specific values of the smaller limiting current and the smaller voltage may also be determined according to the actual situation of the RRAM as long as the RRAM cell can be made to be in the volatile storage state. Under the action of the smaller limiting current and the smaller voltage, the duration of the low-resistance state of the RRAM cell is the short-time memory time.

Under the same limiting current condition, the short-time memory time of the RRAM cell shows strong randomness, and the smaller the limiting current is, the shorter the short-time memory time is, and the larger the distribution area is. In addition, under the condition of low limiting current, the erasable times of the RRAM unit are greatly improved, and according to the characteristic, one RRAM unit can be arranged for many times and the short-time memory time of the RRAM unit is measured, so that a huge number of random numbers are generated.

The PUF circuit provided in the present application is described in detail below with reference to specific embodiments. It is to be understood that the following detailed description may be combined with certain embodiments, and that the same or similar concepts or processes may not be repeated in some embodiments.

Fig. 2 is a first schematic structural diagram of a PUF circuit provided in the present application. As shown in fig. 2, the PUF circuit includes: an RRAM unit 21, a measurement circuit 22, and a memory 23; the measurement circuit 22 is connected to the RRAM unit 21 and the memory 23, respectively.

A measurement circuit 22 for detecting a time when the RRAM cell 21 is in a volatile storage state under a preset limit current and a preset voltage, and generating a digital quantity corresponding to the time; the memory 23 is arranged to store the digital quantity as a response of the PUF and to determine a challenge corresponding to the response.

In the present embodiment, the RRAM cell 21 is used to generate a random number, the RRAM cell 21 is set to a predetermined limiting current and a predetermined voltage is applied to the RRAM cell 21 to place the RRAM cell 21 in a volatile storage state, for example, a small limiting current, for example, 15 μ a, is set to the RRAM cell 21, a set voltage, for example, 2V, is applied to the RRAM cell 21 to place the RRAM cell 21 in a low resistance state, and then, after the set voltage is removed, a small predetermined voltage, for example, 0.8V, is applied to the RRAM cell 21, so that the RRAM cell 21 starts to be in a volatile storage state, and after a period of time, the RRAM cell 21 returns from the low resistance state to the high resistance state, and the volatile storage state ends.

The time that the RRAM cell 21 is in the volatile storage state, that is, the short-time memory time is detected by the measurement circuit 22, and a digital quantity corresponding to the time is generated as a random number generated by the PUF circuit. Since the time when the RRAM cell 21 is in the volatile memory state has randomness, randomness of the generated digital quantity is ensured.

The measurement circuit 22 is configured with the RRAM cell 21 to detect it, and for example, as shown in fig. 3, the measurement circuit 22 may include a random number detection circuit 221 and a counter 222.

The random number detection circuit 221 is configured to input a preset voltage to the RRAM unit 21, detect a current change of the RRAM unit 21 under the preset voltage, and output a corresponding indication signal; the counter 222 is used to generate a digital quantity corresponding to the time that the RRAM cell is in a volatile storage state based on the indication signal.

As is apparent from the above description of the RRAM cell 21, since the change of the storage state of the RRAM cell 21 is reflected in the change of the resistance state thereof, and the current flowing through the RRAM cell 21 is also changed when the resistance state thereof is changed accordingly, the random number detection circuit 221 detects the change of the current of the RRAM cell 21 at the preset voltage, and outputs a corresponding indication signal for indicating whether the RRAM cell 21 is in the volatile storage state or not based on the current change and the voltage signal applied to the RRAM cell 21, so that the counter 222 can generate the digital quantity corresponding to the time when the RRAM cell 21 is in the volatile storage state based on the indication signal.

The memory 23 stores the digital quantity as a response of the PUF and determines a challenge corresponding to the response, the challenge corresponding to the response one to one as a CRP of the PUF. The challenge determined by the memory 23 and corresponding to the response is not particularly limited in this embodiment, as long as it is ensured that the challenge and the response correspond to each other, and the challenges corresponding to different responses are different.

The PUF circuit produces one CRP through the above-described process, and it is understood that if a plurality of CRPs need to be generated, the measurement circuit 22 repeatedly applies a voltage to the RRAM unit 21 and performs detection, and the above-described process is repeated, a plurality of CRPs can be generated. Since RRAM has a very large number of times of erasing when the limiting current is small, the number of random numbers that can be generated by repeating the above process is also large, i.e., the number of CRPs that the PUF circuit can generate is large.

In this embodiment, the PUF circuit uses the duration of the volatile storage state of the RRAM unit when the limiting current is small, that is, the randomness of the short-term memory time, and uses the RRAM unit as a random source and the short-term memory time as the random number of the PUF, so that the PUF is not easily attacked, and meanwhile, since the erasable times of the RRAM unit are greatly increased when the limiting current is small, a large number of random numbers can be generated by using one RRAM unit, thereby realizing a PUF with a large number of CRPs, and meanwhile, there is no correlation between CPR, and the PUF can tolerate modeling attack.

On the basis of the above-described embodiments, each part of the PUF circuit is described in further detail.

Fig. 4 is a schematic structural diagram three of a PUF circuit provided in the present application. As shown in fig. 4, the RRAM cell 21 includes an RRAM device R1 and a first switching tube M1.

RRAM cell 21 in fig. 4 is a typical 1T1R RRAM structure. The first switching tube M1 is used as a gating device. A first end of the first switching tube M1 is connected to the word line WL, and is connected to a power supply through the word line WL, and the power supply is used for controlling a preset current limit of the RRAM cell 21; the second end of the first switch tube M1 is connected with a source line SL, and the source line SL is grounded; the third terminal of the first switch transistor M1 is connected to the lower electrode of the RRAM device R1, the upper electrode of the RRAM device R1 is connected to the bit line BL, and the bit line BL is connected to the random number detection circuit 221.

The random number detection circuit 221 includes a second switch tube M2, a third switch tube M3, a fourth switch tube M4, a mirror constant current source 2211, a comparator a1, and a nand gate G1.

The first end of the third switching tube M3 is connected with a control signal Soft _ Prog; the control signal Soft _ Prog is a high level signal or a low level signal; a second end of the third switching tube M3 is connected to the first preset voltage signal Vwb; the third terminal of the third switching tube M3 is connected to the first terminal of the second switching tube M2.

The first end of the fourth switching tube M4 is connected with a control signal Soft _ Prog; the control signal Soft _ Prog is a high level signal or a low level signal; a second end of the fourth switching tube M4 is connected to the second preset voltage signal Vsb; the third end of the fourth switching tube M4 is connected with the first end of the second switching tube M2; the second preset voltage signal Vsb is smaller than the first preset voltage signal Vwb.

A second end of the second switching tube M2 is connected to the mirror constant current source 2211; the third terminal of the second switch tube M2 is connected to the upper electrode of the RRAM device R1.

The mirror constant current source 2211 is connected to a first input terminal of the comparator a 1; a second input of the comparator a1 is connected to a reference supply Vref.

The output end of the comparator A1 is connected with the first input end of the NAND gate G1; a second input of the nand gate G1 is connected to the test signal Meas; the level of the test signal Meas is opposite to that of the control signal Soft _ Prog.

The output of the nand gate G1 is connected to the counter 222.

The operation of the PUF circuit of fig. 4 will be described with reference to the timing diagram shown in fig. 5.

In each random number generation period, the control signal Soft _ Prog is firstly changed into high level, and the control signal Soft _ Prog can be controlled by the Soft programming unit. The first preset voltage signal Vwb, which may also be referred to as a write voltage or a set voltage, is connected to the gate of the second switching transistor M2 through the third switching transistor M3, and clamps the voltage of the bit line BL, thereby performing a set operation of the RRAM cell 21. The limiting current of the RRAM cell 21 is limited by the word line WL thereof, and volatile storage of the RRAM cell 21 is realized by setting a small limiting current.

When the control signal Soft _ Prog is at the high level for a while, the RRAM cell 21 changes from the high resistance state to the low resistance state, the pass current Icell also increases, the current Isense current also increases and the Vsense voltage input to one end of the comparator a1 also increases by the mirror constant current source 2211 including the fifth switch M5 and the sixth switch M6, and when the Vsense voltage is greater than the reference voltage Vref, the Flag signal output by the comparator a1 changes to the high level.

When the control signal Soft _ Prog changes from high to low, the second lower preset voltage signal Vsb, i.e., the smaller preset voltage, may be a bias voltage, and is applied to the gate of the second switching tube M2 through the fourth switching tube M3, so that the short memory time of the RRAM cell 21 starts. When the RRAM cell is restored from the low-resistance state to the high-resistance state, the pass current Icell decreases, the Isense current also decreases through the mirror constant current source 2211 formed by the fifth switching tube M5 and the sixth switching tube M6, the Vsense voltage input to one end of the comparator a1 also decreases, and when the Vsense voltage is smaller than the reference voltage Vref, the Flag signal becomes low, and the short-time memory time ends.

In addition, when the control signal Soft _ Prog changes from high to low, the test signal Meas changes to high level, the counter 222 is reset, the Meas signal and the Flag signal are output through the nand gate G1 to obtain an indication signal, i.e., a Stop signal, and the time when the Stop signal is at low level is the short memory time of the RRAM cell 21, i.e., the time when the RRAM cell is in a volatile storage state. The counter 222 starts counting when the output of the nand gate G1 changes from high to low, and stops counting when the output of the nand gate G1 changes from low to high.

For example, the counter 222 may output a 20-bit digital quantity CNT [19:0] corresponding to the short memory time of the RRAM cell 21. In this embodiment, the length of the digital quantity output by the counter is not particularly limited, and the length of the digital quantity may be selectively set according to actual needs.

When the Store control signal Store of the memory 23 is active, the digital quantity CNT [19:0] is written into the memory 23 for storage as a response of the PUF. Optionally, the memory 23 further determines the address storing the response as the challenge corresponding to the response, thereby obtaining one CRP. On the premise that the CRP is stored in the memory 23, the memory 23 may also output a response corresponding to the challenge when receiving the input challenge. As shown in fig. 4, the challenge signal CHA received by the memory 23 outputs a corresponding response signal RES.

In this embodiment, the random number detection circuit in the measurement circuit detects the short-time memory time of the RRAM cell by applying a voltage to the RRAM cell and detecting a current change of the RRAM cell, and outputs a digital quantity corresponding to the short-time memory time through the counter, thereby generating CRPs in a large number and irrelevant to each other.

Optionally, on the basis of the PUF circuit described above, as shown in fig. 6, the measurement circuit 22 further includes a cut-off circuit 223; the truncating circuit 223 is connected to the counter 222 and the memory 23, respectively.

The truncating circuit 223 is configured to truncate the last M bits of the digital quantity output by the counter 222, and correspondingly, the memory 23 is configured to store the truncated digital quantity as a response of the PUF.

Illustratively, counter 222 outputs a 20-bit digital quantity CNT [19:0], and the upper 4 bits of the 20-bit digital quantity CNT [19:0] are truncated by truncating circuit 223, leaving the lower 16-bit digital quantity CNT [15:0 ]. When the Store control signal Store of the memory 23 is asserted, the 16-bit digital quantity CNT [15:0] is written into the memory 23 for storage, and its corresponding address serves as a challenge in response.

When the counter 222 generates the corresponding digital quantity according to the short-time memory time of the RRAM cell 21, the high-order part of the digital quantity generated each time may be the same, but the low-order part thereof is different, and in order to further improve the randomness, the high-order part of the digital quantity is cut off by the cut-off circuit 223, and only the low-order part of the digital quantity is reserved, so that the proportion of 1 and 0 in the digital quantity obtained after cutting is closer, the randomness of the random number is higher, and the PUF is less prone to being attacked by modeling. It should be understood that the above-mentioned 20-bit digital quantity and the 16-bit digital quantity obtained after truncation are merely examples, and the length intercepted by the truncation circuit 223 in this embodiment is not specifically limited, and may be set according to actual needs.

The present application also provides a chip comprising a PUF circuit as in any one of the above embodiments. It can be understood that a chip having the PUF circuit can implement the functions implemented by the PUF circuit, and can also be applied in a security application scenario in which the PUF circuit can be applied.

Further, the application also provides an electronic device, and the electronic device comprises the chip.

Based on the PUF circuit provided in the above embodiment, a specific application thereof in the security field is illustrated. For example, when performing security authentication on an electronic device, a terminal and a server perform security authentication by using a PUF-based authentication method, where the terminal may be the above electronic device, and a chip of the terminal may include the above PUF circuit.

The PUF-based authentication process may include three phases, an enrollment, authentication, and reconfiguration phase, as shown in fig. 7.

A registration stage: each terminal is registered before terminal deployment. In the enrolment phase, the PUF in the terminal first generates a plurality of CRPs. Each terminal then sends its identity and a corresponding plurality of CRPs to the server, which stores the terminal identity and the CRPs, for example in a CRP database. Wherein the identification of the terminal may also be generated by the PUF. Modeling attacks is not effective because there is no correlation between different CPRs generated by the PUF.

And (3) an authentication stage: the terminal sends the identification to the server, the server searches the identification in the CRP database, selects the CRP corresponding to the identification, sends the challenge in the CRP to the terminal, and then the terminal outputs the response corresponding to the challenge and sends the response to the server. The server determines whether the received responses correspond to a CRP database match, i.e. the two responses differ by no more than some predetermined threshold. The server checks whether the two responses match, and determines whether the number of bits that differ between the two digital quantities exceeds a predetermined threshold. Or the server may detect whether the two responses are completely consistent. And if the terminal is matched with the user terminal, performing identity authentication on the terminal, otherwise, rejecting the identity authentication. The used CRP will be deleted from the CRP database.

A CPR reconfiguration phase: in the CRP database, when the CRP belonging to a certain terminal is running low or has run out, a new CRP needs to be regenerated by the terminal. In the reconfiguration stage, the server side sends a reconfiguration command to the corresponding terminal according to the identifier of the terminal. And the terminal generates a new CRP after receiving the reconfiguration command and then transmits the new CRP to the server, and the server stores the new CRP transmitted by the terminal, for example, in a CRP database. Since the PUF of the present application can output a huge number of CRPs, and the regenerated CRPs are completely unrelated to the CRPs stored previously, the authentication can be continued after the CRP reconfiguration.

It is understood that a terminal may register a plurality of CRPs to a server terminal in a registration phase, so that a plurality of authentications may be performed with the plurality of CRPs only in a subsequent authentication phase. CRP reconfiguration is only required when several CRPs are about to be exhausted or have been exhausted. The CRP reconfiguration process is a process of re-registering, and after the CRP reconfiguration, the authentication can be performed by using the reconfigured CRP.

Fig. 8 is a schematic flowchart of a challenge response pair generation method of a PUF according to the present application. The PUF includes a RRAM cell, and may be, for example, the PUF in any of the above embodiments. The method comprises the following steps:

s801, inputting a preset voltage to the RRAM unit, and controlling the RRAM unit to work under a preset limiting current;

s802, detecting the time of the RRAM unit in a volatile storage state under the preset limiting current and the preset voltage, and generating a digital quantity corresponding to the time;

and S803, determining the digital quantity as the response of the PUF, and determining the challenge corresponding to the response.

Optionally, generating a digital quantity corresponding to time includes:

generating a first digital quantity corresponding to time, wherein the length of the first digital quantity is N; and intercepting the back M bits of the first digital quantity to form a second digital quantity, wherein M is smaller than N.

Accordingly, determining a digital quantity as a response of the PUF comprises: the second digital quantity is determined as a response.

Optionally, determining the challenge corresponding to the response includes:

the address at which the response is stored is determined as the challenge corresponding to the response.

Optionally, the method further comprises: receiving a challenge instruction, wherein the challenge instruction comprises a target challenge; a response corresponding to the target challenge is output.

The method provided by this embodiment can be implemented by the PUF circuit, and the implementation principle and technical effect are similar, which are not described herein again.

All or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The aforementioned program may be stored in a readable memory. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned memory (storage medium) includes: read-only memory (ROM), RAM, flash memory, hard disk, solid state disk, magnetic tape (magnetic tape), floppy disk (optical disk), and any combination thereof.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the embodiments of the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.

In the present application, the terms "include" and variations thereof may refer to non-limiting inclusions; the term "or" and variations thereof may mean "and/or". The terms "first," "second," and the like in this application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. In the present application, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.