[go: up one dir, main page]

CN106055491B - A kind of entropy extraction method and circuit based on SRAM PUF - Google Patents

A kind of entropy extraction method and circuit based on SRAM PUF Download PDF

Info

Publication number
CN106055491B
CN106055491B CN201610373362.4A CN201610373362A CN106055491B CN 106055491 B CN106055491 B CN 106055491B CN 201610373362 A CN201610373362 A CN 201610373362A CN 106055491 B CN106055491 B CN 106055491B
Authority
CN
China
Prior art keywords
node
sram
value
entropy
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610373362.4A
Other languages
Chinese (zh)
Other versions
CN106055491A (en
Inventor
李冰
王凯
涂云晶
杨超凡
陈帅
周岑军
金涛
顾巍
赵霞
刘勇
王刚
董乾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201610373362.4A priority Critical patent/CN106055491B/en
Publication of CN106055491A publication Critical patent/CN106055491A/en
Application granted granted Critical
Publication of CN106055491B publication Critical patent/CN106055491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/16Protection against loss of memory contents
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of entropy extracting method and circuit based on SRAM PUF, the application is by being arranged the extraction conditions such as predetermined reading times, threshold value to control power down time and number of power failures, effective concussion node in SRAM is filtered out first, then it carries out the second wheel to concussion node further according to the requirement of minimum entropy to screen, it is ensured that oscillation node can satisfy extraction and require.The present invention cannot reach the node of requirement by shaking after screening out power down in SRAM, the entropy information of effectively concussion node is extracted for use as true random number or authentication information is generated, it can be while guaranteeing to generate the randomness of random sequence, simplify and calculate step, accelerates the speed for generating random number.The node in SRAM is screened again moreover, this method may be implemented to change extraction conditions in real time by circuit design, can still be exported according to the information filtered out before during screening again, guarantees that output will not stop.

Description

A kind of entropy extracting method and circuit based on SRAM PUF
Technical field
The present invention relates to information security field, in particular to a kind of entropy extracting method and circuit based on SRAM PUF.
Background technique
In recent years, with smart card, RFID (Radio Frequency IDentification radio frequency identification) label With the extensive use of the physical entities such as sensor network nodes, how effectively certification is implemented to these physical entities and be to ensure that system The key factor of safety.However, tradition is based on close due to the problems such as generally existing computing capability of this kind of entity is poor, resource is limited There is very big obstacle in application in the authentication method that code is learned.It uses for reference currently widely used based on human body unique features fingerprint or rainbow For film to the personal thought for implementing certification, there has been proposed single object is uniquely identified based on the inherent physique of physical entity Entity is managed, realizes the method effectively authenticated to physical entity.Here it is it has been proposed that physics unclonable function (Physical Unclonable Function, PUF) concept.
SRAM (Static Random Access Memory), i.e. static random access memory.It is a kind of with quiet The only memory of access facility, the data of its storage inside can be saved by not needing refresh circuit.When SRAM power down for a period of time after, Uncertain variation can occur for the data stored in SRAM, this is determined by manufacturing.So correctly extracting The entropy of SRAM PUF is highly useful for use as true random number or authentication information.
Due to production technology, the factors such as power down time and temperature all whether SRAM interior joint, which can occur, oscillation to be generated It influences.Different process, oscillating characteristic of the node of the SRAM of different manufacturers production in power down same time are all different.Even All there is a certain distance in this characteristic of same technique, the same batch SRAM of same producer's production, this is also the PUF of SRAM What characteristic was determined.The size of the entropy for the SRAM that power down time length will affect, that is, the randomness of phase data. Temperature change can also influence SRAM oscillating characteristic to a certain extent.Thus need to carry out the node in SRAM certain screening It is just adapted to extract the requirement of random sequence.
Since existing technology can not correctly extract the randomness of SRAM node, thus current random sequence is extracted Technology generated is not real random number yet.And these pseudo random numbers are applied to random number generator and authentication gesture Demand must be unable to satisfy.Thus it is badly in need of that the characteristic of SRAM PUF can be used for the technology of random number extraction.
Summary of the invention
The present invention is directed to the unknown situation of oscillating characteristic after SRAM power down, the node data after proposing a kind of pair of power down into Row hierarchical screening, to extract those really methods of the entropy informations of unpredictable unclonable concussion nodes and its corresponding Circuit.
A kind of entropy extracting method based on SRAM PUF, which comprises the steps of:
Initialization: the value of predetermined reading times, threshold value and minimum entropy is arranged in the first step;
Second step, finds concussion node: carrying out power down process to SRAM, and stores after each power down each node in SRAM Address and corresponding data value stop power down after number of power failures reaches predetermined reading times;
Third step, screening: counting the data of each node stored in previous step, if the variation time of node data value Count threshold value of missing a gate, then it is assumed that the node infrequently shakes, and screens out the node;If the change frequency of node data value reaches door Threshold value, then it is assumed that the node is concussion node, stores the concussion address of node;
4th step judges minimum entropy: the minimum entropy of concussion node is calculated, if the value of minimum entropy less than 0.4, prompts to replace The first step is come back to after SRAM, replacement SRAM to be handled;If the value for the minimum entropy being calculated is more than or equal to 0.4, complete At screening;
Output: 5th step reads the data of concussion node according to the concussion address of node stored in third step, by data It is exported after carrying out hash function processing;If receiving replay request, second step is jumped to, is successively carried out by sequence of steps again Processing.
Wherein, the predetermined reading times of data are set as 40-200 times after SRAM power down described in the second step.It is secondary The number person of can be used provides, it is proposed that 100 times, number is difficult to extract randomness very little, and number increases unnecessary meter too much It calculates.
Wherein, the threshold value is the 5%-30% of number of power failures.
Wherein, the value of minimum entropy is not less than 0.4 in the 4th step.
Wherein, in any step of the entropy extracting method based on SRAM PUF, if being connected to and requiring initializing signal The first step is jumped to immediately, re-starts processing by sequence of steps.
The invention also includes a kind of, and the entropy based on SRAM PUF extracts circuit, which is characterized in that including SRAM, reads mould Block, node screening module, output module, push-up storage, random access memory and control module;Control module is first received and is set The value of predetermined reading times, threshold value and the minimum entropy set, then controls SRAM power down by read module, and read module is read It takes each address of node and corresponding data value after each power down of SRAM and transmits each address of node and corresponding data value It is stored to push-up storage;Stop power down, node sieve when the number of power failures of SRAM reaches the predetermined reading times of setting Modeling block reads the data value of each node after each power down stored in push-up storage, and change frequency is reached threshold The node address of value is stored in random access memory;Node screening module then calculates minimum entropy, if the value of the minimum entropy calculated is less than 0.4 sends the signal of prompt replacement SRAM to control module, and the signal of screening is otherwise sent completely to control module;Export mould Block reads the data value of respective nodes in SRAM according to the address stored in random storage by read module, and data are carried out It is exported after hash function processing;When control module is connected to replay request, SRAM power down is controlled again through read module, again Node is screened, is exported again after the data value of respective nodes is carried out hash function processing again.
Wherein, control module stores the value of predetermined reading times, threshold value and minimum entropy;Control module controls reading simultaneously Modulus block real time modifying power down time;When being screened each time, control module all can be by newest predetermined reading times, minimum The value and threshold value of entropy are sent to node screening module.
The mechanism of action of the present invention is: after a power failure, certain nodes just lose data in the very short time to SRAM, and another A little nodes can still save data in the relatively long time.These nodes can be to digital level 0 after power down in SRAM Or 1 have certain skewed popularity, with the presence of the very strong skewed popularity of node, these nodes are known as stationary nodes, and other are saved The not apparent skewed popularity of point, is considered as oscillation node.In order to extract real random sequence, need to the node in SRAM It is screened.The exclusive or of value and last value after calculate node power down
Wherein, i indicates i-th of node, and i is the integer (sum that n is SRAM interior joint) within the scope of 1~n.If XOR Indicate that the node changes for 1, i.e. oscillation is primary.Be arranged between during power down it is too long in the case where, in addition to concussion node Other than value can change, certain stationary nodes are it can also happen that accidental oscillation.And during power down between it is too short in the case where, vibration It swings node to be likely to fail complete power down, i.e., is not vibrated when next time powers on.
Moreover, by testing muti-piece SRAM, it has been found that those points that oscillation section occurs not all are built-in oscillations 's.In 100 tests, the number that statistics XOR is 1 and 0 changes Probability p intoX=1And pX=0Form, and both compare size and obtain pmax
pmax=max (pX=1,pX=0) (2)
It is not difficult to find out that pmaxThe probability that value be 1 is should 1/2.But in actual test, some nodes only vibrate several times, and Also the number of some nodes variation reaches more than 40 times simultaneously, and the probability that exclusive or value is 1 is not 1/2.
Thus, it is intended that those can be screened out accidentally since extraneous factor causes the node of oscillation.And in fact, this Address date amount corresponding to a little nodes accidentally shaken is huge.This undoubtedly increases subsequent arithmetic pressure, slows down Speed.
In method provided by the present invention, by second step to the power down process of SRAM, counts available and go out to shake section After putting and depositing these storage concussion addresss of node, it is also necessary to calculate the minimum entropy of this block SRAM by the 4th step again.If calculating Minimum entropy out does not reach requirement, then illustrates that this block SRAM does not adapt to the demand of this extraction, need replacing others SRAM.By the screening of this two step, the concussion number of nodes that we obtain has greatly reduced, and can guarantee random storage The node stored in device is to meet the requirements.Such processing can provide convenience for subsequent entropy.
Wherein calculate minimum entropy (Hmin)totalFormula are as follows:
Wherein, i indicates i-th of node, and i is the integer (sum that n is SRAM interior joint) within the scope of 1~n;piMax is The corresponding p of node imax
The entropy of SRAM overall data is variation.When without screening, changes of entropy amplitude is larger, starts setting up threshold value Afterwards, changes of entropy amplitude starts to become smaller, and starts have preferable consistency.But if threshold value setting is excessively high, entropy can go out again The larger situation of existing amplitude of variation.Thus, the threshold value in the present invention is set as the 10% of number of power failures.
In this method, when receiving replay signal, control module can reactivate node screening module, carry out again The screening process of two steps to the 5th step, and update the node address stored in random access memory (RAM).And it is being screened again This period, the case where circuit is still exported according to the information that filters out of last time, stopped there is no output.
For existing entropy extracting method, advantage is the present invention:
Due to taking node concussion situation and the screening of minimum entropy two-wheeled to guarantee that the concussion node filtered out is all met the requirements, The pressure of subsequent calculating can thus be mitigated.The present invention improves the randomness of output data, while it is random also to accelerate generation Several speed.
Further, since the value of predetermined reading times, threshold value and minimum entropy can be set in control module, so that of the invention The node that concussion number is not up to threshold requirement can be gradually rejected by way of being stepped up threshold, that is, passes through setting threshold Value controls the node address data volume for extracting entropy.This makes the present invention guarantee data randomness, guarantee safety In the case of, the step of generating random sequence can be simplified, improve the speed for generating random number.
Secondly as the screening conditions of node can re-start sieve when obtaining new threshold value taking human as input, circuit Choosing, and update oscillation node address.In this method, when receiving replay signal, control module can also reactivate node sieve Modeling block carries out second step to the screening process of the 5th step again, and updates the concussion node stored in random access memory (RAM) Address.And in this period screened again, circuit is still exported according to the information that the last time filters out, no There can be the case where output stops.
Detailed description of the invention
Attached drawing is used to provide further understanding of the present invention, and constitutes part of specification, and with it is of the invention Embodiment together, is used to explain the present invention, and is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the block diagram that the entropy based on SRAM PUF extracts circuit;
Fig. 2 is the flow chart of the entropy extracting method based on SRAM PUF.
Specific embodiment
It is specific as follows the invention discloses a kind of entropy extracting method and its circuit based on SRAM PUF:
Circuit corresponding to a kind of entropy extracting method based on SRAM PUF, including SRAM, read module, node screen mould Block, output module, push-up storage, random access memory and control module;Control module first receives the predetermined reading of setting The value of number, threshold value and minimum entropy, then controls SRAM power down by read module, and read module reads SRAM and falls every time It each address of node and corresponding data value and each address of node and corresponding data value is transferred to first in first out deposits after electricity Reservoir storage;Stop power down when the number of power failures of SRAM reaches the predetermined reading times of setting, node screening module is read first Into the data value for first going out each node after each power down for storing in memory, and change frequency is reached to the node address of threshold value It is stored in random access memory;Node screening module then calculates minimum entropy, if the value of the minimum entropy calculated is unsatisfactory for requiring (to be less than 0.4) signal that prompt replacement SRAM, is then sent to control module, is otherwise then sent completely the signal of screening to control module;It is defeated Module reads the data value of respective nodes in SRAM according to the address stored in random storage by read module out, and by data It is exported after carrying out hash function processing;Once control module is connected to replay request, just controlled immediately again through read module Node is screened in SRAM power down again as procedure described above, again carries out the data values of respective nodes after hash function processing again Output.
In the circuit, control module stores the value of predetermined reading times, threshold value and minimum entropy;Control module is simultaneously Control read module real time modifying power down time;When being screened each time, control module all can be by newest predetermined reading time Number, the value of minimum entropy and threshold value are sent to node screening module.
In the specific implementation process, we carry out power down process to SRAM first, and by the way that threshold value is arranged, those are changed Number is not up to the node revocation of threshold, counts available concussion node and deposits these storage concussion addresss of node.In test It was found that available concussion node can fall sharply with the raising of threshold value.Oscillation number of nodes probably accounts for the 3% of total node number To 5%, if threshold setting is excessively high, the node that can often vibrate those is screened out, and remaining number of nodes tails off significantly, is used for The node address data volume for extracting entropy tails off, and safety is deteriorated significantly, increases security risk.Thus threshold value is traditionally arranged to be The 5%-30% of number of power failures is more reasonable.
In order to improve reliability and safety, the entire strategy that extracts needs to consider several interactive information.It is to extract first Out after entropy information, external randomizer or identity authorization system can propose the requirement replayed.At this point, this module needs Screening step before abandoning the node address data of storage and repeating.Its minor node screening conditions can obtained taking human as input It when to new threshold value, also needs to re-start screening, updates oscillation node address.And screened again this The case where period, circuit are still exported according to the information that the last time filters out, and are stopped there is no output.
Fig. 1 is the realization circuit block diagram of entropy extracting method of the present invention.Specifically, extracting circuit in entropy proposed by the present invention In, read module controls the power down of node and specific power down time on SRAM;Node screening module is responsible for being fallen according to node Situation sieve series after electricity goes out suitable node and records;Output module is gone according to the node address that node screening module obtains The continuous value read after corresponding oscillation node power down;FIFO (push-up storage) is responsible for number of nodes when temporary screening According to;RAM (random access memory) is responsible for the determining oscillation node address of storage screening;Control module controls other all modules, control Make control signal and the interaction of intermodule of other modules.
As shown in Figure 1, the control signal that read module is provided according to control module, carries out power down control to SRAM.And it reads Data in SRAM after all node power down out provide correspondence according to the access of FIFO (push-up storage) and output module Output, FIFO has read request, then all data issued FIFO, if output module has request, just given according to output module Node address out is by the data of corresponding node to output module.
Push-up storage (FIFO) stores the data after each power down of SRAM, sends interactive signal after being filled with 100 times Node screening module is given, node screening module is waited to read data.Predetermined reading times are repaired by node screening module repeatedly Change.
It is interacted between node screening module and read module by push-up storage FIFO, FIFO will each time Node data it is temporary, be filled with after 100 times and all give node screening module, node screening module is to these node datas elder generation Oscillation node is found out after being counted, and node screening is then carried out to the oscillation node that statistics obtains according to threshold value, has been screened At the rear calculating for carrying out minimum entropy, then it is compared with the minimum entropy condition of input.If minimum entropy condition is unsatisfactory for illustrating The SRAM used is unavailable, and node screening module reports an error to control module, and one piece of SRAM is changed in request;If it is satisfied, then will oscillation Address of node is sent to RAM and is saved, while sending a completion signal to control module.
The control signal that output module is given according to control module, it is continuous to access the oscillation stored in random access memory ram Node address, and ask request read module to read the node data of corresponding address with these addresses, then these data are carried out Hash function processing, data, which are processed into specific length by the burst of data for meeting entropy condition of a uncertain length, expires entropy True random number is last transmitted to output of the control module as circuit.This output can be used for randomizer and identity Authentication information.
Random access memory ram storage oscillation address of node, and carried out more when node screening module provides new address Newly.
Control module needs the parameter setting to node screening module to control, and specifically includes and makes a reservation for reading time repeatedly Number, minimum entropy condition, threshold value and screening commencing signal.When specific works, control module is requested and is joined according to the replay of input It is several that other modules are controlled, it sends electric control signal to read module, controls it to the power down read-write of SRAM and under The output control of grade module.The screening opportunity of control module also control node screening module and screening conditions, are in addition to this controlled Molding block also controls output module and carries out output control.Since SRAM reading rate is slower in circuit, it may appear that clock mismatches The problem of, so a PLL (Phase Locked Loop, phaselocked loop) is also devised in control module, when being used to unified integration Clock signal interacts the data of each intermodule correctly rapidly.
The detailed process referring to described in Fig. 2, present invention also provides corresponding entropy extracting method, this method includes following step It is rapid:
Initialization: the value of predetermined reading times, threshold value and minimum entropy is arranged in the first step.In general, SRAM power down The predetermined reading times of data are set as 40-200 times afterwards, and number can voluntarily be provided by user.But in view of predetermined reading time Number is difficult to extract the randomness of SRAM node very little, and number then will increase unnecessary computation burden too much, thus set herein Setting predetermined reading times is 100 times.The threshold value of setting is usually the 5%-30% of number of power failures (i.e. predetermined reading times).No It crosses, is concussion node since threshold value setting can make the node screened not very little, and after setting then makes screening too much Available number of nodes is very little, thus sets the 10% of number of power failures for threshold value herein, i.e. threshold value is 10.Generally, as long as The value of minimum entropy is not less than 0.4, so that it may think that the SRAM can be used.Thus the value of minimum entropy is set as 0.4 herein.
Second step, find concussion node: this step includes " starting to store power failure data " to " being filled with data " in flow chart Two small steps.Power down process is carried out to SRAM first, and stores after each power down each address of node and corresponding data in SRAM Value stops power down after number of power failures reaches predetermined reading times, carries out the screening of next step (when being filled with data).
Third step, screening: this step " starting to screen " i.e. shown in the flowchart step.This step in previous step to storing The data of each node counted, the threshold value if change frequency of node data value is missed a gate, then it is assumed that the node is infrequently Concussion, screens out the node;If the change frequency of node data value reaches threshold value, then it is assumed that the node is concussion node, storage The concussion address of node;
4th step judges minimum entropy: calculating the minimum entropy of concussion node;If the value for the minimum entropy being calculated less than 0.4, Replacement SRAM is then prompted, the first step is come back to after replacement SRAM and is handled;If the value satisfaction for the minimum entropy being calculated is wanted It asks, that is, is more than or equal to 0.4, then it represents that complete screening, the node address stored in previous step can be used.Herein, minimum entropy Calculating process is referring to the related content in specification, and details are not described herein.
5th step, output.The right half part of the corresponding flow chart of this step.First, in accordance with the concussion node stored in third step Address read concussion node data, then by data carry out hash function processing, finally export.Once receiving replay to ask It asks, then jumps to second step, successively handled by sequence of steps again.
The value that corresponding node in SRAM after read-write power down is gone according to the address saved in random access memory, before this value is exactly Literary meaning can be used for the information of randomizer or authentication.In addition, if control module receives replay request, Second step is jumped to, is successively handled by sequence of steps again.
For entire circuit when being broadcast signal again, control module can activate node to screen again it can be seen from process Module repeats the screening process of the foregoing description.It is completed between screening again in the request regenerated to circuit, exports mould Block still has and can be calculated and be exported according to the node that last time filters out, and just will be updated node address until completing screening again.
Entire circuit module will do it the judgement of minimum entropy in screening, if minimum entropy condition is unsatisfactory for, circuit output It can report an error, notice needs artificial replacement SRAM.The shake filtered out is guaranteed by the screening of the two-wheeled of concussion node and minimum entropy in this way It swings node all to meet the requirements, from the pressure for thus mitigating subsequent calculating, further ensures the randomness of output data, while also adding The fast speed for generating random number.
Those of ordinary skill in the art will appreciate that: the foregoing is only a preferred embodiment of the present invention, and does not have to In the limitation present invention, although the present invention is described in detail referring to the foregoing embodiments, for those skilled in the art For, still can to foregoing embodiments record technical solution modify, or to part of technical characteristic into Row equivalent replacement.All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should all include Within protection scope of the present invention.

Claims (6)

1.一种基于SRAM PUF的熵提取方法,其特征在于,包括如下步骤:1. an entropy extraction method based on SRAM PUF, is characterized in that, comprises the steps: 第一步,初始化:设置预定读取次数、门槛值以及最小熵的值;The first step, initialization: set the predetermined number of readings, the threshold value and the value of the minimum entropy; 第二步,寻找震荡节点:对SRAM进行掉电处理,并存储每次掉电后SRAM中各节点的地址及对应的数据值,当掉电次数达到预定读取次数后停止掉电;The second step is to find the oscillating node: power down the SRAM, and store the addresses and corresponding data values of each node in the SRAM after each power down, and stop power down when the number of power downs reaches a predetermined number of reads; 第三步,筛选:对上一步中存储的各节点的数据进行统计,若节点数据值的变化次数没达到门槛值,则认为该节点不经常震荡,筛除该节点;若节点数据值的变化次数达到门槛值,则认为该节点是震荡节点,存储该震荡节点的地址;The third step, screening: Count the data of each node stored in the previous step. If the number of changes of the node data value does not reach the threshold value, it is considered that the node does not oscillate frequently, and the node is filtered out; if the node data value changes If the number of times reaches the threshold value, the node is considered to be an oscillating node, and the address of the oscillating node is stored; 第四步,判断最小熵:计算震荡节点的最小熵,若最小熵的值小于0.4,则提示更换SRAM,更换SRAM后重新回到第一步进行处理;若计算得到的最小熵的值大于等于0.4,则完成筛选;Step 4: Determine the minimum entropy: Calculate the minimum entropy of the oscillating node. If the value of the minimum entropy is less than 0.4, it will prompt to replace the SRAM. After replacing the SRAM, go back to the first step for processing; if the calculated minimum entropy value is greater than or equal to 0.4, the screening is completed; 第五步,输出:按照第三步中存储的震荡节点的地址读取震荡节点的数据,将数据进行哈希函数处理后输出;若接收到重播请求,则跳转到第二步,重新按步骤顺序依次进行处理;Step 5, output: read the data of the oscillating node according to the address of the oscillating node stored in the third step, process the data with a hash function and output it; if a replay request is received, jump to step 2 and press again The steps are processed in sequence; 其中,所述第四步中,所述震荡节点的最小熵(Hmin)total,按照如下公式计算:Wherein, in the fourth step, the minimum entropy (H min ) total of the oscillating node is calculated according to the following formula: 其中,i表示第i个节点,i为1~n范围内的整数,n为SRAM中节点的总数;pimax为节点i对应的pmaxAmong them, i represents the ith node, i is an integer in the range of 1~n, n is the total number of nodes in the SRAM; p i max is the p max corresponding to node i; 所述的pmax值通过以下公式计算获得:pmax=max(px=1,px=0);The p max value is obtained by calculating the following formula: p max =max(p x=1 ,p x=0 ); 其中,px=1表示节点掉电后的值与上一次的值的异或计算结果为1的概率;px=0表示节点掉电后的值与上一次的值的异或计算结果为0的概率;其中,Xt表示节点掉电后的值,Xt+1表示节点上一次掉电后的值。Among them, p x=1 represents the exclusive OR of the value after the node is powered off and the previous value The probability that the calculation result is 1; p x=0 means the XOR of the value after the node is powered off and the last value Calculates the probability that the result is 0; where X t represents the value after the node is powered off, and X t+1 represents the value after the last time the node was powered off. 2.根据权利要求1所述的基于SRAM PUF的熵提取方法,其特征在于,所述的第二步中所述的SRAM掉电后数据预定读取次数设置为40-200次。2 . The entropy extraction method based on SRAM PUF according to claim 1 , wherein the predetermined reading times of data after the SRAM is powered off described in the second step is set to 40-200 times. 3 . 3.根据权利要求1所述的基于SRAM PUF的熵提取方法,其特征在于,所述的门槛值为掉电次数的5%-30%。3. The entropy extraction method based on SRAM PUF according to claim 1, wherein the threshold value is 5%-30% of the number of power downs. 4.根据权利要求1所述的基于SRAM PUF的熵提取方法,其特征在于,所述的任一步中,一旦接到要求初始化信号则立即跳转至第一步,按步骤顺序重新进行处理。4. the entropy extraction method based on SRAM PUF according to claim 1, is characterized in that, in described any step, once receiving the request initialization signal then jumps to the first step immediately, and processes again in step order. 5.一种基于SRAM PUF的熵提取电路,其特征在于,包括SRAM、读取模块、节点筛选模块、输出模块、先进先出存储器、随机存储器和控制模块;控制模块先接收设置的预定读取次数、门槛值以及最小熵的值,然后通过读取模块控制SRAM掉电,读取模块读取SRAM每次掉电后各节点的地址及对应的数据值并将各节点的地址及对应的数据值传输给先进先出存储器存储;当SRAM的掉电次数达到设置的预定读取次数时停止掉电,节点筛选模块读取先进先出存储器中存储的每次掉电后各节点的数据值,并将变化次数达到门槛值的节点地址存入随机存储器;节点筛选模块随后计算最小熵,若计算的最小熵的值小于0.4则向控制模块发送提示更换SRAM的信号,否则向控制模块发送完成筛选的信号;输出模块按照随机存储中存储的地址通过读取模块读取SRAM中相应节点的数据值,并将数据进行哈希函数处理后输出;当控制模块接到重播请求时,重新通过读取模块控制SRAM掉电,重新筛选节点,重新将相应节点的数据值进行哈希函数处理后再输出;5. an entropy extraction circuit based on SRAM PUF, is characterized in that, comprises SRAM, reading module, node screening module, output module, first-in-first-out memory, random access memory and control module; The number of times, the threshold value and the minimum entropy value, and then control the power-off of the SRAM through the reading module. The reading module reads the address of each node and the corresponding data value after each power-off of the SRAM and converts the address and corresponding data of each node. The value is transmitted to the FIFO memory for storage; when the number of power-downs of the SRAM reaches the preset number of readings, the power-down is stopped, and the node screening module reads the data value of each node after each power-down stored in the FIFO memory. The node address whose number of changes reaches the threshold is stored in the random access memory; the node screening module then calculates the minimum entropy, and if the calculated minimum entropy value is less than 0.4, it sends a signal to the control module to prompt the replacement of the SRAM, otherwise it sends the control module to complete the screening. The output module reads the data value of the corresponding node in the SRAM through the reading module according to the address stored in the random storage, and performs the hash function processing on the data and outputs it; when the control module receives the replay request, it re-reads the data by reading The module controls the SRAM to power down, re-screens the nodes, and re-processes the data values of the corresponding nodes with the hash function before outputting; 其中,所述节点筛选模块按照以下步骤计算最小熵(Hmin)totalWherein, the node screening module calculates the minimum entropy (H min ) total according to the following steps: 其中,i表示第i个节点,i为1~n范围内的整数,n为SRAM中节点的总数;pimax为节点i对应的pmaxAmong them, i represents the ith node, i is an integer in the range of 1~n, n is the total number of nodes in the SRAM; p i max is the p max corresponding to node i; 所述的pmax值通过以下公式计算获得:pmax=max(px=1,px=0);其中,px=1表示节点掉电后的值与上一次的值的异或计算结果为1的概率;px=0表示节点掉电后的值与上一次的值的异或计算结果为0的概率;其中,Xt表示节点掉电后的值,Xt+1表示节点上一次掉电后的值。The p max value is calculated and obtained by the following formula: p max =max(p x=1 ,p x=0 ); wherein, p x=1 represents the XOR of the value after the node is powered off and the previous value The probability that the calculation result is 1; p x=0 means the XOR of the value after the node is powered off and the last value Calculates the probability that the result is 0; where X t represents the value after the node is powered off, and X t+1 represents the value after the last time the node was powered off. 6.根据权利要求5所述的基于SRAM PUF的熵提取电路,其特征在于,控制模块存储预定读取次数、门槛值以及最小熵的值;控制模块同时控制读取模块实时修改掉电时间;每一次进行筛选时,控制模块都会将最新的预定读取次数、最小熵的值和门槛值发送给节点筛选模块。6. the entropy extraction circuit based on SRAM PUF according to claim 5, is characterized in that, control module stores the value of predetermined reading number of times, threshold value and minimum entropy; Control module simultaneously controls reading module to modify power-down time in real time; Each time screening is performed, the control module will send the latest predetermined number of readings, the minimum entropy value and the threshold value to the node screening module.
CN201610373362.4A 2016-05-31 2016-05-31 A kind of entropy extraction method and circuit based on SRAM PUF Active CN106055491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610373362.4A CN106055491B (en) 2016-05-31 2016-05-31 A kind of entropy extraction method and circuit based on SRAM PUF

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610373362.4A CN106055491B (en) 2016-05-31 2016-05-31 A kind of entropy extraction method and circuit based on SRAM PUF

Publications (2)

Publication Number Publication Date
CN106055491A CN106055491A (en) 2016-10-26
CN106055491B true CN106055491B (en) 2019-03-12

Family

ID=57171999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610373362.4A Active CN106055491B (en) 2016-05-31 2016-05-31 A kind of entropy extraction method and circuit based on SRAM PUF

Country Status (1)

Country Link
CN (1) CN106055491B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107390063B (en) * 2017-08-03 2020-11-06 恒宝股份有限公司 Power failure test method and device
CN108681441B (en) * 2018-04-25 2021-06-01 东南大学 Random number generator based on BR-PUF
CN117494234B (en) * 2023-10-12 2024-11-19 成都海泰方圆科技有限公司 Entropy acquisition method and device and electronic equipment
CN118784242B (en) * 2024-06-27 2025-11-28 国家电网有限公司 SRAMPUF-based security parameter generation system and SRAMPUF-based security parameter generation method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2689375A1 (en) * 2011-03-21 2014-01-29 Irdeto B.V. System and method for securely binding and node-locking program execution to a trusted signature authority
CN103544410A (en) * 2013-09-30 2014-01-29 华中科技大学 Embedded microprocessor unclonable function secret key certification system and method
CN104011728A (en) * 2012-07-24 2014-08-27 英特尔公司 Provide access to encrypted data
CN104810062A (en) * 2015-05-12 2015-07-29 东南大学 PUF (polyurethane foam) feature test method and device of SRAM (static random access memory) chip
CN104836669A (en) * 2015-05-08 2015-08-12 东南大学 Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system
CN105337725A (en) * 2014-08-08 2016-02-17 中国科学院数据与通信保护研究教育中心 Key management device and key management method
CN105530097A (en) * 2014-09-30 2016-04-27 中国科学院数据与通信保护研究教育中心 A key extraction method and system based on SRAM PUF

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10044513B2 (en) * 2013-09-02 2018-08-07 Samsung Electronics Co., Ltd. Security device having physical unclonable function

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2689375A1 (en) * 2011-03-21 2014-01-29 Irdeto B.V. System and method for securely binding and node-locking program execution to a trusted signature authority
CN104011728A (en) * 2012-07-24 2014-08-27 英特尔公司 Provide access to encrypted data
CN103544410A (en) * 2013-09-30 2014-01-29 华中科技大学 Embedded microprocessor unclonable function secret key certification system and method
CN105337725A (en) * 2014-08-08 2016-02-17 中国科学院数据与通信保护研究教育中心 Key management device and key management method
CN105530097A (en) * 2014-09-30 2016-04-27 中国科学院数据与通信保护研究教育中心 A key extraction method and system based on SRAM PUF
CN104836669A (en) * 2015-05-08 2015-08-12 东南大学 Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system
CN104810062A (en) * 2015-05-12 2015-07-29 东南大学 PUF (polyurethane foam) feature test method and device of SRAM (static random access memory) chip

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"A dynamic PUF anti-aging authentication system based on restrict race code";Li Bing等;《Science China(Information Sciences)》;20160131;第59卷(第1期);第1-12页
"DSP平台上基于PUF的两种真随机数产生方法研究";李飞等;《信息网络安全》;20150930(第9期);第186-190页
"Efficient Implementation of True Random Number Generator Based on SRAM PUFs";Leest V V D等;《Lecture Notes in Computer Science》;20120101;第6805卷;第300-318页
"Hardware-Anchored Security Based on SRAM PUFs,Part1";Helena Handschuh;《IEEE Security & Privacy》;20120626;第3卷(第10期);第80-83页
"Power-Up SRAM State as An Identifying Fingerprint and Source of True Random Numbers";Holcomb D E等;《IEEE Transactions on Computers》;20081117;第9卷(第58期);第1198-1210页

Also Published As

Publication number Publication date
CN106055491A (en) 2016-10-26

Similar Documents

Publication Publication Date Title
CN106055491B (en) A kind of entropy extraction method and circuit based on SRAM PUF
CN104836669B (en) A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF
CN110378697B (en) Block chain light node UTXO transaction verification method and device based on RSA accumulator
US10250577B2 (en) System and method for authenticating and enabling an electronic device in an electronic system
TWI755677B (en) Method, system and device for obtaining information on bank card contracting elements
US20160330023A1 (en) Id generating device, id generating method, and id generating system
CN106533654B (en) Configurable physical unclonable function circuit and its response generation method
CN110009388A (en) Equipment leasing method, apparatus, equipment and storage medium
CN108665359A (en) Block chain processing method, accounting nodes and verification node
CN102868529A (en) Method for identifying and calibrating time
US7516169B2 (en) Generating random data
CN114640464A (en) Block chain-based subscription data transmission method, device, equipment and storage medium
CN112131614A (en) Self-adaptively configured PUF (physical unclonable function) equipment, fusion terminal containing PUF equipment and identity authentication system
CN113704126A (en) Verification method and device, computer storage medium and processor
CN109391643B (en) Blockchain lightweight processing method, blockchain node and storage medium
CN111708762B (en) Authority authentication method and device and server device
KR101962703B1 (en) Method and apparatus for authentication of OTP generator based on built-in clock
CN113961171B (en) Random signal generation device and physical unclonable function generation system
CN104462902B (en) The initial method that the data of a kind of joint product and the product are downloaded
CN115346295A (en) Door lock state collection method, medium and equipment based on identification analysis and block chain
Zhao et al. Design and implementation of a blockchain-enabled secure sensing data processing and logging system
CN116266227A (en) Generation and verification method, device, equipment and storage medium of one-time password
CN114996048A (en) Data storage method and device, storage medium and electronic equipment
WO2021089983A1 (en) Validating distributed source content
CN113783649A (en) Terminal timing method, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant