Abstract: Systems and methods of correcting errors in encrypted communication between a server and client devices using keyless encryption schemes are disclosed. Client devices with arrays of physical-unclonable-function devices respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. To send an encrypted message, the server generates a message digest, extracts data from the stored arrays on the basis of the message digest, applies error correction codes to the message, encrypts the message with the extracted data, and sends the message to a client. The server may receive a handshake containing all or part of the message digest, measures its PUF, and decrypts and decodes the message.

Abstract: The use of pre-formed arrays of memristors such as ReRAMs for true random number generation is disclosed. The method exploits the natural randomness in the large stochastic cell-to-cell variations in resistance values at low injected current in the pre-formed range. This novel TRNG scheme can be designed with three interconnected blocks: i) a pseudo-random number generator (PRNG) that is acting as an extended output function (XOF) to generate a stream of addresses pointing randomly at the array of ReRAM cells; ii) a method to read the resistance values of these cells at low injected current and convert the values in a stream of random bits; and, if needed, iii) methods to further enhance the randomness of this stream such as, but not limited to, mathematical, Boolean, and cryptographic algorithms.

Abstract: A system and method for the generation of composite private keys are provided. First and second bitstreams are retrieved from an addressable cryptographic table by deriving addresses in the addressable cryptographic table from an initial instruction, accessing first and second bit values stored at addresses belonging to the derived addresses in the addressable cryptographic table, and outputting the first bit values as the first bitstream and the second bit values as the second bitstream. The first bitstream is concatenated with data from the first bitstream to form a data stream having a desired length and the second bitstream is concatenated with data from the second bitstream to form a selector stream having the desired length. A first composite encryption key having a length longer than the first and second bitstreams is formed by selecting values of the data stream identified by corresponding bit values of the selector stream.

Abstract: Systems and methods for secure enrollment of physical unclonable function devices include providing a device with an enrollment controller. The enrollment controller receives an enrollment request from an enrollment system and authenticates the request. If the request is authentic, the enrollment controller generates challenges in a pseudorandom order determined by a random seed that is shared with the enrollment system. The enrollment controller issues the challenges to interrogation circuitry coupled to a PUF array and records the responses. The responses are transmitted in encrypted form, and in the pseudorandom order, to the enrollment system. The responses are encrypted using a random number shared with the enrollment system. The enrollment system and the enrollment controller can independently generate the encryption key using the shared random number and/or other securely shared information.

Abstract: A computing device includes an array of addressable elements. Each addressable element is a hardware element that generates a substantially consistent response when interrogated. The device includes a processor coupled to the array of addressable elements and configured to communicate using a communication network. The processor receives a public key, and processes the public key to produce at least a set of addresses. Each address in the set of addresses identifies one or more hardware elements in the array of addressable elements. The processor generates a set of responses by interrogating the one or more hardware elements in the array of addressable elements identified by the set of addresses according to a set of reading instructions, appends the responses in the set of responses to generate a private key, receives an encrypted message and decrypts the encrypted message using the private key to generate an unencrypted message.

Abstract: Systems and methods of authentication and encrypted communication between a server and client using independently-generated shared encryption keys are disclosed. Clients with arrays of physical-unclonable-function devices respond to server-issued challenges. The clients derive encryption keys from responses to those challenges generated by measuring PUF devices specified by the challenges. The clients send messages encrypted with the encryption keys to the server. The server independently reproduces the client-generated encryption keys using information about the PUF devices. When the keys match, the clients are authenticated. It may be desirable to inject errors into the challenge responses generated by the clients to improve security. When errors are injected, attackers cannot determine correct challenge responses except by brute force.

Abstract: Systems and methods for secure communication between devices where one device has a physical unclonable function (“PUF”) array of PUF devices and another device stores data representing characteristics of the PUF array include encryption schemes using repeated application of one-way cryptographic functions to message segments. The devices transmit or receive a processing instruction used to determined PUF devices whose measured characteristics are used to derive encryption keys. Messages are segmented and message information is securely transmitted by repeatedly application of a suitable one-way cryptographic function to each message segment where the number of applications of the function is determined by each message segment.

Abstract: Disclosed herein is a computing system with the capability to execute instructions in different positional notation values. The definition of a positional notation value is given by the general formula that represent a base 10 numeral in any positional notation in the following manner: . . . d3r3+d2r2+d1r1+d0r0, where d is a coefficient, r is the base of the positional number system (i.e. r=2 for binary, or r=3 for ternary), and the exponent is the position of the digit. The computing may provide a configuration which hybridizes the instructions of multiple positional notation values in variable ratios. The computing system may dynamically switch between the multiple hybridized instructions sets. Embodiments may be applied to provide security benefits.

Abstract: Systems and methods for securing blockchain and other cryptographically signed ledgers are disclosed. Client devices with arrays of physical-unclonable-function devices are respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. Subsequently, the server issues challenges to the clients and receives responses generated by the clients from characteristics of portions of the arrays specified by the challenges. The challenge responses are used to authenticate the clients and are also used as cryptographic private keys for signing transaction blocks. Public keys corresponding to the private keys are generated allowing signed transaction blocks to be validated as well as allowing clients originating the transactions to be authenticated by other clients. Ternary PUF characterization schemes are used to achieve acceptable authentication error rates.

Abstract: Systems and methods for improving security in computer-based authentication systems by using physical unclonable functions are presented. A computing device used to provide authentication includes multiple arrays of physical unclonable function devices. Rather than storing user passwords or message digests of passwords, the computing device generates a message digest based on a user's credentials. A challenge response generated by measuring physical parameters of set of physical unclonable function devices specified by the message digest. The computing device can provide authentication without storing information which could be used by an attacker to compromise user credentials. Redundancy and robustness to varying loads are provided by the use of multiple PUF arrays which may be used as backups or to provide load balancing. Backdoor access may be provided to trusted parties without exposing user credentials.

Abstract: A computing device includes an array of addressable elements. Each addressable element is a hardware element that generates a substantially consistent response when interrogated. The device includes a processor coupled to the array of addressable elements and configured to communicate using a communication network. The processor receives a public key, and processes the public key to produce at least a set of addresses. Each address in the set of addresses identifies one or more hardware elements in the array of addressable elements. The processor generates a set of responses by interrogating the one or more hardware elements in the array of addressable elements identified by the set of addresses according to a set of reading instructions, appends the responses in the set of responses to generate a private key, receives an encrypted message and decrypts the encrypted message using the private key to generate an unencrypted message.

Abstract: A system and method of secure communication between computing devices based on physical unclonable functions such as memories having dissolvable conductive paths is provided. The method involves enrolling a client device, the client device having a PUF such as a pristine ReRAM. The PUF is enrolled in a secure environment by reading and storing the resistances of the PUF's addressable memory cells. The cells are categorized into “rugged” and “vulnerable” categories on the basis of their resistance, the vulnerable cells being those more likely to be permanently altered during the generations of PUF responses. The rugged cells are used for the generation of PUF responses for cryptographic key generation, but the vulnerable cells may be inspected to detect unauthorized 3rd party access to the PUF.

Abstract: Systems and methods of encrypted communication between a server and client devices using keyless encryption schemes are disclosed. Client devices with arrays of physical-unclonable-function devices respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. Subsequently, the server issues challenges to the clients. The clients derive a ciphertext according to a variable cipher scheme determined using responses to the challenges issued by the server using characteristics of portions of the arrays specified by the challenges. The server and clients may independently determine encryption and decryption procedures using characteristics of the arrays.

Abstract: Systems and methods for symmetric encryption between a client and a server device include a client device having an array of physical unclonable function devices and a server device storing information sufficient to reconstruct responses of the devices to an applied stimulus such as varying levels of electrical current. The server shares a challenge with the client, which measures characteristics such as electrical resistances for a subset of the devices according to instructions extracted from the challenge. The client measures a corresponding reference device in the array for each device of the subset and assigns a value determined based on a comparison of each device with the corresponding reference device to generate a cryptographic key. The server calculates an expected response of the client to the challenge according to a model of the devices in the array, and uses the calculated response to generate the key independently.

Abstract: A system is configured to derive a set of encryption keys from measured device characteristics of at least one PUF device and communicate with a remote device by performing a cryptographic operation secured by the set of encryption keys. The cryptographic operation includes segmenting a first data stream into a first plurality of data stream fragments, segmenting a first data stream fragment of the first plurality of data stream fragments into a first numeric value and a second numeric value, identifying, using the first numeric value, a first encryption key of the set of encryption keys, and applying a one-way cryptographic function to the first encryption key a first number of times determined by the second numeric value to generate a transformed fragment having a value that depends on the values of the first numeric value and the second numeric value from the first data stream fragment and a value of the first encryption key.

Abstract: A transmitting device and a receiving device independently generate shared encryption keys by exchanging a ternary datastream composed of trits encoded by polarized photons generated and measured using one of two polarization orientations. The first orientation defines two mutually-orthogonal polarization axes and a mixed polarization state formed by a combination of the two axes for that orientation. The second orientation also define two mutually-orthogonal polarization axes and a mixed polarization state formed by a combination of the two axes for that orientation. The mutually-orthogonal axes of one orientation are combinations of the mutually-orthogonal axes of the other orientation. The sender and receiver independently choose an orientation for each trit and use trits where each party's polarization orientations agree to determine addresses in separate cryptographic tables belonging to each party.

Abstract: The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.

Abstract: Systems and methods for improving security in computer-based authentication systems by using physical unclonable functions are presented. A computing device used to provide authentication includes an array of physical unclonable function devices. Rather than storing user passwords or message digests of passwords, the computing device generates a message digest based on a combination of a user ID and corresponding password. This message digest forms part of challenge (together with instructions for responding to the challenge). A challenge response generated by measuring physical parameters of set of physical unclonable function devices specified by the message digest. This allows the computing device to provide authentication without storing information which could be used by an attacker to compromise user credentials.

Abstract: This invention disclosure describes how the security of existing quantum key distribution protocols can be enhanced with the use of a ternary/binary arithmetic conversion along with shared keys between communicating parties. With these schemes, Bob can detect eavesdropping attacks without exchanging the content of the transmitted data stream with the Alice. Addressable physical unclonable function (PUF) technology can be exploited to design protocols that securely exchange the shared keys.

Abstract: A cryptographic infrastructure, which provides a method for generating private keys of variable length from a cryptographic table and a public key. This infrastructure provides an approximation of the one-time pad scheme. The cryptographic table is shared between a message sender and a message recipient by a secure transfer. After sharing the cryptographic table, no new private keys need to be sent—the private keys are independently generated by each party from the data contained within the shared cryptographic tables, using the public key. After public keys are exchanged, private keys may be generated and used to encrypt and decrypt messages and perform authentication cycles, establishing a secure communication environment between the sender and the recipient.