Generating Multiplicative Encoding Space of Optical Physically Unclonable Function Based on Spatial Frequency Limiting

Conventional security systems are facing new threats from advanced hacking tools, machine learning, and even the emergence of quantum computing. In this context, physically unclonable functions (PUFs) have emerged as a highly unpredictable encryption primitive due to inherent randomness. Specifically, optical PUFs harness light-matter interactions, providing advantages such as higher entropy, easy modulation, and various functionalities, making them a promising option for next-generation authentication and communication systems.<br/> <br/>When using the simplest authentication system using optical PUF, the system is divided into three main parts: light emitter (<i>i.e.</i>, input referred to as the challenge), the photonic medium (<i>i.e.,</i> PUF tag), and the image sensor (<i>i.e.</i>, output referred to as the response). At this point, increasing the number of challenge-response pairs (CRPs) is equivalent to increasing the number of possible encryption keys generated from a single PUF. Furthermore, the extensive CRP space can be partitioned into smaller segments or concatenated to create larger keys with greater encoding capacity, depending on the encryption purpose (<i>e.g.</i>, the smaller for one-time passwords and the larger for high-resolution images XOR encryption). To support the potential PUF-based platform, retaining the extensive CRP space is crucial. Unfortunately, recently reported optical PUF systems tend to rely solely on digital micro-mirror devices (DMDs) to increase the number of CRPs. However, such excessive dependency is undesirable for achieving a highly extensive CRP space, and the quantitative feasibility of expanding with DMDs has not been thoroughly analyzed.<br/> <br/> Herein, we propose an integrated system that employs optical elements to effectively expand the CRP space of optical PUF without DMDs. First of all, PUF tags are fabricated by a stochastic wet etching process. A Cr-mask deposited quartz substrate is dipped into BOE and stochastic generation of pinholes occurs on the mask. Then, BOE penetrates the mask through the pinholes and forms hemispherical pits on the quartz substrate. After removing the remaining Cr mask, the PUF tags with millions of micro-pits (<i>i.e.</i>, 2D-optical scatterer) on its surface are obtained. When illuminated by a coherent light source, numerous pit pairs generate interferometric fringe patterns, and their superposition produces highly unpredictable speckle images for encryption keys.<br/> <br/>With the fabricated PUF tags, the authentication system can largely expand CRP space by utilizing the following three components. First, a tunable laser modulates wavelengths of probing light for spectral expansion of CRP space. Due to changes in refraction extent at the scattering pits, distinct speckle images are obtained. Second, a mirror modulates the incident angle of probing light toward the PUF tag for angular expansion. The illuminated area is shifted and different scattering regions engage in interference. Third, the aperture in front of the PUF tag filters the spatial frequency of the speckle. The farther two pits apart, the denser fringe patterns(<i>i.e.</i>, high spatial frequency and small speckle size) are observed, whereas closer pits generate sparser patterns(<i>i.e.</i>, low spatial frequency and large speckle size). In short, by adjusting the size of the aperture, fixing and selecting the size of speckles in the response image is feasible.<br/> <br/>We anticipate this methodology will serve as a key cornerstone for developing future security platforms based on PUFs. The operations of each component can be combined multiplicatively, allowing for the acquisition of over 200 speckle images for encryption keys from a single tag. Smaller speckles are used for trivial purposes such as the everyday use of IoT devices, and larger speckles can be tailored to be partitioned or concatenated to achieve intensive security levels from one-time passwords to confidential long encryption keys, introducing hierarchical authentication.