Secret-Key Capacity Regions for Multiple Enrollments With an SRAM-PUF

We introduce the multiple enrollment scheme for SRAM-physical unclonable functions (PUFs). During each enrollment, the binary power-on values of the SRAM are observed, and a corresponding key and helper data are generated. Each key can later be reconstructed from an additional observation and the helper data. The helper data do not reveal information about the keys to an attacker. It is our goal to use the additional enrollments to consecutively increase the entropy of the generated key material. We analyze two alternative settings. First, we present a regular setting, where each additional key is independent of all previous keys. Second, we introduce a key-replacement setting, where instead of an additional independent key, a new key (of increased length) is generated that replaces the old key. We characterize the capacity regions for both the settings. We show that the total achievable secret-key rate is equal to the mutual information between all enrollment observations and a single (reconstruction) observation. We derive our results based on a statistical model for the SRAM-PUF that has been proposed in the literature. This model implies a permutation symmetry property of the SRAM-PUF which plays a key role in our proofs.