Clones of the Unclonable: Nanoduplicating Optical PUFs and Applications

Physical unclonable functions (PUFs), physical objects that are practically unclonable because of their andom and uncontrollable manufacturing variations, are becoming increasingly popular as security primitives and unique identifiers in a fully digitized world. One of the central PUF premises states that both friends and foes, both legitimate manufacturers and external attackers alike, cannot clone a PUF, producing two instances that are the same. Using the latest nanofabrication techniques, we show that this premise is not always met: We demonstrate the possibility of effective PUF duplication through sophisticated manufacturers by producing 63 copies of a non-trivial optical scattering structure which exhibit essentially the same scattering behavior. The remaining minuscule differences are close to or below noise levels, whence the duplicates have to be considered fully equivalent from a PUF perspective. The possibility for manufacturer-based optical PUF duplication has positive and negative consequences at the same time: While fully breaking the security of certain schemes, it enables new applications, too. For example, it facilitates unforgeable labels for valuable items; the first key-free group identification schemes over digital networks; or new types of encryption/decryption devices that do not contain secret keys.