Abstract: Modern cryptography relies on algorithmic one-way functions—numerical functions which are easy to compute but very difficult to invert. This dissertation introduces physical one-way functions and physical one-way hash functions as primitives for physical analogs of cryptosystems.
Physical one-way functions are defined with respect to a physical probe and physical system in some unknown state. A function is called a physical one-way function if (a) there exists a deterministic physical interaction between the probe and the system which produces an output in constant time; (b) inverting the function using either computational or physical means is difficult; (c) simulating the physical interaction is computationally demanding and (d) the physical system is easy to make but difficult to clone.
Physical one-way hash functions produce fixed-length output regardless of the size of the input. These hash functions can be obtained by sampling the output of physical one-way functions. For the system described below, it is shown that there is a strong correspondence between the properties of physical one-way hash functions and their algorithmic counterparts. In particular, it is demonstrated that they are collision-resistant and that they exhibit the avalanche effect, i.e., a small change in the physical system causes a large change in the hash value.
An inexpensive prototype authentication system based on physical one-way hash functions is designed, implemented, and analyzed. The prototype uses a disordered three-dimensional microstructure as the underlying physical system and coherent radiation as the probe. It is shown that the output of the interaction between the physical system and the probe can be used to robustly derive a unique tamper-resistant identifier at a very low cost per bit. The explicit use of three-dimensional structures marks a departure from prior efforts. Two protocols, including a one-time pad protocol, that illustrate the utility of these hash functions are presented and potential attacks on the authentication system are considered.
Finally, the concept of fabrication complexity is introduced as a way of quantifying the difficulty of materially cloning physical systems with arbitrary internal states. Fabrication complexity is discussed in the context of an idealized machine—a Universal Turing Machine augmented with a fabrication head—which transforms algorithmically minimal descriptions of physical systems into the systems themselves. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)