Hybrid PUFs: Integrated Physical Unclonable Security

• Hybrid PUFs are hardware security primitives that combine multiple unclonable mechanisms to achieve enhanced key generation and robust resistance to duplication.
• They integrate heterogeneous architectures such as memory-based, memristive, chaotic, and quantum-encoded components to multiply entropy and counter diverse attack models.
• Their design enables forward security and dynamic reconfigurability, making them ideal for IoT authentication and advanced cryptographic applications.

A Hybrid Physical Unclonable Function (HPUF) is a hardware security primitive that explicitly combines multiple PUF architectures, physical resources, or security mechanisms into a single, inseparable information-storage system, with the goal of jointly leveraging their strengths for enhanced unclonability, resistance against duplication, robust key generation, and compositional security. This cross-technology or cross-mechanism hybridization—spanning classical digital, memory-based, chaotic, optoelectronic, memristive, and quantum-encoded domains—enables the realization of security objectives that are difficult or impossible to achieve with a single canonical PUF approach. The HPUF concept is now rigorously grounded in a modern definition and classification that articulates both its underlying information-storage structure and the nature of its security mechanisms (Plaga et al., 2015), providing a systematic basis for analysis, certification, and design.

1. Formal Definition and Classification Foundations

The precise definition underpinning HPUFs is based on the framework introduced in "A new Definition and Classification of Physical Unclonable Functions" (Plaga et al., 2015). In this model:

• PUF: An information-storage system protected by a "memory-bound" security mechanism that is
  1. intended to impede duplication of its storage functionality in any separate system, and
  2. remains effective even after an attacker’s temporary complete access to the system.

HPUFs extend this by combining separate PUF architectures or security mechanisms—e.g., distinct unpredictable entropy sources, cryptostorage primitives (Minimum Readout Time/MRT and Erasure Upon Readout/EUR), complex structure production, and even quantum no-cloning mechanisms—into a tightly-coupled hybrid system in which the security properties of each component are functionally and inseparably fused.

The classification scheme from (Plaga et al., 2015) distinguishes PUFs (including HPUFs) along two axes:

Axis	Values
Security Objective	S1: Simple (single-use or trigger-based storage), S2: Timed release, ...
Duplication Threat	D1: Physical duplication, D2: Mathematical duplication (learning or emulation attacks)
Mechanism	CSP: Complex Structure Production; NC: No Cloning; Cryptostorage: (MRT, EUR); including composition in HPUF context

In hybridization, this means that a given HPUF can, for example, integrate CSP-based entropy (e.g., from an SRAM PUF), quantum no-cloning protections, and cryptostorage for different layers of the challenge-response mapping, targeting both D1 and D2 threats.

2. Architectures and Mechanism Combinations

The practical realization of HPUFs spans a breadth of architectures:

• Memory-based HPUFs: Combine heterogeneous memories—such as SRAM and DRAM—to multiply entropy, challenge-response pair (CRP) space, and reconfigurability, while employing post-processing for robust authentication (Sutar et al., 2017). Here, error correction, cryptographic hashing, and response mapping can be hybridized to provide both increased uniqueness and environmental stability.
• Memristive/digital HPUFs: Pair highly reliable, reconfigurable memristor-based core cells (e.g., R³PUF) with digital arbiters or CMOS front-ends. The memristor provides high cycle-to-cycle entropy and abrupt threshold-driven response diversity, while the digital logic arbitrates or encodes responses (Gao et al., 2017, Rahman et al., 6 Jul 2025).
• Combinational logic HPUFs: Structures such as the OR-AND-XOR-PUF (OAX-PUF) decompose input challenges into separate paths processed by different logic primitives (MAX/OR, MIN/AND, XOR), then recombine the outputs to confuse side-channel (reliability-based) machine learning attacks without the reliability drawbacks of deep XOR chains (Yao et al., 2021).
• Chaotic/network-based HPUFs: Hybrid Boolean Networks (HBN-PUFs) composed of large, asynchronously coupled logic gates amplify microscopic process variations through transient chaos, yielding extremely high entropy and super-exponential CRP scaling (Charlot et al., 2019, Charlot et al., 2022). Hybridization can include both the Boolean network core and a memory or photonic interface to improve robustness and readout.
• Quantum/classical HPUFs: Quantum-locked hybrid PUFs encapsulate the output of a classical PUF in a quantum encoding; only a party with knowledge of the quantum state can unlock the second half of the response, making the system provably secure against adaptive and classical-ML attacks and allowing CRP reusability (Chakraborty et al., 2021, Farré et al., 12 Aug 2025). Systems can hybridize further by employing both classical and quantum challenge spaces.
• Optoelectronic HPUFs ("Hyper PUFs"): Multi-level, fully reversible, light-reconfigurable photonic media (e.g., cross-linked polymer/LC composites) serve as dynamic sources of entropy. External light patterns reconfigure the PUF’s physical state reversibly; the probe challenges generate high-dimensional speckle responses, with entropy scaling as levels × bits per configuration (Nocentini et al., 2022).

This architectural heterogeneity in HPUFs is a defining feature and enables functionalities—such as continuous key refresh, forward/backward security, multiple client resolution, or quantum-secure authentication—not possible in single-mechanism designs.

3. Security Features, Unclonability, and Multi-Layer Defenses

HPUFs leverage their composite nature to realize a layered security model:

• Multi-source entropy: Combining two or more independent uncertainty sources (e.g., SRAM + DRAM; CMOS + memristor) multiplicatively increases the size of the effective challenge-response space. For example, combining SRAM and DRAM in C‑PUF increases the CRP space from $2^{16}$ or $2^{16}$ alone to $2^{32}$ (Sutar et al., 2017).
• Cryptostorage: Integrating cryptostorage mechanisms such as MRT (minimum readout time) and EUR (erasure on unauthorized challenge) can make extraction of secrets infeasible for attackers with only temporary access, even if a subset of other responses (from another component) is exposed (Plaga et al., 2015).
• Quantum protection: Quantum-encoded HPUFs (HLPUF, quantum lock) are resistant to both adaptive attacks and ML modeling, as the no-cloning theorem and non-orthogonal state indistinguishability fundamentally constrain information leakage per challenge (Chakraborty et al., 2021, Farré et al., 12 Aug 2025). Reusability of CRPs is enabled without leakage by quantum uncertainty.
• Resistance to modeling attacks: The addition of heterogeneous mechanisms breaks modeling invariants. For example, OAX recomposition defeats reliability-based attacks (such as CMA-ES) by hiding which components contribute most noise; memory hybridization with post-processing (e.g., hashing, XOR) reduces statistical correlation with challenge bits and further inhibits modeling (Yao et al., 2021, Sutar et al., 2017, Fei et al., 1 Mar 2024).
• Reconfigurability and forward security: Memristor (cycle-to-cycle) and optoelectronic reconfigurability (light-induced polymer transitions) allow on-demand key refreshing, forward secrecy, and rapid revocation. In such HPUFs, each reconfiguration produces a physically independent PUF instance, vastly increasing attack difficulty (Gao et al., 2017, Nocentini et al., 2022).

4. Evaluation Metrics and Experimental Results

Analysis and certification of HPUFs draw on extension of metrics used in canonical PUFs, but with attention to the interplay of mechanisms:

Metric	Typical Range/Result (HPUF Example)
Uniqueness	Hamming Distance near 50% for inter-chip; 98% for ring-oscillator-based (Chamon et al., 5 Jun 2025); 0.40 for HBN-PUFs (Charlot et al., 2019)
Reliability	Intra-chip Hamming Distance < 1–2% for memristive HPUFs (Gao et al., 2017, Rahman et al., 6 Jul 2025); 0.05 for HBN-PUFs; robust to temperature, voltage, and process variation
Entropy	Extracted bits per PUF scale super-exponentially for chaotic network HPUFs (min-entropy ≈ $N \cdot 2^N / 2$ for $N$ nodes) (Charlot et al., 2019)
Reconfigurability	Reprogramming cycles (memristor C2C, optical Lₖ₍Trans₎) produce independent keys; $>1,750$ independent bits realized with 10 optical levels (Nocentini et al., 2022)
Authentication Rate	100% true positive, 0% false positive (memory HPUFs, C‑PUF, after error correction and post-processing) (Sutar et al., 2017)

Composite metrics—such as minimum extraction difficulty $O(2^N)$ for cryptostorage submodules (Plaga et al., 2015) or exponential model-learning sample size for HLPUFs (Chakraborty et al., 2021)—are critical in assessing HPUF security posture.

5. Security Analysis, Attacks, and Modelling Resistance

Despite the hybrid complexity, modern machine learning and mixture-of-expert attacks can sometimes exploit residual mathematical structure in delay-based HPUFs:

• Mixture-of-PUF-Experts (MoPE, MMoPE): These machine learning frameworks transform hybrid PUF challenges into additive or higher-order feature spaces, with multiple expert networks modeling distinct submechanisms, and a trainable gating network adaptively weighting their contribution. MoPE/MMoPE have demonstrated accuracy above 90% in black-box attacks on heterogeneous and hybrid feed-forward PUFs, revealing that increased architectural complexity alone is insufficient unless the underlying feature space is fundamentally obfuscated (Fei et al., 1 Mar 2024).
• Side-channel/resilience-based attacks: Reliability-based CMA-ES (using per-bit error rates to recover internal mapping) can be suppressed in OAX-PUF and similar HPUFs if recomposition distributes noise non-uniformly across components (Yao et al., 2021).
• Quantum/ML attacks: In quantum-classical hybrid PUFs, adversary success probability decays exponentially with the number of encoded qubits ($$p_\text{forge}^\text{quantum} \leq p_\text{extract}\, P_\text{forge}^\text{classical}$$, $p_\text{extract}\to 0$ as qubit number increases) (Chakraborty et al., 2021). Information-theoretic analysis quantifies the min-entropy retained under repeated challenge use or in the presence of quantum noise (Farré et al., 12 Aug 2025).

A plausible implication is that security evaluations of HPUFs must consider both their composite-layer structure and whether any dominant component mechanism enables feature extraction, requiring design and post-processing that directly disrupt the construction of attack feature spaces.

6. Implementation, Applications, and Deployment Context

HPUFs are designed for environments where a single type of entropy or security mechanism is insufficient:

• Embedded and IoT device authentication: HPUFs provide high-entropy, repeatable device fingerprints and allow for multi-component authentication (e.g., requiring correct SRAM and DRAM responses together) (Sutar et al., 2017). Fast, lightweight architectures (e.g., ring oscillator and challenge-obfuscated arbiter hybrids) support efficient authentication with minimal resource overhead (Zhuang et al., 21 May 2024, Mahmud et al., 2023).
• Low-power, area-constrained systems: Memristor-digital hybrids and memory-combination HPUFs eliminate the need for on-chip error correction, realizing dense key storage and rapid reconfiguration in sub-µW power envelopes (Gao et al., 2017, Chamon et al., 5 Jun 2025).
• Quantum- and post-quantum security: Optical HPUFs and quantum-locked hybrids support quantum-secure authentication and CRP reusability without full-scale quantum memory or Haar-random unitary requirements, and can multiplex keys for multiple users or protocols (Nocentini et al., 2022, Chakraborty et al., 2021, Farré et al., 12 Aug 2025).
• Flexible multi-user and dynamic key management: Fully light-reconfigurable HPUFs permit a single device to emulate an arbitrary number of independent "logical" PUF tokens, each addressable by a distinct transformer challenge (Nocentini et al., 2022).

A plausible implication is that the adoption of HPUFs is particularly advantageous in applications demanding strong, forward- and backward-secrecy with physically small, cost- or power-constrained form factors, especially for scalable authentication infrastructure.

7. Future Directions, Challenges, and Certification

• Standardization and certification: The formal definition and classification framework (Plaga et al., 2015) provides a blueprint for future HPUF evaluation and certification processes. Certification must consider the specific layered security objectives of each component, the interaction among mechanisms, and the quantifiable extraction difficulty.
• Addressing attack adaptability: MoPE/MMoPE results (Fei et al., 1 Mar 2024) highlight the need for rigorous, mechanism-level modeling resistance evaluation. HPUF compositions that only increase circuit complexity without fundamentally disrupting the exploitability of delay-based (or other) feature spaces may remain vulnerable.
• Quantum hybridization: Open research includes engineering robust, loss-tolerant quantum-encoded PUFs with well-characterized noise models (Chakraborty et al., 2021, Farré et al., 12 Aug 2025), and further analysis of information-theoretic bounds under compound attack modalities.
• Dynamic and reversible operation: Light-reconfigurable and optoelectronic HPUFs offer new operational paradigms for multi-user, key-refreshable devices, but present challenges in reliability, physical robustness, and bit extraction post-processing (Nocentini et al., 2022).

HPUFs therefore represent both an opportunity—enabling compositional, high-entropy, and multi-layer security in the hardware root-of-trust—and a challenge, demanding a carefully reasoned approach to composition, attack evaluation, and rigorous information-theoretic characterization for next-generation secure systems.