Different transforms used in binding a secret key to correlated physical-identifier outputs are compared. Decorrelation efficiency is the metric used to determine transforms that give highly-uncorrelated outputs. Scalar quantizers are applied to transform outputs to extract uniformly distributed bit sequences to which secret keys are bound. A set of transforms that perform well in terms of the decorrelation efficiency is applied to ring oscillator (RO) outputs to improve the uniqueness and reliability of extracted bit sequences, to reduce the hardware area and information leakage about the key and RO outputs, and to maximize the secret-key length. Low-complexity error-correction codes are proposed to illustrate two complete key-binding systems with perfect secrecy, and better secret-key and privacy-leakage rates than existing methods. A reference hardware implementation is also provided to demonstrate that the transform-coding approach occupies a small hardware area.There are multiple key-generation, or generated-secret (GS), and key-binding, or chosen-secret (CS), methods to reconstruct secret keys from noisy PUF outputs, where the key is generated from the PUF outputs or bound to them, respectively. Code-offset fuzzy extractors [9] are examples of key-generation methods and the fuzzy commitment scheme [10] is a key-binding method. Code constructions based on Wyner-Ziv (WZ) coding are illustrated in [11] to asymptotically achieve the information-theoretic limits for the GS and CS models. These constructions might have high complexity, which is undesired for, e.g., IoT applications. In addition, since a key should be stored in a secure database for both models, it is more practical to allow a trusted entity to choose the secret key bound to a PUF output. Thus, in this paper, we aim at further improving reliability, privacy, secrecy, and hardware cost performance of a transform-coding algorithm, explained next, that is applied to PUF outputs in combination with the fuzzy commitment scheme.PUFs have similar features to biometric identifiers like fingerprints. Both identifier types have correlated and noisy outputs due to surrounding environmental conditions [12]. Correlation in PUF outputs leaks information about the secret key, which causes secrecy leakage, and about the PUF output, causing privacy leakage [13][14][15]. Moreover, noise reduces reliability of PUF outputs and error-correction codes are needed to satisfy the reliability requirements. The transform-coding approach [16,17] in combination with a set of scalar quantizers has made its way into secret-key binding with continuous-output biometric and physical identifiers, as they allow reducing the output correlation and adjusting the effective noise at the PUF output. For instance, the discrete cosine transform (DCT) is the building block in [17] to generate a uniformly distributed bit sequence from RO outputs under varying environmental conditions. Efficient post-processing steps are applied to obtain more reliable PUF outputs rather than changing the har...
