SoK: Towards Secret-Free Security

Digital secret keys are indispensable in modern cryptography and computer security - but at the same time constitute a routinely exploited attack target in every hardware system that stores them. This discrepancy has created perpetual battle between key extractors and protectors over the decades. Some recent approaches attempt to overcome this issue by simply avoiding keys and secrets in vulnerable devices: Physical Unclonable Functions (PUFs), for example, are capable of evading 'classical keys', i.e., permanently digital secrets, in electronic hardware. Nevertheless, many PUFs still contain physical or analog secrets deep in their structure, whose disclosure to adversaries also breaks security: This includes the manufacturing variations in SRAM PUFs that determine their power-up states, or the signal delays of Arbiter PUFs that determine their responses. A second generation of physical primitives shows promise to resolve this remaining problem: So-called Complex PUFs, SIMPLs/ PPUFs, and related techniques enable completely 'secret-free' systems, where adversaries could inspect every bit and every atom, and learn any information present in any form in the hardware, without being able to break security. This Systematization of Knowledge (SoK) paper takes this situation as starting point, and categorizes, formalizes, and overviews the recently evolving area of secret-free security. It tries to lay the foundations for future generations of secret-free hardware, which could be innately and provably immune against any invasive, side channel, or key extraction attacks.