Physical Unclonable Functions (PUFs) serve as lightweight, hardware-intrinsic entropy sources widely deployed in IoT security applications. However, delay-based PUFs are vulnerable to Machine Learning Attacks (MLAs), undermining their assumed unclonability. There are no valid metrics for evaluating PUF MLA resistance, but empirical modelling experiments, which lack theoretical guarantees and are highly sensitive to advances in machine learning techniques. To address the fundamental gap between PUF designs and security qualifications, this work proposes a novel, formal, and unified framework for evaluating PUF security against modelling attacks by providing security lower bounds, independent of specific attack models or learning algorithms. We mathematically characterise the adversary's advantage in predicting responses to unseen challenges based solely on observed challenge-response pairs (CRPs), formulating the problem as a conditional probability estimation over the space of candidate PUFs. We present our analysis on previous "broken" PUFs, e.g., Arbiter PUFs, XOR PUFs, Feed-Forward PUFs, and for the first time compare their MLA resistance in a formal way. In addition, we evaluate the currently "secure" CT PUF, and show its security boundary. We demonstrate that the proposed approach systematically quantifies PUF resilience, captures subtle security differences, and provides actionable, theoretically grounded security guarantees for the practical deployment of PUFs.

翻译：物理不可克隆函数（PUFs）作为轻量级硬件固有熵源，广泛应用于物联网安全领域。然而，基于延时的PUFs易受机器学习攻击（MLAs），从而削弱其理论上的不可克隆性。目前缺乏评估PUF抗MLA能力的有效指标，仅依赖经验建模实验——这类方法缺乏理论保证，且对机器学习技术的进步高度敏感。为弥合PUF设计与安全评估之间的根本性鸿沟，本研究提出一种新颖、形式化、统一的框架，通过提供与具体攻击模型或学习算法无关的安全下界，系统评估PUF抵御建模攻击的能力。我们通过数学方法刻画攻击者仅基于观测到的挑战-响应对（CRPs）预测未知挑战响应的优势，将问题形式化为候选PUF空间上的条件概率估计。我们对既往已被"攻破"的PUFs（如仲裁器PUF、异或PUF、前馈PUF）进行分析，首次以形式化方法比较其抗MLA能力。此外，我们评估当前被认为"安全"的CT PUF，并明确其安全边界。研究表明，所提方法能系统量化PUF的抗攻击能力，捕捉细微的安全差异，并为PUF的实际部署提供可操作、理论坚实的安全保障。