Response-based cryptography using physical unclonable functions

Systems and methods of authentication and encrypted communication between a server and client devices using independently-generated shared encryptions keys are disclosed. Client devices with arrays of physical-unclonable-function devices are respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. Subsequently, the server issues challenges to the clients. The clients derive encryption keys from their responses to those challenges generated by the clients from characteristics of portions of the arrays specified by the challenges. The clients send messages encrypted with the client-generated encryption keys to the server. The server uses the stored characteristics to independently reproduce the client-generated encryption key. When the server-generated encryption key matches the client-generated key, the clients may be authenticated and the clients can communicate securely with the server without exchanging encryption keys. Ternary PUF characterization schemes may be used to achieve acceptable authentication error rates.