Trust and Trustworthy Computing

Volume 6740 of the series Lecture Notes in Computer Science pp 33-47

Side-Channel Analysis of PUFs and Fuzzy Extractors

  • Dominik MerliAffiliated withFraunhofer Institute for Secure Information Technology
  • , Dieter SchusterAffiliated withFraunhofer Institute for Secure Information Technology
  • , Frederic StumpfAffiliated withFraunhofer Institute for Secure Information Technology
  • , Georg SiglAffiliated withInstitute for Security in Information Technology, Technische Universität München

* Final gross prices may vary according to local VAT.

Get Access


Embedded security systems based on Physical Unclonable Functions (PUFs) offer interesting protection properties, such as tamper resistance and unclonability. However, to establish PUFs as a high security primitive in the long run, their vulnerability to side-channel attacks has to be investigated. For this purpose, we analysed the side-channel leakage of PUF architectures and fuzzy extractor implementations. We identified several attack vectors within common PUF constructions and introduce two side-channel attacks on fuzzy extractors. Our proof-of-concept attack on an FPGA implementation of a fuzzy extractor shows that it is possible to extract the cryptographic key derived from a PUF by side-channel analysis.


Physical Unclonable Function (PUF) Side-Channel Analysis (SCA) Fuzzy Extractor Helper Data FPGA