Feasibility and Infeasibility of Secure Computation with Malicious PUFs

  • Dana Dachman-Soled
  • Nils Fleischhacker
  • Jonathan KatzEmail author
  • Anna Lysyanskaya
  • Dominique Schröder


A recent line of work has explored the use of physically unclonable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without additional setup and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers have investigated models in which an adversary can create malicious PUFs with arbitrary behavior. Researchers have considered both malicious PUFs that might be stateful, as well as malicious PUFs that can have arbitrary behavior but are guaranteed to be stateless. We settle the main open questions regarding secure computation in the malicious-PUF model:
  • We prove that unconditionally secure oblivious transfer is impossible, even in the stand-alone setting, if the adversary can construct (malicious) stateful PUFs.

  • We show that if the attacker is limited to creating (malicious) stateless PUFs, then universally composable two-party computation is possible, unconditionally.


Secure computation Oblivious transfer Physically unclonable functions 



Work of Nils Fleischhacker and Dominique Schröder was done in part while at Saarland University and while visiting the University of Maryland. Their work was supported by the German Federal Ministry of Education and Research (BMBF) through funding for the Center for IT-Security, Privacy, and Accountability (CISPA; see The visit of Nils Fleischhacker was supported by the Saarbrücken Graduate School of Computer Science funded by the German National Excellence Initiative, and the visit of Dominique Schröder was supported by NSF Award #1223623. Work of Dominique Schröder was also supported by an Intel Early Career Faculty Honor Program Award. Work of Jonathan Katz was supported in part by NSF Award #1223623, as well as by a Humboldt Award. Work of Anna Lysyanskaya was supported by NSF Awards #0964379 and #1012060.


  1. 1.
    F. Armknecht, R. Maes, A.-R. Sadeghi, F.-X. Standaert, C. Wachsmann, A formalization of the security features of physical functions, in IEEE Symposium on Security and Privacy (IEEE, Washington, 2011), pp. 397–412Google Scholar
  2. 2.
    S. Badrinarayanan, D. Khurana, R. Ostrovsky, I. Visconti, Unconditional UC-secure computation with (stronger-malicious) PUFs, in Advances in Cryptology—Eurocrypt  2017, Part I, Volume 10210 of LNCS (Springer, Berlin, 2017), pp. 382–411Google Scholar
  3. 3.
    B. Barak, M. Mahmoody-Ghidary, Merkle puzzles are optimal—an \(O(n^2)\)-query attack on any key exchange from a random oracle. J. Cryptol. 30(3), 699–734 (2017)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for noncryptographic fault-tolerant distributed computations, in 20th Annual ACM Symposium on Theory of Computing (STOC) (ACM Press, London, 1988), pp. 1–10Google Scholar
  5. 5.
    C. Brzuska, M. Fischlin, H. Schröder, S. Katzenbeisser, Physically uncloneable functions in the universal composition framework, in Advances in Cryptology—Crypto 2011, Volume 6841 of LNCS (Springer, Berlin, 2011), pp. 51–70Google Scholar
  6. 6.
    R. Canetti. Universally composable security: a new paradigm for cryptographic protocols, in 42nd Annual Symposium on Foundations of Computer Science (FOCS) (IEEE, Washington, 2001), pp. 136–145. Full version available at
  7. 7.
    R. Canetti, Y. Dodis, R. Pass, S. Walfish, Universally composable security with global setup, in 4th Theory of Cryptography Conference—TCC 2007, Volume 4392 of LNCS (Springer, Berlin, 2007), pp. 61–85Google Scholar
  8. 8.
    R. Canetti, M. Fischlin, Universally composable commitments, in Advances in Cryptology—Crypto 2001, Volume 2139 of LNCS (Springer, Berlin, 2001), pp. 19–40Google Scholar
  9. 9.
    R. Canetti, E. Kushilevitz, Y. Lindell, On the limitations of universally composable two-party computation without set-up assumptions. J. Cryptol. 19(2), 135–167 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    I. Damgård, A. Scafuro, Unconditionally secure and universally composable commitments from physical assumptions, In Advances in Cryptology—Asiacrypt 2013, Part II, Volume 8270 of LNCS (Springer, Berlin, 2013), pp. 100–119Google Scholar
  11. 11.
    Y. Dodis, R. Ostrovsky, L. Reyzin, A. Smith, Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    V. Goyal, Y. Ishai, M. Mahmoody, A. Sahai, Interactive locking, zero-knowledge PCPs, and unconditional cryptography, in Advances in Cryptology—Crypto 2010, Volume 6223 of LNCS (Springer, Berlin, 2010), pp. 173–190Google Scholar
  13. 13.
    R. Impagliazzo, S. Rudich, Limits on the provable consequences of one-way permutations, in 21st Annual ACM Symposium on Theory of Computing (STOC) (ACM Press, New York, 1989), pp. 44–61Google Scholar
  14. 14.
    Y. Ishai, M. Prabhakaran, A. Sahai, Founding cryptography on oblivious transfer—efficiently, in Advances in Cryptology—Crypto 2008, Volume 5157 of LNCS (Springer, Berlin, 2008), pp. 572–591Google Scholar
  15. 15.
    J. Katz, Universally composable multi-party computation using tamper-proof hardware, in Advances in Cryptology—Eurocrypt 2007, Volume 4515 of LNCS (Springer, Berlin, 2007), pp. 115–128Google Scholar
  16. 16.
    S. Katzenbeisser, Ü. Koçabas, V. Rozic, A.-R. Sadeghi, I. Verbauwhede, C. Wachsmann, PUFs: Myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon, in Cryptographic Hardware and Embedded Systems—CHES 2012, Volume 7428 of LNCS (Springer, Berlin, 2012), pp. 283–301Google Scholar
  17. 17.
    Y. Lindell, B. Pinkas, A proof of security of Yao’s protocol for two-party computation. J. Cryptol. 22(2), 161–188 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    R. Ostrovsky, A. Scafuro, I. Visconti, A. Wadia, Universally composable secure computation with (malicious) physically uncloneable functions, in Advances in Cryptology—Eurocrypt 2013, Volume 7881 of LNCS (Springer, Berlin, 2013), pp. 702–718Google Scholar
  19. 19.
    R.S. Pappu, Physical One-Way Functions. PhD thesis, Massachusetts Institute of Technology (2001)Google Scholar
  20. 20.
    R.S. Pappu, B. Recht, J. Taylor, N. Gershenfeld, Physical one-way functions. Science 297, 2026–2030 (2002)CrossRefGoogle Scholar
  21. 21.
    U. Rührmair, Oblivious transfer based on physical uncloneable functions, in Trust and Trustworthy Computing, Volume 6101 of LNCS (Springer, Berlin, 2010), pp. 430–440Google Scholar
  22. 22.
    U. Rührmair, S. Katzenbeisser, H. Busch. Strong PUFs: models, constructions, and security proofs, in Towards Hardware-Intrinsic Security (Springer, Berlin, 2010), pp. 79–96Google Scholar
  23. 23.
    U. Rührmair, M. van Dijk, PUFs in security protocols: attack models and security evaluations, in IEEE Symposium on Security and Privacy (IEEE, Washington, 2013), pp. 286–300Google Scholar
  24. 24.
    M. van Dijk, U. Rührmair, Physical unclonable functions in cryptographic protocols: security proofs and impossibility results. Cryptology ePrint Archive, Report 2012/228 (2012)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Dana Dachman-Soled
    • 1
  • Nils Fleischhacker
    • 2
  • Jonathan Katz
    • 1
    Email author
  • Anna Lysyanskaya
    • 3
  • Dominique Schröder
    • 4
  1. 1.University of MarylandCollege ParkUSA
  2. 2.Ruhr University BochumBochumGermany
  3. 3.Brown UniversityProvidenceUSA
  4. 4.Friedrich-Alexander-University Erlangen-NürnbergErlangenGermany

Personalised recommendations