Journal of Hardware and Systems Security

, Volume 3, Issue 1, pp 78–93 | Cite as

Variable-Length Bit Mapping and Error-Correcting Codes for Higher-Order Alphabet PUFs—Extended Version

  • Vincent ImmlerEmail author
  • Matthias Hiller
  • Qinzhi Liu
  • Andreas Lenz
  • Antonia Wachter-Zeh


Device-specific physical characteristics provide the foundation for physical unclonable functions (PUFs), a hardware primitive for secure storage of cryptographic keys. Thus far, they have been implemented by either directly evaluating a binary output or by mapping symbols from a higher-order alphabet to a fixed-length bit sequence. However, when combined with equidistant quantization, this causes significant bias in the derived secret which is a security issue. To overcome this limitation, we propose a variable-length bit mapping that reflects the properties of a Gray code in a different metric, namely the Levenshtein metric instead of the classical Hamming metric. Subsequent error correction is therefore based on a custom insertion/deletion error-correcting code (ECC). This new approach effectively counteracts the bias in the derived key already at the input side of the ECC. We present the concept for our scheme and demonstrate its feasibility based on an empirical PUF distribution. As a result, we increase the effective output bit length of the secret by over 40% compared to state-of-the-art approaches. In addition to that, we investigate different segmentation approaches which is important due to the variable length of the considered values. Practical implementation results demonstrate that the proposed scheme requires only a fraction of the execution time compared to Bose-Chaudhuri-Hocquenghem (BCH) codes. This opens up a new direction of ECCs for PUFs that output responses with symbols of a higher-order alphabet.


Physical unclonable functions Fuzzy extractor Secrecy leakage Coding theory Quantization Varshamov-Tenengolts (VT) code 



Many thanks to Aysun Önalan for preparing the numbers of the RS-based fuzzy commitment scheme.

Funding Information

The authors from Fraunhofer AISEC have been supported by the Fraunhofer Internal Programs under Grant no. MAVO 828 432. A. Lenz and A. Wachter-Zeh have been supported by the Technical University of Munich–Institute for Advanced Study, funded by the German Excellence Initiative and European Union Seventh Framework Programme under Grant Agreement No. 291763.


  1. 1.
    Armknecht F, Maes R, Sadeghi AR, Standaert FX, Wachsmann C (2011) A formalization of the security features of physical functions. In: IEEE symposium on security and privacy (S&P), pp 397–412Google Scholar
  2. 2.
    Bleichenbacher D, Kiayias A, Yung M (2003) Decoding of interleaved Reed Solomon codes over noisy data. In: Baeten JCM, Lenstra JK, Parrow J, Woeginger GJ (eds) Automata, languages and programming, vol 2719, chap 9, p 188Google Scholar
  3. 3.
    Bösch C, Guajardo J, Sadeghi AR, Shokrollahi J, Tuyls P (2008) Efficient helper data key extractor on FPGAs. In: Oswald E, Rohatgi P (eds) Workshop on cryptographic hardware and embedded systems (CHES)Google Scholar
  4. 4.
    Brown A, Minder L, Shokrollahi A (2004) Probabilistic decoding of interleaved RS-codes on the q-ary symmetric channel. In: International symposium on information theory (ISIT). IEEE, p 326Google Scholar
  5. 5.
    Colombier B, Bossuet L, Fischer V, Hely D (2017) Key reconciliation protocols for error correction of silicon PUF responses. IEEE Trans Inf Forensics Secur 12(8):1988–2002. CrossRefGoogle Scholar
  6. 6.
    Coppersmith D, Sudan M (2003) Reconstructing curves in three (and higher) dimensional space from noisy data. In: ACM symposium on theory of computing (STOC). ACM, pp 136–142Google Scholar
  7. 7.
    Davida GI, Frankel Y, Matt BJ (1998) On enabling secure applications through off-line biometric identification. In: IEEE symposium on security and privacy (S&P), pp 148–157Google Scholar
  8. 8.
    Delvaux J, Verbauwhede I (2014) Key-recovery attacks on various RO PUF constructions via helper data manipulation. In: Design, automation test in Europe conference exhibition (DATE)Google Scholar
  9. 9.
    Delvaux J, Gu D, Verbauwhede I, Hiller M, Yu M (2015) Secure sketch metamorphosis: tight unified bounds. IACR eprint archiveGoogle Scholar
  10. 10.
    Delvaux J, Gu D, Verbauwhede I, Hiller M, Yu M (2016) Efficient fuzzy extraction of PUF-induced secrets: theory and applications. In: Conference on cryptographic hardware and embedded systems (CHES)Google Scholar
  11. 11.
    Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Advances in cryptology (EUROCRYPT)Google Scholar
  12. 12.
    Feng GL, Tzeng KK (1989) A generalized Euclidean algorithm for multisequence shift-register synthesis. IEEE Trans Inf Theory 35(3):584–594MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Feng GL, Tzeng KK (1991) A generalization of the Berlekamp-Massey algorithm for multisequence shift-register synthesis with applications to decoding cyclic codes. IEEE Trans Inf Theory 37(5):1274–1287MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Gray F (1953) Pulse code communication. US Patent 2,632,058Google Scholar
  15. 15.
    Guajardo J, Kumar S, Schrijen GJ, Tuyls P (2007) FPGA Intrinsic PUFs and their use for IP protection. In: Workshop on cryptographic hardware and embedded systems (CHES)Google Scholar
  16. 16.
    Günlü O, Iscan O (2014) DCT based ring oscillator physical unclonable functions. In: IEEE international conference on acoustics, speech and signal processing (ICASSP), pp 8248–8251Google Scholar
  17. 17.
    Ignatenko T, Willems FM (2010) Information leakage in fuzzy commitment schemes. IEEE Trans Inf Forensics Secur 5(2):337–348CrossRefGoogle Scholar
  18. 18.
    Immler V, Hennig M, Kürzinger L, Sigl G (2016) Practical aspects of quantization and tamper-sensitivity for physically obfuscated keys. In: Workshop on cryptography and security in computing systems (CS2)Google Scholar
  19. 19.
    Immler V, Hiller M, Liu Q, Lenz A, Wachter-Zeh A (2017) Variable-length bit mapping and error-correcting codes for higher-order alphabet PUFs. In: Security, privacy, and applied cryptography engineering (SPACE)Google Scholar
  20. 20.
    Immler V, Obermaier J, König M, Hiller M, Sigl G (2018) B-TREPID: batteryless tamper-resistant envelope with a PUF and integrity detection. In: IEEE international symposium on hardware oriented security and trust (HOST)Google Scholar
  21. 21.
    Juels A, Wattenberg M (1999) A fuzzy commitment scheme. In: ACM conference on computer and communications security (CCS)Google Scholar
  22. 22.
    Krachkovsky VY, Lee YX (1997) Decoding for iterative Reed-Solomon coding schemes. IEEE Trans Magn 33(5):2740–2742CrossRefGoogle Scholar
  23. 23.
    Krachkovsky VY, Lee YX (1998) Decoding of parallel Reed-Solomon codes with applications to product and concatenated codes. In: IEEE international symposium on information theory, 1998, p 55Google Scholar
  24. 24.
    Krachkovsky VY (2003) Reed-Solomon codes for correcting phased error bursts. IEEE Trans Inf Theory 49 (11):2975–2984MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Levenshtein V (1965) Binary codes capable of correcting deletions, insertions and reversals (in Russian). Doklady Akademii Nauk SSR 163(4):845–848zbMATHGoogle Scholar
  26. 26.
    Levenshtein VI (1966) Binary codes capable of correcting deletions, insertions, and reversals. Sov Phys Dokl 10(8):707–710MathSciNetGoogle Scholar
  27. 27.
    Maes R (2012) Physically unclonable functions: constructions, properties and applications. DissertationGoogle Scholar
  28. 28.
    Maes R, van der Leest V, van der Sluis E, Willems F (2016) Secure key generation from biased PUFs: extended version. J Cryptogr Eng 6(2):121–137CrossRefzbMATHGoogle Scholar
  29. 29.
    NIST: Recommendation for the Entropy Sources Used for Random Bit Generation (2012).
  30. 30.
    Obermaier J, Immler V (2018) The past, present, and future of physical security enclosures: from battery-backed monitoring to PUF-based inherent security and beyond. Journal of Hardware and Systems Security.
  31. 31.
    Obermaier J, Immler V, Hiller M, Sigl G (2018) A measurement system for capacitive puf-based security enclosures. In: Proceedings of the 55th annual design automation conference, DAC 2018, San Francisco, CA, USA, June 24–29, 2018, pp 64:1–64:6Google Scholar
  32. 32.
    Puchinger S, Nielsen JR (2017) Decoding of interleaved Reed-Solomon codes using improved power decoding. In: IEEE international symposium on information theory (ISIT), pp 356–360Google Scholar
  33. 33.
    Puchinger S, Müelich S, Bossert M, Wachter-Zeh A (2017) Timing attack resilient decoding algorithms for physical unclonable functions. In: International ITG conference on systems, communications and coding (SCC)Google Scholar
  34. 34.
    Saowapa K, Kaneko H, Fujiwara E (1999) Systematic deletion/insertion error correcting codes with random error correction capability. In: Defect and fault tolerance in VLSI systemsGoogle Scholar
  35. 35.
    Schmidt G, Sidorenko VR, Bossert M (2009) Collaborative decoding of interleaved Reed-Solomon codes and concatenated code designs. IEEE Trans Inf Theory 55(7):2991–3012MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Sloane NJA (2002) On single-deletion-correcting codes. In: Codes and designs. de Gruyter, pp 273–292Google Scholar
  37. 37.
    Stanko T, Andini FN, Skoric B (2017) Optimized quantization in zero leakage helper data systems. IEEE Trans Inf Forensics Secur 12(8):1957–1966. CrossRefGoogle Scholar
  38. 38.
    Suh GE, Devadas S (2007) Physical unclonable functions for device authentication and secret key generation. In: ACM/IEEE design automation conference (DAC)Google Scholar
  39. 39.
    Suzuki M, Ueno R, Homma N, Aoki T (2017) Multiple-valued debiasing for physically unclonable functions and its application to fuzzy extractors. In: International workshop on constructive side-channel analysis and secure design (COSADE)Google Scholar
  40. 40.
    Tenengolts G (1984) Nonbinary codes, correcting single deletion or insertion (corresp.). IEEE Trans Inf Theory 30(5):766–769MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    Tuyls P, Schrijen GJ, Skoric B, van Geloven J, Verhaegh N, Wolters R (2006) Read-proof hardware from protective coatings. In: Workshop on cryptographic hardware and embedded systems (CHES)Google Scholar
  42. 42.
    Varshamov RR, Tenengolts GM (1965) Codes which correct single asymmetric errors (in Russian). Automatika i TelemekhanikaGoogle Scholar
  43. 43.
    von Neumann J (1951) Various techniques used in connection with random digits. Applied Math SeriesGoogle Scholar
  44. 44.
    Wachter-Zeh A, Zeh A, Bossert M (2014) Decoding interleaved Reed–Solomon codes beyond their joint error-correcting capability. Des Codes Crypt 71(2):261–281MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    Yu M, Devadas S (2010) Secure and robust error correction for physical unclonable functions. IEEE Des Test Comput 27(1):48–65CrossRefGoogle Scholar
  46. 46.
    Yu M, Hiller M, Devadas S (2015) Maximum likelihood decoding of device-specific multi-bit symbols for reliable key generation. In: IEEE international symposium on hardware-oriented security and trust (HOST), pp 38–43Google Scholar
  47. 47.
    Zeh A, Wachter A (2011) Fast multi-sequence shift-register synthesis with the Euclidean algorithm. Adv Math Commun 5(4):667–680MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Fraunhofer Institute AISECGarching near MunichGermany
  2. 2.RWTH Aachen UniversityAachenGermany
  3. 3.Institute for Communications EngineeringTechnical University of Munich (TUM)MunichGermany

Personalised recommendations