Why attackers lose: design and security analysis of arbitrarily large XOR arbiter PUFs


In a novel analysis, we formally prove that arbitrarily many Arbiter PUFs can be combined into a stable XOR Arbiter PUF. To the best of our knowledge, this design cannot be modeled by any known oracle access attack in polynomial time. Using majority vote of arbiter chain responses, our analysis shows that with a polynomial number of votes, the XOR Arbiter PUF stability of almost all challenges can be boosted exponentially close to 1; that is, the stability gain through majority voting can exceed the stability loss introduced by large XORs for a feasible number of votes. Considering state-of-the-art modeling attacks by Becker and Rührmair et al., our proposal enables the designer to increase the attacker’s effort exponentially while still maintaining polynomial design effort. This is the first result that relates PUF design to this traditional cryptographic design principle.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5


  1. 1.

    For the sake of easier notation, we chose to model challenges as vectors in \(\{-1,1\}^{n}\) rather than \(\{0,1\}^{n}\). If desired, all results can be transformed into \(\{0,1\}^{n}\) challenges by “encoding” inputs bits with a function \(\rho :\{0,1\}\rightarrow \{-1,1\}\), where \(\rho (0)=1\) and \(\rho (1)=-1\). This way, we can write \(\rho (b)=(-1)^{b}\) and have the convenient property \(\rho (b_{1}\oplus b_{2})=\rho (b_{1})\cdot \rho (b_{2})\), where \(\oplus \) denotes addition modulo 2 and \(\cdot \) denotes multiplication over \({\mathbb {Z}}\). Any output of our model can be transformed by \(\rho ^{-1}\).

  2. 2.

    Code at https://github.com/nils-wisiol/pypuf/tree/2019-why-attackers-lose.


  1. 1.

    Armknecht, F., Maes, R., Sadeghi, A.-R., Standaert, F.-X., Wachsmann, C.: A formalization of the security features of physical functions. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 397–412. IEEE (2011)

  2. 2.

    Armknecht, F., Maes, R., Sadeghi, A.-R., Sunar, B., Tuyls, P..: Memory leakage-resilient encryption based on physically unclonable functions. In: Matsui M (ed) Proceedings of the Advances in Cryptology–ASIACRYPT 2009: 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6–10, 2009, pp. 685–702. Springer, Berlin (2009)

  3. 3.

    Armknecht, F., Moriyama, D., Sadeghi, A.-R., Yung, M.: Towards a unified security model for physically unclonable functions. Proc. RSA Conf. Top. Cryptol. 9610, 271–287 (2016)

    MathSciNet  MATH  Google Scholar 

  4. 4.

    Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 535–555. Springer, Berlin (2015). https://doi.org/10.1007/978-3-662-48324-4_27

  5. 5.

    Berry, Andrew C.: The accuracy of the Gaussian approximation to the sum of independent variates. Trans. Am. Math. Soc. 49(1), 122–122 (1941)

    MathSciNet  Article  MATH  Google Scholar 

  6. 6.

    Delvaux, J., Verbauwhede, I.: Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 137–142. IEEE (2013)

  7. 7.

    Delvaux, Jeroen, Verbauwhede, Ingrid: Fault injection modeling attacks on 65 nm arbiter and RO Sum PUFs via environmental changes. IEEE Trans. Circuits Syst. I: Regul. Pap. 61(6), 1701–1713 (2014)

    Article  Google Scholar 

  8. 8.

    Devadas, S.: Physical unclonable functions (PUFS) and secure processors. In: Workshop on Cryptographic Hardware and Embedded Systems (2009)

  9. 9.

    Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and implementation of PUF-based “unclonable” RFID ICs for anti-counterfeiting and security applications. In: 2008 IEEE International Conference on RFID (Frequency Identification), IEEE RFID 2008, pp. 58–64 (2008)

  10. 10.

    Esseen, Carl-Gustaf: On the Liapounoff Limit of Error in the Theory of Probability. Almqvist & Wiksell, Stockholm (1942)

    Google Scholar 

  11. 11.

    Ganji, F., Krämer, J., Seifert, J.-P., Tajik, S.: Lattice basis reduction attack against physically unclonable functions. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1070–1080. ACM (2015)

  12. 12.

    Ganji, F., Tajik, S., Fäßler, F., Seifert, J.-P.: Strong machine learning attack against PUFs with no mathematical model. Lect. Notes Comput. Sci. (including subseries Lecture Notes in Arti cial Intelligence and Lecture Notes in Bioinformatics) 9813, 391–411 (2016)

    MATH  Google Scholar 

  13. 13.

    Ganji, F., Tajik, S., Seifert, J.-P.: Why attackers win: On the learnability of XOR arbiter PUFs. In: Trust and Trustworthy Computing, pp. 22–39. Springer (2015)

  14. 14.

    Ganji, Fatemeh, Tajik, Shahin, Seifert, Jean-Pierre: PAC learning of arbiter PUFs. J. Cryptogr. Eng. 6(3), 249–258 (2016)

    Article  Google Scholar 

  15. 15.

    Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 148–160. ACM (2002)

  16. 16.

    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Delay-based circuit authentication and applications. In: Proceedings of the 2003 ACM symposium on Applied computing-SAC ’03, pp. 294. ACM Press, New York (2003)

  17. 17.

    Gassend, Blaise, Lim, Daihyun, Clarke, Dwaine, Van Dijk, Marten, Devadas, Srinivas: Identification and authentication of integrated circuits. Concurrency and Computation: Practice and Experience 16(11), 1077–1098 (2004)

    Article  Google Scholar 

  18. 18.

    Gassend, Blaise, Van Dijk, Marten, Clarke, Dwaine, Devadas, Srinivas: Controlled physical random functions. Secur. Noisy Data Priv. Biom. Secure Key Storage Anti-Count. 10(4), 235–253 (2007)

    Google Scholar 

  19. 19.

    Guo, Q., Ye, J., Gong, Y., Hu, Y., Li, X.: Efficient attack on non-linear current mirror PUF with genetic algorithm. In: 2016 IEEE 25th Asian Test Symposium (ATS), pp. 49–54 (2016)

  20. 20.

    Kalyanaraman, M., Orshansky, M.: Novel strong PUF based on nonlinearity of MOSFET subthreshold operation. In: Proceedings of the 2013 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2013, pp. 13–18 (2013)

  21. 21.

    Kumar, R., Burleson, W.: On design of a highly secure PUF based on non-linear current mirrors. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 38–43. IEEE (2014)

  22. 22.

    Lim, D., Lee, J.W., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. Syst. 13(10), 1200–1205 (2005)

    Article  Google Scholar 

  23. 23.

    Lohrke, H., Tajik, S., Boit, C., Seifert, J.-P.: No place to hide: contactless probing of secret data on FPGAs. Cryptology ePrint Archive, Report 2016/593 (2016)

  24. 24.

    Majzoobi, M., Dyer, E., Elnably, A., Koushanfar, F.: Rapid FPGA delay characterization using clock synthesis and sparse sampling. In: IEEE International Test Conference (ITC), Austin, TX (2010)

  25. 25.

    Majzoobi, Mehrdad, Kharaya, Akshat, Koushanfar, Farinaz, Devadas, Srinivas: Automated design, implementation, and evaluation of arbiter-based PUF on FPGA using programmable delay lines. IACR Cryptol. 2014, 639 (2014)

    Google Scholar 

  26. 26.

    Majzoobi, Mehrdad, Koushanfar, Farinaz, Srinivas, Devadas: FPGA PUF using programmable delay lines. IEEE Int. Workshop Inf. Forens. Secur. 2010, 2010 (2010)

    Google Scholar 

  27. 27.

    Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Semi-invasive EM attack on FPGA RO PUFs and countermeasures. Workshop on Embedded Systems Security, pp. 1–9 (2011)

  28. 28.

    Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Side-channel analysis of PUFs and fuzzy extractors. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6740, pp. 33–47. LNCS (2011)

  29. 29.

    Nedospasov, D., Seifert, J.-P., Helfmeier, C., Boit, C.: Invasive PUF analysis. In: Proceedings-10th Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2013, pp. 30–38 (013)

  30. 30.

    Pappu, Ravikanth, Recht, Ben, Taylor, Jason, Gershenfeld, Neil: Physical one-way functions. Science 297(5589), 2026–2030 (2002)

    Article  Google Scholar 

  31. 31.

    Ruhrmair, U., Martinez-Hurtado, J.L., Xu, X., Kraeh, C., Hilgers, C., Kononchuk, D., Finley, J.J., Burleson, W.P.: Virtual proofs of reality and their physical implementation. In: 2015 IEEE Symposium on Security and Privacy, vol. 2015-July, pp. 70–85. IEEE (2015 May)

  32. 32.

    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 237–249. ACM (2010)

  33. 33.

    Rührmair, Ulrich, Sölter, Jan, Sehnke, Frank, Xiaolin, Xu, Mahmoud, Ahmed, Stoyanova, Vera, Dror, Gideon, Schmidhuber, Jürgen, Burleson, Wayne, Devadas, Srinivas: PUF modeling attacks on simulated and silicon data. IEEE Trans. Inf. Forens. Secur. 8(11), 1876–1891 (2013)

    Article  Google Scholar 

  34. 34.

    Rührmair, Ulrich, Xiaolin, Xu, Sölter, Jan, Mahmoud, Ahmed, Majzoobi, Mehrdad, Koushanfar, Farinaz, Burleson, Wayne: Efficient power and timing side channels for physical unclonable functions. Cryptogr. Hardw. Embed. Syst. 8731, 476–492 (2014)

    MATH  Google Scholar 

  35. 35.

    Spenke, A., Breithaupt, R., Plaga, R.: An arbiter PUF secured by remote random reconfigurations of an FPGA. In: International Conference on Trust and Trustworthy Computing, pp. 140–158. Springer (2016)

  36. 36.

    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference, pp. 9–14. ACM (2007)

  37. 37.

    Tajik, S., Dietz, E., Frohmann, S., Seifert, J.-P., Nedospasov, D., Helfmeier, C., Boit, C., Dittrich, H.: Physical characterization of arbiter PUFs. In: Batina, L., Robshaw, M. (eds.) Proceedings of the Cryptographic Hardware and Embedded Systems-CHES 2014: 16th International Workshop, Busan, South Korea, September 23–26, 2014. pp. 493–509. Springer, Berlin (2014)

  38. 38.

    Tajik, S., Lohrke, H., Ganji, F., Seifert, J.-P., Boit, C.: Laser fault attack on physically unclonable functions. In: 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 85–96. IEEE (2015)

  39. 39.

    Tehranipoor, M., Wang, C.: Introduction to Hardware Security and Trust, vol. 9781441980. Springer, Berlin (2012)

    Google Scholar 

  40. 40.

    Vijayakumar, A., Kundu, S.: A novel modeling attack resistant PUF design based on non-linear voltage transfer characteristics. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015, DATE ’15, pp. 653–658. IEEE Conference Publications, New Jersey (2015)

  41. 41.

    Yu, M.D.M., Hiller, M., Delvaux, J., Sowell, R., Devadas, S., Verbauwhede, I.: A lockdown technique to prevent machine learning on PUFs for lightweight authentication. IEEE Trans. Multi-Scale Comput. Syst. 2(3), 146–159 (2016)

    Article  Google Scholar 

  42. 42.

    Илья Сергееич  Тюрин. Уточнение верхних  оценок  констант  в  теореме  Ляпунова.  У с п е х и  м а т е м а т и ч е с к и х н а у к, 65(3):201-202, 2010

Download references


The authors would like to thank Christoph Graebnitz, Manuel Oswald, Tudor A. A. Soroceanu, and Benjamin Zengin for helpful comments and discussions.

Author information



Corresponding author

Correspondence to Nils Wisiol.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wisiol, N., Margraf, M. Why attackers lose: design and security analysis of arbitrarily large XOR arbiter PUFs. J Cryptogr Eng 9, 221–230 (2019). https://doi.org/10.1007/s13389-019-00204-8

Download citation


  • Physically unclonable functions
  • XOR Arbiter PUF
  • Majority vote