FPGA Intrinsic PUFs and Their Use for IP Protection

  • Jorge Guajardo
  • Sandeep S. Kumar
  • Geert-Jan Schrijen
  • Pim Tuyls
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4727)


In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. In [34], Simpson and Schaumont proposed a fundamentally different approach to IP protection on FPGAs based on the use of Physical Unclonable Functions (PUFs). Their work only assumes the existence of a PUF on the FPGAs without actually proposing a PUF construction. In this paper, we propose new protocols for the IP protection problem on FPGAs and provide the first construction of a PUF intrinsic to current FPGAs based on SRAM memory randomness present on current FPGAs. We analyze SRAM-based PUF statistical properties and investigate the trade offs that can be made when implementing a fuzzy extractor.


Hash Function Authentication Protocol Trusted Third Party Intellectual Property Protection Secrecy Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    An, J.H., Bellare, M.: Does Encryption with Redundancy Provide Authenticity? In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 512–528. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bellaouar, A., Elmasry, M.I.: Low-Power Digital VLSI Design. Circuits and Systems, 1st edn. Kluwer Academic Publishers, Dordrecht (1995)Google Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Bhavnagarwala, A.J., Tang, X., Meindl, J.D.: The Impact of Intrinsic Device Fluctuations on CMOS SRAM Cell Stability. IEEE Journal of Solid-State Circuits 36(4), 658–665 (2001)CrossRefGoogle Scholar
  8. 8.
    Blahut, R.E.: Theory and Practice of Error Control Codes, 1st edn. Addison-Wesley, Reading (1985)Google Scholar
  9. 9.
    Carter, L., Wegman, M.N.: Universal Classes of Hash Functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Cheng, B., Roy, S., Asenov, A.: The impact of random doping effects on CMOS SRAM cell. In: European Solid State Circuits Conference, Washington, DC, USA, pp. 219–222. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Reyzin, M., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography (Extended Abstract). In: ACM Symposium on Theory of Computing — STOC 1991, May 6-8, 1991, pp. 542–552. ACM Press, New York (1991)CrossRefGoogle Scholar
  13. 13.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled Physical Random Functions. In: ACSAC 2002: Proceedings of the 18th Annual Computer Security Applications Conference, Washington, DC, USA, p. 149. IEEE Computer Society Press, Los Alamitos (2002)CrossRefGoogle Scholar
  14. 14.
    Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical unknown functions. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security — CCS 2002, November 2002, pp. 148–160. ACM Press, New York (2002)CrossRefGoogle Scholar
  15. 15.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Sixth USENIX Workshop on Smartcard Technology Proceedings, pp. 77–89, San Jose, California (July 1996), Available at
  17. 17.
    Gutmann, P.: Data remanence in semiconductor devices. In: 10th USENIX Security Symposium, pp. 39–54 (August 2001), Available at
  18. 18.
    Ignatenko, T., Schrijen, G.J., Skoric, B., Tuyls, P., Willems, F.: Estimating the Secrecy-Rate of Physical Unclonable Functions with the Context-Tree Weighting Method. In: IEEE International Symposium on Information Theory, Seattle, USA, July 2006, pp. 499–503. IEEE Computer Society Press, Los Alamitos (2006)CrossRefGoogle Scholar
  19. 19.
    Jutla, C.S.: Encryption Modes with Almost Free Message Integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Kaps, J.-P., Y., K., Sunar, B.: Energy Scalable Universal Hashing. IEEE Trans. Computers 54(12), 1484–1495 (2005)CrossRefGoogle Scholar
  21. 21.
    Kean, T.: Cryptographic rights management of FPGA intellectual property cores. In: ACM/SIGDA tenth international symposium on Field-programmable gate arrays — FPGA 2002, pp. 113–118 (2002)Google Scholar
  22. 22.
    Krawczyk, H.: LFSR-based Hashing and Authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)Google Scholar
  23. 23.
    Krawczyk, H.: The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. Internet RFC 2104 (February 1997), Available at
  25. 25.
    Lim, D., Lee, J.W., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 13(10), 1200–1205 (2005)CrossRefGoogle Scholar
  26. 26.
    Linnartz, J.-P.M.G., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Nevelsteen, W., Preneel, B.: Software Performance of Universal Hash Functions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 24–41. Springer, Heidelberg (1999)Google Scholar
  28. 28.
    Pappu, R.S.: Physical one-way functions. PhD thesis, Massachusetts Institute of Technology (March 2001), Available at
  29. 29.
    Pappu, R.S., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(6), 2026–2030 (2002), Available at CrossRefGoogle Scholar
  30. 30.
    Peterson, W.W., Weldon Jr., E.J.: Error-Correcting Codes, 2nd edn. MIT Press, Cambridge (1972)zbMATHGoogle Scholar
  31. 31.
    Rogaway, P., Bellare, M., Black, J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003)CrossRefGoogle Scholar
  32. 32.
    Seevinck, E., List, F.J., Lohstroh, J.: Static-Noise Margin Analysis of MOS SRAM Cells. IEEE Journal of Solid-State Circuits 22(5), 748–754 (1987)CrossRefGoogle Scholar
  33. 33.
    Shoup, V.: On Fast and Provably Secure Message Authentication Based on Universal Hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 313–328. Springer, Heidelberg (1996)Google Scholar
  34. 34.
    Simpson, E., Schaumont, P.: Offline Hardware/Software Authentication for Reconfigurable Platforms. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 311–323. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  35. 35.
    Skoric, B., Tuyls, P., Ophey, W.: Robust Key Extraction from Physical Uncloneable Functions. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 407–422. Springer, Heidelberg (2005)Google Scholar
  36. 36.
    Skorobogatov, S.P.: Low temperature data remanence in static RAM. Technical Report 536, University of Cambridge, Computer Laboratory (June 2002)Google Scholar
  37. 37.
    Su, Y., Holleman, J., Otis, B.: A 1.6pJ/bit 96% Stable Chip-ID Generating Cicuit using Process Variations. In: ISSCC 2007: IEEE International Solid-State Circuits Conference, Washington, DC, USA, pp. 406–408. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  38. 38.
    Tuyls, P., Schrijen, G.-J., Skoric, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-Proof Hardware from Protective Coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  39. 39.
    Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). NIST Proposed Mode of Operation (June 2002), Available at
  40. 40.
    Willems, F., Shtarkov, Y.M., Tjalkens, Tj.J.: The Context-Tree Weighting method: Basic Properties. IEEE Trans. Inform. Theory IT-41, 653–664 (1995)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Jorge Guajardo
    • 1
  • Sandeep S. Kumar
    • 1
  • Geert-Jan Schrijen
    • 1
  • Pim Tuyls
    • 1
  1. 1.Information and System Security Group, Philips Research Laboratories, EindhovenThe Netherlands

Personalised recommendations