Efficient Fuzzy Extraction of PUF-Induced Secrets: Theory and Applications

  • Jeroen Delvaux
  • Dawu Gu
  • Ingrid Verbauwhede
  • Matthias Hiller
  • Meng-Day (Mandel) Yu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9813)


The device-unique response of a physically unclonable function (PUF) can serve as the root of trust in an embedded cryptographic system. Fuzzy extractors transform this noisy non-uniformly distributed secret into a stable high-entropy key. The overall efficiency thereof, typically depending on error-correction with a binary [nkd] block code, is determined by the universal and well-known \((n-k)\) bound on the min-entropy loss. We derive new considerably tighter bounds for PUF-induced distributions that suffer from, e.g., bias or spatial correlations. The bounds are easy-to-evaluate and apply to large non-trivial codes, e.g., BCH, Hamming and Reed-Muller codes. Apart from an inherent reduction in implementation footprint, the newly developed theory also facilitates the analysis of state-of-the-art error-correction methods for PUFs. As such, we debunk the reusability claim of the reverse fuzzy extractor. Moreover, we provide proper quantitative motivation for debiasing schemes, as this was missing in the original proposals.


Fuzzy extractor Secure sketch Min-entropy Physically unclonable function Coding theory 



The authors greatly appreciate the support received. The European Union’s Horizon 2020 research and innovation programme under grant number 644052 (HECTOR). The Research Council of KU Leuven, GOA TENSE (GOA/11/007), the Flemish Government through FWO G.0550.12N and the Hercules Foundation AKUL/11/19. The national major development program for fundamental research of China (973 Plan) under grant number 2013CB338004. Jeroen Delvaux is funded by IWT-Flanders grant number SBO 121552. Matthias Hiller is funded by the German Federal Ministry of Education and Research (BMBF) in the project SIBASE through grant number 01IS13020A.


  1. 1.
    Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a PUF-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 556–576. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  2. 2.
    Barak, B., Dodis, Y., Krawczyk, H., Pereira, O., Pietrzak, K., Standaert, F.-X., Yu, Y.: Leftover hash lemma, revisited. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 1–20. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Becker, G.T.: On the pitfalls of using arbiter-PUFs as building blocks. IEEE Trans. CAD Integr. Circuits Syst. 34(8), 1295–1307 (2015)CrossRefGoogle Scholar
  4. 4.
    Bhargava, M., Mai, K.: An efficient reliable PUF-based cryptographic key generator in 65nm CMOS. In: Design, Automation & Test in Europe Conference & Exhibition, DATE 2014, Dresden, Germany, 24–28 March 2014, pp. 1–6 (2014)Google Scholar
  5. 5.
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Boyen, X.: Reusable cryptographic fuzzy extractors. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, 25–29 October 2004, pp. 82–91 (2004)Google Scholar
  7. 7.
    Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Delvaux, J., Gu, D., Schellekens, D., Verbauwhede, I.: Helper data algorithms for PUF-based key generation: overview and analysis. IEEE Trans. CAD Integr. Circ. Syst. 34(6), 889–902 (2015). CrossRefGoogle Scholar
  9. 9.
    Delvaux, J., Peeters, R., Gu, D., Verbauwhede, I.: A survey on lightweight entity authentication with strong PUFs. ACM Comput. Surv. 48(2), 26 (2015)CrossRefGoogle Scholar
  10. 10.
    Delvaux, J., Verbauwhede, I.: Fault injection modeling attacks on 65nm arbiter and RO sum PUFs via environmental changes. IEEE Trans. Circuits Syst. 61–I(6), 1701–1713 (2014)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Feller, W.: An Introduction to Probability Theory and Its Applications, vol. 1, 3rd edn. Wiley, New York (1968)Google Scholar
  13. 13.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Van Herrewege, A., van der Leest, V., Schaller, A., Katzenbeisser, S., Verbauwhede, I.: Secure PRNG seeding on commercial off-the-shelf microcontrollers. In: TrustE 2013, Proceedings of the 2013 ACM Workshop on Trustworthy Embedded Devices, pp. 55–64 (2013)Google Scholar
  15. 15.
    Hiller, M., Merli, D., Stumpf, F., Sigl, G.: Complementary IBS: application specific error correction for PUFs. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2012, 3–4 June 2012, pp. 1–6 (2012)Google Scholar
  16. 16.
    Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Koeberl, P., Li, J., Rajan, A., Wu, W.: Entropy loss in PUF-based key generation schemes: the repetition code pitfall. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2014, Arlington, VA, USA, 6–7 May 2014, pp. 44–49 (2014)Google Scholar
  18. 18.
    MacWiliams, F.J., Sloane, N.J.A.: The Theory of Error Correcting Codes. North-Holland Mathematical Library (Book 16). North Holland Publishing Co., New York (1977)Google Scholar
  19. 19.
    Maes, R.: Physically unclonable functions: constructions, properties and applications. Ph.D. thesis, KU Leuven (2012). Ingrid Verbauwhede (promotor)Google Scholar
  20. 20.
    Maes, R.: An accurate probabilistic reliability model for silicon PUFs. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 73–89. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  21. 21.
    Maes, R., Tuyls, P., Verbauwhede, I.: A soft decision helper data algorithm for SRAM PUFs. In: ISIT 2009, IEEE International Symposium on Information Theory, pp. 2101–2105 (2009)Google Scholar
  22. 22.
    Maes, R., van der Leest, V., van der Sluis, E., Willems, F.: Secure key generation from biased PUFs: extended version. J. Cryptogr. Eng. 6(2), 121–137 (2016)CrossRefGoogle Scholar
  23. 23.
    Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 302–319. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Reyzin, L.: Entropy loss is maximal for uniform inputs. Technical report BUCS-TR-2007-011, Department of Computer Science, Boston University, September 2007Google Scholar
  25. 25.
    Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    van der Leest, V., Schrijen, G.-J., Handschuh, H., Tuyls, P.: Hardware intrinsic security from D flip-flops. In: Proceedings of the Fifth ACM Workshop on Scalable Trusted Computing, STC 2010, pp. 53–62 (2010)Google Scholar
  27. 27.
    Van Herrewege, A.: Lightweight PUF-based key and random number generation. Ph.D. thesis, KU Leuven, 2015. Ingrid Verbauwhede (promotor)Google Scholar
  28. 28.
    Van Herrewege, A., Katzenbeisser, S., Maes, R., Peeters, R., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: Reverse fuzzy extractors: enabling lightweight mutual authentication for PUF-enabled RFIDs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 374–389. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  29. 29.
    Yu, H., Leong, P.H.W., Hinkelmann, H., Möller, L., Glesner, M., Zipf, P.: Towards a unique FPGA-based identification circuit using process variations. In: FPL 2009, International Conference on Field Programmable Logic and Applications, pp. 397–402 (2009)Google Scholar
  30. 30.
    Yu, M., Devadas, S.: Secure and robust error correction for physical unclonable functions. IEEE Des. Test Comput. 27(1), 48–65 (2010)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Jeroen Delvaux
    • 1
    • 2
  • Dawu Gu
    • 2
  • Ingrid Verbauwhede
    • 1
  • Matthias Hiller
    • 3
  • Meng-Day (Mandel) Yu
    • 1
    • 4
    • 5
  1. 1.KU Leuven, ESAT/COSIC and iMindsLeuvenBelgium
  2. 2.Shanghai Jiao Tong University, CSE/LoCCSShanghaiChina
  3. 3.Chair of Security in Information TechnologyTechnical University of MunichMunichGermany
  4. 4.Verayo Inc.San JoseUSA
  5. 5.CSAIL, MITCambridgeUSA

Personalised recommendations