Practical Security Analysis of PUF-Based Two-Player Protocols

  • Ulrich Rührmair
  • Marten van Dijk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7428)


In recent years, PUF-based schemes have not only been suggested for the basic tasks of tamper sensitive key storage or the identification of hardware systems, but also for more complex protocols like oblivious transfer (OT) or bit commitment (BC), both of which possess broad and diverse applications. In this paper, we continue this line of research. We first present an attack on two recent OT- and BC-protocols which have been introduced at CRYPTO 2011 by Brzuska et al. [1,2]. The attack quadratically reduces the number of CRPs which malicious players must read out in order to cheat, and fully operates within the original communication model of [1,2]. In practice, this leads to insecure protocols when electrical PUFs with a medium challenge-length are used (e.g., 64 bits), or whenever optical PUFs are employed. These two PUF types are currently among the most popular designs. Secondly, we discuss countermeasures against the attack, and show that interactive hashing is suited to enhance the security of PUF-based OT and BC, albeit at the price of an increased round complexity.


Physical Unclonable Functions (PUFs) Cryptographic Protocols Oblivious Transfer Bit Commitment Security Analysis Interactive Hashing 


  1. 1.
    Brzuska, C., Fischlin, M., Schröder, H., Katzenbeisser, S.: Physically Uncloneable Functions in the Universal Composition Framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 51–70. Springer, Heidelberg (2011)Google Scholar
  2. 2.
    Brzuska, C., Fischlin, M., Schröder, H., Katzenbeisser, S.: Physical Unclonable Functions in the Universal Composition Framework. Full version of the paper. Available from Cryptology ePrint Archive (2011) (downloaded on February 28, 2012)Google Scholar
  3. 3.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: FOCS 2001, pp. 136–145 (2001); Full and updated version available from Cryptology ePrint ArchiveGoogle Scholar
  4. 4.
    Crépeau, C., Kilian, J., Savvides, G.: Interactive Hashing: An Information Theoretic Tool (Invited Talk). In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 14–28. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Damgård, I., Kilian, J., Salvail, L.: On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    van Dijk, M., Rührmair, U.: Physical Unclonable Functions in Cryptographic Protocols: Security Proofs and Impossibility Results. Cryptology ePrint Archive, Report 228/2012 (2012)Google Scholar
  7. 7.
    Ding, Y.Z., Harnik, D., Rosen, A., Shaltiel, R.: Constant-round oblivious transfer in the bounded storage model. Journal of Cryptology 20(2), 165–202 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Gassend, B.: Physical Random Functions. MSc Thesis. MIT (2003)Google Scholar
  9. 9.
    Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: ACM Conference on Computer and Communications Security 2002, pp. 148–160 (2002)Google Scholar
  10. 10.
    Gassend, B., Lim, D., Clarke, D., van Dijk, M., Devadas, S.: Identification and authentication of integrated circuits. Concurrency and Computation: Practice & Experience 16(11), 1077–1098 (2004)CrossRefGoogle Scholar
  11. 11.
    Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Impagliazzo, R., Rudich, S.: Limits on the Provable Consequences of One-Way Permutations. In: STOC 1989, pp. 44–61 (1989)Google Scholar
  13. 13.
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC (1988)Google Scholar
  14. 14.
    Kumar, S.S., Guajardo, J., Maes, R., Schrijen, G.J., Tuyls, P.: The Butterfly PUF: Protecting IP on every FPGA. In: HOST 2008, pp. 67–70 (2008)Google Scholar
  15. 15.
    Lee, J.-W., Lim, D., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits with identification and authentication applications. In: Proceedings of the IEEE VLSI Circuits Symposium (June 2004)Google Scholar
  16. 16.
    Maes, R., Verbauwhede, I.: Physically Unclonable Functions: a Study on the State of the Art and Future Research Directions. In: Naccache, D., Sadeghi, A.-R. (eds.) Towards Hardware-Intrinsic Security, sec. 1. Springer (2010)Google Scholar
  17. 17.
    Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero- knowledge arguments for NP using any one-way permutation. Journal of Cryptology (1998); Preliminary version In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 196–214. Springer, Heidelberg (1993)Google Scholar
  18. 18.
    Ostrovsky, R., Venkatesan, R., Yung, M.: Fair games against an all-powerful adversary. In: AMS DIMACS Series in Discrete Mathematics and Theoretical Computer Science, pp. 155–169 (1993); Preliminary version in SEQUENCES 1991Google Scholar
  19. 19.
    Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight Secure PUFs. In: IC-CAD 2008, pp. 607–673 (2008)Google Scholar
  20. 20.
    Pappu, R.: Physical One-Way Functions. PhD Thesis, Massachusetts Institute of Technology (2001)Google Scholar
  21. 21.
    Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical One-Way Functions. Science 297, 2026–2030 (2002)CrossRefGoogle Scholar
  22. 22.
    Rivest, R.: Illegitimi non carborundum. Invited keynote talk, CRYPTO 2011 (2011)Google Scholar
  23. 23.
    Rührmair, U.: Oblivious Transfer Based on Physical Unclonable Functions. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 430–440. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Rührmair, U., Busch, H., Katzenbeisser, S.: Strong PUFs: Models, Constructions and Security Proofs. In: Sadeghi, A.-R., Tuyls, P. (eds.) Towards Hardware Intrinsic Security: Foundation and Practice. Springer (2010)Google Scholar
  25. 25.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling Attacks on Physical Unclonable Functions. In: ACM Conference on Computer and Communications Security (2010)Google Scholar
  26. 26.
    Rührmair, U., Sölter, J., Sehnke, F.: On the Foundations of Physical Unclonable Functions. Cryptology e-Print Archive (June 2009)Google Scholar
  27. 27.
    Savvides, G.: Interactive Hashing and reductions between Oblivious Transfer variants. PhD thesis, McGill University, Montreal (2007)Google Scholar
  28. 28.
    Suh, G.E., Devadas, S.: Physical Unclonable Functions for Device Authentication and Secret Key Generation. In: DAC 2007, pp. 9–14 (2007)Google Scholar
  29. 29.
    Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-Proof Hardware from Protective Coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Tuyls, P., Škorić, B.: Strong Authentication with Physical Unclonable Functions. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy and Trust in Modern Data Management. Springer (2007)Google Scholar
  31. 31.
    Tuyls, P., Škorić, B., Stallinga, S., Akkermans, A.H.M., Ophey, W.: Information-Theoretic Security Analysis of Physical Uncloneable Functions. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 141–155. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Ulrich Rührmair
    • 1
  • Marten van Dijk
    • 2
  1. 1.Technische Universität MünchenMünchenGermany
  2. 2.RSA LaboratoriesCambridgeUSA

Personalised recommendations