PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator

  • Roel Maes
  • Anthony Van Herrewege
  • Ingrid Verbauwhede
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7428)


We present PUFKY: a practical and modular design for a cryptographic key generator based on a Physically Unclonable Function (PUF). A fully functional reference implementation is developed and successfully evaluated on a substantial set of FPGA devices. It uses a highly optimized ring oscillator PUF (ROPUF) design, producing responses with up to 99% entropy. A very high key reliability is guaranteed by a syndrome construction secure sketch using an efficient and extremely low-overhead BCH decoder. This first complete implementation of a PUF-based key generator, including a PUF, a BCH decoder and a cryptographic entropy accumulator, utilizes merely 17% (1162slices) of the available resources on a low-end FPGA, of which 82% are occupied by the ROPUF and only 18% by the key generation logic. PUFKY is able to produce a cryptographically secure 128-bit key with a failure rate < 10− 9 in 5.62ms. The design’s modularity allows for rapid and scalable adaptations for other PUF implementations or for alternative key requirements. The presented PUFKY core is immediately deployable in an embedded system, e.g. by connecting it to an embedded microcontroller through a convenient bus interface.


Physically Unclonable Functions (PUFs) Cryptographic Key Generation Fuzzy Extractors 


  1. [Barker and Kelsey(2012)]
    Barker, E., Kelsey, J.: Recommendation for Random Number Generation Using Deterministic Random Bit Generators. NIST Special Publication 800-90A (January 2012),
  2. [Berlekamp(1965)]
    Berlekamp, E.: On Decoding Binary Bose-Chadhuri-Hocquenghem Codes. IEEE Transactions on Information Theory 11(4), 577–579 (1965)MathSciNetzbMATHCrossRefGoogle Scholar
  3. [Bogdanov et al.(2011)Bogdanov, Knezevic, Leander, Toz, Varici, and Verbauwhede]
    Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: A Lightweight Hash Function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. [Bösch et al.(2008)Bösch, Guajardo, Sadeghi, Shokrollahi, and Tuyls]
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient Helper Data Key Extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. [Burton(1971)]
    Burton, H.: Inversionless Decoding of Binary BCH codes. IEEE Transactions on Information Theory 17(4), 464–466 (1971)MathSciNetzbMATHCrossRefGoogle Scholar
  6. [Chien(1964)]
    Chien, R.: Cyclic Decoding Procedures for Bose-Chaudhuri-Hocquenghem Codes. IEEE Transactions on Information Theory 10(4), 357–363 (1964)MathSciNetzbMATHCrossRefGoogle Scholar
  7. [Dodis et al.(2008)Dodis, Ostrovsky, Reyzin, and Smith]
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM Journal on Computing 38(1), 97–139 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  8. [Eastlake et al.(2005)Eastlake, Schiller, and Crocker]
    Eastlake, D., Schiller, J., Crocker, S.: Randomness Requirements for Security. RFC 4086 (Best Current Practice) (June 2005),
  9. [Gassend et al.(2002)Gassend, Clarke, van Dijk, and Devadas]
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon Physical Random Functions. In: ACM Conference on Computer and Communications Security, pp. 148–160. ACM Press (2002)Google Scholar
  10. [Guajardo et al.(2007)Guajardo, Kumar, Schrijen, and Tuyls]
    Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. [Karakoyunlu and Sunar(2010)]
    Karakoyunlu, D., Sunar, B.: Differential Template Attacks on PUF Enabled Cryptographic Devices. In: 2010 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1–6 (December 2010)Google Scholar
  12. [Kelsey et al.(1999)Kelsey, Schneier, and Ferguson]
    Kelsey, J., Schneier, B., Ferguson, N.: Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 13–33. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. [Lenstra et al.(2012)Lenstra, Hughes, Augier, Bos, Kleinjung, and Wachter]
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, Whit is right. Cryptology ePrint Archive, Report 2012/064 (2012),
  14. [Maes et al.(2009)Maes, Tuyls, and Verbauwhede]
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 332–347. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. [Maiti et al.(2010)Maiti, Casarona, McHale, and Schaumont]
    Maiti, A., Casarona, J., McHale, L., Schaumont, P.: A Large Scale Characterization of RO-PUF. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 94–99 (June 2010)Google Scholar
  16. [Massey(1969)]
    Massey, J.: Shift-Register Synthesis and BCH Decoding. IEEE Transactions on Information Theory 15(1), 122–127 (1969)MathSciNetzbMATHCrossRefGoogle Scholar
  17. [Merli et al.(2011)Merli, Schuster, Stumpf, and Sigl]
    Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Side-Channel Analysis of PUFs and Fuzzy Extractors. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 33–47. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. [Nisan and Zuckerman(1996)]
    Nisan, N., Zuckerman, D.: Randomness is Linear in Space. Journal of Computer and System Sciences 52, 43–52 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  19. [Park et al.(2011)Park, Lee, and Lee]
    Park, J.I., Lee, H., Lee, S.: An Area-Efficient Truncated Inversionless Berlekamp-Massey Architecture for Reed-Solomon Decoders. In: IEEE International Symposium on Circuits and Systems (ISCAS), pp. 2693–2696 (May 2011)Google Scholar
  20. [Park et al.(2009)Park, Lee, Choi, and Lee]
    Park, J.I., Lee, K., Choi, C.S., Lee, H.: High-Speed Low-Complexity Reed-Solomon Decoder using Pipelined Berlekamp-Massey Algorithm. In: International SoC Design Conference (ISOCC), pp. 452–455 (November 2009)Google Scholar
  21. [Reed and Shih(1991)]
    Reed, I., Shih, M.: VLSI Design of Inverse-Free Berlekamp-Massey Algorithm. IEEE Proceedings on Computers and Digital Techniques 138(5), 295–298 (1991)CrossRefGoogle Scholar
  22. [Sarwate and Shanbhag(2001)]
    Sarwate, D., Shanbhag, N.: High-Speed Architectures for Reed-Solomon Decoders. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 9(5), 641–655 (2001)CrossRefGoogle Scholar
  23. [Suh and Devadas(2007)]
    Suh, G.E., Devadas, S.: Physical Unclonable Functions for Device Authentication and Secret Key Generation. In: Design Automation Conference (DAC), pp. 9–14. ACM Press (2007)Google Scholar
  24. [Tarnovsky(2010)]
    Tarnovsky, C.: Deconstructing a ‘Secure’ Processor. In: Black Hat Federal 2010 (2010)Google Scholar
  25. [Torrance and James(2009)]
    Torrance, R., James, D.: The State-of-the-Art in IC Reverse Engineering. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 363–381. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. [Wong and Chen(1990)]
    Wong, K., Chen, S.: The Entropy of Ordered Sequences and Order Statistics. IEEE Transactions on Information Theory 36(2), 276–284 (1990)MathSciNetzbMATHCrossRefGoogle Scholar
  27. [Yin and Qu(2010)]
    Yin, C.E.D., Qu, G.: LISA: Maximizing RO PUF’s Secret Extraction. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 100–105 (June 2010)Google Scholar
  28. [Yu et al.(2011)Yu, M’Raihi, Sowell, and Devadas]
    Yu, M.-D(M.), M’Raihi, D., Sowell, R., Devadas, S.: Lightweight and Secure PUF Key Storage Using Limits of Machine Learning. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 358–373. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Roel Maes
    • 1
  • Anthony Van Herrewege
    • 1
  • Ingrid Verbauwhede
    • 1
  1. 1.KU Leuven Dept. Electrical Engineering-ESAT/SCD-COSIC and IBBTLeuven-HeverleeBelgium

Personalised recommendations