Solving cryptography’s toughest challenge using a key that doesn’t exist


The System

The key

How to secure the key? — Current methods to store the secret key is by using a nonvolatile memory like EEPROM (Electrically Erasable Programmable Read-Only Memory) or battery-powered SRAM (Static Random-Access Memory). But the issue with this method is that in addition to being power and space-consuming it is always vulnerable to newer kinds of physical attacks. And continually powered extra circuitry is required to protect against such attacks.

Physical Unclonable Functions

Now, Enter the new dragon i.e. Physically Unclonable Functions or the commonly used abbreviation — PUF is a recent innovation in the field of cryptographic primitives. First proposed as Physical one-way functions in 2001 by Ravikanth S Pappu a Ph.D. student from MIT in his Ph.D. thesis.

  1. PUF can be set up using simple digital circuits that are easy to make and consume less power.
  2. The input-output mapping of each PUF is unique to it’s IC, thus PUFs are called digital fingerprints of silicon chips
  3. Since the output is derived during when the IC’s powered on, there is no secret to steal when the chip is idle. The key doesn’t exist in memory until the PUF calculates the output during the process of decryption/encryption.
  4. Physical attacks are almost impossible to achieve because the physical characteristics of a silicon chip can change during the attack. Then the PUF will no longer give the same outputs. Thus the word unclonable. This is similar to the cryptex (an ancient keystone) that Tom hanks decrypted in the movie Davinci code where the message residing in it will be destroyed if someone used force.{spoiler alert: the key was ‘apple’}.
  5. PUFs use smaller output bit size (like 64 bits) compared to traditional methods like SHA which requires 256 bits for output. This is why keys derived using PUF input-output pair can make the crypto protocols much faster.


For the Internet of Things, when the embedded devices are placed in open areas. It makes the device more vulnerable to physical attacks. But such devices cannot afford costly key storage methods in terms of energy and size. In such cases, PUFs are better alternatives for identification and authentication of the devices compared to traditional crypto primitives.

PUF based Authentication Protocol for IoT
  1. Once the challenge-response pair stored in the Authentication server is compromised, the attacker will be able to decrypt the messages encrypted using those C-R pairs.
  2. Since the C-R pairs are discarded after each session, the trusted server has to update it with fresh pairs regularly.
  3. Various environmental factors can alter the physical characteristics of the chip to produce an error, thus not all challenges will give a stable response.

Public Physical Unclonable Function

A new variation of PUF has come recently, called Public PUF (PPUF). I will briefly explain the concept behind it. A PPUF has a PUF model along with the hardware PUF formed during the manufacturing process. This PUF model emulates the same challenge-response pair as PUF hardware. But the distinguishing factor is the PUF model takes a much longer but feasible time to calculate the response, compared to PUF hardware. Also with a condition that PUF hardware cannot be made from the PUF model, but model can be derived from the hardware.


  1. Wiki on PUF-
  2. Silicon physical random functions-
  3. Physical Unclonable Functions and Applications: A Tutorial-
  4. Wiki on one-way functions-
  5. Physical One-Way Functions-



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store