Secure key generation from biased PUFs: extended version

R. Maes, V. van der Leest, E. van der Sluis, F.M.J. Willems

Research output: Contribution to journalArticleAcademicpeer-review

37 Citations (Scopus)


When the applied PUF in a PUF-based key generator does not produce full entropy responses, information about the derived key material is leaked by code-offset helper data. If the PUF’s entropy level is too low, the PUF-derived key is even fully disclosed by the helper data. In this work we analyze this entropy leakage, and provide several solutions for preventing leakage for PUFs suffering from i.i.d. biased bits. Our methods pose no limit on the amount of PUF bias that can be tolerated for achieving secure key generation, with only a moderate increase in the required PUF size. This solves an important open problem in this field. In addition, we also consider the reusability of PUF-based key generators and present a variant of our solution which retains the reusability property. In an exemplary application of these methods, we are able to derive a secure 128-bit key from a 15 %-noisy and 25 %-biased PUF requiring only 4890 PUF bits for the non-reusable variant, or 7392 PUF bits for the reusable variant.

Original languageEnglish
Pages (from-to)121-137
Number of pages17
JournalJournal of Cryptographic Engineering
Issue number2
Publication statusPublished - 1 Jun 2016


  • Bias
  • Code-offset method
  • Helper data leakage
  • Key generation
  • PUFs


Dive into the research topics of 'Secure key generation from biased PUFs: extended version'. Together they form a unique fingerprint.

Cite this