Paper 2012/143

Universally Composable Secure Computation with (Malicious) Physically Uncloneable Functions

Rafail Ostrovsky, Alessandra Scafuro, Ivan Visconti, and Akshay Wadia


Physically Uncloneable Functions (PUFs) [Pap01] are noisy physical sources of randomness. As such, they are naturally appealing for cryptographic applications, and have caught the interest of both theoreticians and practitioners. A major step towards understanding and securely using PUFs was recently taken in [Crypto 2011] where Brzuska, Fischlin, Schröder and Katzenbeisser model PUFs in the Universal Composition (UC) framework of Canetti [FOCS 2001]. Their model considers trusted PUFs only, and thus real-world adversaries can not create malicious PUFs, and can access the physical object only via the prescribed procedure. However,this does not accurately reflect real-life scenarios, where an adversary could be able to create and use malicious PUFs, or access the PUF through other procedures. The goal of this work is to extend the model proposed in [Crypto 2011] in order to capture such real-world attacks. The main contribution of this work is the study of the Malicious PUFs model. Namely, we extend the PUF functionality of Brzuska et al. so that it allows the adversary to create arbitrarily malicious PUFs. Then, we provide positive results in this, more realistic, model. We show that, under computational assumptions, it is possible to UC-securely realize any functionality. Furthermore, we achieve unconditional (not UC) security with malicious PUFs, by showing a statistically hiding statistically binding commitment scheme that uses one PUF only, and such PUF can be malicious. As an additional contribution, we investigate another attack model, where adversaries access to a trusted PUF in a different way (i.e., not following the prescribed procedure). Technically this attack translates into the fact that the simulator cannot observe the queries made to an honest PUF. In this model, queries are oblivious to the simulator, and we call it the "Oblivious Query" model. We are able to achieve unconditionally UC-secure computation, even in this more severe model. This protocol is secure against stronger adversaries compared to the ones of Brzuska et al. Finally, we show the impossibility of UC secure computation in the combination of the above two new models, where the real-world adversary can create malicious PUFs and maliciously access to honest PUFs. Our work sheds light on the significant power and applicability of PUFs in the design of cryptographic protocols modeling adversaries that misbehave with PUFs.

Note: 1) definition of "predictable PUFs" improved; 2) discussion on vDR13 added.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Physically uncloneable functionsUC securityhardware set-up assumptions.
Contact author(s)
alescafu @ gmail com
2013-05-15: last of 6 revisions
2012-03-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Rafail Ostrovsky and Alessandra Scafuro and Ivan Visconti and Akshay Wadia},
      title = {Universally Composable Secure Computation with (Malicious) Physically Uncloneable Functions},
      howpublished = {Cryptology ePrint Archive, Paper 2012/143},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.