Paper 2017/572

MXPUF: Secure PUF Design against State-of-the-art Modeling Attacks

Phuong Ha Nguyen, Durga Prasad Sahoo, Chenglu Jin, Kaleel Mahmood, and Marten van Dijk


Silicon Physical Unclonable Functions (PUFs) have been proposed as an emerging hardware security primitive in various security applications such as device identification, authentication, and cryptographic key generation. Current so-called `strong' PUFs, which allow a large challenge response space, are compositions of Arbiter PUFs (APUFs), e.g. the $x$-XOR APUF. Wide-scale deployment of state-of-the-art compositions of APUFs, however, has stagnated due to various mathematical and physical attacks leading to software models that break the unclonability property of PUFs. The current state-of-the-art attack by Becker, CHES 2015, shows that the XOR APUF can be broken by modeling its APUF components separately thanks to CMA-ES, a machine learning algorithm, based on reliability information of measured XOR APUF responses. Thus, it is an important problem to design a strong PUF which can resist not only traditional modeling attacks but also Becker's attack. In this paper, we propose a new strong PUF design called $(x,y)$-MXPUF, which consists of two layers; the upper layer is an $n$-bit $x$-XOR APUF, and the lower layer is an $(n+1)$-bit $y$-XOR APUF. The response of $x$-XOR APUF for an $n$-bit challenge $\mathbf{c}$ in the upper layer is inserted at the middle of $\mathbf{c}$ to construct a new $(n+1)$-bit challenge for the $y$-XOR APUF in the lower layer giving the final response bit of the $(x,y)$-MXPUF. The reliability of $(x,y)$-MXPUF can be theoretically and experimentally shown to be twice the reliability of $(x+y)$-XOR PUF. In the context of traditional modeling attacks, when we keep the same hardware size, the security of $(x,y)$-MXPUF is only slightly weaker than that of $(x+y)$-XOR PUF. Our main contribution proves that the $(x,y)$-MXPUF is secure against Becker's attack.

Available format(s)
Publication info
Preprint. MINOR revision.
modeling attackpropagation criterionreliability based modelingXOR APUF
Contact author(s)
dpsahoo cs @ gmail com
2017-06-14: received
Short URL
Creative Commons Attribution


      author = {Phuong Ha Nguyen and Durga Prasad Sahoo and Chenglu Jin and Kaleel Mahmood and Marten van Dijk},
      title = {MXPUF: Secure PUF Design against State-of-the-art Modeling Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2017/572},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.