Paper 2018/1016

Concealing Ketje: A Lightweight PUF-Based Privacy Preserving Authentication Protocol

Gerben Geltink


In this paper, we focus on the design of a novel authentication protocol that preserves the privacy of embedded devices. A Physically Unclonable Function (PUF) generates challenge-response pairs that form the source of authenticity between a server and multiple devices. We rely on Authenticated Encryption (AE) for confidentiality, integrity and authenticity of the messages. A challenge updating mechanism combined with an authenticate-before-identify strategy is used to provide privacy. The major advantage of the proposed method is that no shared secrets need to be stored into the device’s non-volatile memory. We design a protocol that supports server authenticity, device authenticity, device privacy, and memory disclosure. Following, we prove that the protocol is secure, and forward and backward privacy-preserving via game transformations. Moreover, a proof of concept is presented that uses a 3-1 Double Arbiter PUF, a concatenation of repetition and BCH error-correcting codes, and the AE-scheme Ketje. We show that our device implementation utilizes 8,305 LUTs on a 28 nm Xilinx Zynq XC7Z020 System on Chip (SoC) and takes only 0.63 ms to perform an authentication operation.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Lightweight Cryptography for Security and Privacy
Privacy-preserving authentication protocolPhysically Unclonable FunctionAuthenticated EncryptionSoCFPGA
Contact author(s)
g geltink @ gmail com
2018-10-24: received
Short URL
Creative Commons Attribution


      author = {Gerben Geltink},
      title = {Concealing Ketje: A Lightweight PUF-Based Privacy Preserving Authentication Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1016},
      year = {2018},
      doi = {10.1007/978-3-319-55714-4_9},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.