Information Theoretic Analysis of PUF-Based Tamper Protection
Georg Maringer, Matthias Hiller
TL;DR
The paper develops an information-theoretic framework for PUF-based tamper protection, modeling enrollment and reconstruction as a wiretap channel with zero leakage helper data. It provides asymptotic lower bounds on secrecy capacities under digital and analog attacker models and derives finite-blocklength achievability and converse bounds that translate to practical requirements on the number of PUF cells and quantization levels. A key finding is that 128-bit security can be achieved with a finite, practical number of PUF cells under realistic erasure scenarios, but existing schemes that leak helper data fail to meet these security targets. The results offer fundamental design benchmarks for PUF-based tamper protection, highlighting that coarse quantization and carefully constructed zero-leakage helper data can reduce hardware requirements while maintaining strong security guarantees.
Abstract
Physical Unclonable Functions (PUFs) enable physical tamper protection for high-assurance devices without needing a continuous power supply that is active over the entire lifetime of the device. Several methods for PUF-based tamper protection have been proposed together with practical quantization and error correction schemes. In this work we take a step back from the implementation to analyze theoretical properties and limits. We apply zero leakage output quantization to existing quantization schemes and minimize the reconstruction error probability under zero leakage. We apply wiretap coding within a helper data algorithm to enable a reliable key reconstruction for the legitimate user while guaranteeing a selectable reconstruction complexity for an attacker, analogously to the security level for a cryptographic algorithm for the attacker models considered in this work. We present lower bounds on the achievable key rates depending on the attacker's capabilities in the asymptotic and finite blocklength regime to give fundamental security guarantees even if the attacker gets partial information about the PUF response and the helper data. Furthermore, we present converse bounds on the number of PUF cells. Our results show for example that for a practical scenario one needs at least 459 PUF cells using 3 bit quantization to achieve a security level of 128 bit.