Feasibility and Infeasibility of Secure Computation With Malicious PUFs


A recent line of work has explored the use of physically uncloneable functions (PUFs) for secure computation, with the goals of (1) achieving universal composability without additional setup, and/or (2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers have investigated models in which an adversary can create malicious PUFs with arbitrary behavior. Researchers have considered both malicious PUFs that might be stateful, as well as malicious PUFs that can have arbitrary behavior but are guaranteed to be stateless.
We settle the main open questions regarding secure computation in the malicious-PUF model:

  • We prove that unconditionally secure oblivious transfer is impossible, even in the stand-alone setting, if the adversary can construct (malicious) stateful PUFs.

  • If the attacker is limited to creating (malicious) stateless PUFs, then universally composable two-party computation is possible without computational assumptions.

34th International Cryptology Conference (CRYPTO 2014)