There ain't no plain key: A PUF based first-order side-channel resistant encryption construction

Abstract

The confidentiality of all modern symmetric encryption schemes relies on the sealing of the secret key. Hence, it is crucial to secure the secret key or other sensitive credentials in protected memory such as a secure key storage. An alternative to a key storage is a physical unclonable function, which generates a unique secret key for each device online. But still, the secret might leak during intermediate processing when used in an encryption scheme. In this paper, we propose a encryption scheme, which uses keys generated by a blinded PUF. The unmasking of these keys is done during the encryption operation of the block cipher, instead of directly after key generation. As a side effect the entire scheme provides resistance against first-order power analysis attacks while only public credentials are need to be stored.