FuzzyKey: comparing fuzzy cryptographic primitives on resource-constrained devices

Mo Zhang, Eduard Marin, David Oswald, Dave Singelée

Research output: Chapter in Book/Report/Conference proceedingConference contribution

28 Downloads (Pure)


Implantable medical devices, sensors and wearables are widely deployed today. However, establishing a secure wireless communication channel to these devices is a major challenge, amongst others due to the constraints on energy consumption and the need to obtain immediate access in emergencies. To address this issue, researchers have proposed various key agreement protocols based on the measurement of physiological signals such as a person’s heart signal. At the core of such protocols are fuzzy cryptographic primitives that allow to agree on a shared secret based on several simultaneous, noisy measurements of the same signal. So far, although many fuzzy primitives have been proposed, there is no comprehensive evaluation and comparison yet of the overhead that such methods incur on resource-constrained embedded devices. In this paper, we study the feasibility of six types of fuzzy cryptographic primitives on embedded devices for 128-bit key agreement. We configure several variants for each fuzzy primitive under different parameter selections and mismatch rates of the physiological signal measurements on an MSP430 microcontroller, and then measure and compare their energy consumption and communication overhead. The most efficient constructions consume between 0.021 mJ and 0.198 mJ for the transmitter and between 0.029 mJ and 0.380 mJ for the receiver under different mismatch rates. Subsequently, we modify the best performing methods so that they run in constant time to protect against timing side-channel attacks, and observe that these changes only minimally affect resource consumption. Finally, we provide open-source implementations and energy consumption data of each fuzzy primitive as a reference for real-world designs.
Original languageEnglish
Title of host publicationSmart Card Research and Advanced Applications - 20th International Conference, CARDIS 2021, Revised Selected Papers
Subtitle of host publication20th International Conference, CARDIS 2021, Lübeck, Germany, November 11–12, 2021, Revised Selected Papers
EditorsVincent Grosso, Thomas Pöppelmann
PublisherSpringer Verlag
Number of pages21
ISBN (Electronic)9783030973483
ISBN (Print)9783030973476
Publication statusPublished - 9 Mar 2022
Event20th Smart Card Research and Advanced Application Conference - Universität zu Lübeck, Lübeck, Germany
Duration: 11 Nov 202112 Nov 2021

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference20th Smart Card Research and Advanced Application Conference
Abbreviated titleCARDIS 2021

Bibliographical note

Funding Information:
Acknowledgements. This work is funded in part by the European Union’s Horizon 2020 Research and innovation program under grant agreement No. 826284 (ProTego), the FWO-SBO project SPITE, and by the Engineering and Physical Sciences Research Council (EPSRC) under grant EP/R012598/1. Mo Zhang is funded by the Priestley PhD Scholarship programme. The ECC decoding methods were based in part on the source code of Simon Rockliff [2].

Publisher Copyright:
© 2022, Springer Nature Switzerland AG.


  • Fuzzy commitment
  • Fuzzy vault
  • Fuzzy extractor
  • Physiological signal
  • Key agreement
  • Energy consumption

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'FuzzyKey: comparing fuzzy cryptographic primitives on resource-constrained devices'. Together they form a unique fingerprint.

Cite this