Paper 2004/083

Scan Based Side Channel Attack on Data Encryption Standard

Bo Yang, Kaijie Wu, and Ramesh Karri


Scan based test is a double edged sword. On one hand, it is a powerful test technique. On the other hand, it is an equally powerful attack tool. In this paper we show that scan chains can be used as a side channel to recover secret keys from a hardware implementation of the Data Encryption Standard (DES). By loading pairs of known plaintexts with one-bit difference in the normal mode and then scanning out the internal state in the test mode, we first determine the position of all scan elements in the scan chain. Then, based on a systematic analysis of the structure of the non-linear substitution boxes, and using three additional plaintexts we discover the DES secret key. Finally, some assumptions in the attack are discussed.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
DESscan based test
Contact author(s)
yangbo @ photon poly edu
2004-03-28: received
Short URL
Creative Commons Attribution


      author = {Bo Yang and Kaijie Wu and Ramesh Karri},
      title = {Scan Based Side Channel Attack on Data Encryption Standard},
      howpublished = {Cryptology ePrint Archive, Paper 2004/083},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.