Paper 2014/263

A Generic Scan Attack on Hardware based eStream Winners

Sandip Karmakar and Dipanwita Roy Chowdhury


Scan chains, a design for testability (DFT) feature, are included in most modern-day ICs. But, it opens a side channel for attacking cryptographic chips. We propose a methodology by which we can recover internal states of any stream cipher using scan chains without knowledge of its design. We consider conven- tional scan-chain design which is normally not scram- bled or protected in any other way. In this scenario the challenge of the adversary is to obtain the corre- spondence of output of the scan chain and the internal state registers of the stream cipher. We present a math- ematical model of the attack and the correspondence between the scan chain-outputs and the internal state bits have been proved under this model. We propose an algorithm that through o-line and on-line simulation forms bijection between the above mentioned sets and thus nds the required correspondence. We also give an estimate of the number of o-line simulations necessary for nding the correspondence. The proposed strategy is successfully applied to eS- tream hardware based nalists MICKEY-128 2.0, Triv- ium and Grain-128. To the best of our knowledge, this is the rst scan based attack against full round Grain-128 and only the fourth reported cryptanalysis. This attack on Trivium is better than that of the published scan- attack on Trivium. This scan-based attack is also the rst reported scan based cryptanalysis against MICKEY- 128 2.0.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Scan AttackeStream WinnersSide Channel AttackGrain-128TriviumMICKEY-128 2.0
Contact author(s)
sandip1kk @ gmail com
2014-04-20: received
Short URL
Creative Commons Attribution


      author = {Sandip Karmakar and Dipanwita Roy Chowdhury},
      title = {A Generic Scan Attack on Hardware based eStream Winners},
      howpublished = {Cryptology ePrint Archive, Paper 2014/263},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.