### A Generic Scan Attack on Hardware based eStream Winners

Sandip Karmakar and Dipanwita Roy Chowdhury

##### Abstract

Scan chains, a design for testability (DFT) feature, are included in most modern-day ICs. But, it opens a side channel for attacking cryptographic chips. We propose a methodology by which we can recover internal states of any stream cipher using scan chains without knowledge of its design. We consider conven- tional scan-chain design which is normally not scram- bled or protected in any other way. In this scenario the challenge of the adversary is to obtain the corre- spondence of output of the scan chain and the internal state registers of the stream cipher. We present a math- ematical model of the attack and the correspondence between the scan chain-outputs and the internal state bits have been proved under this model. We propose an algorithm that through o-line and on-line simulation forms bijection between the above mentioned sets and thus nds the required correspondence. We also give an estimate of the number of o-line simulations necessary for nding the correspondence. The proposed strategy is successfully applied to eS- tream hardware based nalists MICKEY-128 2.0, Triv- ium and Grain-128. To the best of our knowledge, this is the rst scan based attack against full round Grain-128 and only the fourth reported cryptanalysis. This attack on Trivium is better than that of the published scan- attack on Trivium. This scan-based attack is also the rst reported scan based cryptanalysis against MICKEY- 128 2.0.

Available format(s)
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Scan AttackeStream WinnersSide Channel AttackGrain-128TriviumMICKEY-128 2.0
Contact author(s)
sandip1kk @ gmail com
History
Short URL
https://ia.cr/2014/263

CC BY

BibTeX

@misc{cryptoeprint:2014/263,
author = {Sandip Karmakar and Dipanwita Roy Chowdhury},
title = {A Generic Scan Attack on Hardware based eStream Winners},
howpublished = {Cryptology ePrint Archive, Paper 2014/263},
year = {2014},
note = {\url{https://eprint.iacr.org/2014/263}},
url = {https://eprint.iacr.org/2014/263}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.