Cryptology ePrint Archive: Report 2020/821

Interconnect-Aware Bitstream Modification

Michail Moraitis and Elena Dubrova

Abstract: Bitstream reverse engineering is traditionally associated with Intellectual Property (IP) theft. Another, less known, threat deriving from that is bitstream modification attacks. It has been shown that the secret key can be extracted from FPGA implementations of cryptographic algorithms by injecting faults directly into the bitstream. Such bitstream modification attacks rely on changing the content of Look Up Tables (LUTs). Therefore, related countermeasures aim to make the task of identifying a LUT more difficult (e.g. by masking its content). However, recent advances in FPGA reverse engineering revealed information on how interconnects are encoded in the bitstream of Xilinx 7 series FPGAs. In this paper, we show that this knowledge can be used to break or weaken existing countermeasures, as well as improve existing attacks. Furthermore, a straightforward attack that re-routes the key to an output pin becomes possible. We demonstrate our claims on an FPGA implementation of SNOW 3G stream cipher. The presented results show that there is an urgent need for stronger bitstream protection methods.

Category / Keywords: secret-key cryptography / Physical security, SNOW 3G, Stream cipher, Reverse engineering, Bitstream modification, Routing bitstream format

Date: received 3 Jul 2020

Contact author: micmor at kth se

Available format(s): PDF | BibTeX Citation

Version: 20200707:083447 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]