Scan-Based Attacks on Linear Feedback Shift Register Based Stream Ciphers

摘要

Stream cipher is an important class of encryption algorithm that encrypts plaintext messages one bit at a time. Various stream ciphers are deployed in wireless telecommunication applications because they have simple hardware circuitry, are generally fast and consume very low power. On the other hand, scan-based Design-for-Test (DFT) is one of the most popular methods to test IC devices. All flip-flops in the Design Under Test are connected to one or more scan chains and the states of the flip-flops can be scanned out through these chains. In this paper, we present an attack on stream cipher implementations by determining the scan chain structure of the Linear Feedback Shift Registers in their implementations. Although scan-based DFT is a powerful testing scheme, we show that it can be used to retrieve the information stored in a crypto chip thus compromising its theoretically proven security.