A Generic Scan Attack on Hardware based eStream Winners

Scan chains, a design for testability (DFT) feature, are included in most modern-day ICs. But, it opens a side channel for attacking cryptographic chips. We propose a methodology by which we can recover internal states of any stream cipher using scan chains without knowledge of its design. We consider conventional scan-chain design which is normally not scrambled or protected in any other way. In this scenario the challenge of the adversary is to obtain the correspondence of output of the scan chain and the internal state registers of the stream cipher. We present a mathematical model of the attack and the correspondence between the scan chain-outputs and the internal state bits have been proved under this model. We propose an algorithm that through off-line and on-line simulation forms bijection between the above mentioned sets and thus finds the required correspondence. We also give an estimate of the number of off-line simulations necessary for finding the correspondence. The proposed strategy is successfully applied to eStream hardware based finalists MICKEY-128 2.0, Trivium and Grain-128. To the best of our knowledge, this is the first scan based attack against full round Grain-128 and only the fourth reported cryptanalysis. This attack on Trivium is better than that of the published scanattack on Trivium. This scan-based attack is also the first reported scan based cryptanalysis against MICKEY128 2.0.