27-09-2012, 03:55 PM
Testing of Cryptographic Hardware
Testing of Cryptographic.pptx (Size: 216.94 KB / Downloads: 23)
Scan Chain Based attack on Block Cipher(AES)
Input is partitioned into 16 bytes
Register R is fed back to point b , ten times with RK1 to RK10
128-bit Round register R is in scan chains
The complexity of AES is reduced to one round
Can we determine RK0?
The locations of flip-flops of R in the scan chains are unknown
Change in a11->change inB11->change in c11-> change in d10-> change in ei0-> change in fi0->4 byte at R
On average, 15 patterns are enough applied at a11 to determine all the 32-bit in register R (fi0) by comparing the scanned out bit streams
32-bit in the scanned-out bit stream correspond to flip-flops fi0 are known, but one to one correspondence is unknown
Applying (a11,a11+1) to generate (e1_i0,e2_i0) and (f1_i0,f2_i0) they found,
No. of 1s in f1_i0⊕f2_i0 is equal to that in e1_i0⊕e2_i0: the effect of RK1 is canceled
Some no. of 1s in f1_i0⊕f2_i0 is uniquely determined by a pair of (b11,b11+1). Example: 9