Trivium is a synchronous stream cipher using three shift registers. It is designed to have a simple structure and runs at high speed. A scan-based side-channel attack retrieves secret information using scan chains, one of design-for-test techniques. In this paper, a scan-based side-channel attack method against Trivium using scan signatures is proposed. In our method, we reconstruct a previous internal state in Trivium one by one from the internal state just when a ciphertext is generated. When we retrieve the internal state, we focus on a particular 1-bit position in a collection of scan chains and then we can attack Trivium even if the scan chain includes other registers than internal state registers in Trivium. Experimental results show that our proposed method successfully retrieves a plaintext from a ciphertext generated by Trivium.

LED (Light Encryption Device) block cipher, one of lightweight block ciphers, is very compact in hardware. Its encryption process is composed of AES-like rounds. Recently, a scan-based side-channel attack is reported which retrieves the secret information inside the cryptosystem utilizing scan chains, one of design-for-test techniques. In this paper, a scan-based attack method on the LED block cipher using scan signatures is proposed. In our proposed method, we focus on a particular 16-bit position in scanned data obtained from an LED LSI chip and retrieve its secret key using scan signatures. Experimental results show that our proposed method successfully retrieves its 64-bit secret key using 36 plaintexts on average if the scan chain is only connected to the LED block cipher. These experimental results also show the key is successfully retrieved even if the scan chain includes additional 130,000 1-bit data.

Camellia is a block cipher jointly developed by Mitsubishi and NTT of Japan. It is designed suitable for both software and hardware implementations. One of the design-for-test techniques using scan chains is called scan-path test, in which testers can observe and control the registers inside the LSI chip directly in order to check if the LSI chip correctly operates or not. Recently, a scan-based side-channel attack is reported which retrieves the secret information from the cryptosystem using scan chains. In this paper, we propose a scan-based attack method on the Camellia cipher using scan signatures. Our proposed method is based on the equivalent transformation of the Camellia algorithm and the possible key candidate reduction in order to retrieve the secret key. Experimental results show that our proposed method sucessfully retrieved its 128-bit secret key using 960 plaintexts even if the scan chain includes the Camellia cipher and other circuits and also sucessfully retrieves its secret key on the SASEBO-GII board, which is a side-channel attack standard evaluation board.