Scan-based attacks on linear feedback shift register based stream ciphers

Yu Liu, Kaijie Wu, Ramesh Karri

Research output: Contribution to journalArticlepeer-review


Stream cipher is an important class of encryption algorithm that encrypts plaintext messages one bit at a time. Various stream ciphers are deployed in wireless telecommunication applications because they have simple hardware circuitry, are generally fast and consume very low power. On the other hand, scan-based Design-for-Test (DFT) is one of the most popular methods to test IC devices. All flip-flops in the Design Under Test are connected to one or more scan chains and the states of the flip-flops can be scanned out through these chains. In this paper, we present an attack on stream cipher implementations by determining the scan chain structure of the Linear Feedback Shift Registers in their implementations. Although scan-based DFT is a powerful testing scheme, we show that it can be used to retrieve the information stored in a crypto chip thus compromising its theoretically proven security.

Original languageEnglish (US)
Article number20
JournalACM Transactions on Design Automation of Electronic Systems
Issue number2
StatePublished - Mar 2011


  • LFSR
  • RFID
  • Scan-based DFT
  • Side-channel attack
  • Stream Cipher

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering


Dive into the research topics of 'Scan-based attacks on linear feedback shift register based stream ciphers'. Together they form a unique fingerprint.

Cite this