Cryptanalysis of the Double-Feedback XOR-Chain Scheme Proposed in Indocrypt 2013

Subhadeep Banik, Anupam Chattopadhyay, Anusha Chowdhury

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


For any modern chip design with a considerably large portion of logic, design for test (DFT) is a mandatory part of the design process which helps to reduce the complexity of testing sequential circuits. Scan-chains are one of the most commonly-used DFT techniques. However, the presence of scan-chains makes the device vulnerable to scan-based attacks from a cryptographic point of view. Techniques to cryptanalyze stream ciphers like Trivium, with additional hardware for scan-chains, are already available in literature (Agrawal et al. Indocrypt 2008). Such ideas were extended to more complicated stream ciphers like MICKEY 2.0 in the paper by Banik et al. at Indocrypt 2013. In this paper, we will look at the Double-Feedback XOR-Chain based countermeasure that was proposed by Banik et al. in Indocrypt 2013, to protect scan-chains from such scan-based attacks. We will show that such an XOR-Chain based countermeasure is vulnerable to attack. As an alternative, we propose a novel countermeasure based on randomization of XOR gates, that can protect scan-chains against such attacks.
Original languageEnglish
Title of host publicationProceedings of the 15th International Conference on Cryptology in India (INDOCRYPT 2014)
Publication date2014
ISBN (Print)978-3-319-13038-5
ISBN (Electronic)978-3-319-13039-2
Publication statusPublished - 2014
Event15th International Conference on Cryptology in India - New Delhi, India
Duration: 14 Dec 201417 Dec 2014
Conference number: 15


Conference15th International Conference on Cryptology in India
CityNew Delhi
Internet address
SeriesLecture Notes in Computer Science


  • Scan-based attack
  • MICKEY 2.0
  • Double-Feedback XORChain scheme

Fingerprint Dive into the research topics of 'Cryptanalysis of the Double-Feedback XOR-Chain Scheme Proposed in Indocrypt 2013'. Together they form a unique fingerprint.

Cite this