GF-Flush: A GF(2) Algebraic Attack on Secure Scan Chains

TL;DR

This paper introduces GF-Flush, an algebraic attack over GF(2) that efficiently breaks secure scan chain defenses, recovering encryption keys significantly faster than existing SAT-based methods.

Contribution

The paper presents a novel GF(2)-based algebraic attack that compromises dynamic scan chain defenses, demonstrating superior speed and effectiveness over prior SAT-based attacks.

Findings

Recovers 500-bit keys in under 7 seconds

Outperforms SAT-based attacks by a factor of 100

Extends attack to compressed scan chains with MISRs

Abstract

Scan chains provide increased controllability and observability for testing digital circuits. The increased testability, however, can also be a source of information leakage for sensitive designs. The state-of-the-art defenses to secure scan chains apply dynamic keys to pseudo-randomly invert the scan vectors. In this paper, we pinpoint an algebraic vulnerability of these dynamic defenses that involves creating and solving a system of linear equations over the finite field GF(2). In particular, we propose a novel GF(2)-based flush attack that breaks even the most rigorous version of state-of-the-art dynamic defenses. Our experimental results demonstrate that our attack recovers the key as long as 500 bits in less than 7 seconds, the attack times are about one hundredth of state-of-the-art SAT based attacks on the same defenses. We then demonstrate how our attacks can be extended to scan chains compressed with Multiple-Input Signature Registers (MISRs).