Qingzhang Chen,Qiaoyan Chen,Min Yao,Jianhua Mo

DOI: https://doi.org/10.1109/ICECENG.2011.6057724

2011-01-01

Abstract:The paper presented a lightweight high-level encryption algorithm for Wireless Sensor Network, referred to as the IAES. The algorithm conducted a variety of improvements form AES, mainly in three areas. At first, fewer algorithm rounds from 10 to 7; secondly, the polynomial coefficients transformation in Mix Column operations; finally, utilization of polynomial generator of the finite field designs and implements a look-up table methods to improve the speed multiplication of polynomial. In the experimental validation stage, we analysis the proposed improved algorithm with the AES algorithm from the RAM and ROM storage space overhead, CPU clock cycles, network latency in CC2430 wireless node platform. The experimental results show that the improved algorithm in the node RAM and ROM storage space overhead have a small increase, its CPU clock cycles and network latency are superior to AES algorithm.

William J Buchanan,Leandros Maglaras

DOI: https://doi.org/10.48550/arXiv.2303.14785

2023-03-28

Abstract:Since 2016, NIST has been assessing lightweight encryption methods, and, in 2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak. At the time that the article was written, NISC announced ASCOn as the chosen method that will be published as NIST'S lightweight cryptography standard later in 2023. In this article, we provide a comparison between these methods in terms of energy efficiency, time for encryption, and time for hashing.

Cryptography and Security

Carlos Andres Lara-Nino,Arturo Diaz-Perez,Miguel Morales-Sandoval

DOI: https://doi.org/10.1109/tcsi.2017.2686783

2017-09-01

Abstract:In recent years, the study of lightweight symmetric ciphers has gained interest due to the increasing demand for security services in constrained computing environments, such as in the Internet of Things. However, when there are several algorithms to choose from and different implementation criteria and conditions, it becomes hard to select the most adequate security primitive for a specific application. This paper discusses the hardware implementations of Present, a standardized lightweight cipher called to overcome part of the security issues in extremely constrained environments. The most representative realizations of this cipher are reviewed and two novel designs are presented. Using the same implementation conditions, the two new proposals and three state-of-the-art designs are evaluated and compared, using area, performance, energy, and efficiency as metrics. From this wide experimental evaluation, to the best of our knowledge, new records are obtained in terms of implementation size and energy consumption. In particular, our designs result to be adequate in regards to energy-per-bit and throughput-per-slice.

A. Ukpebor,J. Addy,K. Ali,A. Humos

DOI: https://doi.org/10.48550/arXiv.2302.12994

2023-02-25

Abstract:The field of lightweight cryptography has been gaining popularity as traditional cryptographic techniques are challenging to implement in resource-limited environments. This research paper presents an approach to utilizing the ESP32 microcontroller as a hardware platform to implement a lightweight cryptographic algorithm. Our approach employs KATAN32, the smallest block cipher of the KATAN family, with an 80-bit key and 32-bit blocks. The algorithm requires less computational power as it employs an 80 unsigned 64-bit integer key for encrypting and decrypting data. During encryption, a data array is passed into the encryption function with a key, which is then used to fill a buffer with an encrypted array. Similarly, the decryption function utilizes a buffer to fill an array of original data in 32 unsigned 64-bit integers. This study also investigates the optimal implementation of cryptography block ciphers, benchmarking performance against various metrics, including memory requirements (RAM), throughput, power consumption, and security. Our implementation demonstrates that data can be securely transmitted end-to-end with good throughput and low power consumption.

Peipei Wang,Wu Guan,Liping Liang

DOI: https://doi.org/10.1142/s0218126624503055

2024-07-29

Journal of Circuits Systems and Computers

Abstract:Journal of Circuits, Systems and Computers, Ahead of Print. Advanced Encryption Standard (AES) has been a prevalent cryptographic structure in the world. Existing AES-related cryptographic accelerators generally face the problem of high power consumption. To deal with this challenge, this paper presents a cryptographic structure that employs iterative reuse to decrease resource utilization. Through the efficient use of delay-line RAM, the implementation of long-length key storage results in a reduction in the utilization of registers. The computational complexity of AES cryptographic algorithm is reduced by using homomorphic mapping to the inversion operation in S-box from the Galois Fields GF(2[math] to GF[(2[math]]. Such proposed AES cryptographic accelerator is characterized by its low resource utilization and low power consumption. In addition, we have also conducted some simulation analysis to evaluate its performance. The synthesis result indicates that the AES cryptographic accelerator exhibits a 0.74% reduction in utilization of LUT and a 35% decrease in power consumption, as compared to the original version. The proposed AES cryptographic accelerator results in an area of 0.101[math]mm2, a throughput of 12.28[math]Gbps, and a power consumption of 2.56[math]mW in TSMC 90[math]nm.

engineering, electrical & electronic,computer science, hardware & architecture

Indu Radhakrishnan,Shruti Jadon,Prasad B. Honnavalli

DOI: https://doi.org/10.3390/s24124008

IF: 3.9

2024-06-21

Sensors

Abstract:The IoT has become an integral part of the technological ecosystem that we all depend on. The increase in the number of IoT devices has also brought with it security concerns. Lightweight cryptography (LWC) has evolved to be a promising solution to improve the privacy and confidentiality aspect of IoT devices. The challenge is to choose the right algorithm from a plethora of choices. This work aims to compare three different LWC algorithms: AES-128, SPECK, and ASCON. The comparison is made by measuring various criteria such as execution time, memory utilization, latency, throughput, and security robustness of the algorithms in IoT boards with constrained computational capabilities and power. These metrics are crucial to determine the suitability and help in making informed decisions on choosing the right cryptographic algorithms to strike a balance between security and performance. Through the evaluation it is observed that SPECK exhibits better performance in resource-constrained IoT devices.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zehong (Zephyr) Qiu,Fan Zhang

DOI: https://doi.org/10.46586/tches.v2023.i3.570-596

2023-01-01

Abstract:Algebraic Fault Analysis (AFA) is a cryptanalysis for block ciphers proposed by Courtois et al., which incorporates algebraic cryptanalysis to overcome the complexity of manual analysis within the context of Differential Fault Analysis (DFA). The effectiveness of AFA on lightweight block ciphers has been demonstrated. However, the complexity of the algebraic systems prevents it from attacking heavyweight block ciphers efficiently. In this paper, we propose a novel cryptanalysis called Redundancies-assisted Algebraic Fault Analysis (RAFA) to facilitate the solution of algebraic systems in the setting of heavyweight block ciphers. The core idea of RAFA is to expedite SAT solvers by modifying the algebraic systems, which is accomplished via two methods. The first method introduces redundant constraints, which is proposed for the first time in the context of algebraic cryptanalysis. The second one is a sophisticated linearization of the nonlinear Algebraic Normal Form (ANF). It takes RAFA for about 9.68 hours to attack AES-128. To the best of our knowledge, this is the first work that uses a general SAT solver to attack AES with only a single injection of byte-fault. Moreover, RAFA can attack AES-128 in 50.92 and 27.54 minutes for nibble- and bit-based fault model, respectively. In comparison, the traditional DFA algorithm implemented by pure C takes 4 ~ 5 hours under all three fault models investigated in this work. Moreover, in order to show the generality of RAFA, we also apply it to other heavyweight block ciphers. The best results show that RAFA could recover the key of Serpent-256 and SPEEDY-r-192 in 20.7 and 1.5 hours using only three faults, respectively. In comparison, AFA could not break these two ciphers even when 30 bits and 50 bits of their keys are known, respectively. Furthermore, no DFA work on Serpent or SPEEDY is known using comparable fault models.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Nadia Nedjah,Luiza de Macedo Mourelle,Chao Wang

DOI: https://doi.org/10.1007/s10766-016-0408-7

2016-01-01

International Journal of Parallel Programming

Abstract:The Advanced Encryption System (AES) is used in almost all network-based applications to ensure security. The core computation of AES, which is performed on data blocks of 128 bits, is iterated for several rounds, depending on the key size. The strength of AES is proportional to the number of rounds applied. So far, the number of rounds is fixed to 10, 12 and 14 for a key size of 128, 192 and 256 bits respectively. Most cryptographers feel that the margin between the number of rounds specified in the cipher and the best known attacks is too small. On the other hand, it is clear that the overall efficiency of a given AES implementation is inversely proportional to the number of rounds imposed. In this paper, we propose a very efficient pipelined hardware implementation of AES-128. Besides, we show that if the required number of rounds must increase to defeat attackers, the proposed implementation stays efficient.

Vishal A. Thakor,Mohammad Abdur Razzaque,Muhammad R. A. Khandaker

DOI: https://doi.org/10.1109/access.2021.3052867

IF: 3.9

2021-01-01

IEEE Access

Abstract:IoT is becoming more common and popular due to its wide range of applications in various domains. They collect data from the real environment and transfer it over the networks. There are many challenges while deploying IoT in a real-world, varying from tiny sensors to servers. Security is considered as the number one challenge in IoT deployments, as most of the IoT devices are physically accessible in the real world and many of them are limited in resources (such as energy, memory, processing power and even physical space). In this paper, we are focusing on these resource-constrained IoT devices (such as RFID tags, sensors, smart cards, etc.) as securing them in such circumstances is a challenging task. The communication from such devices can be secured by a mean of lightweight cryptography, a lighter version of cryptography. More than fifty lightweight cryptography (plain encryption) algorithms are available in the market with a focus on a specific application(s), and another 57 algorithms have been submitted by the researchers to the NIST competition recently. To provide a holistic view of the area, in this paper, we have compared the existing algorithms in terms of implementation cost, hardware and software performances and attack resistance properties. Also, we have discussed the demand and a direction for new research in the area of lightweight cryptography to optimize balance amongst cost, performance and security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jasmin Kaur,Alvaro Cintas Canto,Mehran Mozaffari Kermani,Reza Azarderakhsh

DOI: https://doi.org/10.48550/arXiv.2304.06222

2023-04-13

Abstract:This survey is the first work on the current standard for lightweight cryptography, standardized in 2023. Lightweight cryptography plays a vital role in securing resource-constrained embedded systems such as deeply-embedded systems (implantable and wearable medical devices, smart fabrics, smart homes, and the like), radio frequency identification (RFID) tags, sensor networks, and privacy-constrained usage models. National Institute of Standards and Technology (NIST) initiated a standardization process for lightweight cryptography and after a relatively-long multi-year effort, eventually, in Feb. 2023, the competition ended with ASCON as the winner. This lightweight cryptographic standard will be used in deeply-embedded architectures to provide security through confidentiality and integrity/authentication (the dual of the legacy AES-GCM block cipher which is the NIST standard for symmetric key cryptography). ASCON's lightweight design utilizes a 320-bit permutation which is bit-sliced into five 64-bit register words, providing 128-bit level security. This work summarizes the different implementations of ASCON on field-programmable gate array (FPGA) and ASIC hardware platforms on the basis of area, power, throughput, energy, and efficiency overheads. The presented work also reviews various differential and side-channel analysis attacks (SCAs) performed across variants of ASCON cipher suite in terms of algebraic, cube/cube-like, forgery, fault injection, and power analysis attacks as well as the countermeasures for these attacks. We also provide our insights and visions throughout this survey to provide new future directions in different domains. This survey is the first one in its kind and a step forward towards scrutinizing the advantages and future directions of the NIST lightweight cryptography standard introduced in 2023.

Cryptography and Security,Hardware Architecture,Computers and Society

Qihui Zhang,Tian Cao,Dunshan Yu,Xixin Cao,Xing Zhang,Yin Ye,Botao Chen

DOI: https://doi.org/10.1109/edssc.2015.7285157

2015-01-01

Abstract:AES has been widely used in current financial security application, but side-channel attacks are considered as serious threats to AES cryptographic algorithm. Asynchronous AES design will be a potential solution because of its natural properties. First, our asynchronous AES architecture, round key generation architecture and mix column calculation architecture are proposed. Then, properties of Balsa HDL are investigated and exploited to reduce area and power, followed by GTECH-based design flow is described. Finally, a VLSI implementation of our AES crypto-processor is carried out with TSMC 130 nm CMOS technology. Experimental results show that our proposed asynchronous AES architecture can respectively achieve 67.7% and 40% lower ciphering time and power delay product of its counterpart, and its area is only 7.3% and 15% of those reported in other papers. Moreover, it can be easily integrated into an asynchronous security chip.

Ye Yuan,Yijun Yang,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2018.8487056

2018-01-01

Abstract:Advanced Encryption Standards (AES) defined by National Institute of Standards and Technology (NIST) is widely used for symmetric cryptography. In this paper, a high performance encryption system based on AES is proposed, in which AES can work at all three modes including AES-128, AES-192, and AES-256. In addition, the proposed AES implementation is piped into 4 stages for each round operation with decryption module reusing some circuits of encryption module, which leads to a performance improvement in term of area and throughput. Furthermore, a design of 1 st order mask has been proposed which can resist 1 st order differential (or correlation) power attack. Our design can be easily expanded to other SPN-based primitives.

A’Laa Hussein Ali,Ekhlas Khalaf Gbashi,Haya Alaskar,Abir Jaafar Hussain

DOI: https://doi.org/10.1109/access.2024.3414334

IF: 3.9

2024-07-19

IEEE Access

Abstract:Data confidentiality and security are important issues due to the sensitivity of the data and its relationship with users' privacy. Sensitive data includes images and texts that can be transmitted over the Internet, Internet of Things devices and edge-fog-cloud system. These devices require speed and accuracy responses, and they are vulnerable to hacking. To solve these problems, encryption algorithms provide necessary solution to meet these requirements. Advanced Encryption Standard represents the best development in data encryption; however, it is computational expensive. In this research, an improved advanced encryption standard algorithm is proposed with advanced security and lightweight computation utilized for encrypting of images and texts. The algorithm is improved using various steps including key generation which is performed in two steps. First, using an innovative, proven chaotic function distinguished by its sensitivity to any change in its variables. Second, using three-dimensional Lorenzo function. In our research, a unique key was used for all rounds, and round key then used like advanced encryption standard. Two new dynamic substitution boxes are used one for odd rounds and the other for even rounds in which the speed does not exceeding a millisecond. The mix column function was replaced by a circular permutation function at the bit level, which improved the speed and performance of the algorithm, Our extensive simulation results indicated enhanced speed, randomness, and high efficiency in encrypting Internet of Things data. The algorithm was evaluated using the National Institute of Standards and Technology tests.

computer science, information systems,telecommunications,engineering, electrical & electronic

Punam Kumari,Bhaskar Mondal

DOI: https://doi.org/10.1007/s11042-024-18222-y

IF: 2.577

2024-01-19

Multimedia Tools and Applications

Abstract:This paper presents a new nonlinear feedback shift register (NLFSR) in the Galois configuration to generate the pseudorandom number sequences (PRNS) for a lightweight encryption scheme. In the NLFSR, the feedback function is applied to each state, not only the last bit of NLFSR. In the proposed design the size of the feedback is reduced using Galois configuration. The NLFSR is tested with NIST Statistical Test Suite to evaluate its quality randomness. The new NLFSR is used as an pseudorandom number generator to design a new lightweight image encryption algorithm. The encryption process can be represent in two phases permutation and diffusion. In the first phase, two different PRNSs generated by the new NLFSR for permute the row and column pixels of the plain image (PI). Then convert the permuted image into a 1 D binary vector. In the diffusion phase, DNA arithmetic is applied between the 1 D and another PRNS generated by the same NLFSR with different key. Several security analysis tests are performed on the proposed scheme (like histogram analysis, entropy, correlation coefficient, NPCR, UACI, MSE, and PSNR ) to test the security strength of the encryption method. It was found that the new NLFSR had passes all the tests in NIST Statistical Test Suite, and the test results of the encryption scheme are also acceptable and shows potential security strength.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Stefano Rinaldi,Kavitha Arunachalam,Thanikodi Kumar,Kasarla Reddy,Bidare Parameshachari

DOI: https://doi.org/10.3390/electronics10162023

IF: 2.9

2021-08-21

Electronics

Abstract:Nowadays, a huge amount of digital data is frequently changed among different embedded devices over wireless communication technologies. Data security is considered an important parameter for avoiding information loss and preventing cyber-crimes. This research article details the low power high-speed hardware architectures for the efficient field programmable gate array (FPGA) implementation of the advanced encryption standard (AES) algorithm to provide data security. This work does not depend on the Look-Up Table (LUTs) for the implementation the SubBytes and InvSubBytes stages of transformations of the AES encryption and decryption; this new architecture uses combinational logical circuits for implementing SubBytes and InvSubBytes transformation. Due to the elimination of LUTs, unwanted delays are eliminated in this architecture and a subpipelining structure is introduced for improving the speed of the AES algorithm. Here, modified positive polarity reed muller (MPPRM) architecture is inserted to reduce the total hardware requirements, and comparisons are made with different implementations. With MPPRM architecture introduced in SubBytes stages, an efficient mixcolumn and invmixcolumn architecture that is suited to subpipelined round units is added. The performances of the proposed AES-MPPRM architecture is analyzed in terms of number of slice registers, flip flops, number of slice LUTs, number of logical elements, slices, bonded IOB, operating frequency and delay. There are five different AES architectures including LAES, AES-CTR, AES-CFA, AES-BSRD, and AES-EMCBE. The LUT of the AES-MPPRM architecture designed in the Spartan 6 is reduced up to 15.45% when compared to the AES-BSRD.

engineering, electrical & electronic,computer science, information systems,physics, applied

Nair Arun Mohandas,Greeshma Sharath,Ajmal Nazar,A. Swathi,A. R

DOI: https://doi.org/10.1109/ICCES48766.2020.9138048

2020-06-01

Abstract:Lightweight ciphers are algorithms with low computational and spacial complexity. In the modern world of miniaturization, a lightweight cipher is used in constrained devices such as RFID tags, fire and security detectors, devices for wireless communications and other IoT devices. Stream ciphers are symmetric ciphers which encrypts the plain text bit stream with corresponding key stream to generate cipher text. Hence a stream cipher with low computational complexity and maximum security can be termed as a lightweight stream cipher. Many light weight stream ciphers are already existing. Each has its own vulnerabilities and spacial requirement. This paper has successfully developed, implemented, and analyzed a lightweight stream cipher - A4. Along with low computational cost, A4 also ensures paramount security and is less prone to the emerging cryptographic attacks.

Computer Science

BoSun Park,Seog Chung Seo

DOI: https://doi.org/10.3390/s21061987

2021-03-11

Abstract:In edge computing service, edge devices collect data from a number of embedded devices, like sensors, CCTVs (Closed-circuit Television), and so on, and communicate with application servers. Since a large portion of communication in edge computing services are conducted in wireless, the transmitted data needs to be properly encrypted. Furthermore, the application servers (resp. edge devices) are responsible for encrypting or decrypting a large amount of data from edge devices (resp. terminal devices), the cryptographic operation needs to be optimized on both server side and edge device side. Actually, the confidentiality and integrity of data are essential for secure communication. In this paper, we present two versions of security software which can be used on edge device side and server side for secure communication between them in edge computing environment. Our softwares are basically web-based application because of its universality where the softwares can be executed on any web browsers. Our softwares make use of ESTATE (Energy efficient and Single-state Tweakable block cipher based MAC-Then-Encrypt)algorithm, which is a promising candidate of NIST LWC (National Institute of Standards and Technology LightWeight Cryptography) competition and it provides not only data confidentiality but also data authentication. It also implements the ESTATE algorithm using Web Assembly for efficient use on edge devices, and optimizes the performance of the algorithm using the properties of the underlying block cipher. Several methods are applied to efficiently operate the ESTATE algorithm. We use conditional statements to XOR the extended tweak values during the operation of the ESTATE algorithm. To eliminate this unnecessary process, we use a method of expanding and storing the tweak value through pre-computation. The measured results of the ESTATE algorithm implemented with Web Assembly and the reference C/C++ ESTATE algorithm are compared. ESTATE implemented as Web Assembly is measured in web browsers Chrome, FireFox, and Microsoft Edge. For efficiency on server side, we make use of OpenCL which is parallel computing framework in order to process a number of data simultaneously. In addition, when implementing with OpenCL, using conditional statements causes performance degradation. We eliminated the conditional statement using the loop unrolling method to eliminate the performance degradation. In addition, OpenCL operates by moving the data to be encrypted to the local memory because the local memory has a high operation speed. TweAES-128 and TweAES-128-6, which have the same structure as AES algorithm, can apply the previously existing studied T-table method. In addition, the input value 16-byte is processed in parallel and calculated. In addition, since it may be vulnerable to cache-timing attack, it is safely operated by applying the previously existing studied T-table shuffling method. Our softwares cover the necessary security service from edge devices to servers in edge computing services and they can be easily used for various types of edge computing devices because they are all web-based applications.

CHEN Jun,WANG Jing,ZENG Xiaoyang,HAN Jun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.04.049

2007-01-01

Abstract:This paper proposes a compact and low cost architecture for AES encrypt and decrypt.As the mathematical manipulation lies on finite filed computation,the orders of the round operation are modified so that the design can reuse some modules to save the area.Meanwhile the element inversion in the SubByte module is performed by composite field technique and the area and power consumption is reduced significantly.Based on the HHNEC 0.25μm CMOS technology,area of the design is about 30k equivalent gates and its system frequency will be up to 100MHz.The operation speed of the 128bits data encryption and decryption is as high as 800Mbps.

Yogendra Sao,Sk. Subidh Ali,Bodhisatwa Mazumdar

DOI: https://doi.org/10.1109/tcad.2024.3368289

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Scan-based Design-for-testability (DfT) is the de facto standard in the semiconductor testing industry to guarantee the functional and structural correctness of chips. It provides improved observability and controllability, leading to enhanced fault coverage. However, owing to widespread usage, attackers devise techniques to misuse this method to steal secret keys embedded in a security-critical chip. A vast majority of off-the-shelf defense mechanisms are based on either randomizing the scan output or restricting access to the scan. However, none of these defense mechanisms leverage the fundamental properties of the scan attack; thus, they tend to be complex and incur high area and computation overhead. In this paper, we propose a defense mechanism by preventing the vulnerabilities of fundamental properties from being exploited in scan attacks. The paper first pinpoints the ultimate condition of the scan attack on Advanced Encryption Standard (AES). This attack condition is inherent to the cryptographic property of the cipher, which, when violated, thwarts the attack. To implement our defense, we interchange the AES round outputs by applying pre-computed masks. The designer chooses inputs with a fixed difference to swap the outputs. A modified incorrect key is recovered instead of an actual key if a scan-based attack is launched. To show the generality of the proposed defense, it is extended to another AES-like cipher, Light Encryption Device (LED). To the best of our knowledge, this is the first defense against a scan attack wherein the complete testing process, including structural and functional tests, can be outsourced to untrusted third parties without compromising the actual key. In comparison, logic locking techniques limaye2020thwarting can outsource only structural testing to untrusted third parties.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture