MICKEY
In cryptography, Mutual Irregular Clocking KEYstream generator (MICKEY) is a stream cipher algorithm developed by Steve Babbage and Matthew Dodd.[1] The cipher is designed to be used in hardware platforms with limited resources, and was one of the three ciphers accepted into Profile 2 of the eSTREAM portfolio. The algorithm is not patented and is free for any use.[2]
Contents
Structure
The cipher maps an 80-bit key and a variable length initialization vector (0 to 80 bits) to a keystream with a maximum length of 240 bits.
Keystream Generation
The keystream generator makes use of two registers R and S (100 bits each). The registers are updated in a non-linear manner using the control variables: INPUT BIT R, INPUT BIT S, CONTROL BIT R, CONTROL BIT S. As referred to earlier, any implementation of the cipher contains flip-flops for the R, S regis- ters and the 4 control variables. Furthermore, there must be 7 flip-flops for the counter register to keep track of the number of rounds in the Preclock stage. The keystream production stage in MICKEY 2.0 is preceded by the three stages:- IV Loading, Key Loading and Preclock. Initially the R, S registers are initialized to the all zero state.
Difference with Trivium
Unlike Trivium, MICKEY 2.0 [3] does not allow direct loading of Key and IV bits on to the state register. As mentioned earlier, initially the R, S registers are initialized to the all zero state. Then a variable length IV and the 80 bit Key is used to update the state by successively executing CLOCK KG routine.
Protection in Scan Chain
MICKEY 2.0 can be protected by an XOR-CHAIN structure. The attacker has the following advantages:
- He knows the algorithm of MICKEY 2.0
- He can use Initial Vectors of his own choice.
- The key remains secret.
- He can SCAN-IN and SCAN-OUT vectors as per his choice.
To hide the mapping between the scan cells and the actual variables of a cipher is what drove the previous single-feedback and Double-Feedback XOR-Chain schemes. As this is also falling prey to cryptanalysis, as shown in the previous section, we move towards a further secure architecture, named as random XOR-Chain (rXOR-Chain) structure.
Countermeasure for MICKEY
The Flipped-Scan countermeasure technique to protect scan-chains was proposed earlier. This involved placing inverters at random points in the scan-chain. Security stemmed from the fact that an adversary could not guess the number and positions of the inverters. This technique was cryptanalyzed using a RESET attack. It was shown that if all flip-flops in the scan-chain are initially RESET, then the positions of the inverters can be completely determined by the 0 → 1 and 1 → 0 transitions in the scanned-out vector. As an alternative, the XOR-CHAIN based countermeasure was proposed. The technique involves placing XOR gates at random points of the chain. [4] Security again stems from the fact that an adversary is unable to guess the number and positions of the XOR gates.
Uses in DFT
Scan-based DFT is the most widely used DFT scheme for integrated circuit testing as it is simple and yields high fault coverage. The advantage of scan-based testing is that it provides full observability and controllability of the internal nodes of the IC.
Cryptanalysis
As of 2013, a differential fault attack has been reported against MICKEY 2.0 by Subhadeep Banik and Subhamoy Maitra.[5]
References
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
External links
- eStream page on MICKEY
- A Differential Fault Attack on MICKEY 2.0
- Scan-chain based Attacks
- Hardware implementation
- FPGA implementations
<templatestyles src="Asbox/styles.css"></templatestyles>