simple power analysis applied to nonlinear feedback shift registers

11

Click here to load reader

Upload: howard-m

Post on 25-Dec-2016

215 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

1&

Published in IET Information SecurityReceived on 21st June 2012Revised on 26th March 2013Accepted on 26th April 2013doi: 10.1049/iet-ifs.2012.0186

88The Institution of Engineering and Technology 2014

ISSN 1751-8709

Simple power analysis applied to nonlinearfeedback shift registersAbdulah Abdulah Zadeh, Howard M. Heys

Electrical and Computer Engineering, Memorial University of Newfoundland, St. John’s, Canada

E-mail: [email protected]

Abstract: Linear feedback shift registers (LFSRs) and nonlinear feedback shift register (NLFSRs) are major components ofstream ciphers. It has been shown that, under certain idealised assumptions, LFSRs and LFSR-based stream ciphers aresusceptible to cryptanalysis using simple power analysis (SPA). In this study, the authors show that SPA can be practicallyapplied to a CMOS digital hardware circuit to determine the bit values of an NLFSR and SPA therefore has applicability toNLFSR-based stream ciphers. A new approach is used with the cryptanalyst collecting power consumption information fromthe system on both edges (triggering and non-triggering) of the clock in the digital hardware circuit. The method is appliedusing simulated power measurements from an 80-bit NLFSR targeted to an 180 nm CMOS implementation. To overcomeinaccuracies associated with mapping power measurements to the cipher data, the authors offer novel analytical techniqueswhich help the analysis to find the bit values of the NLFSR. Using the obtained results, the authors analyse the complexity ofthe analysis on the NLFSR and show that SPA is able to successfully determine the NLFSR bits with modest computationalcomplexity and a small number of power measurement samples.

1 Introduction

Stream ciphers are an important class of encryptionalgorithms which encrypt one character (usually a bit) ofplaintext at a time. They are generally faster and lesscomplex in hardware circuitry than block ciphers and canbe effectively used in applications when characters shouldbe processed individually as they are received. As well, lowpower consumption and a small circuit hardware realisationmake stream ciphers good candidates for lightweightapplications such as radio frequency identification (RFID)tags, wireless sensor nodes and smartcards [1, 2].Basic components of a stream cipher typically include a

linear feedback shift register (LFSR) and/or a NLFSR. If ananalysis can correctly determine the bit values of the LFSRor NLFSR, it can determine the generated keystream andbreak the stream cipher. A side channel analysis is a classof cryptanalysis which is used to guess the key or generatedkeystream by examining information gained from thephysical implementation of a cipher, such as timinginformation [3], power consumption [4] or electromagneticleaks [5, 6]. Some side channel attacks have been usedto cryptanalyse stream ciphers. Examples include thetemplate attack [7], which can be applied by acquiringa device similar to one under attack and building atemplate of information based on power consumptionfor every possible key, and the fault attack [8], whichconsiders the information resulting from the injection offaults in the cipher hardware. As well, in [9–11],differential power analysis is reviewed for its applicabilityto stream ciphers.

The applicability of the simple power analysis (SPA) ofstream ciphers has been identified in [12]. The proposedmethod is applicable to stream ciphers based on an LFSRand was extended in [13] to apply to ciphers based onmultiple LFSRs. Since many modern stream ciphers useNLFSRs to increase the security of the cipher, the directmethodology in [12, 13] has limited applicability. In thispaper, we propose a method based on SPA to analyse thesequence of an NLFSR. Then we adapt the analysis so that,in appropriate circumstances, instead of only obtaininginformation at the triggering edge of the clock (i.e. therising edge for positive edge triggered flip-flops), we mayalso be able to obtain information from power consumptionat the non-triggering (i.e. falling) edge of the clock. Wheresuch cases are possible, we can use information obtained atboth the rising edge and falling edge to analyse an NLFSRto overcome the inaccuracies associated with mappingpower measurements to cipher data. We use as the targetenvironment of our studies, 180 nm CMOS standard celltechnology provided by Taiwan Semiconductor ManufacturingCompany (TSMC) and our experimental results are obtainedthrough simulation using Cadence design tools.

2 SPA applied to LFSR-based stream ciphers

Previously proposed SPA cryptanalyses of stream cipherssuggest measuring the dynamic power consumption of thecircuit at the triggering edge of the clock (which we shallassume is the rising edge) and using the obtained data toanalyse the stream cipher. In the following, we review theproposed analysis in [12] which is applicable to stream

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

Page 2: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

ciphers based on one LFSR and a nonlinear filtering function.Where appropriate, we have made modifications to thenotation and terminology in [12] so that the analysis can beextended to apply to NLFSRs in the subsequent sections. Insuch ciphers, the cipher key is typically used to initialisethe bits of the LFSR. It should be noted that the attack of[12] is an idealised attack, assuming perfect mappingbetween power consumption information and cipher data.During each clock cycle, assume each bit value in the

LFSR is shifted to the right and the leftmost bit of theLFSR is updated with a linear combination of currentregister bit values (the feedback function in Fig. 1).Changing the value of each bit in the register is because ofchange in gate outputs and transistor states and causesdynamic power consumption. We refer to the L-bit value ofthe register as the state. At clock cycle t, the current state isrepresented as St and the state for the next clock cycle isgiven as St + 1. The Hamming distance between St and St− 1

is given as HDt, where HDt is calculated from

HDt =∑L−1

i=0

st(i)⊕ st−1(i)( )

(1)

where st(i) represents the value of bit i of St with st(0) beingthe rightmost bit of the LFSR, st(L − 1) being the leftmost bitand⊕ representing XOR.According to the Hamming distance power model used in

the analysis [12], the dynamic power consumption of thecipher at clock cycle t is proportional to HDt. Between twosuccessive clock cycles, the difference between theHamming distances must be one of three values: HDt + 1 −HDt∈ {−1, 0, +1}, as is proven in Theorem 1 of [12].Defining the theoretical power difference to be PDt given by

PDt = HDt+1 − HDt (2)

it can be seen that PDt is proportional to the difference of themeasured dynamic power consumption at two consecutiveclock cycles at times t and t + 1, which is an analoguevariable in watts and referred to as MPDt. Simply, PDt∝MPDt.Substituting (1) into (2) results in

PDt = st+1(L− 1)⊕ st(L− 1)[ ]− st(0)⊕ st−1(0)

[ ](3)

where the new bit value for state t + 1, st + 1(L− 1), will be thenew value of bit L− 1 based on the values of St. If we now letthe absolute value of PDt be represented as |PDt|, since

Fig. 1 Overall architecture of an LFSR/NLFSR

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

|PDt|∈ {0, 1}, we can develop equations over GF(2) and write

|PDt| = st(L)⊕ st−1(L)⊕ st(0)⊕ st−1(0) (4)

where we now denote st + 1(L− 1) as st(L) and st(L− 1) asst− 1(L). [In general, we can write st + j(i) = st(i + j) withst(i + j) representing the (i + j)th bit following bit st(0) inthe LFSR/NLFSR sequence.] Note that (4) is arepresentation of Corollary 1 in [12]. If the measureddynamic power consumption of the LFSR at clock cycle tis equal to the measured dynamic power consumption atclock cycle t + 1 (that is, MPDt ≃ 0), then we can concludePDt = 0 and write st(L)⊕ st−1(L)⊕ st(0)⊕ st−1(0) = 0 and ifthe measured dynamic power consumption at time t andt + 1 are not equal (that is, MPDt≠ 0), we can concludePDt≠ 0 and write st(L)⊕ st−1(L)⊕ st(0)⊕ st−1(0) = 1.It is known that, for any t, the bit values of St can be written

as a linear function of the initial register state S0 bits, that is,bits s0(i), where 0≤ i < L. Hence, for a stream cipherconstructed as a nonlinear filter generator using one LFSRand a nonlinear filtering function [14], analysing L powerdifference values, it is straightforward to find the initialL-bit values of the LFSR and thereby determine thecomplete keystream sequence [12]. For this purpose, we cancollect enough power samples to derive L power differencevalues and write L equations similar to (4), relating Stthrough the linear expressions of the LFSR to the bits of S0.Then we have a linear system of equations with L unknownvariables and L equations, which is easily solved todetermine the initial state of the LFSR, S0, effectivelyfinding the cipher key which is used to initialise S0 in atypical stream cipher. Equivalently, finding the L-bit valuesof the LFSR at any time t is sufficient to have broken thecipher, as all subsequent keystream bits are easily determined.It is important to note that the described SPA method of

[12] assumes that the analysis is capable of exactlydetermining theoretical power difference values (suchthat PD ∈ {+ 1, 0, −1} from real power consumptionmeasurements (which are analogue values in units of watts).The theoretical PD values are then used directly todetermine the register bit values. In practice, this issomewhat challenging and methods to overcome thischallenge are discussed later in the paper.

3 Idealised SPA applied to NLFSRs

An NLFSR has a similar structure to an LFSR as shown inFig. 1, except the feedback function is nonlinear. In orderto make stream ciphers more secure, particularly againstalgebraic attack, NLFSRs are widely used in stream ciphers.

189& The Institution of Engineering and Technology 2014

Page 3: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

For example, the Grain stream cipher [15] combines theoutputs of an LFSR and NLFSR to produce the keystream.Since in an NLFSR, the feedback is nonlinear, using theabove-mentioned method results a system of nonlinearequations which are difficult to solve. In a secure NLFSR,the order of equations relating output bits to the initial statebits increases very quickly and makes it difficult to solvethe system.We now present a new SPA method applicable to NLFSRs.

Since, in a typical stream cipher, the key bits are used toinitialise the NLFSR state, finding the state of the NLFSR(i.e. the L bits of the register) at any time is sufficient tobreak the system and determine the subsequent keystreambits. As in the previous section, we assume that themeasured power consumption resulting in the measuredpower difference at time t, MPDt, can be accuratelyconverted to the theoretical power difference, PDt. (Insubsequent sections, we will discuss practical issues such asthe inaccurate determination of PDt values.)Consider a consecutive series of PDt values for an NLFSR

with the length of L bits and denote the ith bit of the NLFSRat time t as st(i). In order to calculate NLFSR bit values, weshould modify the former equations proposed to analyse anLFSR. Similar to (3), we can write

PDt = st(L)⊕ st−1(L)[ ]− st(0)⊕ st−1(0)

[ ](5)

Then, when PDt = +1, we conclude

st(L)⊕ st−1(L) = 1st(0)⊕ st−1(0) = 0

(6)

and, when PDt =−1, we can write

st(L)⊕ st−1(L) = 0st(0)⊕ st−1(0) = 1

(7)

When PDt = 0, the two bracketed XOR results of (5) are bothequal to either 0 or 1 and we can write

st(L)⊕ st−1(L) = st(0)⊕ st−1(0) (8)

As long as PDt≠ 0, we can find a relation between twoconsecutive values of the NLFSR bits, using (6) or (7).To analyse the NLFSR, we must obtain L consecutive bits

of the NLFSR. Equations (6) and (7) could determine therelation between two bits of the NLFSR when PDt = +1 orPDt =−1. However, when PDt = 0, we cannot use (6) and(7) directly. Replacing t with t + L in (4), results in

PDt+L

∣∣ ∣∣ = st+L(L)⊕ st+L−1(L)⊕ st+L(0)⊕ st+L−1(0) (9)

Now, XORing both sides of (4) and (9) leads to

PDt

∣∣ ∣∣⊕ PDt+L

∣∣ ∣∣= st(L)⊕ st−1(L)⊕ st(0)⊕ st−1(0)⊕ st+L(L)

⊕ st+L−1(L)⊕ st+L(0)⊕ st+L−1(0)

= st(0)⊕ st−1(0)⊕ st(2L)⊕ st−1(2L)

(10)

where we have made use of st + j(i) = st(i + j). Also, it can be

190& The Institution of Engineering and Technology 2014

shown that

PDt + PDt+L = st(2L)⊕ st−1(2L)[ ]

− st(0)⊕ st−1(0)[ ]

(11)

The value of PDt + i must be {+1, 0} or −1 implying|PDt + i|∈ 0, 1. Since |PDt|⊕ |PDt + L| will be either 1 or 0, ifPDt = 0, then we can write (6) or (7) for PDt+L if |PDt + L| is1 and using (10) find the relation between st(0) and st−1(0).For example, let us assume PDt = 0. If PDt + L = +1 or −1,then st(2L)⊕ st−1(2L) and st(L)⊕ st−1(L) are known fromeither (6) or (7) (with t replaced with t + L) and since theleft side of (10) is known from power measurements thenst(0)⊕ st−1(0) can be inferred. If PDt + L = 0, then powerdifferences from cycle t + 2L must be considered.Now using (6) or (7) and (10), if necessary, the

relationships between L pairs of consecutive bits are known.Although the actual values of the bits are not known, thereare only two possibilities and both can be tested todetermine which results in the correct state of the NLFSR.Since for this method, the feedback relation is not used, wecan use the approach for both an NLFSR and LFSR. Thismethod has the advantage that there is no need to solve asystem of equations.From (5), it is easy to see that the probability of PDt equal

to zero is 1/2. Hence, we need to obtain PDt + L for, onaverage, 1/2 of L consecutive PDt values. On average, 1/2of the values of PDt + L are equal to zero and we need tocollect PDt + 2L values. In other words, on average for 1/2of L consecutive bits we are targeting, we need to collectPDt + L values; for 1/4 of the L consecutive bits, we need tocollect PDt + 2L values etc. In practical applications toanalyse the sequence of an NLFSR, it is sufficient to findany consecutive L bits of the NLFSR. Hence, the analysisinitially collects a number of consecutive power samplesand then analyses the values. In order to estimate theprobability of a successful analysis, we assume n × Lconsecutive power difference values have been collected.The probability of all PDt + iL values being zero for 0≤ i < nand a fixed value of t (and therefore not being usable todetermine bits in the register) is 2−n. If we assume theoccurrence of PDt = 0 for different values of t areindependent, then, given n × L power difference values, theprobability that there are enough samples to analyse theNLFSR is [1− 2−n]L. For L ≪ 2n, this probability isapproximately 1− 2−nL. So, for example, for L = 80, 800consecutive power samples (i.e. n = 10) will allowsuccessful analysis with a probability of about 92%.

4 Power consumption of D flip-flops

The analysis outlined in the previous section and the previouswork such as [12] is idealised, in that it assumes a perfectdetermination of PDt values from measured powerdifferences, MPDt. In this and the following sections, weconsider the practical issues associated with applying SPAto a simulated CMOS circuit realisation of an NLFSR whenthe measured power difference may not lead to the correctdetermination of PDt. For the principal focus of ouranalysis, we shall consider cryptographic circuitsconstructed using a classical positive edge triggered Dflip-flop, as shown in Fig. 2. In Section 8, we also brieflyexamine simulated results for another typical D flip-flopconstruction for CMOS circuits. The classical D flip-flopincludes six NAND gates (T1, T2, …, T6), two independent

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

Page 4: Simple power analysis applied to nonlinear feedback shift registers

Fig. 2 Classical architecture of D flip-flop

www.ietdl.org

inputs (clock and D) and two dependent outputs (Q and Q).The D flip-flop state, Q, changes only at the rising edge ofthe clock. The dynamic power (which is typically thedominant factor in power consumption of CMOS circuits)of the D flip-flop depends on the number of changing gates(resulting in transistor state changes).

4.1 Power consumption at the rising edge of theclock

Previously proposed attacks assume the power consumptionof the circuit at the rising (i.e. triggering) edge of the clock.Since, at the rising edge of the clock, the value of theregister can change, we can conclude some gates andtransistor states are changed. As can be seen from Fig. 2,when D = 0 and Q = 0, at the rising edge of the clock onlyT3 changes, and, when D = 1 and Q = 1, at the rising edgeonly T2 changes. When D = 0 and Q = 1, at the rising edgeof the clock, three gates (T3, T5 and T6) change. Threegates (T2, T5 and T6) also change, when D = 1 and Q = 0.

Fig. 3 Power consumption of single D flip-flop at the rising edge (in w

a D = 0 and Q = 0b D = 0 and Q = 1c D = 1 and Q = 0d D = 1 and Q = 1

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

Hence, we expect more power to be consumed at the risingedge when D = 1 and Q = 0 or when D = 0 and Q = 1,compared with when D = 0 and Q = 0 or when D = 1 andQ = 1. In other words, when there is a D flip-flop statechange, we expect more power consumption. This isconsistent with the Hamming distance power model used inour proposed analysis and the approach of others.In Fig. 3, the power consumption of a single D flip-flop for

different inputs and outputs is illustrated. In Fig. 3, thevertical axis represents the consumed power and thehorizontal axis represents time. The rising clock edgeoccurs at t = 0 with the transition time of the rising clockedges set to 20 ns. In this paper, we have used CadenceVirtuoso Spectre Circuit Simulator version 5.10.41 toobtain the power consumption of the circuit. All the circuitshere are prototyped in TSMC 180 nm standard cell CMOStechnology. The supply voltage of all circuits is 1.8 V andthe experiments have been done assuming roomtemperature and default noise.For an LFSR or NLFSR, the power consumption of the

circuit at the rising edge of the clock corresponds to thesummation of power consumption of each single D flip-flop(plus a small amount of power consumption because of thecombinational logic in the feedback and output functions).Hence, HDt, in general, is expected to be proportional tothe summation of the consumed power of each D flip-flop.We refer to SPA applied based on power consumption fromthe rising edge of the clock as rising edge SPA or RESPA.

4.2 Power consumption at the falling edge of theclock

Studying the architecture of the positive edge triggered Dflip-flop, we can see at the falling (i.e. non-triggering) edgeof the clock, we have changes in some gates and transistorstates. When D = 1 and Q = 1, at the falling edge of theclock, one gate will change (T2), and, when D = 0 and Q = 0,T3 will change. Meanwhile, for D = 0 and Q = 1, two gates(T1 and T2), and, for D = 1 and Q = 0, three gates (T1, T3and T4) will change at the falling edge. The powerconsumption of a D flip-flop at a falling edge of the clock

atts) against time (in s), when

191& The Institution of Engineering and Technology 2014

Page 5: Simple power analysis applied to nonlinear feedback shift registers

Fig. 4 Power consumption of one D flip-flop at the falling edge (in watts) against time (in s), when

a D = 0 and Q = 0b D = 0 and Q = 1c D = 1 and Q = 0d D = 1 and Q = 1

www.ietdl.org

for different D and Q are shown in Fig. 4, where the verticalaxis represents the consumed power and the horizontal axisrepresents time. The falling clock edge occurs at t = 0, withthe falling edge transition time of 20 ns.Considering the consumed power at the falling edge of the

clock to analyse the cryptographic circuits has not beendiscussed in the previous literature. We refer to thisapproach as falling edge SPA or FESPA. In the subsequentsections, we use the power consumption of the circuit at thefalling edge of the clock, in addition to the rising edge, toanalyse cryptographic circuits. Obviously, this technique isnot only applicable to stream ciphers and it could beapplied to block ciphers and public key cryptographiccircuits, as well.

4.3 Falling edge SPA of LFSR/NLFSR

SPA can be applied using the power consumption informationfrom the falling clock edge similarly to the analysis applied tothe rising edge. Assuming that the new input values to theflip-flops are settled prior to the falling clock edge, thedifference between the D input and Q output of a flip-floprepresents the state change on the upcoming rising edge.The sum of these changes represents the Hamming distancebetween the register states and is therefore proportional tothe power consumption on the rising edge. In other words,the power consumption on the falling edge, which isproportional to the sum of the differences of D and Qvalues of the flip-flops, can be used to determine anidealised power difference at time t, PDt, which can be usedin (5)–(11) to determine the values of bits within the register.Since on the falling edge, there is no state change of the

register, power consumption of combinational logic forfeedback or output does not contribute to the measurementson the falling edge. However, we have found in ourexperiments that the correlation between powerconsumption and register data is worse for the falling edgethan the rising edge. Consider that, as shown in Fig. 4, thepower consumption curve of a D flip-flop at the fallingedge has sharp tips in comparison with the powerconsumption graph for the rising edge. Hence, in circuits

192& The Institution of Engineering and Technology 2014

with multiple D flip-flops, when the clock signal has smalldifferences in delay to the flip-flops, the tips may not align.As a result, the power consumption at the falling edge forthe overall circuit will not necessarily correlate exactly tothe sum of the individual D flip-flops’ power consumption.Therefore, we expect that, because of variation in clockpropagation delays in large CMOS circuits, challenges willexist in applying FESPA. However, as we shall see, theextra information derived from the falling edge is useful incombination with information from the rising edge for apractical application of SPA.

5 Categorisation of power measurements

Previously proposed simple power analyses of stream ciphershave ignored the effect of inaccurately mapping fromanalogue measured power difference (MPD) values todiscrete theoretical PD values caused by effects such aspower consumption sources other than the flip-flops (i.e. thecombinational logic in the feedback or output functions)and clock skew. In this section, we study the effect ofinaccuracies in categorising measured power consumptionfor SPA based on experimental results from simulation.When we measure the peak power consumption of the

circuit at the clock edges and subtract their values atconsecutive rising/falling edges (to obtain MPD), we haveanalogue values, which we should map to discrete PDvalues, where PD∈ {+1, 0, −1}. (For convenience, weoften drop the subscript t when referring to powerdifference values in this section.) In the following, we offera method to map or categorise MPD values to {+1, 0} or−1. Then we offer some techniques to distinguishincorrectly categorised MPD, that is, incorrectly determinedvalues for PD. The categorised value for MPD (or thecategorised PD) is denoted by PDc, whereas the correcttheoretical power difference based on actual data in theregister is simply notated PD. Hence, when we map themeasured power difference at time t, MPDt, to a categorisedpower difference PDc

t , a correct categorisation would meanthat PDc

t = PDt.

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

Page 6: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

It should be noted that if measured power differences are

randomly mapped to a category of −1, 0 or +1, theprobability that the categorisation would be correct, Pcorr, isgiven by

Pcorr =∑

i[{−1, 0,+1}

P{PDc = i PD = i} · P{PD = i} (12)

where P{PD = i} represents the probability that a powerdifference equals i and the conditional probability iscalculated as P{PDc = i PD = i} = P{PDc = i} = P{PD = i}since the categorisation is random relative to the actual PDvalue. Since it is reasonable to assume in an LFSR orNLFSR that the probabilities of generating 0 and 1 are equal,the probability of PD = +1, PD = 0 and PD =−1 are 0.25,0.5 and 0.25, respectively. This results in the probability ofcorrect categorisation being 37.5% and the probability of anincorrect categorisation being 62.5%. These numbers areuseful as a frame of reference for the following discussion.

5.1 Categorising MPD

In one simple approach to categorise the MPD to theircorresponding PDc values, at first we sort MPD values inorder of their value. The smaller 25% of MPD valuesshould be categorised to PDc =−1. The largest 25% ofMPD values should be categorised to PDc = +1. Theremaining MPD values should be categorised to PDc = 0.In our analysis, we use this method to categorise MPD.

However, this method is not perfect and some MPD valuesmay be categorised incorrectly. We have applied thismethod to an 80-bit NLFSR. The NLFSR used isequivalent to the NLFSR used in the Grain stream cipher[15] and is defined in the Appendix. After collecting 20 000power samples through simulation (using the structure ofFig. 2 with a 500 ps transition time) and applying ourcategorisation method, we found about 16% of rising edgeMPD values were categorised incorrectly. Incorrectcategorisation occurred for falling edge MPD values inabout 32% of the cases. More analysis on the experimentalresults shows the probabilities of incorrectly categorising anactual PD = +1 (or PD =−1) to PDc =−1 (or to PDc = +1)is negligible. In other words, virtually all categorisationerrors occur by incorrectly assigning +1 or −1 to 0, or 0 to+1 or −1.Owing to the above-mentioned categorisation errors, we

must modify the proposed SPA in Section 3 for realapplications. In doing so, we must ensure that we canidentify correctly categorised power differences with highprobability and must reject power differences for which weare not confident in their correct categorisation.

5.2 Basic methods to determine correctlycategorised PD

Here, we offer some techniques which help us to find, withhigh probability, correct PDc, that is, correctly categorisedMPD values such that the measurement determined powerdifference, PDc, equals the power difference that shouldresult from the actual data, PD. For each of the proposedmethods, we have determined experimentally (throughsimulation of the 80-bit NLFSR) the probability of correctcategorisation, as well as the probability that the conditionhas occurred to allow us to categorise an MPD value withconfidence.

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

5.2.1 Rising edge/falling edge equivalence: When wemeasure the power consumption of the circuit in SPA, we canassume we have access to power consumption at both risingand falling edges. Based on experiments for our system, theprobability of an incorrect PDc in RESPA and FESPA are0.160 and 0.320, respectively. Then, for any clock cycle, ifthe categorised values are the same for both edges and weassume that the probabilities of correctness for the risingedge and the falling edge are independent, the probabilitythat the categorised PD is incorrect is determined as theprobability that both values are wrong and is thereforegiven by 0.160 × 0.320 = 0.051. In other words, ifcategorisation using falling edge and rising edge shows thesame value, this value is correct with a theoreticalprobability of 0.949, which is similar to the experimentallymeasured probability of 0.950. This represents a muchhigher level of confidence then taking, on their own, eitherthe rising edge or falling edge categorisation (which haveprobabilities of 0.840 and 0.680, respectively). Ourexperiments show that we can use this technique to ensurecorrect categorisation for about 60% of the measurementsfrom different clock cycles, with this high probability.

5.2.2 Robust threshold: Another technique to helpcategorise MPD values accurately is using a more robustthreshold value. In this technique, we change the thresholdand, instead of 25%, we categorise the smallest and largest12.5% as PDc =−1 and PDc = +1, respectively, and themiddle 25% as PDc = 0. In this approach, categorisationsare correct with higher probability. Obviously, thistechnique can be applied to 50% of the MPD (for bothrising edge and falling edge). Our experiments show that,using this approach, categorisation for the rising edge iscorrect with a probability of 0.955, whereas for the fallingedge categorisation, the probability of correctness is 0.750.

5.2.3 Sequence consistency: Another technique, whichwe call the sequence consistency method, can be used toimprove categorisation success by distinguishing correctcategorisations from incorrect ones. To find the incorrectcategorisations, we can use (11). In (11), the right side ofthe equation cannot be larger than +1 or smaller than −1;hence, at the left side PDt+L cannot be equal to PDt, unlessboth are equal to zero. Extrapolating (11), if we add jconsecutive PD terms separated by L clock cycles, we obtain

PDt + PDt+L + . . .+ PDt+(j−1)L

= st(jL)⊕ st−1(jL)[ ]− st(0)⊕ st−1(0)

[ ] (13)

The right side must be from the set −1, 0, +1 and, hence, thesummation of any j consecutive PD values L bits apart cannever be larger than one or smaller than minus one. Hence, ifPDt = +1, then PDt+L and PDt− L must be either 0 or −1.Similarly, PDt =−1 implies PDt + L = 0 or +1 and PDt− L = 0or +1. If in any sequence of PDt+iL

c values, we see twoconsecutive +1 values, we know that at least one of them iscategorised incorrectly. In other words, a correct sequence ofPDc values separated by L clock cycles, starting with a valueof PDc = +1, must be followed by a string of some number ofvalues of PDc = 0 and then PDc =−1. In contrast, a +1 value,any number of 0 values and then +1 indicates an incorrectcategorisation, that is, at least one PDc value is wrong. Similaranalysis is true for a sequence starting with PDc =−1.In applying the sequence consistency technique, consider a

sequence of three categorised values: PDct−L, PDc

t , PDct+L

{ }.

193& The Institution of Engineering and Technology 2014

Page 7: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

We can increase our confidence in a correct categorisation ofPDc

t by considering the full sequence. For example, inRESPA, if we have categorised each value of sequencePDc

t−L, PDct , PDc

t+L

{ }as +1, −1, +1 independently, the

probability that PDct is correct is 0.840 (as determined by

experiment). However, using the sequence consistencymethod, the probability of correctness of PDc

t for thissequence is increased to 0.984. If the categorised sequence is+1, −1, +1, it means the actual PD sequence could be 0, −1,0, 0, −1, +1, +1, −1, 0, +1, −1, +1, 0, 0, 0, 0, 0, +1 or +1,0, 0. Sequences like −1, 0, 0 are not possible as the actualsequence, because we assume the probability of categorisingan actual PD =−1 as PDc = +1 is negligible. If any of thefirst four sequences is the actual sequence, our categorisationof PDc

t = −1 is correct and if any of the last three cases isthe actual sequence, our categorisation is incorrect. Theprobability of occurrence for each sequence is equal to 1/16,except 0, 0, 0 which is 1/8. If we let the probability of anyindividual PDt being correctly categorised be represented byPcr, then the probability of an individual PDt = 0 incorrectlycategorised as +1 is equal to (1/2)(1− Pcr). (A similarprobability occurs for incorrectly categorising 0 to −1).Hence, the probability of actual sequence 0, −1, +1categorised as +1, −1, +1 is equal to (1/2)(1− Pcr)PcrPcr. Theprobability of observing a sequence as +1, −1, +1 is equal tosummation of the probabilities of occurrence of eachsequence (either 1/16 or 1/8) times the probability ofcategorising that sequence as +1, −1, +1. From all possiblesequences, we have selected eight sequences with highprobability for our purpose and list them in Table 1. Usingthe occurrence of these sequences on either the rising orfalling edge as indicators of correct categorisations couldincrease the probability of categorising MPD values correctlyto a probability of 0.913 (as determined by experiment) andcould be applied to 78% of all measured power differences.

6 Advanced categorisation methods

In our analysis, we require PDc with high probability ofcorrectness. In the previous section, we have introduced somemethods to distinguish PDc which are likely to be correct. Inthis section, we derive PDc with even higher probability ofcorrectness by selecting PDc values for which at least two ofthe above techniques are applicable. We list them as follows.

6.1 RE/FE equivalence and robust threshold on RE

In this case, two categorised PDc values of rising edge andfalling edge that are the same and consistent with the robustthreshold of the rising edge are assumed correct. The

Table 1 Probability of PDct = PDt for sequences of three PDc

values for rising edge (Pcr = 0.840) and falling edge (Pcr = 0.680)

SequencePDc

t−L, PDct , PDc

t+L

{ } Probability ofPDc

t = PDt forrising edge

Probability ofPDc

t = PDt forfalling edge

{ +1, −1, +1} 0.984 0.918{−1, +1, −1} 0.984 0.918{ +1, 0, −1} 0.968 0.852{−1, 0, +1} 0.968 0.852{0, +1, −1} 0.906 0.781{0, −1, +1} 0.906 0.781{−1, +1, 0} 0.906 0.781{ +1, −1, 0} 0.906 0.781

194& The Institution of Engineering and Technology 2014

experimental results from the 80-bit NLFSR show that theprobability of correctness for this case is 0.992, whereas theprobability that such consistency occurs for a given clockcycle is 0.315.

6.2 RE/FE equivalence and robust threshold on FE

A similar approach could be taken based on consistency withthe categorisation based on the falling edge robust threshold.The experimental results show the probability of correctnessfor this case is 0.974, whereas the probability of occurrenceof this case is 0.326.

6.3 RE/FE equivalence and sequence consistency

In this case, the two categorised values of rising edge andfalling edge are the same and the sequence consistencymethod confirms their correctness. Our experiments showthe correctness of PDc values in this case is 0.987, whereasthe probability of such an occurrence is 0.326.

6.4 Robust threshold on RE/FE and sequenceconsistency

In this case, the PDc value is determined by the robustthreshold of RESPA or FESPA and the sequence methodconfirms it. Experiments show the probabilities ofcorrectness and occurrence are 0.998 and 0.219, respectively.During the determination for any PDc, if at least one of the

cases I, II, III or IV occurs, we assume that the categorisationis correct. Based on the experimental results, the probabilityof at least one of the mentioned cases occurring for a PDc

is 0.467 and the probability of correctness is 0.975.

7 Analysing the NLFSR

We now consider the application of SPA to the 80-bitNLFSR, using the probabilities derived from experimentalresults for the categorisation methodologies previouslydescribed. On average, on categorisation of powermeasurement values, we expect that at least one of thecases I, II, III and IV occurs for 0.467 × 80≃ 37 PDc valuesof the 80 bits and the resulting PDc values are correct withhigh probability of about 0.975. However, half of these PDc

values will be equal to 0 and, as indicated in Section 3, wecannot use them to obtain information on the NLFSR statebits.Based on (6), (7) and (8), if we know PDt− L = +1 or −1,

we can find st(0)⊕ st−1(0). Similarly, there are manyscenarios for which knowing PDt−2L, PDt+L or PDt + 2L areequal to +1 or −1 will allow us to determine st(0)⊕ st−1(0).In Table 2, we have listed possible scenarios for PDc

t−2L,PDc

t−L, PDct , PD

ct+L and PDc

t+2L that we could use to guessthe relationships between st(0) and st−1(0). In the table, iffrom cases I, II, III or IV, PDc = ± 1, we present it as ±1and, if from cases I, II, III or IV, PDc = 0, we present it as0. If cases I, II, III and IV are not applicable to PDc, wecannot be confident in the categorisation of PDc and wepresent it as C. If the value of PDc is not critical to definingthe scenario in the table, we show it with ‘X’ (i.e. the valueis a ‘don’t care’).The probability of occurrence for each scenario in the table

is given in the right column. To calculate the listedprobabilities, we assume the probability of PDc

t = +1 or −1is equal to the probability of PDc

t = 0 and is therefore given

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

Page 8: Simple power analysis applied to nonlinear feedback shift registers

Table 2 Cases used to determine st(0)⊕ t−1(0)

Scenario PDct−2L PDc

t−L PDct PDc

t+L PDct+2L Probability

A X X ±1 X X 0.233B X ±1 C X X 0.124C X ±1 0 X X 0.054D ±1 0 C X X 0.029E ±1 0 0 X X 0.013F C C 0 ±1 X 0.016G 0 C 0 ±1 X 0.007H C 0 0 ±1 X 0.007I 0 0 0 ±1 X 0.003J C C 0 0 +1 0.004K C 0 0 0 ±1 0.002L 0 C 0 0 ±1 0.002M 0 0 0 0 ±1 0.001N ±1 C 0 0 ±1 0.002

www.ietdl.org

by 0.467/2 = 0.233. The probability of PDct = C is 1− 0.467 =

0.533. Hence, the probability of scenario A is equal to theprobability of PDc

t = +1 or −1 and is therefore 0.233. Theprobability of scenario B is the probability of PDc

t−L = +1or −1 and PDc

t = C, which is 0.233 × 0.533 = 0.124, wherewe have made the reasonable assumption that the powerdifferences at times separated by L clock cycles areindependent. For scenario C, the probability is calculatedas 0.233 × 0.233 = 0.054, which is equal to the probabilityof PDc

t−L = +1 or −1 and PDct = 0. The rest of the

probabilities of Table 2 are calculated similarly.All cases in the table are mutually exclusive; hence, the sum

of the right column, which equals about 0.49, is the probabilitythat one of the scenarios occurs. Therefore we have about80× 0.49 ≃ 39 relationships of pairs of consecutive bits withhigh probability of correctness and we can guess theremaining 80− 39 = 41 relationships. Considering thescenarios of Table 2, on average we would need about 55PDc values with high probability in order to determine the 39XOR relationships with high probability. This is explained asfollows. If either scenario A or B occurs, (which will happenwith a probability of 0.233 + 0.124 = 0.357), we need onlyone PDc with high probability. If scenarios C, D or F occur(which will happen with the probability of 0.099), we needtwo PDc values with high probability of correctness. Forscenarios E, G, H and J, we need to know three PDc valuesand for I, K, L and N, we have to know four PDc values. ForM, we need to know five PDc values. Hence, on average, weneed to know 80× (1× .357+ 2× .099+ 3× .031+ 4×.009+ 5× .001) ≃ 55 PDc values with high probability ofcorrectness to know 39 bits of the NLFSR. The 55 PDc

values are drawn from power consumption data spanningfrom t− 2L to t + 2L for values of t spanning L = 80 bits ofthe register. Hence, power trace information is required over aspan of 5L = 400 clock cycles.As studied before, if any of cases I, II, III or IV could be

applied to determine a PDc value, it is correct with theprobability of 0.975. Hence, assuming 55 PDc values areused to generate the 39 XOR expressions and thecorrectness of each PDc is independent, the set of 39 XORexpressions are correct with the probability of 0.97555 =0.248. In other words, if we apply our analysis using atypical set of power consumption values, our analysis willbe successful about 25% of the time.If we have enough power samples and we could apply our

analysis to 16 independent sets of measured powerconsumption values, with the probability of 1− (1− 0.248)16

= 0.990, we have at least one successful analysis. The

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

resulting overall complexity of the analysis can be derived byconsidering the exhaustive search for the 41 XOR expressionsnot found from the PDc values for each of the 16 applicationsof the analysis giving a computational complexity of about16× 241 ≃ 245 operations, where an operation involves theanalysis of the PDc values for the cases of Table 2. Incomparison, a cryptanalysis based on exhaustively searchingfor the proper state of the NLFSR would be expected to takeabout 280 steps. Hence, significant reduction in the analysiscomplexity can be achieved by examining the powerconsumption information and applying SPA.To decrease the complexity of the analysis, we can expand

the cases of I, II, III and IV to include the basic categorisationtechniques of Section 5.2. For example, we may assume that,if PDc from the falling edge and rising edge is the same, thisPDc is correct with high probability (Section 5.2.1). Also, ifthe robust threshold on the rising edge (not falling edge) isapplicable, the PDc may be assumed to be correct with highprobability (Section 5.2.2). Now if one of cases I, II, III orIV or the categorisations based on Sections 5.2.1 or 5.2.2can be used, the probability of correctness of PDc values isdecreased to 0.964. However, one of these cases occurswith a probability of 0.784. Hence, the presentedprobabilities in Table 2 change. For example, theprobabilities for scenarios A, B and C change to 0.392,0.085 and 0.154, respectively. The summation of theprobabilities for all scenarios is now about 80%. Using thenew probabilities, we can obtain about 0.80× 80 ≃ 64XOR relationships based on about 107 PDc values(spanning 5L = 400 clock cycles) which are all correct withan expected probability of about 0.964107 ≃ 0.02. Thisgives an expected success rate for the analysis of only 2%.However, we can increase the probability of success tomore than 98%, if we repeat the analysis on 200independent sets of power trace data. The resultingcomplexity would be about 200× 216 ≃ 224 operations.Although, the first approach has higher complexity (245

operations), it requires fewer number of power samples (i.e.16 × (5 × 80) = 6400 clock cycles of power samples for the80-bit NLFSR). However, the second approach, with lowercomputational complexity (224 operations) needs morepower samples [i.e. 200 × (5 × 80) = 80 000 samples].

8 Further practical issues

In this section, we discuss further practical issues, includingthe brief consideration of a typical D flip-flop constructionfor CMOS circuits.

195& The Institution of Engineering and Technology 2014

Page 9: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

8.1 Power consumption of another D flip-flopconstruction

In Fig. 5, another D flip-flop construction targeted to CMOS isillustrated [16]. This structure is often a preferred structure inCMOS circuits because of its low power consumption and

Fig. 5 Another typical architecture of D flip-flop

Fig. 7 Power consumption of one D flip-flop at the falling edge (in wat

a D = 0and Q = 0b D = 0 and Q = 1c D = 1 and Q = 0d D = 1 and Q = 1

Fig. 6 Power consumption of one D flip-flop at the rising edge (in watt

a D = 0 and Q = 0b D = 0 and Q = 1c D = 1 and Q = 0d D = 1 and Q = 1

196& The Institution of Engineering and Technology 2014

fewer number of transistors. Using our simulation tools, wehave obtained and plotted simulation results for powerconsumption for both rising (triggering) and falling(non-triggering) edges of this alternate D flip-flop structure.These are presented in Figs. 6 and 7, using a 20 ns transitiontime.

ts) against time (in s), when

s) against time (in s), when

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

Page 10: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

It can be seen that, as can be expected by examining the

circuit operation, again there is dynamic power consumptionon both the rising and falling clock edges. However, notably,the power consumption for cases where the flip-flop statedoes not change is visibly insignificant. Hence, for a singleflip-flop, the cases of a change in state (with significantpower consumption) and the cases of no change in state (withnegligible power consumption) are easily distinguishable byexamining power measurements. The resulting implication isthat the Hamming distance between clock cycles for the fullLFSR or NLFSR is expected to be correlated to the measuredpower at the clock edge. Consequently, we have applied oursimulations to the full NLFSR based on the flip-flop of Fig. 5using a clock with a 50 ps transition time. Utilising the powerdifference categorisation techniques of Section 5.1 resulted inmeasured power differences being correctly categorised 62%of the time for the rising edge and 50% of the time for thefalling edge. Such probabilities are clearly better than the37.5% probability of correctly categorising if the powerdifferences were randomly categorised and may thereforeform the basis of a power analysis attack. However,compared with probabilities of 84 and 68% (for rising andfalling edges, respectively) for the D flip-flop of Fig. 2, thecorrect categorisation probability is substantially worst andthe attack will not have as much success as the resultsdiscussed in Section 7. We conjecture that these poorerresults occur because, as can be seen in Fig. 6, the spikes ofpower consumption are narrow and occur at different pointsin time for the 0 to 1 and 1 to 0 changes. As a result, for thisflip-flop, the overall power consumption on a rising clockedge does not correlate well to the Hamming distance in theNLFSR data compared with the classical D flip-flop ofFig. 2. In this paper, we have used the power consumptiondata generated from simulation of an NLFSR basedconstructed using the D flip-flop structure of Fig. 2 toillustrate the potential applicability of the attack.

8.2 Limitations of simulated power values

In this section, we identify some of the further challenges thatwill occur in a practical realisation of an attack on a CMOScircuit. For example, the instantaneous power consumptionof a CMOS circuit will also be influenced by many factorsother than the dynamic power consumption of the basicNLFSR circuit. Capacitances from circuit wiring, I/O padsand decoupling capacitors will all contribute to modifyingthe timing of current drawn from the power supply. Addedcapacitive effects are likely to make distinguishing betweenrising and falling edge power consumptions morechallenging, particularly in high-speed circuits.Further, the CMOS circuit is likely to have other

functionality executing at the same time as the NLFSRcircuit. This will add further dynamic power consumptionto the overall circuit and will obscure the power directlyconsumed by the NLFSR. The attacker must understand thecontext of the circuit under analysis and find mechanisms toisolate the power consumed by only the NLFSR circuit.Finally, implementing an attack that relies on theinstantaneous power associated with rising and falling clockedges requires precise timing of the power measurements.This may certainly be a challenge in a high-speed circuitwith a low clock period. As well, clock skew within thecircuit may result in spreading out the contribution ofpower from individual flip-flops and making categorisationsfrom the measured power differences to the theoreticalpower differences more inaccurate.

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186

Although there are further practical issues to be consideredwhen implementing an attack on real (rather than simulated)hardware, the results of this work clearly indicate that anSPA attack has the potential to be applicable to practicalscenarios where the idealised assumption relating measuredpower differences to the cipher data with perfect accuracydoes not apply.

9 Conclusions

In this paper, we have proposed a SPA of NLFSR, acomponent typically found in stream ciphers. In addition,we consider power consumption of a typical CMOS Dflip-flop and proposes use of power samples at the falling(or non-triggering) edge of the clock for the analysis.Furthermore, we applied the analysis to an 80-bit NLFSRusing simulated power trace data for an 180 nm CMOScircuit. We have shown that if we use falling edge andrising edge power consumption information and theproposed techniques in this paper, we can successfullyanalyse with high probability the NLFSR withcomputational complexity of about 245 operations usingabout 6400 power samples or 224 using about 80 000 powersamples. This is significantly less than the complexity of280 for exhaustive search for the NLFSR state. Thesetechniques apply equally to LFSRs.These results indicate that practical implementation of

stream ciphers based on either LFSRs and/or NLFSRs maybe vulnerable to side channel attacks and that it is not aprerequisite of the attack that the assumption of idealisedperfect mapping from power difference measurements tocipher data holds true. Hence, care must be taken to designimplementations which do not leak power consumptioninformation. In future work, we intend to apply the analysisdirectly to the application of practical CMOSimplementations of stream ciphers with multiple LFSRs/NLFSRs, such as the Grain stream cipher. One otherpossible avenue for future work would be to analyse theapplicability of the SPA approach to a circuit making use oftransistor models for the CMOS gates, instead of simulationresults from computer-aided design tools.

10 References

1 Barbero, A., Horler, G., Kholosha, A., Ytrehus, O.: ‘Lightweightcryptography for RFID devices’. IET Conf. Wireless, Mobile andMultimedia Networks, 2008, pp. 294–297

2 Fournel, N., Minier, M., Ubeda, S.: ‘Survey and benchmark of streamciphers for wireless sensor networks’. Workshop in InformationSecurity Theory and Practices (WISTP 2007), Springer, 2007, (LNCS,4462), pp. 202–214

3 Kocher, P.C.: ‘Timing attacks on implementations of Diffie-Hellman,RSA, DSS, and other systems’. Proc. 16th Annual Int. CryptologyConf. (CRYPTO ’96), Springer, (LNCS, 1109), 1996, pp. 104–113

4 Kocher, P.C., Jaffe, J., Jun, B.: ‘Differential power analysis’. Proc. 19thAnnual Int. Cryptology Conf. Advances in Cryptology (CRYPTO ’99),Springer, (LNCS, 1666), 1999, pp. 388–397

5 Quisquater, J.-J., Samyde, D.: ‘Electromagnetic analysis (EMA):measures and counter-measures for smart cards’. Int. Conf. Researchin Smart Cards (E-smart 2001), (LNCS, 2140), Springer, 2001,pp. 200–210

6 Gandolfi, K., Mourtel, C., Olivier, F.: ‘Electromagnetic attacks: concreteresults’. Workshop on Cryptographic Hardware and Embedded Systems(CHES 2001), Springer, 2001, (LNCS, 2162), pp. 251–261

7 Chari, S., Rao, J.R., Rohatgi, P.: ‘Template attacks’. Workshop onCryptographic Hardware and Embedded Systems (CHES 2002),Springer, 2003, (LNCS, 2523), pp. 13–28

8 Hoch, J.J., Shamir, A.: ‘Fault analysis of stream ciphers’. Workshop onCryptographic Hardware and Embedded Systems (CHES 2004),Springer, 2004, (LNCS, 3156), pp. 240–253

197& The Institution of Engineering and Technology 2014

Page 11: Simple power analysis applied to nonlinear feedback shift registers

www.ietdl.org

9 Fischer, W., Gammel, B.M., Kniffler, O., Velten, J.: ‘Differential power

analysis of stream ciphers’. Proc. Seventh Cryptographers’ track at theRSAConf. (CT-RSA 2007), Springer, 2007 (LNCS, 4377), pp. 257–270

10 Lano, J., Mentens, N., Preneel, B., Verbauwhede, I.: ‘Power analysis ofsynchronous stream ciphers with resynchronization mechanism’.Workshop on the State of the Art of Stream Ciphers (SASC 2004),Brugge, Belgium, October 2004, pp. 327–333

11 Ebrahimi Atani, R., Mirzakuchaki, S., Ebrahimi Atani, S., Meier, W.:‘On DPA-resistive implementation of FSR-based stream ciphers usingSABL logic styles’, Int. J. Comput. Commun. Control, 2008, 3, (4),pp. 324–335

12 Burman, S., Mukhopadhyay, D., Veezhinathan, K.: ‘LFSR based streamciphers are vulnerable to power attacks’. INDOCRYPT 2007, Springer,2007, (LNCS, 4859), pp. 384–392

13 Zadeh, A.A., Heys, H.M.: ‘Applicability of simple power analysis tostream ciphers using multiple LFSRs’. Proc. Canadian Conf. Electricaland Computer Engineering (CCECE 2012), Montreal, May 2012

14 Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: ‘Handbook ofapplied cryptography’ (CRC Press, 1997)

15 Hell, M., Johansson, T., Meier, W.: ‘Grain – a stream cipher forconstrained environments’, ECRYPT Stream Cipher Project Report2005/001, 2005, Available at www.ecrypt.eu.org/stream

16 Weste, N.H.E., Harris, D.M.: ‘CMOS VLSI design: a circuits andsystems perspective’ (Addison-Wesley, 2011, 4th edn.)

198& The Institution of Engineering and Technology 2014

11 Appendix

11.1 NLFSR feedback function

The feedback used for the 80-bit NLFSR in this paper isidentical to the feedback used in the NLFSR of the streamcipher Grain v0 [15] and is given by

st(80) = st(63)⊕ st(60)⊕ st(52)⊕ s(45)

⊕ st(37)⊕ st(33)⊕ st(28)

⊕ st(21)⊕ st(15)⊕ st(9)⊕ st ⊕ st(63)st(60)⊕ st(37)st(33)

⊕ st(15)st(9)⊕ st(60)st(52)st(45)⊕ st(33)st(28)st(21)

⊕ st(63)st(45)st(28)st(9)⊕ st(60)st(52)st(37)st(33)

⊕ st(63)st(60)st(21)st(15)⊕ st(63)st(60)st(52)st(45)st(37)

⊕ st(33)st(28)st(21)st(15)st(9)

⊕ st(52)st(45)st(37)st(33)st(28)st(21)

IET Inf. Secur., 2014, Vol. 8, Iss. 3, pp. 188–198doi: 10.1049/iet-ifs.2012.0186