2080 IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 26, NO.
11, NOVEMBER 2007
Secured Flipped Scan-Chain Model
for Crypto-Architecture
Gaurav Sengar, Debdeep Mukhopadhyay, and
Dipanwita Roy Chowdhury
Abstract—Scan chains are exploited to develop attacks on cryptographic
hardware and steal intellectual properties from the chip. This paper
proposes a secured strategy to test designs by inserting a certain number of
inverters between randomly selected scan cells. The security of the scheme
has been analyzed. Two detailed case studies of RC4 stream cipher and
AES block cipher have been presented to show that the proposed strategy
prevents existing scan-based attacks in the literature. The elegance of the
scheme lies in its less hardware overhead.
Index Terms—Block ciphers, design_for_testability, hardware over-
head, scan_based_test, scan-chain-based attacks, security margin, stream
ciphers.
I. I NTRODUCTION
With the increase in the applications and complexity of crypto-
devices, reliability of such devices has raised concern. Scan chains
are the most popular testing technique due to their high fault coverage
and least hardware overhead. However, scan chains open side channels
for cryptanalysis [1], [2]. Scan chains are used to access intermediate
values stored in the flip-flops, thereby, ascertaining the secret informa-
tion, often known as key. Conventional scan chains fail to solve the
conflicting requirements of effective testing and security [2]. In order
to solve this challenging problem of efficiently testing cryptographic
chips, some research works have been proposed.
In [3], a scan-chain design based on scrambling was proposed which
dynamically reorders the flip-flops in a scan chain. However, statistical
analysis of the information scanned out from chips can still determine
the scan-chain structure and the secret information [4]. Furthermore,
the area overhead and wiring complexity is high. The scrambler uses
a control circuit, which requires flip-flops for their implementation.
The control circuit uses a separate test key in order to program the
interconnections. Thus, if one uses scan chains to test the scrambler
circuit, the attack proposed in the study in [1] can be used to decode
the test key and, hence, break the scheme of reordering.
An interesting alternative and one of the best methods was proposed
in [4] and [5], where a secure scan-chain architecture with mirror
key register was provided. The scheme had an insecure and a secured
mode. When a crypto chip is in the insecure mode, it can be switched
between the test mode and the normal mode similar to the general
scan-based design for testability (DFT). However, when a crypto chip
is in the secure mode, it can only stay in the normal mode. While a
crypto chip can be switched from insecure mode to secure mode at
any time, switching back from secure mode to insecure mode is only
done through a power OFF reset. But the method has the following
shortcomings: Security is derived from fact that switching off power
destroys the data in registers. In addition, at-speed or online testing
Manuscript received June 27, 2006; revised October 30, 2006, January 23,
2007, and April 9, 2007. This paper was recommended by Associate Editor
S. Hellebrand.
G. Sengar and D. R. Chowdhury are with the Department of Computer
Science and Engineering, Indian Institute of Technology, Kharagpur 721302,
India (e-mail: gaurav@cse.iitkgp.ernet.in; drc@cse.iitkgp.ernet.in).
D. Mukhopadhyay is with the Department of Computer Science and En-
gineering, Indian Institute of Technology, Madras 600036, India (e-mail:
debdeep@cse.iitm.ernet.in).
Digital Object Identifier 10.1109/TCAD.2007.906483
0278-0070/$25.00 © 2007 IEEE
is not possible with this scheme. The cryptographic device can be a
part of a critical system that remains continuously ON (like satellite-
monitoring system). The method cannot be used to test Cipher Block
Chained encryptors, as after the device is switched off due to testing,
all the previous blocks need to be encrypted again.
In [6], a lock-and-key technique was proposed, which uses a test
security controller (TSC). When a key is successfully entered, the
finite-state machine (FSM) of the TSC switches the chip to a secured
mode, allowing normal scan-based testing. Otherwise, the device goes
to an insecure mode and remains stuck until an additional test-control
pin is reset. The design suffers from the problem of large overhead due
to the design of the TSC. The TSC itself uses a large number of flip-
flops (for linear feedback shift registers (LFSRs) and FSMs), which
requires built-in self test for testing leading to an inefficient design.
Furthermore, the design uses an additional key (known as test key)
for security. If the cipher uses an n-bit key for its operation, a brute-
force attack would require 2n operations. If the design uses additional
t key bits for security, then, with a total of n + t bits of key, the design
provides security equivalent to that of min(n, t) bits, which is not
desirable.
In [7], a scan-tree-based architecture with aliasing-free compactor
was proposed for testing of cryptographic devices. However, the
design has the weakness of a large-area overhead due to the design
of compactors and its testing circuit. Normal computer-aided design
(CAD) flow does not also support the design of scan-tree structures.
Contribution of this paper: In this paper, we propose an elegant
solution to the problem of testing cryptographic devices at the expense
of very low-area overhead using inverters in the scan path. The design
works exactly like conventional scan chains and does not use any
additional test key bits or clock cycles. Any conventional CAD flow
can also synthesize the scan design and generate its test patterns
without any extra steps in the design flow. Testing of the additional
NOT gates is very simple. The flipped scan-chain architecture is also
amenable to online testing.
This paper is organized as follows. Section II introduces the flipped
scan-chain architecture and analyzes its security. In Section III, the
flipped scan chain is analyzed with respect to standard stream and
block ciphers, like RC4 and AES. In Section IV, the overhead and the
security achieved is compared with the best reported solutions in this
field. Section V discusses few additional points on flipped scan chains.
This paper is concluded in Section VI.
II. F LIPPED S CAN -C HAIN A RCHITECTURE
AND I TS S ECURITY A NALYSIS
In this section, we first propose the new scan-chain architecture used
to test cryptographic implementations. In this model, we introduce
inverters or NOT gates (Fig. 1) at the input of the scan_in pin of the
scan D-flip flop (SDFF). We call the modified flip-flops flipped SDFF
(FSDFF). In the flipped scan-chain model, it consists of both SDFFs
and FSDFFs.
The modified scan-chain architecture is, thus, very similar to the
conventional scan chains except for the fact that there are inverters
at certain locations known to the designer only. The presence of
NOT gates in the scan-data path does not hamper the normal function-
ality of the device. However, it prevents in analyzing the scan data
in order to ascertain the intermediate values stored in the flip-flops.
Proper placements of inverters can help in preventing existing scan-
chain-based attacks. Still the testing of the circuit can be performed
with the same efficiency of conventional scan chains oblivious of the
presence of inverters.
IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 26, NO. 11, NOVEMBER 2007
Fig. 1. Flipped scan DFF.
In the following section, we show that the computation of the
configuration of the NOT gates and, in turn, the structure of the scan
chain is hard.
A. Security Analysis
We define our design to be secure against scan-chain-based attacks
when effort required to break the structure of the scan chain is
computationally infeasible with modern-day computation. In order to
carry out the attack on ciphers with scan chains, one needs to ascertain
the scan structure [1]. Hence, we show first that when the positions of
the inverters inside the scan chains are hidden to the attacker then the
task of determining the scan structure becomes infeasible.
As a design rule, we place k =
(n + 1)/2 inverters in a scan chain
with n flip-flops. In the following result, we show that, even if the
attacker computes the number of inverters (k) from the number of flip-
flops (n), the probability of his successfully guessing the structure of
the scan chain is nearly 1/2n .
Theorem 1: For a flipped scan chain with n flip-flops and k =

(n + 1)/2 inverters, the probability to guess the correct structure
by an attacker with the knowledge of n is nearly 1/2n .
Proof: Let the number of flip-flops be n and the number of
inverters placed be p. Hence, the number of structures possible is
n+1
Cp , where n+1 Cp means the number of ways of choosing p
unordered elements from (n + 1) elements.
Let us assume that attacker uses the knowledge that the number
of inverters is half the number of flip-flops, so we have p =
(n +
1)/2. Therefore, the probability to guess the correct structure is now
1/n+1 C
(n+1)/2 .
In order to compute the bound, we use the fact that the maximum
value of n+1 Cr is when r =
(n + 1)/2. We combine this with
the fact that the maximum binomial coefficient (given by the above
value) must be greater than the average of all the binomial coefficients,
i.e., when r runs from zero to (n + 1). But, n+1 C
(n+1)/2 > 2n+1 /
(n + 2) ⇒n+1 C
(n+1)/2 > 2n+1−log2 (n+2) . And for large values of
n, n + 1 − log2 (n + 2) ≈ n. Hence, the probability of guessing the
correct scan structure is nearly 1/2n .

Thus, if we have a scan chain of length 100 flip-flops, the probability
of guessing the correct structure is nearly 1/2100 . With modern-day
computational power, any algorithm with complexity on the order of
280 is considered to be infeasible [8].
In order to perform scan-chain-based attacks, the attacker has to
control and observe the states of the flip-flops in the scan chain.
Attackers use the scan-input pins to control and the scan-output pins
to observe the internal states of the flip-flops. However, in the case of
the flipped scan chain, the attacker is not able to control and observe
2081
Fig. 2. Security analysis of the flipped scan chain.
the states of the flip-flops, as he is unaware of the locations of the
inverters. Let the flipped scan chain contain n flip-flops enumerated as
one to n. Let us indicate the fact that an inverter is placed on the link
m using a variable am = 1, otherwise am = 0 (Fig. 2). Suppose the
attacker feeds in a pattern X = {X1 , X2 , . . . , Xn } through the scan-
input pin. Due to the presence of the inverters, however, a different
pattern I = {I1 , I2 , I3 , . . . , In } reaches the n flip-flops. The patterns
X and I are related by the following equations: I1 = X1 ⊕ a1 , I2 =
X2 ⊕ a1 ⊕ a2 , . . . , In = Xn ⊕ a1 ⊕ a2 , . . . , ⊕an .
Suppose the attacker sends in a pattern through the scan-input pin
and observes the pattern coming out of the scan-output pin when the
design is in test mode. From the polarity of the input and output
pattern, the attacker is able to know whether an even or odd number of
inverters are present in the scan chain. Hence, he knows the value of
a1 ⊕ a2 ⊕ · · · an+1 , as for n flip-flops, there are (n + 1) links to place
the inverters. However, using the scan chains, the attacker is unable
to ascertain the number of inverters between the scan-input pin and
a flip flop, between any two flip-flops, or between a flip-flop and the
scan-output pin. Hence, the attacker cannot exploit the scan chain to
ascertain the values of a1 , a1 ⊕ a2 , . . . , a1 ⊕ a2 ⊕ · · · ⊕ an . Thus, as
may be observed from the relations between the patterns I and X,
the attacker cannot obtain the values of the pattern I any better than
guessing the values of n binary variables ai (1 ≤ i ≤ n). Similarly,
the attacker cannot observe the values of the n flip flops any better
than guessing the values of n variables ai (2 ≤ i ≤ n + 1).
In the following section, we analyze the security of conventional
stream and block ciphers with flipped scan chains.
III. S ECURITY A NALYSIS OF C ONVENTIONAL S TREAM AND
B LOCK C IPHERS W ITH F LIPPED S CAN A RCHITECTURES
A. Security Analysis of RC4 Stream Cipher
With Flipped Scan Chain
For the analysis of the effectiveness of a flipped scan-chain model,
we first consider the RC4 circuit [9].
Brief Architecture of RC4 Stream Cipher: The RC4 stream
cipher works in two phases: key setup and ciphering.
There are two 256-B arrays, S-Box and K-Box. The S-array is
filled linearly, such as S0 = 0, S1 = 1, S2 = 2, . . . , S255 = 255. The
K-array consists of the key, and i and j are two counters which are
initialized to zero. In the key-setup phase, the S-box is being modified
according to the following pseudocode.
Key-setup phase
for i = 0 to 255
j = (j + Si + Ki ) mod 256
swap Si and Sj .
Once the key-setup phase is completed, the second phase generates
the key stream K, which is XORed with the plaintext/ciphertext to
2082 IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 26, NO. 11, NOVEMBER 2007
produce ciphertext/plaintext. We now show that the flipped scan chain
provides security when they are deployed to test stream ciphers.
Security Analysis: The attack proposed in [7] is shown to crack a
stream-cipher system. In this paper, we first show that when the scan
chain is implemented with the conventional structure the stream cipher
can be attacked using scan chains.
The attack methodology works in two phases. The first step is
to ascertain the position of all the important registers and, then, in
the second step, to scan out the values of those registers in order to
compute the key stream. In the context of RC4, the critical registers
are i, j, Si , and Sj . These are the registers used in the initial key-setup
phase and to determine the key stream. Once the key stream is known,
the cipher is compromised as the ciphertext is an XOR between the
plaintext stream and the key stream.
When the cipher has conventional scan chains, one may ascertain
the positions and, finally, the values of these registers. The attack works
as follows.
First, when the attacker takes control of the chip, he scans out the
patterns which is the internal state of the registers. But he does not
know the required positions which he decides in the following steps.
1) Since i is an 8-bit counter, its values repeat after 256 clock
cycles. Hence, the positions of the bits of the i registers in the
scan chain can be easily determined. For example, the i[0] will
toggle alternately, while the i[1] will toggle after every two clock
cycles. Similarly, the entire register can be determined.
2) We know the initial RAM configuration and the positions of
register i. Initially, S(i) = i, and the value is updated in the key-
setup phase. The value of the SRAM gets changed in the second
clock cycle. Therefore, we set the register i through the scan-
input path (since its position is already known). Then, the chip is
run for the first clock cycle in normal mode and, then, scan out
the register values before letting the chip go to the second clock
cycle. Thus, in the scan-out patterns, the positions of the register
Si can be known just like the register i as S(i) = i during the
first clock cycle. Hence, the value of i and Si can be controlled
from the scan-input pins.
3) The attacker now sets the key-input lines to zero. Therefore, the
value of Ki is zero. In addition, the attacker sets the values of
the register Si to one through the scan path. Then, the design is
run for the first clock cycle of the normal run. Thus, the update
equation of the register j is j = j + 1. Then, we scan out the
patterns. The next pattern which is to be scanned in is the same
as the scan-out pattern, except that the pattern for Si is set to one.
Then, we repeat the process, and since the register j behaves as
a counter, its positions can be determined easily.
4) In order to ascertain the position of Sj register, the attacker loads
the Si register with known value in the test mode and runs the
chip for three clock cycles in normal mode. Since, Si and Sj
values have swapped; therefore, Sj now contains the preset value
of Si . Now, if he scans out the patterns, he can easily ascertain
the positions of Sj registers in the scan path.
This completes the first phase of the attack. In the second phase,
the knowledge of the positions and the values of the registers i,
j, Si , and Sj can be used to determine all the memory contents
and, finally, backtrack to compute the value of the key stream K using
the following equations:
K(n) = St ; t = (Si (n) + Sj (n)) mod 256
i(n − 1) = (i(n) − 1) mod 256; Si (n − 1) = Sj (n)
Sj (n − 1) = Si (n); j(n − 1) = j(n) − Si (n − 1) mod 256.
The message stream can be decoded by xoring the observed cipher-
text stream with the computed key stream.
Fig. 3. Flipped scan-chain structure implemented in AES.
How Flipped Scan Chain Prevents the Attack: In this case, the
attacker cannot control or observe the values of the registers i, j,
Si , and Sj through the scan inputs and outputs due to the unknown
positions of the inverters. Hence, the steps of the above attack are
not successful in breaking the stream cipher. In our design, there are
176 flip-flops, and hence, we place 176/2 = 88 NOT gates. Thus, as
per Theorem 1, the probability for an attacker to guess the correct
structure is nearly 2−176 , which is negligible. Either to control or
observe the states of the 176 flip-flops, the attacker has to guess
176 binary variables. Thus, the above scan-based attack is resisted.
B. Security Analysis of AES With Flipped Scan Chain
Conventional block ciphers like AES are insecure against scan-
chain-based attacks when designed with conventional scan chains
[4]. The problem was circumvented using secure scan chains in [4].
However, the solution imposes restrictions on the usage of the crypto-
device: Online testing is not possible and that the crypto-device has to
be turned off to test the design. In order to alleviate these issues, we
propose to insert flipped scan architecture with an additional nonlinear
layer in an AES hardware implemented in 0.18-µm CMOS technology
[1], as shown in Fig. 3. The nonlinear layer is kept unknown to an
attacker.
There are various methods existing in literature describing the
construction of cryptographically robust S-Boxes (nonlinear layer).
One of the interesting methods to systematically construct S-Boxes
is presented in [11]. This paper shows that the constructed S-Boxes
have high nonlinearity and are strong against differential and linear
Cryptanalysis. Informally, the method generates m × m S-Boxes
concatenating k × k linear mappings, where k > m/2. The lin-
ear mappings are based on the combinatorial properties of group
Hadamard matrices. This paper proves that all the generated S-Boxes
with parameters (m, k) are equally cryptographically robust against
Cryptanalysis and have the same nonlinearity. This paper mathemat-
ically establishes that, for an m × m S-Box, with parameters k >
m/2 and t = m − k, the number of S-Boxes possible by the method

k 
k −1 
is 2m−k ! 2 t−1 22m−k . Thus, when the value of m = 8, k = 5,


31
and t = 3, the number of possible S-Boxes is as follows: #SBox =
8! 31
3 8
= 1.43 × 1015 ≈ 250 . Similarly, when the value of m =
10, k = 7, and t = 3, the number of possible S-Boxes is approxi-
mately 1.96 × 1022 > 274 .
In order to prevent scan-chain-based attacks against AES, we re-
quire to first build m flipped scan chains and, then, to place an m × m
nonlinear layer at the output of the flipped scan chains, as shown
in Fig. 3. For the nonlinear layer, the designer randomly selects one
construction out of the large number of possible cryptographically
strong S-Boxes.
In the following, we show that the flipped scan-chain architecture,
along with the nonlinear layer, provides high security with very low
IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 26, NO. 11, NOVEMBER 2007
Fig. 4. Round operation of AES encryption.
overhead. The final structure is able to prevent the attack proposed
in [4]. Fig. 4 shows the general structure of the AES algorithm [12].
How Flipped Scan Chain Prevents the Attack Proposed in [4]:
We show that the attack on AES by [4] fails to crack the key for our
AES circuit. In the attack, the first step is to guess the position of the
registers to obtain intermediate values of each step. The main motive is
to find the position of the register R (Fig. 4) by exploiting the property
of Avalanche effect in good ciphers, where a change in 1-bit of input,
several bits in the output get changed. In order to ascertain the positions
of the register R in the scan structure, the difference in the scan-out
pattern was observed.
Once, the position of register R was ascertained, the second step
comes to play. In this step, two values of input plaintext were chosen,
which differs in 1-byte. In addition, from the number of ones in the
difference of the scanned out values of the register R, the values
of register b was computed using differential property of the AES
algorithm. Finally, with the values of a and the register b, the key
value was calculated using the following: RK0 = B ⊕ A; RK01,1 =
b1,1 ⊕ a1,1 .
The scan-chain-based attack on AES is prevented when the con-
ventional scan chain is replaced with the flipped scan chain, along
with the nonlinear layer, as shown in Fig. 3. We emphasize the point
that a stand-alone application of the nonlinear layer cannot prevent
scan-chain-based attacks. This is because, in order to maintain high
observability, the nonlinear layer has to be invertible. Thus, without the
flipped scan chain, the attacker may control the input to the nonlinear
layer and observe the output and, hence, easily determine the nonlinear
mapping. However, it is because of the flipped scan chain that the
attacker looses controllability and observability of the internal states
of the design.
The modified scan chain can successfully prevent scan-chain attacks
on the AES hardware proposed in [4] because of the following
reasons.
1) The exploitation of differential values is now not possible due
to the unknown nonlinear structure. This prevents the attacker to
ascertain the position of the register R.
2) The presence of NOT gates in the scan path does not allow to
ascertain the mapping function of the nonlinear layer. This is
because the attacker has no control over the input to the internal
structures of the design until he knows the structure of the flipped
scan chain.
3) Since step 1 fails, step 2 of attack cannot be performed. In
addition, it may be noted that step 2 is also not possible. This
is because the attacker requires to compute differences in the
scanned-out values of register R, which is now obscured by the
nonlinear layer.
2083
TABLE 1
OVERHEAD ANALYSIS OF FLIPPED SCAN CHAIN IN AES
Next, we show a case study for overhead analysis of the flipped scan
structure.
IV. O VERHEAD OF F LIPPED S CAN C HAIN FOR AES
In this section, we analyze the overhead of the flipped scan chain
in an AES hardware implemented using 0.18-µm CMOS technology
[10]. We analyze the overhead under two conditions: without key
scheduling (KS) (number of flip-flops 4048) and with KS (number of
flip-flops 6336). The flip-flops were divided into eight scan chains of
equal length. The output of the scan chains was transformed by an
8 × 8 nonlinear mapping of good cryptographic properties [11]. The
gate count of the design of the nonlinear function was 159 gates.
The first row of Table I mentions that, in the AES design without
KS, the number of flip-flops per scan path is 506. We place ten
NOT gates per scan chain. Hence, the overhead is due to 80 inverters
and 159 gates for the nonlinear mapping. The probability of the
attacker to break the system is computed, as proved in Theorem 1
of Section III. If we assume that the attacker knows that there are
ten flip-flops in the scan chain, then according to Theorem 1, the
probability of success of the attacker is 1/(507 C10 ) = 2−70 . Similarly,
for the remaining seven scan chains, the probability of the attacker to
be successful is also negligible. Likewise, we compute the overhead
and security margin for the implementation of AES with KS. The area
overhead of the proposed method was found to be less than 0.1%, as
compared to an overhead of 1% required for secured scan [4] and 17%
required for crypto scan [7].
V. F URTHER D ISCUSSIONS ON F LIPPED S CAN C HAIN
There is a growing recognition in the industry that the conventional
scan chains that make ICs testable can potentially be used to break
encryption algorithms and steal intellectual properties of chips. Al-
though the works reported in [1], [4], and [7] focus on methodologies
for breaking encryption algorithms, scan chains also pose threat to all
kinds of intellectual property inside the chip. However, the flipped scan
chain is suitable to protect IP cores because it provides minimum con-
trollability and observability to an unintended user without reducing
the fault coverage. The elegance of the method is due to the fact that
the area overhead is minimal.
The security of the flipped scan chain against scan-based attacks
depends on the fact that the attacker is unable to ascertain the structure
of the scan chain due to the presence of inverters in the chain. Since,
scan-chain data are streamed in and out synchronously with a clock,
timing measurements does not reveal information about the number of
inverters in a scan chain. Similarly, power measurements might reveal
information about the number of inverters but not their positions in
the scan chain. However, with the development of probing attacks,
the flipped scan chain needs to be implemented carefully, with one
possibility being to use secret value to activate the inverters, so as not
to leak its structures to such attackers.
2084 IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 26, NO. 11, NOVEMBER 2007
VI. C ONCLUSION
In this paper, a flipped scan-chain architecture is proposed to test
cryptographic devices. The security of the scheme is analyzed, and the
results are supported with real-life cipher architectures. With proper
safeguards against probing attacks, the present scheme achieves secu-
rity against existing scan-based attacks with very less area overhead.
The proposed scheme can be used to protect the intellectual property
of a chip, which is easily compromised using conventional scan chains.
R EFERENCES
[1] B. Yang, K. Wu, and R. Karri, “Scan based channel attack on dedicated
hardware implementation of data encryption standard,” in Proc. ITC,
Oct. 26–28, 2004, pp. 334–344.
[2] R. Kapoor, “Security vs. test quality: Are they mutually exclusive?”
in Proc. ITC, Oct. 26–28, 2004, p. 1414.
[3] D. Hely, M. Flottes, F. Bancel, B. Rouzeyre, N. Berard, and M. Renovell,
“Scan design and secure chip,” in Proc. 10th IEEE IOLTS, Jul. 12–14,
2004, pp. 219–226.
[4] B. Yang, K. Wu, and R. Karri, “Secure scan: A design-for-test architecture
for crypto-chips,” in Proc. 42nd DAC, 2005, pp. 135–140.
[5] B. Yang, K. Wu, and R. Karri, “Secure scan: A design-for-
test architecture for crypto-chips,” IEEE Trans. Comput.-Aided
Design Integr. Circuits Syst., vol. 25, no. 10, pp. 2287–2293,
Oct. 2006.
[6] J. Lee, M. Tehranipoor, C. Patel, and J. Plusquellic, “Securing scan design
using lock and key technique,” in Proc. 20th IEEE Int. Symp. DFT VLSI
Syst., 2005, pp. 51–62.
[7] D. Mukhopadhyay, S. Banerjee, D. RoyChowdhury, and B. Bhattacharya,
“Cryptoscan: Secured scan chain architecture,” in Proc. 14th IEEE ATS,
2005, pp. 348–353.
[8] W. Stallings, Cryptography and Network Security. Englewood Cliffs,
NJ: Prentice-Hall, 2003.
[9] P. Kitsos, G. Kostopoulos, N. Sklavos, and O. Koufopavlou, “Hard-
ware implementation of the RC4 stream cipher,” in Proc. 46th IEEE
Midwest Symp. Circuits Syst., Cairo, Egypt, Dec. 27–30, 2003, vol. 3,
pp. 1363–1366.
[10] D. Mukhopadhyay and D. RoyChowdhury, “An efficient end to end design
of Rijndael cryptosystem in 0.18 µ CMOS,” in Proc. 18th Int. Conf.
VLSID, Jan. 3–7, 2005, pp. 405–410.
[11] J. Seberry, X.-M. Zhang, and Y. Zheng, “Systematic generation of cryp-
tographically robust S-boxes,” in Proc. 1st ACM Conf. Comput. Commun.
Security, Fairfax, VA, 1993, pp. 171–182.
[12] J. Daemen and V. Rijmen, The Design of Rijndael. New York: Springer-
Verlag, 2002.
0278-0070/$25.00 © 2007 IEEE
Silicon Debug for Timing Errors
Kai Yang and Kwang-Ting Cheng
Abstract—Due to various sources of noise and process variations,
assuring a circuit to operate correctly at its desired operational fre-
quency has become a major challenge. In this paper, we propose a
timing–reasoning-based algorithm and an adaptive test-generation algo-
rithm for diagnosing timing errors in the silicon-debug phase. We first
derive three metrics that are strongly correlated to the probability of
a candidate’s being an actual error source. We analyze the problem of
circuit timing uncertainties caused by delay variations and test sampling.
Then, we propose a candidate-ranking heuristic, which is robust with
respect to such sources of timing uncertainty. Based on the initial ranking
result and the timing information, we further propose an adaptive path-s-
election and test-generation algorithm to generate additional diagnostic
patterns for further improvement of the first-hit-rate. The experimental
results demonstrate that combining the ranking heuristic and the adaptive
test-generation method would result in a very high resolution for timing
diagnosis.
Index Terms—Author, please supply your own keywords or send a blank
e-mail to keywords@ieee.org to receive a list of suggested keywords.
I. I NTRODUCTION
There is an increasing probability that a high-performance nanome-
ter device will fail at its desired clock frequency. The sources of
timing failures include inaccurate delay modeling in the design phase,
process variations, dynamic noise, and manufacturing defects. Once
a defective chip which violates the timing specification is identified,
diagnosis and silicon debug attempt to locate and fix the root cause
of the failures. The diagnosis result can be further utilized for failure
analysis and yield improvement. However, silicon debug for timing
failures remains a very challenging task.
Several physical tools have been used to facilitate the root-cause-
analysis process. However, utilizing physical probing tools for root-
cause analysis is very expensive and time-consuming. Diagnosis
algorithms could be applied to reduce the number of candidates
and/or to rank-order them before employing the physical tools. The
resolution and the first-hit-rate (F-H-R) of the rank-ordered candidates
reported by the diagnosis process are critical factors in determining
the efficiency of silicon debug. The resolution is defined as the ratio
of the number of actual fault sites to the total number of reported
candidates. The F-H-R is defined as the number of candidates that
need to be examined for the root-cause analysis. If there are multiple
errors in the circuit, the objective of the diagnosis algorithm would be
to optimize the F-H-R for any of multiple error sources. This objective
makes sense because silicon debug is an iterative process in which
one bug is identified and fixed in each iteration [1], [2]. Unfortunately,
the existing timing-error-diagnosis methodologies suffer from either a
poor F-H-R or low scalability.
The existing methods can be classified into two categories:
1) fault-model-based diagnosis [3]–[8] and 2) reasoning-based diagno-
sis [9]–[12]. For a fault-model-based diagnosis, the cause of a timing
failure is modeled as a fault, such as a transition fault or a path-delay
fault. The diagnosis procedure is invoked to identify those faults that
Manuscript received May 17, 2006; revised January 20, 2007. This paper
was recommended by Associate Editor S. Hellebrand.
K. Yang is with Novas Software, Inc., San Jose, CA 95110 USA (e-mail:
kyang@novas.com).
K.-T. Cheng is with the University of California, Santa Barbara, CA 93106
USA.
Digital Object Identifier 10.1109/TCAD.2007.906479