Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Structure 2 Keystream Generation 3 Difference with Trivium 4 Protection in Scan Chain 5 Countermeasure for MICKEY 6 Uses in DFT 7 Cryptanalysis 8 References 9 External links

MICKEY

●فارسی ●Italiano ●עברית ●Русский Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Incryptography, Mutual Irregular Clocking KEYstream generator (MICKEY) is a stream cipher algorithm developed by Steve Babbage and Matthew Dodd.^[1] The cipher is designed to be used in hardware platforms with limited resources, and was one of the three ciphers accepted into Profile 2 of the eSTREAM portfolio. The algorithm is not patented and is free for any use.^[2]

Structure[edit]

The cipher maps an 80-bit key and a variable length initialization vector (0 to 80 bits) to a keystream with a maximum length of 2⁴⁰ bits.

Keystream Generation[edit]

The keystream generator makes use of two registers R and S (100 bits each). The registers are updated in a non-linear manner using the control variables: INPUT BIT R, INPUT BIT S, CONTROL BIT R, CONTROL BIT S. As referred to earlier, any implementation of the cipher contains flip-flops for the R, S registers and the 4 control variables. Furthermore, there must be 7 flip-flops for the counter register to keep track of the number of rounds in the Preclock stage. The keystream production stage in MICKEY 2.0 is preceded by the three stages:- IV Loading, Key Loading and Preclock. Initially the R, S registers are initialized to the all zero state.

Difference with Trivium[edit]

Unlike Trivium, MICKEY 2.0 ^[3] does not allow direct loading of Key and IV bits on to the state register. As mentioned earlier, initially the R, S registers are initialized to the all zero state. Then a variable length IV and the 80 bit Key is used to update the state by successively executing CLOCK KG routine.

Protection in Scan Chain[edit]

MICKEY 2.0 can be protected by an XOR-CHAIN structure. The attacker has the following advantages:

He knows the algorithm of MICKEY 2.0
He can use Initial Vectors of his own choice.
The key remains secret.
He can SCAN-IN and SCAN-OUT vectors as per his choice.

To hide the mapping between the scan cells and the actual variables of a cipher is what drove the previous single-feedback and Double-Feedback XOR-Chain schemes. As this is also falling prey to cryptanalysis, as shown in the previous section, we move towards a further secure architecture, named as random XOR-Chain (rXOR-Chain) structure.

Countermeasure for MICKEY[edit]

The Flipped-Scan countermeasure technique to protect scan-chains was proposed earlier. This involved placing inverters at random points in the scan-chain. Security stemmed from the fact that an adversary could not guess the number and positions of the inverters. This technique was cryptanalyzed using a RESET attack. It was shown that if all flip-flops in the scan-chain are initially RESET, then the positions of the inverters can be completely determined by the 0 → 1 and 1 → 0 transitions in the scanned-out vector. As an alternative, the XOR-CHAIN based countermeasure was proposed. The technique involves placing XOR gates at random points of the chain.^[4] Security again stems from the fact that an adversary is unable to guess the number and positions of the XOR gates.

Uses in DFT[edit]

Scan-based DFT is the most widely used DFT scheme for integrated circuit testing as it is simple and yields high fault coverage. The advantage of scan-based testing is that it provides full observability and controllability of the internal nodes of the IC.

Cryptanalysis[edit]

As of 2013, a differential fault attack has been reported against MICKEY 2.0 by Subhadeep Banik and Subhamoy Maitra.^[5]

References[edit]

^ "MICKEY (Portfolio Profile 2)". Retrieved 5 October 2011.

^ "eSTREAM Portfolio Stream Ciphers -- IP Status". Retrieved 5 October 2011.

^ S.Banik (2013). "Improved Scan-Chain Based Attacks and Related Countermeasures". Progress in Cryptology – INDOCRYPT 2013. Lecture Notes in Computer Science. Vol. 8250. Springer. p. 78. doi:10.1007/978-3-319-03515-4_6. ISBN 978-3-319-03514-7. Mickey

^ B. Gierlichs; L. Batina; C. Clavier; T. Eisenbarth; A. Gouget; H. Handschuh (2008). "Side Channel Attacks".

^ Banik, Subhadeep; Maitra, Subhamoy; Sarkar, Santanu (2013). "A Differential Fault Attack on MICKEY 2.0". Cryptology ePrint Archive.