Abstract: Scan design makes digital circuits easily testable, however, it can also be exploited to be used for hacking the chip. We have reported a secure and testable scan design approach by using extended shift registers called "SRequivalents" that are functionally equivalent but not structurally equivalent to shift registers [14] , [15] , [16] , [17] , [18] . In this paper, to further extend the class of SR-equivalents we introduce a wider class of circuits called "SR-quasiequivalents" which still satisfy the testability and security similar to SR-equivalents. To estimate the security level, we clarify the cardinality of each equivalent class in SR-quasi-equivalents for several linear structural circuits, and also present the actual number of SR-quasi-equivalents obtained by the enhanced program SREEP.
Introduction
Both testability and security of a chip has become primordial to ensure its reliability and protection from invasion to access important information. However, both may have conflicting requirements for designers. To guarantee quality, designers use design for testability (DFT) methods to make digital circuits easily testable for faults. Scan design is a powerful DFT technique that warrants high controllability and observability over a chip and yields high fault coverage [1] , [2] . However, this also accommodates reverse engineering, which contradicts security. For secure chip designers, there is a demand to protect secret data from side-channel attacks and other hacking schemes [3] . Nevertheless, with improved control and access to the chip through DFT, the chip becomes more vulnerable to attacks. Scan chains can be used to steal important information such as intellectual property (IP) and secret keys of cryptographic chips [4] , [6] . Despite all these, security chips can be made more susceptible to errors, and thus, not secure, if they are faulty. Therefore, testability is as important as security for secure IC designers to guarantee the quality of security and functionality of the chip. Hence, there is a need for an efficient solution to satisfy both testability and security of digital circuits.
To solve this challenging problem, different approaches have been proposed [4] , [5] , [6] , [7] , [8] , [9] , [10] , [11] , [12] , [13] . All the approaches except Ref. [13] add extra hardware outside of the scan chain. Disadvantages of this are high area overhead, timing overhead or performance degradation, increased complexity of testing, and limited security for the registers part among others. The approach of Ref. [13] which inserts inverters in scan 1 Akita University, Akita 010-8502, Japan 2 Osaka Gakuin University, Suita, Osaka 564-8511, Japan a) fujiwara@ie.akita-u.ac.jp chains has a disadvantage such that the positions of inserted inverters can be determined by simply scanning out after resetting (to zero) all the flip-flops in the scan chain. Thus, internal state can be identified and the security is breached. To resolve those disadvantages of previous works, we have reported a secure and testable scan design approach by using extended shift registers called "SR-equivalents" that are functionally equivalent but not structurally equivalent to shift registers [14] , [15] , [16] , [17] , [18] . The proposed approach is only to replace part of the original scan chains to SR-equivalents, which satisfy both testability and security of digital circuits. This method requires very little area overhead and no performance overhead. Moreover, no additional keys and controller circuits outside of the scan chain are needed, thus making the scheme low-cost and efficient.
In this paper, to further extend the class of SR-equivalents we introduce a wider class of circuits called "SR-quasi-equivalents" which still satisfy the testability and security similar to SRequivalents. The class of SR-equivalents is a specific subclass of SR-quasi-equivalents. The proposed approach in this paper is the same as Refs. [14] , [15] , [16] , [17] , i.e., it is only to replace part of the original scan chains to SR-quasi-equivalents in place of SR-equivalents. Using SR-quasi-equivalents in place of SR-equivalents has several advantages. The class of SR-quasiequivalents is wider than that of SR-equivalents, and hence it has more choices or is more flexible to select modified scan registers not only for security and testability but also for other purpose such as low power testing. The security level of the secure scan architecture based on those SR-quasi-equivalents is determined by the probability that an attacker can identify or guess right the configuration of the SR-quasi-equivalent used in the circuit, and hence the attack probability approximates to the reciprocal of the cardinality of the class of SR-quasi-equivalents. We clarify the cardinality of each equivalent class in SR-quasi-equivalents for several linear structured circuits, and also present the actual number of SR-quasi-equivalents obtained by the program SREEP [20].
SR-equivalent Circuits
Consider a k-stage shift register shown in Fig. 1 . For the kstage shift register, the input value applied to x appears at z after k clock cycles. Suppose a circuit C with a single input x, a single output z, and k flip-flops as shown in Fig. 2 . If the input value applied to x of C appears at the output z of C after k clock cycles, the circuit C behaves as if it is a k-stage shift register. Definition 1. A circuit C with a single input x, a single output z, and k flip-flops is called functionally equivalent to a k-stage shift register (or SR-equivalent) if the input value applied to x at any time t appears at z after k clock cycles, i.e., z(t + k) = x(t) for any time t. Figure 3 illustrates an example of 3-stage SR-equivalent circuit R 1 . The table in Fig. 3 can be obtained easily by symbolic simulation. As shown in the table, z(t + 3) = x(t), i.e., the input value applied to x appears at z after k = 3 clock cycles, and hence the circuit is SR-equivalent. Although the input/output behavior of R 1 is the same as that of the 3-stage shift register, the internal state behavior of R 1 is different from the shift register. For the shift register SR, the input sequence (x(t), x(t + 1), x(t + 2)) which transfers SR to the state (y 1 
The initial state (y 1 (t), y 2 (t), y 3 (t)) can be identified as (y 1 (t), y 2 (t), y 3 (t)) = (z(t + 2), z(t + 1), z(t)) from the output sequence (z(t), z(t + 1), z(t + 2)). However, for the SR-equivalent circuit R 1 , the input sequence which transfers R 1 to the state (y 1 (t + 3), y 2 (t + 3), y 3 (t + 3)) is (x(t), x(t + 1), x(t + 2)) = (y 3 (t + 3)⊕y 2 (t + 3), y 2 (t + 3), y 1 (t + 3)) from Fig. 3 , and the initial state (y 1 (t), y 2 (t), y 3 (t)) can be identified as (y 1 (t), y 2 (t), y 3 (t)) = (z(t + 2), z(t + 1), z(t)⊕z(t + 1)) from the output sequence. Therefore, without the information on the structure of R 1 one cannot control/observe the internal state of R 1 . From this observation, replacing the shift register with an SR-equivalent circuit makes the scan circuit secure. The SR-equivalent circuit shown in Fig. 3 is a linear feedforward shift register. SR-equivalent circuits can also be realized by a linear feedback shift register and/or by inserting inverters as shown in Fig. 4 . SR-equivalent circuits can be realized not only by linear feed-forward/feedback shift registers with/without inverters but also by more general circuits.
In Ref. [15] , we showed the number of k-stage SR-equivalent circuits for each type of circuits. They are summarized in Table 1 . From those cardinalities of SR-equivalents, the complexity or the difficulty of identifying the structure of SRequivalent circuits increases more than exponentially as the stage of SR increases. Hence, very high security can be realized by using SR-equivalent circuits.
SR-quasi-equivalent Circuits
For an SR-equivalent circuit, the following two problems are important in order to utilize the SR-equivalent circuit as a scan shift register in testing. One problem is to generate an input sequence to transfer the circuit into a given desired state. This is called state-justification problem. The other problem is to determine the initial state by observing the output sequence from the state. This is called state-observation problem. Definition 2. A circuit C with a single input, a single output, and k flip-flops is called to be scan-controllable if for any internal state of C a transfer sequence (of length k) to the state (final state) can be generated only from the connection information of C, independently of the initial state. Definition 3. A circuit C with a single input, a single output, and k flip-flops is called to be scan-observable if any present state (initial state) of C can be identified only from the output sequence Table 1 Cardinality of each class.
# of circuits in the class
# of SR-equivalents in the class
c 2013 Information Processing Society of Japan (of length k) and the connection information of C, independently of the initial state and the input sequence. Definition 4. A circuit C is called to be scan-testable if C is scancontrollable and scan-observable. In Ref. [14] we showed that any SR-equivalent circuit is scantestable.
Theorem 1. [14] Any SR-equivalent circuit is scan-controllable and scan-observable, and hence scan-testable.
Consider a 3-stage I 2 LF 2 SR, R 2 , given in Fig. 5 (a). This I 2 LF 2 SR is SR-equivalent. By using symbolic simulation, we can derive equations to obtain an input sequence (x(t), x(t + 1), x(t + 2)) that transfers R 2 from any state to the desired final state (y 1 (t + 3), y 2 (t + 3), y 3 (t + 3)) as illustrated in Fig. 5 (b) . Similarly, as illustrated in Fig. 5 (c) , we can derive equations to determine uniquely the initial state (y 1 (t), y 2 (t), y 3 (t)) from the output sequence. Hence, R 2 is scan-testable. Next, let us try to relax the definition of scan-testability. First, suppose to relax the scan-controllability by removing "independence of the initial state" as follows. Definition 5. A circuit C is called to be quasi-scan-controllable if for any internal state of C a transfer sequence of length k to the final state can be generated from a given initial state and the connection information of C.
However, this quasi-scan-controllability does not make the state-justification easy because of the dependence of initial state.
So, we don't adopt this relaxation. Next, let us relax the definition of scan-observability as follows. Definition 6. A circuit C is called to be quasi-scan-observable if any present state (initial state) of C can be identified from the output sequence with respect to any applied input sequence (of length k) and the connection information of C.
In this case, since it is easy to apply any input sequence to C, this quasi-scan-observability makes state-observation easy. So, we adopt this relaxation and extend scan-testability as follows. Definition 7. A circuit C is called to be quasi-scan-testable if C is scan-controllable and quasi-scan-observable.
Based on the above new concept of "quasi-scan-testability," we introduce a new class of circuits as follows. Definition 8. A circuit C with a single input x, a single output z, and k flip-flops is called functionally quasi-equivalent to a k-stage shift register (or SR-quasi-equivalent) if the input value applied to x at any time t appears at z after k clock cycles with exclusive-OR of some inputs and/or constant 1, i.e.,
where c 0 , c 1 , c 2 , ..., c k are 0 or 1. The ordered set of coefficients (c 0 , c 1 , c 2 , ..., c k ) is called the characteristic coefficient of the SRquasi-equivalent circuit C.
We can prove that any SR-quasi-equivalent circuit C satisfies the following two properties: (1) for any internal state of C a transfer sequence (of length k) to the state (final state) can be generated only from the connection information of C, independently of the initial state, i.e., C is scan-controllable; (2) any present state (initial state) of C can be identified from the input-output sequence (of length k) and the connection information of C, i.e., C is quasi-scan-observable, where k is the number of flip-flops. Hence, we have the following. Theorem 2. Any SR-quasi-equivalent circuit is scan-controllable and quasi-scan-observable, and hence quasi-scan-testable. Proof. Let C be a SR-quasi-equivalent circuit with a single input x, a single output z, and k flip-flops. Since C is SR-quasiequivalent, the output z at time t + k is z(t where (c 0 , c 1 , c 2 , . . . , c k ) is the characteristic coefficient of C. That is, the input value x(t) flows through k flip-flops to the output z. Without loss of generality, we can suppose x(t) propagates y 1 (t + 1), y 2 (t + 2), . . . , y k (t + k), and z(t + k). The value of x(t) propagates through y 1 (t + 1), y 2 (t + 2), . . . , y k (t + k), and z(t + k). Further, z(t + k) can be expressed as
Similarly, the value of y 1 (t) propagates through y 2 (t + 1), y 3 (t + 2), . . . , y k (t + k − 1), and z(t + k − 1). Hence, z(t + k − 1) can be expressed as z(t + k − 1) = y1(t) ⊕ f 1 . In the same way, z(t + k − 2), z(t + k − 3), . . ., and z(t) are also expressed as z(t+k−2) = y 2 (t)⊕ f 2 , z(t+k−3) = y 3 (t)⊕ f 3 , . . ., and z(t) = y k (t) ⊕ f k , respectively, where f 1 , f 2 , . . ., and f k are the linear functions of y 1 (t), y 2 (t), . . . , y k (t), x(t), x(t + 1), . . ., and x(t + k − 1). From these k equations, y 1 (t), y 2 (t), . . ., and y k (t) are expressed only by x(t), x(t+1), . . . , x(t+k−1), z(t), z(t+1), . . . , z(t+ k − 1). Therefore, the initial state of k flip-flops can be identified from the input-output sequence (of length k) and the connection information of C, i.e., C is quasi-scan-observable. Next, let us prove that the values y 1 (t + k), y 2 (t + k), . . ., and y k (t + k) are expressed only by x(t), x(t + 1), . . . , x(t + k − 1), independently of the initial values y 1 (t), y 2 (t), . . ., and y k (t).
Let us prove it by contradiction. Assume it does not hold. Then, there exists a flip-flop y a such that y a (t + k) includes y b (t). Assign y 1 (t) = 0, y 2 (t) = 0, . . ., y b (t) = 1, . . ., y k (t) = 0, and x(t) = x(t + 1) = . . . = x(t + k − 1) = 0. Since y a (t + k) includes y b (t), y a (t + k) = 1. This value is propagated to z at some time, i.e., z(t + k + j) = 1 for some j < k. On the other hand, x(t) = x(t + 1) = . . . = x(t + k − 1) = 0 implies z(t + k) = z(t + k + 1) = . . . = z(t + 2k − 1) = 0 since this circuit C is SR-quasi-equivalent. This is inconsistent with z(t + k + j) = 1 for some j < k. Therefore, the values y 1 (t + k), y 2 (t + k), . . ., and y k (t + k) can be expressed only by x(t), x(t + 1), . . . , x(t + k − 1), independently of the initial values y 1 (t), y 2 (t), . . ., and y k (t). This means that for any internal state of C a transfer sequence (of length k) to the final state can be generated only from the connection information of C, independently of the initial state, i.e., C is scan-controllable.
Consider a 3-stage I 2 LF 2 SR, R 3 , given in Fig. 6 (a). This I 2 LF 2 SR is SR-quasi-equivalent. By using symbolic simulation,
we can obtain an output sequence (z(t), z(t + 1), z(t + 2), z(t + 3)) and the output z(t + 3) = x(t) ⊕ 1 ⊕ x(t + 2) as shown in Fig. 6 (b) . Therefore, R 3 is SR-quasi-equivalent. By using symbolic simulation, we can derive equations to obtain an input sequence (x(t), x(t + 1), x(t + 2)) that transfers R 3 from any state to the desired final state (y 1 (t + 3), y 2 (t + 3), y 3 (t + 3)) as illustrated in Fig. 6 (c) . Similarly, as illustrated in Fig. 6 (d) , we can derive equations to determine uniquely the initial state (y 1 (t), y 2 (t), y 3 (t)) from the input/output sequence.
Application to Scan Design
A scan-designed circuit consists of a single or multiple scan chains and the remaining combinational logic circuit (kernel) as illustrated in Fig. 7 . A scan chain is regarded as a circuit consisting of a shift register with multiplexers that select the normal data from the combinational logic circuit and the shifting data from the preceding flip-flop as shown in Fig. 8 (a) . Here, we replace the shift register with a modified SR-quasi-equivalent scan register as shown in Fig. 8 (b) . However, to reduce the area overhead as much as possible, not all scan chains are replaced with modified scan chains. As shown in Fig. 9 , only parts of scan chains necessary to be secure are replaced with modified scan chains that cover secret registers to be protected, and the size of the modified scan chains is large enough to make it secure. The size of modified scan chain can c 2013 Information Processing Society of Japan be determined by the expected security level computed from the cardinality of SR-quasi-equivalent circuits that will be described in the following section. The delay overhead due to additional Exclusive-OR gates influences only scan operation, and hence there is no delay overhead for normal operation.
Since the modified scan register is scan-testable, any input sequence can be applied to the modified scan register during stateobservation. Hence, both state-justification and state-observation can be performed simultaneously, i.e., both scan-in and scan-out operations can be overlapped in the same way as the standard scan testing. Therefore, the test sequence for the modified scan design is of the same length as the standard scan design.
Cardinality of SR-quasi-equivalents
When we consider a secure scan design, we need to assume what the attacker knows and how he can potentially make the attack. Here, we assume that the attacker does not know the detailed information in the gate-level design, and that the attacker knows the presence of test pins (scan in/out, scan, and reset) and modified scan chains. However, he does not know the structure of modified scan chains (the connection information, position of XOR and NOT, and the size).
Based on the above assumption, we consider the security to prevent scan-based attacks. Definition 9. A circuit C with a single input x, a single output z, and k flip-flops is called scan-secure if the attacker cannot determine the structure of C.
First, let us consider reset-based attack. For the type of I 2 SR, the positions of inverters can be determined by simply scanning out after resetting (to zero) all the flip-flops in the scan chain. In our previous work [14] , [18] , we showed such reset-based attack can be protected by adding one extra flip-flop which disables scan operation right after reset. Here, we assume our proposed scheme of modified scan registers adopts such an extra flip-flop introduced in Refs. [14] , [18] to prohibit scan-after-reset operation so that an attacker cannot initialize the register by resetting. Next, consider two SR-quasi-equivalents C 1 and C 2 . Suppose that C 1 and C 2 have different structures but the same characteristic coefficient. Then, for any input sequence, the output sequences of C 1 and C 2 are the same after k clock cycles, independently of their initial states. There also exist states s 1 and s 2 for C 1 and C 2 , respectively, such that the output sequences of C 1 and C 2 starting from states s 1 and s 2 are the same. Hence, we cannot distinguish C 1 with s 1 and C 2 with s 2 merely from the input/output relation. Suppose an SR-quasi-equivalent C is given which is either C 1 or C 2 . Since scan-after-reset attack cannot be performed, we cannot reset C. Further, unless we know the structure of C, we cannot determine the initial state merely from input/output relation, and hence we cannot initialize C. Without knowing the internal state of C, we cannot identify if C is C 1 or C 2 . Therefore, an attacker cannot determine the structure of C, and hence C 1 and C 2 are scan-secure.
The characteristic coefficient of any SR-quasi-equivalent circuit C can be identified by applying input sequences to C and observing the output responses from C.
Here, we partition the whole set of SR-quasi-equivalent circuits with k flip-flops into equivalent classes based on characteristic coefficient. Since the size of coefficient is k + 1, the number of equivalent classes is 2 k+1 . The first equivalent class of the characteristic coefficient, 00...0, is the set of SR-equivalent circuits. The security level of the secure scan architecture based on those SR-quasi-equivalents is determined by the probability that an attacker can guess right the structure of the SR-quasiequivalent circuit used in the circuit, and hence the attack probability approximates to the reciprocal of the cardinality of the class of SR-quasi-equivalents. Since the attacker can determine the characteristic coefficient of SR-quasi-equivalents, we need to clarify the cardinality of each equivalent class in SR-quasiequivalents to estimate the attack probability.
The cardinality of each equivalent class in five types of linear structured circuits (I  2 SR, LF  2 SR, I  2 LF  2 SR, I  2 LFSR, LFSR) is summarized in Table 2 . The second row is the equivalent class of the characteristic coefficient 00...00, and this is the same as the SR-equivalents (see Table 1 ). The fourth row is the equivalent class of 10...00 such that z(t + k) = x(t) ⊕ 1. The last row is the total number of each type of linear structured circuit. They coincide with the total number of circuits in the class for I 2 SR, c 2013 Information Processing Society of Japan Table 4 Cardinality of each class of SR-equivalents/quasi-equivalents.
Class # of circuits in the # of SR-equivalents # of SR-quasi-equivalents class in the class in the class Table 3 obtained by SREEP [20] .
The characteristic coefficient of any SR-quasi-equivalent circuit C can be determined by applying input sequences to C and observing the output responses from C. After knowing the characteristic coefficient, the probability that an attacker can further identify or guess right the structure of an SR-quasi-equivalent circuit approximates to the reciprocal of the cardinality of the coefficient's equivalent class. These cardinalities are shown in the right end column of Table 2 . They are all similar to the cardinality of SR-equivalent circuits, i.e., the coefficient (00 . . . 00) class. They grow much more rapidly than exponentially and hence they are very secure.
From Table 1 and Table 2, for each class of linear structured  circuits (I  2 SR, LF  2 SR, I  2 LF  2 SR, I 2 LFSR, LFSR), we have Table 4 which illustrates the total number of circuits in the class, the number of SR-equivalents in the class, and the number of SRquasi-equivalents in the class. From Table 2 and Table 4 , we have the covering relation among five classes of linear structured circuits (I  2 SR, LF  2 SR, I  2 LF  2 SR,   I 2 LFSR, LFSR), and SR-equivalents and SR-quasi-equivalents as illustrated in Fig. 10 .
Although the security level of SR-quasi-equivalents is almost the same as that of SR-equivalents, there are several merits when applying SR-quasi-equivalents to the scan chain. One merit is as follows. From Fig. 10 , we can see all the circuits in I 2 SR, LF 2 SR, and I 2 LF 2 SR are SR-quasi-equivalent, and hence we can use any of them to organize the secure and testable scan chains which means it is very easy to design an SR-quasi-equivalent circuit. Another merit is as follows. As for the influence on test power due to shift register modification, the insertion of inverters and/or XOR gates can reduce test power even more than standard scan design if they are inserted appropriately. However, such modified shift registers are not always SR-equivalent but mostly SRquasi-equivalent. Hence, SR-quasi-equivalent circuits are useful to easily organize modified scan chains that satisfy low-power testing as well as security and testability similar to SR-equivalent circuits.
Conclusion
In our previous work [14] , [15] , [16] , [17] , [18] , we reported a secure and testable scan design approach by using extended shift registers called "SR-equivalents" that are functionally equivalent but not structurally equivalent to shift registers. In this paper, to extend the class of SR-equivalents we have introduced a wider class of circuits called "SR-quasi-equivalents" which still satisfy the testability and security similar to SR-equivalents.
The security level for the secure scan design based on SRquasi-equivalents is related to the attack probability that approximates to the reciprocal of the cardinality of the class of SR-quasiequivalents. In this paper, we clarified the cardinality of each equivalent class in SR-quasi-equivalents for several linear structured circuits, and also presented the actual number of SR-quasiequivalents obtained by the program SREEP [20] .
