In this paper, we introduce generalized feed-forward shift registers (GF 2 SR) to apply them to secure and testable scan design. Previously, we introduced SR-equivalents and SR-quasi-equivalents which can be used in secure and testable scan design, and showed that inversioninserted linear feed-forward shift registers (I 2 LF 2 SR) are useful circuits for the secure and testable scan design. GF 2 SR is an extension of I 2 LF 2 SR and the class is much wider than that of I 2 LF 2 SR. Since the cardinality of the class of GF 2 SR is much larger than that of I 2 LF 2 SR, the security level of scan design with GF 2 SR is much higher than that of I 2 LF 2 SR. We consider how to control/observe GF 2 SR to guarantee easy scan-in/out operations, i.e., state-justification and state-identification problems are considered. Both scan-in and scan-out operations can be overlapped in the same way as the conventional scan testing, and hence the test sequence for the proposed scan design is of the same length as the conventional scan design. A program called WAGSR (Web Application for Generalized feed-forward Shift Registers) is presented to solve those problems. key words: design-for-testability, scan design, shift register equivalents, shift register quasi-equivalents, generalized feed-forward shift registers, security, scan-based side-channel attack
Introduction
The design of secure chips demands protection of secret information, which may cause conflicts with the requirements for making the chip easily testable. While testing techniques such as scan design entail increased testability (controllability and observability) of the chip [1] , [2] , they can also make access to important data in a secure chip a lot easier. This makes it difficult for scan chains to be used especially in special cryptographic circuits where secret key streams are stored in internal registers, and thus a problem arises in testing these types of circuits. However, quality of these circuits is highly in demand currently due to increase in the need of secure systems [3] . Fundamentally, the problem lies on the inherent contradiction between testability and security for digital circuits. Hence, there's a need for an efficient solution such that both testability and security are satisfied.
To solve this challenging problem, different approaches have been proposed [4] - [14] . All the approaches except [11] add extra hardware outside of the scan chain. Disadvantages of this are high area overhead, timing overhead or performance degradation, increased complexity of testing, and Manuscript received October 10, 2012. Manuscript revised December 26, 2012. † The author is with the Graduate School of Engineering and Resource Science, Akita University, Akita-shi, 010-8502 Japan.
† † The author is with the Faculty of Informatics, Osaka Gakuin University, Suita-shi, 564-8511 Japan.
a) E-mail: fujiwara@ie.akita-u.ac.jp DOI: 10.1587/transinf.E96.D.1125
limited security for the registers part among others. The approach of inserting inverters in scan chains [11] has a disadvantage in that the positions of inserted inverters can be determined by simply scanning out after resetting (to zero) all the flip-flops in the scan chain. Therefore, internal state can be identified and the security is breached. The disadvantages of the previous works [4] - [10] , [12] - [14] are high area overhead, timing overhead and performance degradation, and the disadvantage of the work [11] is the weakness from the reset-based attack. To resolve all those disadvantages, we have reported a secure and testable scan design approach by using extended shift registers called "SR-equivalents" that are functionally equivalent but not structurally equivalent to shift registers [16] - [19] and "SR-quasi-equivalents" [20] . The proposed approach only replaces part of the original scan chains to SR-equivalents or SR-quasi-equivalents, which satisfy both testability and security of digital circuits. This method requires very little area overhead and no performance overhead. Moreover, no additional keys and controller circuits outside of the scan chain are needed, thus making the scheme low-cost and efficient. We showed inversioninserted linear feed-forward shift registers (I 2 LF 2 SR, for short) are useful circuits for the secure and testable scan design [20] .
The objective application of secure and testable scan design is mainly to use it for cryptographic circuits though it can be used for IP protection and other purposes. In our proposed secure scan architecture, the scanned-out data from a scan register is not the same as the content of the scan register. Therefore, the attacker cannot obtain the content of the scan register, and hence existing scan-based attacks [6] , [15] that depend on calculation from scanned data will fail, unless the attacker can identifies the configuration of the extended scan register.
In this paper, we introduce a new class of extended shift registers called generalized feed-forward shift registers (GF 2 SR, for short) by relaxing the condition of the SRequivalents and SR-quasi-equivalents. GF 2 SR is an extension of I 2 LF 2 SR and the class is much wider than that of I 2 LF 2 SR. The security level of the secure scan architecture based on the extended shift registers like I 2 LF 2 SR and GF 2 SR is determined by the probability that an attacker can correctly guess the configuration of the extended shift register used in the circuit, and hence the attack probability approximates to the reciprocal of the cardinality of the class of the extended shift registers. Since the cardinality of the class of GF 2 SR is much larger than that of I 2 LF 2 SR, the security level of scan design with GF 2 SR is much higher than that of I 2 LF 2 SR. We consider how to control/observe GF 2 SR to guarantee easy scan-in/out operations, i.e., state-justification and state-identification problems are considered. Both scanin and scan-out operations can be overlapped in the same way as the conventional scan testing and hence the test sequence is of the same length as the conventional scan design. There is no need to change traditional ATPG algorithm though a logic implication process is needed only for the extended shift register after ATPG. A program called WAGSR (Web Application for Generalized feed-forward Shift Registers) is presented to solve those problems.
Extended Shift Registers
In our previous works [16] - [20] , we introduced extended shift registers to organize secure and testable scan design. Figure 1 shows those circuits realized by a linear feed-forward shift register and/or by inserting inverters; inversion-inserted SR (I 2 SR), linear feed-forward SR (LF 2 SR) and inversion-inserted linear feed-forward SR (I 2 LF 2 SR). Consider a 3-stage I 2 LF 2 SR, R 1 , given in Fig. 2 (a). By using symbolic simulation, we can obtain an output sequence (z(t), z(t + 1), z(t + 2), z(t + 3)) and the output Fig. 2 (b) . So, we can see the input value applied to x at any time t appears at output z after 3 clock cycles with exclusive-OR of some inputs and/or constant 1. By using symbolic simulation, we can derive equations to obtain an input sequence (x(t), x(t + 1), x(t + 2)) that transfers R 1 from any state to the desired final state (y 1 (t + 3), y 2 (t + 3), y 3 (t + 3)) as illustrated in Fig. 2 (c) . Similarly, as illustrated in Fig. 2 (d) , we can derive equations to determine uniquely the initial state (y 1 (t), y 2 (t), y 3 (t)) from the input/output sequence.
More generally, for any circuit C of I 2 SR, LF 2 SR, and I 2 LF 2 SR with k flip-flops, the input value applied to input x at any time t appears at output z after k clock cycles with exclusive-OR of some inputs and/or constant 1, i.e.,
where c 0 , c 1 , c 2 , · · · , c k are 0 or 1. The ordered set of coef- functions in the above equation to arbitrary logic functions, i.e., the input value applied to x at any time t appears at z after k clock cycles with exclusive-OR of some logic function
A circuit of the structure shown in Fig. 3 is called a generalized feed-forward shift register (GF 2 SR). In this figure, f 0 , f 1 , · · · , f k are arbitrary logic functions of input x and state variables y i of preceding stages. f 0 is a constant function, f 1 is a function of x, f 2 is a function of x and y 1 , and f i is a function of x, y 1 , y 2 , · · · , y i−1 . It can be shown that, for any GF 2 SR with k flip-flops, the output z at time t + k behaves in accordance with the above equation.
By using symbolic simulation, we can obtain an output sequence (z(t), z(t + 1), z(t + 2), z(t + 3)) and the output z(t + 3) = x(t) ⊕ x(t + 2)x(t + 1) as shown in Fig. 4 (b) . From the result of symbolic simulation, we can derive equations to obtain an input sequence (x(t), x(t + 1), x(t + 2)) that transfers R 2 from any state to the desired final state (y 1 (t + 3), y 2 (t + 3), y 3 (t + 3)) as illustrated in Fig. 4 (b) . Similarly, as illustrated in Fig. 4 (b) , we can derive equations to determine uniquely the initial state (y 1 (t), y 2 (t), y 3 (t)) from the input/output sequence.
How to Control/Observe GF 2 SR
For an extended shift register, the following two problems are important in order to utilize the extended shift register as a scan shift register in testing. One problem is to generate an input sequence to transfer the circuit into a given desired state. This is called state-justification problem. The other problem is to determine the initial state by observing the output sequence from the state. This is called stateidentification problem.
We have shown in the previous section that, for I 2 LF 2 SR, R 1 , and GF 2 SR, R 2 , we can derive equations to obtain an input sequence that transfers R 1 and R 2 from any state to the desired final state as illustrated in Fig. 2 (c) and Fig. 4 (b) , respectively. Similarly, as illustrated in Fig. 2 (d) and Fig. 4 (b In Fig. 2 and Fig. 4 , we showed how to derive transfer sequence and how to identify the initial state from input/output sequence by means of symbolic simulation. However, it is hard to derive those equations and to solve the solutions if the size of registers becomes large. As an alternative method, we can derive transfer sequence and identify the initial state by means of logic simulation instead of symbolic simulation. Figure 5 illustrates the method applied to GF 2 SR, R 2 . In Fig. 5 (a) , given a final state (y 1 (t + 3) = a, y 2 (t + 3) = b, y 3 (t + 3) = c), all other val-ues can be uniquely derived only by implication operation from (a, b, c). For example, y 1 (t + 3) = a implies x(t + 2) = a and y 2 (t + 3) = b implies y 1 (t + 2) = b. This type of direct implication is indicated by solid arrow. After that, those implied values x(t + 2) = a and y 1 (t + 2) = b with y 3 (t + 3) = c imply y 2 (t+2) = ab⊕c. This implication is indirect implication or implied from more than two values, and is indicated by dotted arrows. In Fig. 5 (b), given input sequence (a, b, c) and output sequence (d, e, f ), then all other values can be uniquely derived only by implication operation. For example, y 1 (t + 1) = a is implied from x(t) = a. y 2 (t + 1) = ab ⊕ f is implied from x(t + 1) = b, y 1 (t + 1) = a, and y 3 (t + 2) = f . Further, y 1 (t) = ab ⊕ f is implied from y 2 (t + 2) = ab ⊕ f . This method based on logic simulation using only implication operation is very fast and effective for very large scale of real scan chains. We have made a program to solve those problems, which is presented in the following section.
From the above observation, for the class of I 2 LF 2 SR and GF 2 SR, we can easily generate scan-in and scan-out sequences such that both scan-in and scan-out operations can be overlapped and hence testing can be done in the same way as the conventional scan testing. The test sequence is of the same length as the conventional scan design. There is no need to change traditional ATPG algorithm though a logic implication process is needed only for the extended shift register after ATPG.
Program WAGSR
WAGSR (Web Application for Generalized feed forward Shift Registers) is a web application program to compute/solve various problems on GF 2 SR by symbolic and logic simulation as follows. WAGSR adopts GUI (graphical user interface) for expressing outcome by circuit diagram and table. SR-ID code is introduced to represent the structure of each type of extended shift register uniquely. In Appendix, some examples of the outcome by WAGSR are presented. Figure A· 1 shows a window for designing GF 2 SR. After entering the necessary information for the design such as the number of flip-flops and logic expressions in JavaScript form for flipflops, the circuit diagram is generated. Figure A· 2 shows the structural information of designed GF 2 SR. Figure A· 3 shows the outcome of symbolic simulation. Figure A· 4 and Fig. A· 5 illustrates the outcomes of logic simulation. From Fig. A· 4 , we obtain an input sequence to transfer the circuit to all 1's state independently of the initial state. In Fig. A· 5, we can identify the initial state from the input/output sequence.
For several GF 2 SR circuits of 16 bits, 32 bits, 64 bits, and 64 +16 bits size, we measured the computation time both for generating logic expressions by symbolic simulation (1st stage) and for generating a transfer sequence from a given final state by logic simulation (2nd stage), using the web browser Safari6 on 1.6 GHz Intel Core 2 Duo machine with 4 GB memory. The average computation time at the 1st stage is 0.2 seconds, 2.6 seconds, and 512.3 seconds for GF 2 SR circuits of 16 bits, 32 bits, and 64 bits size, respectively. The average computation time of the 2nd stage is 0.2 seconds, 1.3 seconds, and 336.0 seconds for GF 2 SR circuits of 16 bits, 32 bits, and 64 bits size, respectively. However, for GF 2 SR circuits of 64+16 bits size, WAGSR cannot complete the computation due to lack of memory. Although WAGSR is a web application program using JavaScript, it can deal with GF 2 SR circuits of 64 bits size with less than several minutes even on a small machine.
Cardinality of Each Class of Extended SRs
Our secure scan design through extended shift registers like GF 2 SR provides both security and testability. With same effectiveness and efficiency of conventional scan design and with very minimal overhead, any digital circuit can be both easily testable and secure from attack.
When we consider a secure scan design, we need to assume what the attacker knows and how he can potentially make the attack. Here, we assume that the attacker may know the presence of test pins (scan in/out, scan, reset) of scan chains, but does not know any information inside of the circuit under consideration as well as the structure of the extended scan chains. Based on this assumption, we consider the security to prevent scan-based attacks.
Consider three different structured 3-stage GF 2 SRs, R 2 , R 3 and R 4 , shown in Fig. 4, Fig. 6 and Fig. 7 . From the results of symbolic simulation, we can see their outputs z(t + 3) are the same, i.e., z(t + 3) = x(t) ⊕ x(t + 2)x(t + 1). Therefore, their input/output behaviors after time t+3 are the same. Their input/output behaviors from time t to t + 2 before t + 3, become the same depending on their initial states. For example, R 2 with initial state (y 1 , y 2 , y 3 ) = (0, 0, 0), R 3 with initial state (0, 1, 1), and R 4 with initial state (0, 0, 0) behave equivalently, i.e., their output sequences are the same for any input sequence. In this case, one cannot distinguish them. If one can initialize the circuit to a desired state, one may identify it from among three circuits. However, in our secure scan design, we protect the reset-based attack by adding one extra flip-flop to prohibit scan-after-reset operation [16] , [19] . So, the attacker cannot initialize the circuit to a desired state, and hence cannot identify the structure of the circuit only from input/output behaviors.
Next, let us consider the security level by clarifying the cardinality of the class of GF 2 SR's. The security level of the secure scan architecture based on GF 2 SR is determined by the probability that an attacker can correctly guess the structure of the GF 2 SR used in the scan design, and hence the attack probability approximates to the reciprocal of the cardinality of the class of GF 2 SR. In [17] , [20] . The summary of the cardinality of each class is shown in Table 1 . From this table, we can see the cardinality of GF 2 SR is much larger than that of I 2 LF 2 SR, and hence very secure. For any GF 2 SR, the state-justification and state-identification problems can be easily solved, and hence we can use any of them to organize the secure and testable scan circuits.
Application to Scan Design
A scan-designed circuit under consideration consists of a single or multiple scan chains and the remaining combinational logic circuit (kernel). A scan chain can be regarded as a circuit consisting of a shift register with multiplexers that select the normal data from the combinational logic circuit and the shifting data from the preceding flip-flop. Here, we replace the shift register with a GF 2 SR. However, to reduce the area overhead as much as possible, not all scan chains are replaced with extended scan chains. Only parts of scan chains necessary to be secure, e.g. secret registers, are replaced with GF 2 SRs, and the size of the extended scan chains is large enough to make it secure. The delay overhead due to additional logic and Exclusive-OR gates influences only scan operation, and hence there is no delay overhead for normal operation.
As mentioned in Sect. 3, testing can be done in the same way as the conventional scan testing. The length of test sequence is the same as the conventional scan design. There is no need to change traditional ATPG algorithm. There is no degradation in testability compared to the conventional scan design.
The scan design with embedded compactors seems to be secure, however, it is not secure if there exists a path such that the contents of a secret register leak out through part of the scan chain and the kernel (combinational circuit part) to primary outputs without passing through compactors. In this case, if we replace the secret register itself by an appropriate GF 2 SR, it becomes secure.
Conclusion
In our previous work, we reported a secure and testable scan design approach by using extended shift registers called SRequivalents [16] - [19] and SR-quasi-equivalents [20] , where the class of I 2 LF 2 SR is one of the most useful class. In this paper, we introduced a further extended class of generalized feed-forward shift registers (GF 2 SR). GF 2 SR is an extension of I 2 LF 2 SR and the class is much wider than that of I 2 LF 2 SR. Since the cardinality of the class of GF 2 SR is much larger than that of I 2 LF 2 SR, the security level of scan design with GF 2 SR is much higher than that of I 2 LF 2 SR. We considered state-justification and state-identification problems for GF 2 SR, i.e., how to control/observe GF 2 SR to guarantee easy scan-in/out operations. Both scan-in and scan-out operations can be overlapped in the same way as the conventional scan testing, and hence the test sequence is of the same length as the conventional scan design. There is no need to change traditional ATPG algorithm though a logic implication process is needed only for the extended shift register after ATPG. A program called WAGSR (Web Application for Generalized feed-forward Shift Registers) that solves those problems was introduced. 
