Abstract
Scan-based Design-for-Test (DFT) is a widely deployed technique for testing hardware chips. Using this approach, all flip-flops in the design under test are connected to a scan chain where their states can be scanned out through this chain during the testing phase. Scan-based side channel attacks exploit the information obtained by analyzing the scanned data in order to retrieve secretinformation from cryptographic hardware devices that are designed with this testability feature. The NTRU encryption algorithm (NTRUEncrypt) is a parameterized family of lattice-based public key cryptosystems which has recently been accepted to the IEEE P1363 standards under the specifications for lattice-based public-key cryptography. In this paper, we present a scan-based side channel attack on NTRUEncrypthardware implementations that employ scan based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key.