Keywords

figure a

1 Introduction

Semiconductor design houses often outsource the fabrication of the integrated circuits (IC) to third-party foundries [17]. This allows effective use of the fabrication equipment and facilities at the foundry, while the design houses can concentrate solely on the design. Though this separation of concerns provides attractive cost benefits, it also opens up certain threats: malicious agents at a foundry may now fabricate illegal copies of the ICs that can be sold in the gray market leading to serious loss in revenue for the design house.

Logic locking was proposed as an effective mechanism to combat such intellectual property (IP) threats. Logic locking modifies the original IC in a manner that the circuit operates correctly only after it is activated with a secret key. This secret key is loaded into tamperproof memory by the design house post-fabrication. However, soon powerful attacks, especially those involving SAT solver [23, 26, 34], were invented to thwart this defense. Since then, more powerful defenses were proposed that were resistant to such SAT attacks. One such SAT-resilient attack that has gained a lot of popularity is Stripped Functionality Logic Locking (SFLL) [44].

SFLL operates by using the secret key to identify a set of inputs as protected patterns—the circuit is forced to produce incorrect results if the input matches any of these protected patterns. The cube stripping circuit (see Fig. 1) is responsible for matching the inputs to the protected patterns. An additional restore circuit is used to restore the correct functionality for the protected patterns. The circuit does not operate correctly with an incorrect key as the restore circuit, then, identifies a different set of patterns to be restored. Though quite potent against SAT attacks, attackers soon identified certain unique structural patterns in the design of SFLL that could be leveraged to build attacks via structural analysis [4, 32, 40].

Fig. 1.
figure 1

SFLL-HD locked circuit (\(\varphi \)); \(\mathbb {C} \) is the (unprotected) original circuit. (Color figure online)

Full size image

In this work, we propose a scheme, Structurally Robust Stripped Functionality Logic Locking (\(\mathcal{S}\mathcal{R}\) -SFLL), to defend against such structural analysis. \(\mathcal{S}\mathcal{R}\) -SFLL uses efficient synthesis [33] machinery powered by modern SAT solvers to ensure that certain structural security constraints are met that ensures its resilience against the structural attacks.

\(\mathcal{S}\mathcal{R}\) -SFLL operates as follows: (1) identify a “cut” of the original design \(\mathbb {C} \) to break the design into two segments \(\mathbb {C} _1\) and \(\mathbb {C} _2\) (see Fig. 1), and (2) introduce a carefully synthesized perturbation unit \(\mathbb {Q} \) between \(\mathbb {C} _1\) and \(\mathbb {C} _2\) (see Fig. 2b). As the perturbation unit does not have any specific structural signature and is hidden deep within the original design, our scheme is no more vulnerable to attacks by structural analysis. Further, the location of the “cut” is unknown to the attacker and the perturbation unit misses any structural pattern, making it challenging to apply other attacks like removal attack [43].

Fig. 2.
figure 2

Transformation of SFLL locked circuit to \(\mathcal{S}\mathcal{R}\) -SFLL locked circuit.

Full size image

We argue that designing such a defense scheme is non-trivial: we show a version (\(\mathcal{S}\mathcal{R}\) -SFLL(0)) of \(\mathcal{S}\mathcal{R}\) -SFLL that is also resistant to structural attacks. However, we could design a novel structural attack algorithm, SyntAk, that breaks \(\mathcal{S}\mathcal{R}\) -SFLL(0): in our experiments, SyntAk breaks \(71.25\%\) of \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked benchmark instances. Our attack algorithm, SyntAk, is a novel attack that also uses synthesis machinery to compile an existing circuit to a semantically equivalent one that is amenable to structural analysis. However, \(\mathcal{S}\mathcal{R}\) -SFLL is robust against SyntAk.

Table 1. Attack resilience of logic locking techniques: (resp. ) represents resilience (resp. vulnerability) to attacks.
Full size table

Table 1 summarizes the resiliency of various logic locking techniques, with the attacks listed for the rows and the defenses in the columns. For a table cell (AD), we use to show that attack A breaks defense D (in most cases); the mark shows that defense D is robust against attack A. The attack and defense techniques marked with a are proposed in this paper. As \(\mathcal{S}\mathcal{R}\) -SFLL locked circuits remain semantically equivalent to the SFLL locked circuits, \(\mathcal{S}\mathcal{R}\) -SFLL locked circuit provides the same security against the SAT-based [34], removal [43], and AppSAT [30] attacks.

We evaluated \(\mathcal{S}\mathcal{R}\) -SFLL(0), \(\mathcal{S}\mathcal{R}\) -SFLL, and SyntAk on 80 benchmarks from the ISCAS’85 and MCNC benchmark suites with different numbers of key inputs and cube stripping functionalities. Our experiments showed that circuits locked by \(\mathcal{S}\mathcal{R}\) -SFLL are robust to structural attacks—none of the \(\mathcal{S}\mathcal{R}\) -SFLL locked designs could be broken by existing structural attacks (like SFLLUnlock, FALL, and GNNUnlock), or by our SyntAk (also proposed in this work). While the structural attacks failed to recover the structural patterns altogether, SyntAk could not break the \(\mathcal{S}\mathcal{R}\) -SFLL even over two days for circuits that were locked in less than an hour.

\(\mathcal{S}\mathcal{R}\) -SFLL provides asymmetric advantage to the defender over the attacker on multiple counts: the secret key K used to lock the circuit, knowledge of the secret cut where \(\mathbb {FSC} \) is partitioned, and a much harder synthesis problem (on attacks using SyntAk).

We make the following contributions to this work:

  • We propose, Structurally Robust Stripped Functionality Logic Locking (\(\mathcal{S}\mathcal{R}\) -SFLL), a new defense against IP threats. In contrast, to SFLL, \(\mathcal{S}\mathcal{R}\) -SFLL is not vulnerable to attacks via structural analysis;

  • We propose a new attack, SyntAk, and show its potency at breaking alternate structural attack resistant designs (\(\mathcal{S}\mathcal{R}\) -SFLL(0)) that use similar ideas as \(\mathcal{S}\mathcal{R}\) -SFLL but are not designed carefully. This shows the non-triviality of designing new defenses, and in particular, \(\mathcal{S}\mathcal{R}\) -SFLL;

  • We evaluate \(\mathcal{S}\mathcal{R}\) -SFLL(0), and \(\mathcal{S}\mathcal{R}\) -SFLL on circuits from two benchmark suites against existing structural attacks as well as SyntAk. Our experimental results show that \(\mathcal{S}\mathcal{R}\) -SFLL is not vulnerable to structural analysis or SyntAk and the overheads of the technique are low (about \(0.18\%\) on average over SFLL).

2 Background

2.1 Stripped Functionality Logic Locking (SFLL)

Figure 1 shows a stripped functionality logic locked circuit, \(\varphi \). The original circuit (\(\mathbb {C} \)) takes a set of input bits, X, and produces an output bit, \(o_1\). The SFLL locked design, \(\varphi \), consumes input bits, X, and a secret key (bits) K to output y.

The core idea of SFLL is to create a functionality stripped circuit (\(\mathbb {FSC} \)) that would produce incorrect output for certain protected patterns. The cube stripping circuit (\(\mathbb {S} \)) recognizes the protected patterns, and makes the signal sfo high if any of them is encountered; an XOR gate flips the output of the original circuit (\(o_1\)) for these protected patterns (i.e. when sfo is high). Hence, \(o_2\) is the correct output for inputs not in the protected patterns, but the complement of it for the protected patterns.

The correct functionality is re-established using the restore circuit (\(\mathbb {R} \)). The restore circuit accepts (secret) key bits K along with the input X to produce the signal sro; if the correct key K is supplied, sro is high if and only if the input is amongst the protected bits. The cube stripping circuit (\(\mathbb {S} \)) is functionally equivalent to \(\mathbb {R} \) but uses a hardcoded key value. Hence, the restore unit restores the correct output for the protected inputs (via an XOR of \(o_2\) and sro). Hence, the locked circuit now works correctly if the correct key is applied (i.e. the key K supplied to \(\mathbb {R} \) matches the hardcoded key in \(\mathbb {S} \)).

While many possible choices exist for a function that identifies protected patterns of inputs based on a key, the hamming distance was found to be an interesting choice [44]. The corresponding variant of SFLL, known as SFLL-HD, identifies an input (X) as a protected pattern if it has a certain hamming distance (h) from the key (K).

2.2 SFLL Attacks

SFLL is robust to all known attacks on (conventional) logic locking [4]. However, subsequently, many structural attacks were proposed that break SFLL. These attacks use one or more of the structural properties exhibited by SFLL implementations [4, 40]:

  1. 1.

    As the sfo signal is required to invert the signal from the original circuit \(\mathbb {C} \) (for protected patterns), which, then, has to be reverted by the restore circuit, the sfo signal has to be on the boundary of FSC and the restore unit;

  2. 2.

    sfo does not depend on the key inputs;

  3. 3.

    sfo has low activity, i.e. it is 0 most of the time;

  4. 4.

    \(\mathbb {S} \) and \(\mathbb {R} \) can be removed from the circuit to restore the functionality of the original circuit.

All the following attacks assume that they know the hamming distance (h) used to lock the circuit.

SFLLUnlock. SFLLUnlock [40] uses the first and the second structural properties (see above) to identify a few signals that may be sfo (referred to as candidate signals). Next, for each of the candidates, the attack uses the following technique: it uses SAT solver to extract an input such that the candidate signal is 1; if the candidate signal is indeed sfo, this input must be a protected pattern (which has a hamming distance of h with the correct key). Then, it attempts to identify the correct key as follows:

  • use a sequence of bit-flips to identify the bits that are different than the correct key using the properties of hamming distance;

  • set up a system of equations to find the unknown key that must have a hamming distance of h from the inferred protected patterns.

The inferred key is, finally, validated using a working circuit as an oracle.

Functional Analysis Attacks on Logic Locking (FALL). The first step of FALL [32] is to identify a set of candidate signals that may be the output of the cube stripping circuit i.e. sfo. FALL achieves this by exploiting the first and second vulnerabilities of SFLL. To finalize if a signal is sfo (among these candidate signals), FALL derives a set of lemmas that exploit the functional properties of hamming distance. FALL proposes three algorithms based on these lemmas for a specific range of hamming distance values. For example, the AnalyzeUnateness algorithm is only applicable when \(h=0\), Hamming2D is applicable when \(h\le |K|/4\), and SlidingWindow is for larger hamming distances.

GNNUnlock. GNNUnlock [4] automates the removal of cube stripping circuit and restore circuit from the locked circuit to obtain the original circuit. For their analysis, the circuit is transformed into a graph representation where the nodes of the graph represent the gates, and the edges represent the wires. Each node in the graph is associated with a feature vector that contains information that describes its characteristics (in-degree, out-degree, type of gate of the node, whether the node is connected to key input (K), circuit input (X), or circuit output (Y), type of gates appearing in the neighborhood on the node, etc.).

GNNUnlock uses graph neural networks [45] to train over the nodes of the graph to classify the nodes belonging to the original circuit (\(\mathbb {C} \)), cube stripping circuit (\(\mathbb {S} \)), or restore circuit (\(\mathbb {R} \)). The final step is to remove the nodes classified as part of \(\mathbb {S} \) and \(\mathbb {R} \) from the locked circuit obtaining the original circuit \(\mathbb {C} \).

2.3 Analysis of the Structural Attacks on SFLL

FALL and SFLLUnlock are dependent on finding the output of cube stripping circuit sfo. Hence, hiding/removing sfo from the locked circuit will ensure robustness against such attacks. GNNUnlock works by removing the cube stripping circuit and restore circuit from the SFLL locked circuit. Hence, removing/hiding a part or whole of the cube stripping circuit from the locked design makes the locked design robust to such attacks.

3 Overview

3.1 Preliminaries

Attack Model. We assume that the attacker has access to a functional circuit (which can be used as an oracle) and knows the hamming distance (h).

Fig. 3.
figure 3

An example of circuit \(\mathbb {C} \) and its corresponding graph representation.

Full size image

Graph Representation of Circuit. We work with the circuit in And Inverter Graph (AIG) format. An AIG consists of two inputs AND gates and NOT gates. We construct a graph G from the circuit in AIG format as follows: the gates in the circuit map to nodes in G. A wire (or signal) connecting gates map to edges on the graph. The input and output signals are marked as special nodes. If not otherwise specified, we construct the graph of a circuit with the node representing the final output signal as the start node (we assume a single output bit in this paper for simplicity). Figure 3b shows the graph of the circuit in Fig. 3a.

The distance between two nodes (say \(g_1\) and y in Fig. 3b) is the (minimum) number of edges in the path(s) from nodes \(g_1\) to y (which is 3, in this case). We define the depth, d, of a node n as the maximum distance from the start node (y in Fig. 3b) of the graph to n.

We define a cut on graph G as a partitioning of nodes into two disjoint (connected) subsets such that the inputs and outputs belong to distinct partitions. A cut is defined by a cut-set, a selection of edges (which are said to cross a cut) such that its endpoints are in distinct partitions. We define the depth of cut as the maximum amongst the depths of the nodes in the subset containing the start node. In the rest of the paper, we refer to cut on a circuit to refer to the cut on the underlying graph. The dotted red lines show a cut at depth 3 in Fig. 3.

Notations. We show combinational circuits with n inputs X and m outputs Y as boolean functions \(Y \leftrightarrow \mathbb {C} (X)\), where X is an n-bit vector (\(x_1, x_2, \dots , x_n\)), and Y is an m-bit vector (\(y_1, y_2, \dots , y_m\)). We also use the functional notation, \(\mathbb {C} (X)\), to denote the output of the circuit \(\mathbb {C} \), i.e. the signal Y. We use capital letters to denote bit-vectors and small letters to denote individual bits. We use \(\oplus \) to denote the XOR gate and \(\circ \) to denote function (or circuit) composition.

We use blackboard-bold capital letters for circuits (like \(\mathbb {C} \)). We use \(\varphi \) for complete SFLL locked designs and \(\widehat{\varphi }\) for complete \(\mathcal{S}\mathcal{R}\) -SFLL(0) or \(\mathcal{S}\mathcal{R}\) -SFLL locked designs. We use subscripts to denote sub-parts of a circuit. For example, if we use \(\mathbb {C} \) to denote the circuit shown in Fig. 3a, we use \(\mathbb {C} _a\) and \(\mathbb {C} _b\) to denote the subcircuits with outputs a (red block) and b (blue block).

3.2 Approach

Recall that the known structural attacks on SFLL exploit the structural characteristics of sfo (see Sect. 2.2). Our defense techniques attempt to synthesize a circuit that is semantically equivalent to the original circuit but misses these prominent structural characteristics that make structural attacks feasible.

\(\boldsymbol{\mathcal{S}\mathcal{R}}\)-SFLL(0). \(\mathcal{S}\mathcal{R}\) -SFLL(0) identifies a cut on the \(\mathbb {FSC} \), through both the original circuit (\(\mathbb {C} \)) and the cube stripping circuit (\(\mathbb {S} \)), as shown by the red-dotted line in Fig. 1, separating the inputs (X) and the output (\(o_2\)) of the \(\mathbb {FSC} \). The cut-set is marked by the wires \(\{A,V\}\) (as shown in Fig. 4a).

Fig. 4.
figure 4

Transformation of SFLL locked circuit to \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked circuit. (Color figure online)

Full size image

Next, it synthesizes a perturbation unit \(\mathbb {Q} \) (as shown in Fig. 4b) such that it ensures the following conditions:

  • \(\mathbb {Q} \) is semantically equivalent to the removed circuit, i.e. \(\mathbb {C} _2 \oplus \mathbb {S} _2\);

  • No wire in \(\mathbb {Q} \) is semantically equivalent to the output of \(\mathbb {S} _2\) (i.e. sfo).

The first condition ensures soundness, that is the functioning of the new circuit is the same as that of the SFLL locked circuit. The second condition ensures security as sfo is not present in the new design, and hence, the new design misses all the structural characteristics (see Sect. 2.2) that made SFLL vulnerable to attacks.

SyntAk. \(\mathcal{S}\mathcal{R}\) -SFLL(0) is robust to existing attacks as reverse engineering using the sfo signal is not possible anymore. However, in contrast to existing attacks that attempt to reverse engineer an existing locked circuit, what if we synthesize an alternate, semantically equivalent circuit that has a structure amenable to reverse engineering? Our novel attack employs a similar strategy.

The attack attempts to recover an alternate locked design that exposes the XOR gate \(\textsf {G}_\textsf {xor}\) (as shown in Fig. 5b), in which case it becomes easy to identify the sfo signal—it must be one of i or j. SyntAk, thus, side-steps the challenge of reverse engineering the \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked circuit with missing sfo by, instead, resynthesizing another locked circuit that has an easily identifiable sfo signal.

Fig. 5.
figure 5

SyntAk on \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked circuit.

Full size image

This algorithm proceeds as follows:

  • cut the \(\mathbb {FSC} \) of \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked circuit into \(\mathbb {FSC} _1\) and \(\mathbb {FSC} _2\);

  • synthesize a new circuit \(\mathbb {P} _i\oplus \mathbb {P} _j\) that is semantic equivalent to \(\mathbb {FSC} _2\).

With sfo clearly identifiable, the existing SFLL attacks now become feasible.

However, this attack may only succeed if the identified cut is such that \(\mathbb {FSC} _2\) contains the whole of \(\mathbb {Q} \). Hence, the attacker may have to “guess” different cuts (e.g. by progressively increasing the depth of the cut) till the attack succeeds. We say that the attack succeeds if any of the existing attacks are able to break the defense with the identified sfo signal in the resynthesized circuit.

The attack is made easier by the fact that it is not required to select a cut that exactly isolates \(\mathbb {Q} \). The attack will still succeed even if some portion of \(\mathbb {C} _1\) and \(\mathbb {S} _1\) enters \(\mathbb {FSC} _2\) (see Fig. 7b). However, the synthesis of \(\mathbb {P} _i \oplus \mathbb {P} _j\) becomes increasingly expensive with the increasing size of \(\mathbb {FSC} _2\).

Further, even with the “right” cut, not all synthesis candidates may yield a signal semantically equivalent to sfo. Hence, the attacker needs to correctly guess the cut as well as the correct synthesis candidate for a successful attack. However, our experiments demonstrate that even with these uncertainties, SyntAk is able to break \(\mathcal{S}\mathcal{R}\) -SFLL(0) in 71.25% of cases.

\(\boldsymbol{\mathcal{S}\mathcal{R}}\)-SFLL. The primary reason why SyntAk breaks \(\mathcal{S}\mathcal{R}\) -SFLL(0) is that we are able to synthesize a new circuit \(\mathbb {P} _i \oplus \mathbb {P} _j\) such that there are two XOR gates at the end of the circuit. If instead, a new circuit that is synthesized introduces the functionality of \(\mathbb {S} _2\) in the middle of \(\mathbb {C} \), SyntAk would not have been feasible.

Figure 2b shows our improved design for the SR-SFLL locked circuit. Instead of resynthesizing the circuits \(\mathbb {C} _2\) and \(\mathbb {S} _2\), we place a perturbation unit (\(\mathbb {Q} \)) in between \(\mathbb {C} _1\) and \(\mathbb {C} _2\). The perturbation unit is made to operate semantically equivalent to the original SFLL locked circuit. The shaded portion, consisting of \(\mathbb {S} _2\) (that produces sfo) and one of the XOR gates, is eliminated from the design.

As the attacker is unaware of the location of the perturbation unit, and as the perturbation unit is not at the end of the circuit, the attacker’s task gets more challenging: the attacker needs to synthesize a new circuit at the end of the design with an XOR gate (that would provide access to sfo) that re-establishes the functionality of both \(\mathbb {S} _2\) and \(\mathbb {C} _2\). On the other hand, the defender only has to synthesize \(\mathbb {Q} \) to re-establish the functionality of \(\mathbb {S} _2\).

\(\mathcal{S}\mathcal{R}\) -SFLL is scalable to large circuits. The scalability of \(\mathcal{S}\mathcal{R}\) -SFLL depends on the depth of the cut, as the complexity of our synthesis problem only depends on the circuit that is subjected to (semantically equivalent) rewriting (\(\mathbb {C} _2\) and \(\mathbb {S} 2\) in Fig. 2b). Hence, the size of the base circuit has no impact on the scalability of SR-SFLL.

Fig. 6.
figure 6

Illustration of SFLL, \(\mathcal{S}\mathcal{R}\) -SFLL(0), and \(\mathcal{S}\mathcal{R}\) -SFLL locked circuits along with SyntAk on \(\mathcal{S}\mathcal{R}\) -SFLL(0)

Full size image

Example. Figure 6a shows the SFLL locked version of a circuit. The \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked version is shown in Fig. 6b: we can see that the sfo signal (available in the SFLL locked circuit) is not available in the \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked circuit anymore; hence, it is robust to structural attacks. After applying SyntAk (Fig. 6c), SyntAk could recover the sfo signal in the synthesized circuit. Finally, Fig. 6d shows the \(\mathcal{S}\mathcal{R}\) -SFLL locked circuit: it is structurally robust (does not include sfo) and does not succumb to SyntAk.

\(\mathcal{S}\mathcal{R}\) -SFLL provides a stronger asymmetric advantage versus \(\mathcal{S}\mathcal{R}\) -SFLL(0): in \(\mathcal{S}\mathcal{R}\) -SFLL(0), both the attack and the defense need to resynthesize the functionalities of \(\mathbb {C} _2\) and \(\mathbb {S} _2\) within \(\mathbb {Q} \). This prevents the defense from taking deep cuts for \(\mathbb {FSC} _2\) to keep the task of synthesizing \(\mathbb {Q} \) feasible. Hence, \(\mathcal{S}\mathcal{R}\) -SFLL(0) only holds the advantage of knowing the secret “cut”. On the other hand, \(\mathcal{S}\mathcal{R}\) -SFLL only needs to synthesize the functionalities of \(\mathbb {S} _2\) while the attacker would need to resynthesize the functionalities of both \(\mathbb {C} _2\) and \(\mathbb {S} _2\) to recover sfo, making the synthesis task overly challenging. This gives \(\mathcal{S}\mathcal{R}\) -SFLL a dual advantage of the knowledge of the secret cut as well as an asymmetric advantage in the synthesis task.

4 \(\mathcal{S}\mathcal{R}\)-SFLL

4.1 Problem Statement

Given an SFLL locked circuit \(\varphi (X,K)\) (where X is the input to the circuit and K is the key-bits used in the circuit), synthesize a structurally robust locked circuit \(\widehat{\varphi }(X,K)\), such that:

  • (correctness) The altered circuit is semantically equivalent to the original SFLL locked circuit, that is,

    $$\begin{aligned} \forall X.\ \forall K.\ \varphi (X,K) = \widehat{\varphi }(X,K) \end{aligned}$$
    (1)

  • (security) There does not exist any signal, z, in the altered circuit that is equivalent to sfo in \(\varphi \); that is,

    $$\begin{aligned} \forall z. \ \exists X. \varphi _{\textsf {sfo}}(X) \ne \widehat{\varphi }_{z}(X) \end{aligned}$$
    (2)

The first condition ensures that functionality is preserved, that is, the synthesized circuit \(\widehat{\varphi }\) preserves the properties of the input SFLL locked circuit \(\varphi \). The second condition ensures that structural patterns that were available to attackers in SFLL, made available through the sfo signal, are not available in \(\widehat{\varphi }\).

4.2 Intuition: \(\mathcal{S}\mathcal{R}\)-SFLL

The current synthesis tools do not scale up to the above synthesis task for the whole locked circuit \(\widehat{\varphi }\) (unless the locked circuit is very small). Hence, a straightforward implementation of the above equations is not feasible.

Instead, we construct the circuit \(\widehat{\varphi }\) by synthesizing a “small” circuit \(\mathbb {Q} \) that can be introduced within the original circuit \(\mathbb {C} \), with \(\mathbb {Q} \circ \mathbb {C} _2\) preserving the functionality of \(\mathbb {S} _2 \oplus \mathbb {C} _2\).

We use the following (simplified) description to provide the necessary intuition. Let the functionality of the original circuit (i.e. \(\mathbb {C} \)) be denoted as f(X), where X are the circuit inputs. Then, let the stripped functionality circuit (i.e. \(\mathbb {S} \) in Fig. 1) be denoted as g, where g is a boolean function that returns true if and only if it detects the protected input patterns. The functionality of the circuit \(\varphi _{o_2}\) in Fig. 1 can then be represented as:

$$\begin{aligned} \varphi _{o_2} = (f \oplus g)(X) = \left\{ \begin{array}{ll} f(X) &{} \text{ if } g(X) = 0 \\ \lnot f(X) &{} \text{ if } g(X) = 1 \end{array} \right. \end{aligned}$$
(3)

We “cut” (or partition) f into two functions \(f_1\) and \(f_2\), such that \(f = f_1 \circ f_2\). Then, we synthesize a perturbation unit (\(\mathbb {Q} \)), with functional definition h, such that:

$$\begin{aligned} (f_1 \circ h \circ f_2)(X)= \varphi _{o_2} = (f \oplus g)(X) = \left\{ \begin{array}{ll} f(X) &{} \text{ if } g(X) = 0 \\ \lnot f(X) &{} \text{ if } g(X) = 1 \end{array} \right. \end{aligned}$$
(4)

We use the definition of g (detector for protected patterns) as used in Eq. 3.

Now, we need to ensure the equivalence of \((f \oplus g)\), i.e. \((f_1 \circ (f_2 \oplus g))\), with that of \((f_1 \circ h \circ f_2)\). This can be ensured by simply checking for the equivalence of \((f_2 \oplus g)\) with that of \((h \circ f_2)\). If the selected \(f_2\) is “small”, the task of synthesizing h becomes feasible.

For simplicity, we do not assume the splitting of g in the above discussion, but our approach allows that.

figure g

4.3 Methodology: \(\mathcal{S}\mathcal{R}\)-SFLL

Algorithm 1 takes the original circuit (\(\mathbb {C} \)), and a choice for the cut (\(\lambda \)). It first generates an SFLL locked circuit (Line 2), thereby generating the stripped functionality circuit (\(\mathbb {S} (X)\)), and the restore unit circuit (\(\mathbb {R} (X,K)\)).

Identify Cut. The circuit is “cut” (according to \(\lambda \)) to partition the original circuit \(\mathbb {C} \) to segments \(\mathbb {C} _1\) and \(\mathbb {C} _2\) in Line 3. Similarly, the cube stripping circuit \(\mathbb {S} \) is also partitioned into \(\mathbb {S} _1\) and \(\mathbb {S} _2\) in Line 3.

  1. 1.

    The edges at which the circuit is cut in the original circuit \(\mathbb {C} (X)\) are the outputs for circuit \(A\leftrightarrow \mathbb {C} _1(X)\) and the input for circuit \(o_1\leftrightarrow \mathbb {C} _2(A)\).

  2. 2.

    The edges at which the circuit is cut in the stripped functionality circuit \(\mathbb {S} (X)\) are the output for \(V\leftrightarrow \mathbb {S} _1(X)\) and the input for circuit \(\textsf {sfo} \leftrightarrow \mathbb {S} _2(V)\).

Synthesize Perturbation Unit Q. We introduce a perturbation unit \(\mathbb {Q} \) between \(\mathbb {C} _1\) and \(\mathbb {C} _2\) such that this modified circuit (see Fig. 2b) satisfies the correctness and security properties (see Sect. 4.1).

Accordingly, we pose the synthesis conditions for \(\mathbb {Q} \) as follows:

$$\begin{aligned} \forall A\ \forall V.\ (\mathbb {C} _2(A)\oplus \mathbb {S} _2(V)) = \mathbb {C} _2(\mathbb {Q} (A,V)) \end{aligned}$$
(5)
$$\begin{aligned} \forall z\ \exists A\ \exists V.\ \mathbb {Q} _z(A,V)\ne \mathbb {S} _2(V) \end{aligned}$$
(6)

Equation 5 imposes the soundness constraint that introducing \(\mathbb {Q} \) should reinstall the functionality of \(\mathbb {C} _2\). Equation 6 is the security constraint against structural attacks that ensures that none of the signals (z) in \(\mathbb {Q} \) is equivalent to sfo.

Our algorithm is not complete, that is, our synthesis conditions are stronger than necessary: the signals A and V are universally quantified over all possibilities, while \(\mathbb {Q} \) needs to satisfy these conditions only on the possible outputs from \(\mathbb {C} _1\) and \(\mathbb {S} _1\) respectively. Our formulation trades off completeness for scalability.

If Algorithm 1 fails to synthesize a locked circuit (i.e., the algorithm returns \(\bot \)), the algorithm is run again with a different choice for the cut (\(\lambda \)).

Theorem 1

If Algorithm 1 succeeds (that is, does not return \(\bot \)), the returned locked circuit \(\widehat{\varphi }(X,K)\) is both correct and secure.

Proof

For the Algorithm 1 to succeed, the Synthesize function must succeed. Synthesize succeeds only if the synthesized \(\mathbb {Q} \) satisfies Eq. 5 and Eq. 6.

  • Correctness. As sfo is part of \(\mathbb {S} _2\), from Eq. 5 and Fig. 2b, Eq. 1 holds whenever Eq. 5 holds.

  • Security. From Eq. 6 and Fig. 2b, if Eqn 6 holds, so must Eq. 2.

\(\mathcal{S}\mathcal{R}\)-SFLL(0). In case of \(\mathcal{S}\mathcal{R}\) -SFLL(0), we only attempt to synthesize \(\mathbb {Q} \) to replace the circuits \(\mathbb {C} _2\) and \(\mathbb {S} _2\) (Fig. 4b) instead of synthesizing a new circuit between \(\mathbb {C} _1\) and \(\mathbb {C} _2\). Hence, in this case, the synthesis condition reduces to:

$$\begin{aligned} \exists \mathbb {Q}\ \forall A\ \forall V.\ (\mathbb {C} _2(A)\oplus \mathbb {S} _2(V)) = \mathbb {Q} (A,V) \end{aligned}$$
(7)

Circuit Optimization. The circuit may be subjected to optimizations (e.g. using berkeley-abc [1]); however, in that case, the security check (Eq. 2) needs to be repeated on the optimized circuit to ensure that the optimizations did not restore the sfo signal. In our experiments, we did perform optimizations on our circuits, and in no case did the security check fail post-optimization.

5 SyntAk

figure h
Fig. 7.
figure 7

SyntAk will not succeed with (a) but may suceed with (b) (cuts shown by blue boxes). (Color figure online)

Full size image

Algorithm 2 accepts the locked circuit \(\widehat{\varphi }\) to return the secret key, \(K_c\). We use two hyperparameters on the number of attempts on creating cuts (ncuts) and enumerate synthesis candidates (nsynth).

At Line 3, the algorithm uses structural analysis to identify the functionality stripped circuit \(\mathbb {FSC} \) and the restore unit \(\mathbb {R} \). Identifying \(\mathbb {R} \) is reasonably simple as it is the only part of the locked circuit that uses the key bits K. Hence, one can perform dependency analysis from the key bits to identify \(\mathbb {R} \) (as also done in prior work [32, 40]).

Next, the algorithm enters a loop to guess a suitable cut (Line 5). If a new cut (different than the cuts obtained so far, accumulated in cuts (Line 9)) is found, it attempts to enumerate synthesis candidates. For every synthesis candidate \(\mathbb {P} \) (Line 12), the algorithm assembles the complete circuit (Line 17) as per Fig. 5b. Then, it launches an existing structural attack (like FALL, SFLLUnlock) with the signals \(\{i, j\}\) as potential candidates for the sfo signal (Line 18). If the existing attacks succeed, the respective key \(K_c\) is returned.

The Synthesize procedure synthesizes \((i,j) \leftrightarrow P(A)\), such that:

$$\begin{aligned} \forall A.\ \mathbb {FSC} _2(A) = (\mathbb {P} _i(A) \oplus \mathbb {P} _j(A)) \end{aligned}$$
(8)

That is, it searches for a circuit \(\mathbb {P} \) that is semantically equivalent to \(\mathbb {FSC} \) such that it exposes the sfo signal. This imposition is due to the fact that a new \(\textsf {XOR}\) gate, \(G_{xor}\) (circled XOR gate in Fig. 5b), is forced on the output of \(\mathbb {P} \); this is an attempt to make the new circuit resemble the SFLL circuit in Fig. 1, on which the existing structural attacks are potent.

However, the algorithm is not complete due to multiple factors:

  • The choice of the cut is crucial; the attack only works if \(\mathbb {FSC} _2\) is such that the perturbation unit of the locked circuit \(\widehat{\varphi }\) is a part of \(\mathbb {FSC} _2\). The attacker is thus invited to the challenging task of distinguishing \(\mathbb {Q} \) (of \(\mathcal{S}\mathcal{R}\) -SFLL(0)) in the locked circuit, \(\widehat{\varphi }\). However, the attack is made a bit easier by the fact that it is not required to select a cut that exactly isolates \(\mathbb {Q} \) (Fig. 7b). The attack will still succeed even if some portion of \(\mathbb {C} _1\) and \(\mathbb {S} _1\) enters \(\mathbb {P} \). However, the synthesis phase of the attack gets expensive with the size of \(\mathbb {FSC} _2\); thus, overly large \(\mathbb {FSC} _2\) will not succeed either (will fail in Synthesize).

  • Every synthesis candidate that satisfies Eq. 8 may not yield sfo: there may be multiple possible instantiations of \(\mathbb {P} \), some, where none of i or j is sfo.

  • The synthesis condition (Eq. 8) is overly strong: the synthesized candidate \(\mathbb {P} \) is required to satisfy the condition for feasible values of A as emanating from \(\mathbb {FSC} _1\) and that of \(\textsf {sro} \) from \(\mathbb {R} \) (in fact, A and sro are correlated as both accept X). However, the synthesis condition forgoes this precondition for scalability and universally quantifies the condition on all possible values of A and sro.

Even with the above areas of incompleteness, SyntAk is quite effective in practice: in our experiments, SyntAk breaks 71.25% of the \(\mathcal{S}\mathcal{R}\) -SFLL(0) locked circuits. Our experiments use an incremental approach to guessing cuts that select cuts by progressively increasing the depth (d) of the cut in each round; all nodes that are at most d distance far from the output are included in \(\mathbb {FSC} _2\). However, other schemes (including randomized ones) are also possible.

6 Evaluation

Benchmarks and Setup. We have used 10 circuits from ISCAS’85 [2] and 10 circuits from MCNC [41]. Benchmarks were used for evaluation in most of the recent work, including SFLL [44], FALL [32], SFLLUnlock [40], and GNNUnlock [4]. Each of these designs was locked under four different configurations to produce SFLL-HD locked versions: 16 and 32 key-bits, each with hamming distances of 2 and 4 for 16 key-bits and 4 and 8 for 32 key-bits. So, overall, we perform our evaluations on a benchmark suite of 80 circuit instances.

ISCAS’85 benchmarks are available in bench and MCNC benchmarks are available in blif (Berkeley Logic Interchange Format) formats. We used Berkeley-abc to convert blif to the bench format for use by our framework.

We have used the popular SFLL-HD variant of SFLL where the cube stripping function is the hamming distance between the input and the key bits.

We use “cut” at depth 4 for selecting \(\mathbb {C} _2\) both for \(\mathcal{S}\mathcal{R}\) -SFLL(0) and for \(\mathcal{S}\mathcal{R}\) -SFLL. For SyntAk, we progressively increase the depth from one till the attack is successful; we use FALL and SFLLUnlock as the existing attacks on the circuit resynthesized using SyntAk. We use a timeout of 1 h for \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL timeout of 1 h; SyntAk uses a time limit of 2 days.

We built our synthesis engine using Berkeley-abc [1] and the Sketch [33] synthesizer. Sketch, is primarily designed for program synthesis. It discharges Quantified Boolean formulas (QBF) at the backend to be solved using Berkeley-abc or Minisat [12]. We found Sketch to be quite an effective tool for our problem.

The rest of our framework is implemented in Python. We use open-source implementations of SFLLUnlock [40], FALL [32], and GNNUnlock [4] that were made available by the authors of these tools.

We conduct our experiments on a machine with 12-Core Intel(R) Xeon(R) Silver CPU E5-2620 CPU @ 2.00 GHz with 32 GB RAM.

Research Questions. Our experiments were designed to answer the following research questions:

  1. 1.

    How do the newly proposed \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL compare with the state-of-the-art SFLL-HD on existing attacks (SAT and structural attacks)?

  2. 2.

    How do \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL stand to the novel SyntAk?

  3. 3.

    What is the overhead of \(\mathcal{S}\mathcal{R}\) -SFLL w.r.t. SFLL-HD?

Both \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL were able to defend against the existing attacks: SAT, FALL, SFLLUnlock, and GNNUnlock. However, 71.25% of the benchmarks locked using \(\mathcal{S}\mathcal{R}\) -SFLL(0) were broken by SyntAk, while no instance defended by \(\mathcal{S}\mathcal{R}\) -SFLL could be broken by SyntAk.

From the AIG of the circuits, we infer that \(\mathcal{S}\mathcal{R}\) -SFLL uses 0.18% (on average) more AND gates than SFLL-HD locked circuits.

Table 2. Summary of results on all our benchmarks: FL, SU, GU, and SA represent FALL, SFLLUnlock, GNNUnlock, and SyntAk respectively. Under Robustness, each cell in the table shows the number of locked circuits successfully broken by the respective attack (smaller is better). Under Overhd., we show the average (AVG) and the standard deviation (STD) of the percentage increase in the number of AND gates in the AIG w.r.t. the SFLL-HD locked design (smaller is better).
Full size table
Table 3. Robustness and overhead of \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL with respect to SFLL-HD locked circuits on a subset of our benchmarks. Benchmark names starting with “C” are part of ISCAS, rest are part of MCNC benchmarks. The mark indicates the attack is successful, indicates attack is not successful.
Full size table

6.1 Robustness of \(\mathcal{S}\mathcal{R}\)-SELL(0) and \(\mathcal{S}\mathcal{R}\)-SELL on Existing Attacks

Table 2 provides a summary of the performance of SFLL-HD, \(\mathcal{S}\mathcal{R}\) -SFLL(0), and \(\mathcal{S}\mathcal{R}\) -SFLL against existing structural attacks (FALL, SFLLUnlock, and GNNUnlock) on a representative set of benchmarks: the table shows the number of instances where the respective attack break the defense. While the structural attacks (FALL, SFLLUnlock, and GNNUnlock) are able to break all of these instances for SFLL locked circuits, our structurally robust proposals (\(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL) are resilient against these attacks.

Table 3 shows the results on a representative subset of our benchmarks: represents the number of instances where the locked circuit gets broken by the respective attack, and represents the number of instances where the respective defense successfully defends against the attack. As the primary purpose for the design of SFLL was to be resilient against SAT attacks, it is not surprising that SAT attack times out on all instances of the SFLL locked designs. As \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL are functionally equivalent to SFLL, they too are resilient to SAT attacks.

We also conducted experiments with impractically small key sizes of 5 key bits (with hamming distance 2). None of the structural analysis based attacks (FALL, SFLLUnlock, and GNNUnlock) could break either \(\mathcal{S}\mathcal{R}\) -SFLL(0) or \(\mathcal{S}\mathcal{R}\) -SFLL locked circuits even for these small key sizes.

Table 4. Overhead of \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL vs SFLL. Overhead calculated over SFLL-HD locked circuits shown in Table 3. Benchmark names starting with “C” are part of ISCAS while the rest are part of MCNC benchmarks.
Full size table

6.2 Robustness of \(\mathcal{S}\mathcal{R}\)-SELL(0) and \(\mathcal{S}\mathcal{R}\)-SELL on SyntAk

We apply SyntAk on \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL locked circuits to evaluate their robustness on this attack. We “guess” the cut for SyntAk starting with a cut at a depth of 1; if the synthesis phase in SyntAk or the subsequent structural attack (FALL and SFLLUnlock) fails, we reattempt the attack with the depth increased by one. We use a timeout of 2 days for SyntAk.

On our novel SyntAk attack, \(\mathcal{S}\mathcal{R}\) -SFLL(0) succumbs on 71.25% of the cases, but \(\mathcal{S}\mathcal{R}\) -SFLL successfully defends against this attack on all instances. Table 3 shows the performance of some representative benchmarks and Table 2 summarizes the overall results.

6.3 Overhead of \(\mathcal{S}\mathcal{R}\)-SELL(0) and \(\mathcal{S}\mathcal{R}\)-SELL

Table 4 shows the overhead (in terms of the number of AND gates in the AIG) for \(\mathcal{S}\mathcal{R}\) -SFLL(0) and \(\mathcal{S}\mathcal{R}\) -SFLL over that of SFLL on the benchmarks shown in Table 3. Table 2 provides a summary of the overheads over all our benchmarks.

\(\mathcal{S}\mathcal{R}\) -SFLL(0) and has almost no additional overhead (average of about 0.14%) and \(\mathcal{S}\mathcal{R}\) -SFLL also has a very low overhead (average of about 0.18%) over all our benchmarks. This is because while \(\mathcal{S}\mathcal{R}\) -SFLL(0) essentially rewrites a part of the circuit, \(\mathcal{S}\mathcal{R}\) -SFLL is required to insert additional machinery to substitute the functionality of \(\mathbb {S} _2\) within \(\mathbb {C} \).

7 Related Work

Initial logic locking schemes [7, 10, 11] introduced additional logic and new inputs to the circuit design in order to get the locked circuit. These locked circuits work correctly when the correct secret key is provided to the circuit by the designers post IC fabrication. These logic locking techniques are vulnerable to SAT based attacks [23, 26, 34]. To overcome the SAT based attacks Anti-SAT [39], and SARLock [42] were proposed. However, Anti-SAT was broken by SPS [43] attack. SARLock was broken by App-SAT [30] attack.

SFLL-HD [44] introduces a stripped functionality approach for logic locking which defend against the above-mentioned attacks. But this is also vulnerable to the FALL [32], SFLLUnlock [40], and GNNUnlock [4].

HOLL [35] exploits the power of program synthesis tools to generate the locked circuit by using a “secret” program (using programmable logic like EEPROM) as the key. As the attacker has to synthesize the “secret” program, HOLL becomes challenging to break. However, the requirement of having an embedded programming chip makes the approach both complicated and expensive; further, every invocation of the circuit requires the program in the slow EEPROM memory to be executed. Our approach, instead, builds on the popular SFLL technique and does not need embedded programmable chips.

Program synthesis has seen a significant growth in the recent years. Program synthesis algorithms have powered the synthesis of bit-vector programs [16], heap-manipulations [13, 24, 27], language parsers [21, 31], semantic actions in attribute grammars [18], abstract transformers [19], automata [5], invariants [6, 13, 20, 22], and even differentially private mechanisms [28]. Program synthesis has also been applied to synthesize bug corpora [29] as well as for debugging [8, 9], and repairing buggy programs like fixing incorrect heap manipulations [37, 38], or synthesize relevant fences and/or atomic sections in concurrent programs under relaxed memory models [36].

There exist boolean functional synthesis tools, like CADET [25], Manthan [14, 15], and BFSS [3], that could have been used for our synthesis task. However, none of these tools allow us to control the “structure” of the synthesized formula. Hence, we built our synthesis engine using the Sketch synthesizer, which is designed for program synthesis.

8 Conclusions

\(\mathcal{S}\mathcal{R}\) -SFLL provides security against structural analysis based attacks such as FALL, SFLLUnlock, and GNNUnlock. The core idea used by \(\mathcal{S}\mathcal{R}\) -SFLL is to use modern synthesis engines to recover structural patterns that can be exploited by existing structural analysis based attacks.

\(\mathcal{S}\mathcal{R}\) -SFLL provides an asymmetric advantage to the defender over the attacker on many counts:

  • secret key: Similar to SFLL, \(\mathcal{S}\mathcal{R}\) -SFLL uses a secret key to define a set of protected input patterns. The locked circuit behaves incorrectly when run with the wrong key;

  • secret cut: The cut used to partition the SFLL locked circuit (where the synthesized component was inserted) is known to the defender but not to the attacker;

  • challenging synthesis task: While the defender is required to synthesize a smaller circuit that only establishes the functionality of \(\mathbb {S} _2\), the attacker is required to synthesize a much larger circuit that reestablishes the functionalities of both \(\mathbb {C} _2\) and \(\mathbb {S} _2\) (see Fig. 2b).

As the perturbation unit resides within the original circuit at a location unknown to the attacker and has no specific structural signature, structural analysis of the \(\mathcal{S}\mathcal{R}\) -SFLL locked circuit becomes difficult. Also, as \(\mathcal{S}\mathcal{R}\) -SFLL locked circuits are functionally equivalent to the respective SFLL locked circuits (see Eqn 1), \(\mathcal{S}\mathcal{R}\) -SFLL retains all the theoretical robustness properties of SFLL.