1 Introduction

The outsourcing of fabrication in the semiconductor supply chain has exposed it to numerous security threats, including integrated circuit (IC) piracy, counterfeiting, overproduction, and hardware Trojans [1,2,3,4]. These threats have resulted in significant annual losses, estimated at $4 billion a decade ago [5]. To mitigate these security risks, design-for-trust (DfTr) techniques have been developed, primarily focused on digital ICs [6, 7]. One prominent example of a DfTr technique is logic locking [8].

However, the research efforts to secure analog ICs or analog intellectual property (IP) have been relatively limited. Analog ICs are susceptible to security threats due to their small footprint and widespread use across various application domains. In fact, pirating analog ICs, which typically consist of a few hundred transistors, is often easier compared to digital ICs with millions of transistors. It should also be noted that in digital design the transistor are often sized with the minimum allowed length and width parameters, which is not necessarily true for analog designs. Previous studies on analog logic locking have explored techniques such as key provisioning [9] and tuning circuit functionalities [10], involving the concealment of voltage or current biases, transistor sizing, or voltage thresholds of devices [11,12,13,14,15,16,17,18]. Additionally, some techniques have been applied to lock the digital portion of analog mixed-signal (AMS) circuits using digital logic locking methods [19, 20]. Vulnerability assessments of obfuscated analog circuits have been conducted [21], and attacks utilizing satisfiability modulo theories (SMT), bias locking, and genetic algorithm have been proposed [22,23,24]. However, the approach presented in this paper, which is an extension of our previous research work [25], introduces a completely novel method for analog obfuscation by leveraging layout-based effects to establish a key-based lock. Our method is the first to utilize this unconventional approach.

Fig. 1
figure 1

Cross section of the metal stack in an IC. Moving towards the base layer, the visibility decreases and the effort to reverse engineer increases

Full size image

We propose a novel technique for securing analog ICs against counterfeiting and reverse engineering (RE) attacks, which aim to clone ICs or extract proprietary information such as netlists and layouts. Counterfeiting involves selling cloned or illegitimately overproduced ICs in the aftermarket, while RE attacks aim to derive confidential information from ICs. In RE attacks, the adversary undergoes a process of depackaging the IC, delayering it, capturing images of the layers, and reconstructing the netlist using specialized image processing tools. While this process has its challenges, such as handling a large number of images, it still succesfully reveals the metal lines, vias, and contacts. However, as the delayering process approaches the transistor layers, the features become increasingly difficult to obtain. Obtaining low-level properties like doping gradients at the device level solely through delayering and imaging is non-trivial. Figure 1 illustrates the complexity involved in RE of a complex metal stack. In this research, we introduce obfuscation by manipulating two low-level properties in the diffusion layer, specifically the Well Proximity Effect (WPE) and the Length of Diffusion (LOD). These properties, also known as local layout effects or layout-dependent effects (LDEs), are challenging to identify or characterize compared to transistor size. To date, no RE attack has demonstrated the capability to extract this level of detail, and the process of obtaining such information is deemed costly and time-consuming [26]. However, these effects directly impact transistor behavior, including parameters such as threshold voltage (\(V_{th}\)) and transconductance (\(g_{m}\)), which in turn affect the performance of analog circuits. For instance, in an operational transconductance amplifier (OTA), these effects would influence power consumption, gain, phase, and transconductance parameters.

This work presents several significant contributions, which are outlined below:

  • Introduction of a novel approach the paper demonstrates, for the first time, how to leverage undesirable layout-based effects to effectively lock analog circuits. This innovative technique adds a new dimension to analog circuit protection.

  • Scalability and adaptability of the proposed technique across different process technologies the validation results obtained from 28nm and 65nm technology nodes confirm that the locking mechanism can be implemented effectively in various manufacturing processes, enhancing the security of analog circuits in different technology generations.

  • Demonstrating the deterministic nature of LDEs, even in the presence of parasitics and process variation.

The remaining sections of the paper are organized as follows: Sect. 2 introduces and explains the proposed technique in detail. Section 3 presents a comprehensive case study, demonstrating the application of the locking technique and providing the corresponding results. Section 4 discusses potential attack models and conducts a security analysis. Finally, Sect. 5 concludes the paper, summarizing the findings and emphasizing the contributions of this research.

2 Background and proposed locking technique

2.1 Layout-dependent effects

Layout-dependent effects emerge as a consequence of the reduction in process geometries during lithography. Among these effects in sub-100 nm CMOS technologies, it is known that the electrical behavior of a device (i.e., a transistor) depends on its well proximity and on its length of diffusion. However, it is important to note that WPE and LOD are not the only LDE effects that exist. More advanced nodes have many other effects such as poly and poly-cut related issues.

WPE is closely related to the proximity of a device to the well edge. Transistors located near the well edge exhibit different performance characteristics, such as voltage threshold and drain current, compared to those positioned farther from the well edge (represented as X in Fig. 2). This discrepancy arises from the scattering of implant ions off the resist side-well, even when the transistors have identical dimensions. LOD, on the other hand, arises from the mechanical stress induced by different lengths of oxide (illustrated as A and B in Fig. 2). These variations in OD length affect carrier mobility, thereby impacting the current flow within the devices.

Figure 3 illustrates the impact of LOD and the combined effects of LOD and WPE on the absolute values of voltage threshold and transconductance for a 65 nm PMOS transistor with standard (SVT-), high (HVT-), and low (LVT-) voltage thresholds at a \(V_{gs}\) of 1 V. In Fig. 3, when the value of B (as shown in Fig. 2) is very small or very large, indicating that the poly is in close proximity to the sides of the OD, the transistor exhibits distinct \(V_{th}\) and \(g_m\) values compared to other B values. This observation forms the basis of leveraging layout-dependent effects for the obfuscation of analog ICs in this study. These layout-dependent effects have a similar impact on the performance of an NMOS transistor and contribute to device mismatch in analog circuits.

Fig. 2
figure 2

Layout-dependent effects. a Simplified transistor layout, baseline. b Different transistor arrangements, used for obfuscating analog circuits. OD is the oxide diffusion, and PO is the poly (gate). A and B are the distances between the poly and the OD edges, and X is the distance between the poly and the well edges. X relates to WPE, and A and B relate to LOD

Full size image
Fig. 3
figure 3

Effects of LOD and both LOD and WPE on the absolute values of voltage threshold and transconductance of PMOS transistors with a minimum length and representative width. B is shown in Fig. 2

Full size image

In this study, our objective is to leverage these layout effects to implement a locking mechanism for analog circuits. We consider three different arrangements or configurations for a transistor: baseline (BL), side-poly (SP), and short-OD (SOD), as illustrated in Fig. 2. The baseline configuration represents the nominal case of layout-dependent effects, while SP and SOD configurations are utilized to further exploit WPE and LOD effects. By employing these different arrangements, we can achieve variations of approximately 10% in voltage threshold and transconductance compared to the baseline case. The magnitude of voltage threshold variations is larger for NMOS transistors compared to PMOS transistors, whereas the transconductance variations are smaller for NMOS transistors compared to PMOS transistors (Table 1). Statistical variations due to both process variations and mismatch were also simulated for all configurations. Table 2 presents the standard deviations (SD) of \(V_{th}\) and gm with respect to their mean values. The results reported in Tables 1 and 2 demonstrate the deterministic nature of layout-based effects. Regardless of where the fabricated IC falls within the process variation spectrum, these effects consistently manifest themselves. In essence, the statistical variations arising from both process variations and mismatch, simulated across all layout configurations, consistently reveal the presence of LDEs.

Figure 4 illustrates the impact of transistor width (W) in conjunction with the layout-dependent effects on the voltage thresholds for all transistor arrangements. In this plot, PMOS transistors with minimum length are considered. It is noteworthy that the margin between the lines representing the BL–SP and BL–SOD configurations remains nearly constant, indicating that transistors of any size can be potentially used for obfuscation. In the specific example shown, increasing the W in the SOD configuration leads to a change in voltage threshold variations from 6.8 to 8.7% compared to the BL configuration. This demonstrates that altering the transistor width can further enhance the effectiveness of the layout-based effects for obfuscation purposes.

Table 1 Variations (%) in voltage threshold and transconductance with respect to BL (the baseline)
Full size table
Table 2 Process and mismatch of the arrangements
Full size table
Fig. 4
figure 4

Effects of PMOS width, WPE and LOD on the absolute values of voltage thresholds for all arrangements

Full size image

2.2 LDEs in sub-100 nm technologies

We now demonstrate the influence of well proximity effects and length of diffusion on key parameters of transistors in both 28 nm and 65 nm technologies, considering parasitic effects. Additionally, we highlight the impact of these LDEs on digital circuits, specifically on the behavior of CMOS inverters. Figure 5 presents the drain current variations of an LVT PMOS transistor in 65 nm technology due to LDEs. Schematic and layout simulations are conducted for different values of A, B, X, and an applied \(v_{gs}\) of 1V. The results indicate a consistent trendline, showing an increase in drain current with higher values of X (and A and B). Similarly, Fig. 6 illustrates the impact of LDEs on the drain current of an LVT PMOS transistor in 28 nm technology. Layout simulations are performed for different values of X and an applied \(v_{gs}\) of 0.9 V. The obtained results align with those observed in the 65 nm technology simulations.

Fig. 5
figure 5

Impact of layout-dependent effects on an LVT PMOS drain current in 65 nm technology

Full size image
Fig. 6
figure 6

Impact of layout-dependent effects on an LVT PMOS drain current in 28 nm technology

Full size image
Fig. 7
figure 7

Transistor layouts with different variants of the SP arrangement. The impact of WPEs on transient response of inverters with these layouts for PMOS transistors

Full size image

Furthermore, LDEs can impact the specifications of digital circuits, as demonstrated by their effect on the transient response of CMOS inverters. In Fig. 7, the transient response of two inverters with different variants of SP for PMOS transistors is shown. The inverter with the SP1 arrangement exhibits a slightly faster transient response (\(V_{SP1}\)) compared to the inverter with the SP2 arrangement (\(V_{SP2}\)). This difference in transient response indicates that the SP arrangements introduce variations in the propagation delay and rise/fall times of the inverters. When these manipulated inverters are used to replace the original inverters in a 7-stage ring oscillator, the frequency of the oscillator deviates accordingly, as shown in Fig. 8. Specifically, when inverters with the SP2 arrangement for PMOS transistors are utilized, the oscillator’s frequency decreases. This decrease in frequency can be attributed to the slower transient response and longer propagation delay introduced by the SP2 arrangement. On the other hand, replacing each of these inverters one by one with the variant inverters featuring the SP1 arrangement for PMOS transistors gradually increases the oscillator’s frequency. This increase in frequency is due to the faster transient response and shorter propagation delay associated with the SP1 arrangement. The observed frequency variations, in the range of a few MHz, highlight the significant impact of LDEs on the specifications of the 7-stage ring oscillator. These variations demonstrate that the layout configurations and arrangements of transistors can have a substantial influence on the performance of digital circuits.

Fig. 8
figure 8

Impact of LDEs on a 7-stage ring oscillator’s frequency

Full size image

2.3 Applied technique for obfuscating analog circuits

We propose a method for designing analog circuits using different arrangements of transistors, with the correct arrangement determined by a set of key bits. Each NMOS or PMOS transistor can have three possible arrangements, and the order of these arrangements in the layout can be arbitrary (Fig. 9). Therefore, the correct key values correspond to a specific order of the arrangements. The key length for the entire circuit is determined by the number of devices, with each device requiring three key bits. This results in a total of \(2^{3N}\) possible keys, assuming binary key signals.

However, it has been observed that some of the ‘wrong’ keys can still result in desirable performance, while others may lead to nearly correct or completely incorrect behavior. To efficiently obfuscate an analog IP, we propose a simple three-step procedure:

  1. 1.

    Design the circuit using a combination of BL, SP, and SOD transistors.

  2. 2.

    Evaluate the impact of the two alternative arrangements for each transistor that were not originally employed.

  3. 3.

    Retain only the arrangements that result in incorrect performance, thereby promoting obfuscation.

This three-step process can be enhanced by prioritizing certain configurations of transistors. Specifically, it is advantageous to convert transistors with multiple fingers into single-finger transistors whenever possible. This amplifies the performance shifts caused by layout-based effects. Additionally, exhaustive examination of all transistors is not necessary. Transistors can be randomly selected, and alternative arrangements can be chosen for evaluation. Circuit symmetry analysis and the designer’s experience can be leveraged to identify a starting point for transistor selection. Finally, the third step can be modified to discard arrangements that result in performance too close to the desired performance. If such “undesirable”arrangements are identified, they can be eliminated. In Sect. 3, we provide a case study involving an OTA and implement the three-step procedure to lock the circuit.

Fig. 9
figure 9

Principle of locking analog circuit. The order of these arrangements in the layout design is arbitrary. The figure shows only 3 out of 6 possible orders

Full size image

3 Case study: operational transconductance amplifier

We utilize the proposed technique to lock an operational transconductance amplifier as depicted in Fig. 10. The specifications of the OTA for the chosen transistor arrangements are provided in Table 3. It is important to note that, for this specific case study, we exclusively employ transistors with a standard voltage threshold. However, this does not imply a limitation of our technique, as it can be applied to transistors with different voltage thresholds as well. Next, we investigate the impact of unused transistor arrangements on the performance of the OTA. The circuit comprises a total of 36 transistors, resulting in a search space of \(2^{36 \times 3}\) possible arrangements. In practice, it is not feasible to examine all arrangements for every transistor. However, we can focus on those arrangements that are likely to affect the input differential pairs, summing circuit, floating class-AB control, bias block, and class-AB output, as indicated in Fig. 10. This approach aligns with our earlier observation of leveraging the designer’s expertise and considering circuit symmetry when selecting transistors for examination.

Fig. 10
figure 10

Schematic of OTA circuit. Multiple subcircuits such as input differential pairs (P1, P2, N1, N2), summing circuit (P7-P10, N7-N10), bias circuit (P13-P17, N13-N17), and class-AB output (P18, N18) are used for applying the layout-based effects. Red, blue, and black transistors represent arrangements SOD, SP, and BL, respectively

Full size image

Simulation results in our simulations, we utilize the virtuoso spectre circuit simulator in conjunction with a commercial 65 nm technology. To initiate the obfuscation process, we select a set of 13 transistors from various parts within the circuit. These transistors are chosen arbitrarily and include P1, P2, P7, P8, P9, P10, N7, N8, N9, N10, N17, N18, and P18. After selecting the transistors for obfuscation, the initial keyspace consists of \(2^{13\times 3}\) possible keys. However, not all of these keys are suitable for effectively obfuscating circuit performance, so we apply our three-step procedure to improve the obfuscation at a cost of shrinking the keyspace. One important observation is that certain transistors can have varying degrees of impact on circuit performance and performance deviation caused by LDEs. To achieve a more balanced performance deviation, we have devised a strategy. Rather than obfuscating individual transistors, we choose to obfuscate a pair of transistors by tying together their select bits. This approach results in a more balanced LDE-induced performance deviation in a pair of transistors and enhances the overall effectiveness of the obfuscation technique.

Table 3 OTA specs for utilized arrangements in Fig. 10
Full size table
Fig. 11
figure 11

Pairs of arrangements. a One pair of arrangements in the based design can be hidden among a subset of 8 pairs of arrangements. b Illustration of the layout for three pairs of transistors connected to the circuit via pass transistors. Control lines convey select bits stored in a tamper-resistant memory

Full size image
Fig. 12
figure 12

Conceptual representation of an obfuscated analog design showcasing a tamper-proof memory. The figure depicts three scenarios for obfuscating a pair of transistors

Full size image

In the obfuscation process, each pair of transistors in the base design can be hidden among other pairs of arrangements, providing multiple possibilities for obfuscation (Fig. 11). In this particular case, the 13 selected transistors for obfuscation form 6 pairs of transistors and one individual transistor. To obfuscate these 6 pairs, we introduce a different number of pairs of arrangements. Specifically, we add a total of 28 random pairs of arrangements to hide the pairs of transistors, along with an additional single arrangement to obfuscate the individual transistor. Consequently, the key length for this experiment is 36 bits (i.e., \(28+6+1+1\)), achieved by adding 57 arrangements (i.e., \(28\times 2+1\)) to the original design.

Figure 12 presents a conceptual representation of an obfuscated analog design featuring a tamper-proof memory responsible for storing key bits essential for unlocking the IC. The diagram illustrates three instances of obfuscation in an analog design. In the first scenario, depicted in Fig. 12a, a pair of PMOS transistors is obfuscated alongside two additional pairs of transistors. The second scenario, represented by Fig. 12b, involves obfuscating two adjacent transistors among other pair. The third scenario mirrors the first, focusing on obfuscating a pair of NMOS transistors, as illustrated by Fig. 12c. Pass transistors serve to connect the obfuscated transistors to the circuit, and the selection of these pass transistors is determined by control bits stored in tamper-proof memory. This memory is loaded with secret keys by a trusted party post-IC fabrication.

To demonstrate the robustness of the obfuscation achieved, we conducted simulations to evaluate the impact of 50,400 keys on the gain, phase, 3 dB bandwidth (BW), and DC power of the OTA. Figure 13 illustrates the effect of the keys on the gain, showing a wide range of degradation (up to 130 dB) due to different obfuscation arrangements. It can be observed that some keys result in a gain of \(\ge 70\) dB, which meets the design specifications. In this experiment, the rate of correct keys, which can be adjusted, accounts for 0.66% of the total keys. Figure 13 also displays a gap of 8 dB between the plots, which is achieved by eliminating the nearly correct keys. This is accomplished by updating certain pairs of arrangements in the circuit. Furthermore, it is possible to remove the nearly correct keys that yield gain values between 67 and 70 dB. However, these keys constitute less than 0.14% of the total keys, indicating their negligible presence. Overall, these simulation results highlight the effectiveness of the obfuscation technique in introducing significant variations in circuit performance across different keys, ensuring the robustness of the achieved obfuscation. Figure 13 illustrates the impact of the applied keys on the phase, showing a degradation of up to 50\(^\circ \) in the phase margin. Additionally, Figs. 14 and 15 present the impact of the applied keys on the 3 dB bandwidth and DC power consumption, respectively.

The power consumption in the circuit for the correct keys falls within the range of 1.143–1.188 mW. Interestingly, out of 1702 keys that result in power consumption within this range, only 266 of them are the correct keys. In other words, observing power consumption as a proxy for correctness might mislead an adversary. It is important to note that the simulation time for evaluating gain and power was approximately 55 h, highlighting the extensive computational effort involved in this analysis. Furthermore, the introduction of 57 added arrangements in the obfuscation process leads to a 158% increase in circuit area. Moreover, power variations of up to 77% were observed compared to the power consumed by the initial circuit, indicating the significant impact of obfuscation on power consumption. These observations highlight the trade-offs and considerations involved in the obfuscation technique, including the impact on circuit performance, power consumption, and area overhead.

In summary, we apply the following three techniques (and fourth one is discussed later on) to protect the correct keys and enhance the obfuscation process:

  1. 1.

    Balance the effect of arrangements

  2. 2.

    Remove pairs of arrangements producing a nearly correct performance

  3. 3.

    Remove pairs of arrangements with a relatively large impact on performance

Fig. 13
figure 13

Layout-based effects on a the OTA gain and b phase simulated for 50 K keys. The gap marked in the graph is the result of purposefully removing nearly correct keys

Full size image

The third technique involves the elimination of pairs of arrangements that have a significant impact on the performance of the circuit. To better understand this technique, let us examine the circuit depicted in Fig. 10 and focus on transistors N7 and N8. When we choose non-symmetrical pairs of arrangements, such as BL–SP or SOD–BL, for N7 and N8, the circuit exhibits a negative gain, regardless of the other arrangements used. However, when we select symmetrical pairs of arrangements, such as SP–SP, BL–BL, or SOD–SOD, for N7 and N8, the gain becomes positive. We remove the non-symmetrical pairs of arrangements to eliminate the alarming effects on the circuit’s performance and improve the quality of the obfuscation. A point worth considering is that the application of these techniques may result in an uneven distribution of pairs of arrangements among different transistors, which can potentially raise concerns about the regularity of the circuit layout and unveil structural information. To address this issue, a possible solution is to equalize the number of pairs of arrangements for each transistor. Although this approach would reduce the keyspace, it would promote a more uniform layout and limit the Conflict of interest of structural details. Indeed, the obfuscation technique employed in this work involves a trade-off between the key length and the level of output/behavior “corruption”in the circuit, a concept also explored in digital logic locking [27]. In order to expand the keyspace and address the issue of uneven pairs of arrangements, we consider five additional transistors: P16, P17, N13, N14, and N15. These transistors are specifically chosen to create additional pairs, enhancing the obfuscation of the circuit. By incorporating additional pairs of arrangements, the locked design now consists of a total of 31 pairs of arrangements. This is achieved by subtracting the six removed pairs from the original 28 pairs and adding nine new pairs. These 31 pairs of arrangements serve to hide eight pairs of transistors from the original base design. Furthermore, the single arrangement that was added in the previous experiment is still present in the locked design. As a result, the keylength is now 41 bits, achieved by adding 63 arrangements to the original design. We simulated the circuit for 340,200 keys. Figure 16 demonstrates the impact of these keys on gain. The desired target keys account for less than 2% of the overall keys. Importantly, all gains are now positive, with a minimum target value of 70 dB. The simulation time for evaluating gain, 3 dB bandwidth, and power consumption was approximately 22 days. The circuit’s area increased by 175% due to 63 added arrangements, and power variations of up to 73% compared to the base circuit were observed. These simulations were performed on a server equipped with an Intel Xeon Gold 5122 CPU with 32 cores running @ 3.60 GHz.

Fig. 14
figure 14

Variation in the 3 dB bandwidth of the OTA for the applied keys

Full size image
Fig. 15
figure 15

DC power consumption for the applied keys

Full size image

The proposed locking scheme can be applied to larger analog circuits beyond the representative OTA block. It may not be necessary to apply the locking scheme to all analog blocks in a circuit. Once one block is locked, altering its performance is likely to affect the overall circuit performance, especially in multi-stage circuits. It should be noted that the overhead of the locking scheme for a single obfuscated transistor, in isolation, is 300%. However, for an entire circuit, the overhead will not be as significant since obfuscation can be applied selectively: it is important to highlight that not all transistors are obfuscated, as some may not be suitable candidates, and certain pairs of transistors are jointly obfuscated by fewer combinations of arrangements. While state-of-the-art approaches [12, 13] have achieved smaller overheads, they are also susceptible to SMT-based attacks [22]. In our approach, we strike a balance between overhead and security, prioritizing higher security. The security aspect of the locking scheme is further elaborated in Sect. 4.

Fig. 16
figure 16

Layout-based effects on the OTA simulated for 300 K keys

Full size image

4 Discussions

Applying digital logic locking to analog designs presents challenges, primarily in that it does not completely prevent the theft of the analog component. We strongly advocate for prioritizing analog obfuscation over digital methods when safeguarding valuable analog intellectual property.

This being said, in our threat model, we consider both the foundry and the end-user as potentially untrusted entities. We assume that the foundry has complete knowledge/visibility over the IP except for the correct key(s). The malicious end-user is assumed to possess the necessary expertise and tools for reverse engineering the IP, including high-precision optical imaging equipment, circuit simulators, and functional copies of the IP as an oracle. However, the end-user does not have the level of visibility into the layout-dependent effects as it is typically not a current practice in RE efforts. It is also assumed that the end-user does not have access to a detailed transistor model that accounts for LDEs. Moreover, the end-user is aware of selecting only one arrangement for each transistor and not more than one. In addition, we justify the inefficiency of several attack scenarios on the proposed approach, namely brute-force attack, SMT-based attack, and removal attack. We consider the following scenarios for attacking the proposed approach.

4.1 Untrusted foundry

Everything about the design including LDE-level details is known to the foundry except for the correct key(s). To enhance the protection of the keys, we employ an additional technique, referred to as the fourth technique, in addition to the three techniques previously described in Sect. 3:

4.1.1 Making the order of the arrangements in the layout design arbitrary

To further enhance the security of the keys, we applied an additional technique, which involves making the order of the arrangements in the layout design arbitrary. This means that the specific arrangement of the transistors in the layout is randomized, adding an extra layer of obfuscation to the design. By introducing this randomness, it becomes more difficult for an attacker, such as the foundry, to determine the correct arrangement and infer the corresponding keys. This method aims to thwart simple guesses made by the attacker, such as assuming that all arrangements follow a specific pattern (e.g., all arrangements are of a certain type, like BL). The arbitrary order of the arrangements introduces further complexity and unpredictability, making it harder for an attacker to reverse engineer the correct keys and compromise the security of the locked design. Given these considerations, we now address the following questions:

Can a brute force attack compromise the design? The key sizes used in the examples discussed are, technically, susceptible to brute force attacks, especially when the attack is mounted on a real device by observing its performance. However, it is important to note that the simulation time for evaluating the keys in the mentioned example was already significant, taking 22 consecutive days to evaluate only 300 K keys, which represents a very small subset of the potential keyspace. For larger circuits and longer keylengths, the computational requirements for a brute force attack become impractical and infeasible. Therefore, while the considered key sizes may be vulnerable to brute force attacks in certain scenarios, the time and resources required for such attacks increase significantly as the keylength and complexity of the circuit increase.

Do partial simulations help to obtain the keys? Or, in other words, can an adversary decompose the problem into smaller ones and apply a divide and conquer strategy? Consider the input differential pairs in the OTA as an example. If an adversary attempts different combinations of arrangements for the transistors P1, P2, N1, and N2 to find a correct \(g_{m}\), they may indeed find multiple combinations that yield the desired \(g_{m}\) value. However, it is important to note that achieving the correct \(g_{m}\) alone is not sufficient to unlock the circuit. The circuit specifications involve multiple performance parameters beyond just \(g_{m}\). While the adversary may find combinations that satisfy \(g_{m}\), it is highly likely that most of these combinations will not meet the other required specifications of the circuit. To successfully unlock the circuit, the adversary would need to find keys that simultaneously satisfy all the desired specifications. Expanding the search space to find keys that satisfy multiple specifications simultaneously significantly increases the complexity of the problem. It could easily lead to exploring a substantial portion, if not the entire keyspace. Moreover, the value of \(g_{m}\) is dependent on the bias circuit, which is also obfuscated. Therefore, there might be incorrect bias values that still result in the desired \(g_{m}\) value, further complicating the search for the correct key. In summary, finding a key that deterministically satisfies multiple specifications at the same time is highly challenging. The search space is vast and the interdependencies between different specifications, as well as the obfuscation techniques employed, make it extremely difficult for an adversary to find the correct key solely by exploring different combinations of arrangements.

Is the SMT-based attack applicable to the proposed approach? No. The SMT-based attack has been employed on analog ICs with locked bias circuits, where obfuscated current mirrors or voltage dividers are involved [12, 13]. In these cases, the correct key corresponds to a selection of mirrored branches with different transistor sizes, resulting in the desired sum of current. To find this selection, a simple equation is formulated, connecting the current of the reference branch to the currents of the mirrored branches, and the task is delegated to an SMT solver. The parameters necessary for this equation can be obtained from circuit specifications or the process design kit (PDK) documentation. The SMT solver can solve this equation without relying on a circuit simulator. This type of attack has also been applied to camouflaged analog IP [15] based on the same principle (Table  4). However, in our approach, the layout-based effects are applied to multiple parts of the circuit, not just the bias circuit. Consequently, utilizing SMT-based attacks that target the bias circuit alone is insufficient for overcoming our approach. The equations that establish the link between the undesirable layout-based effects and circuit performance must be solved using a circuit simulator. This requirement presents scalability challenges, as the computational burden increases with the complexity and size of the circuit. In summary, while SMT-based attacks have been successfully applied to certain analog ICs with locked bias circuits, our approach extends beyond the bias circuit and introduces layout-based effects to multiple parts of the circuit, including input differential pairs and summing circuit, as illustrated in Fig. 10. Solving the equations that capture the impact of these effects on circuit performance necessitates the use of a circuit simulator, making the approach less scalable compared to the SMT-based attack. In Fig. 17, it is evident that there is a wide range of current variations observed in one branch of the OTA circuit. To effectively solve the equations using an SMT solver, the solver needs to be aware of the desirable range of currents in each branch. This information can only be obtained through extensive simulations. This poses a challenge as the existing SMT-based attack does not require such extensive simulations because the currents in those circuit equations are functions of fixed reference currents.

Table 4 Vulnerability of state-of-the-art DfTr methods to SMT-based attack
Full size table

Furthermore, it is worth noting that a recent attack has been developed specifically targeting analog biasing locking techniques [23]. However, this attack focuses on searching for a correct bias instead of determining the key itself. Consequently, this attack is not applicable to our proposed technique, which obfuscates not only the bias circuit but also other parts of the circuit. By extending the obfuscation to multiple circuit components, our approach adds an extra layer of security and complexity, making it more challenging for attackers to extract the correct keys.

Fig. 17
figure 17

Current variations in an OTA branch for 4 K different keys

Full size image

Is the removal attack applicable to the proposed approach? No. The removal attack aims to retrieve the base design by identifying and removing the protection circuitry [28]. However, in our locking scheme, the protected parts cannot be immediately distinguished from the original design, making it challenging to mount a successful removal attack. Since our method obfuscates multiple blocks, not just the biasing block, removing the key-bit transistors would require redesigning the entire circuit from scratch. In the case of the OTA, removing the key-bit transistors would eliminate approximately 50% of the original design, rendering the attack ineffective. In contrast, state-of-the-art techniques that focus solely on biasing blocks are vulnerable to removal attacks [11,12,13, 16]. In such cases, the attacker only needs to recover the biasing blocks, which typically consist of a small number of transistors. Similarly, locked AMS designs in other approaches can also be vulnerable to removal attacks by removing the digital lock and redesigning the small biasing blocks [19, 20]. Table 4 summarizes the security-overhead trade-off achieved by our approach compared to other techniques. Our approach establishes a balance between security and overhead, with the ability to reduce the area overhead to approximately 30% by selecting two arrangements per obfuscated transistor instead of three. However, it is important to note that lowering the number of arrangements per transistor would also lower the security level of the locked circuit.

4.2 Untrusted end-user

In the scenario where the netlist of the locked circuit is obtained through reverse engineering efforts, the adversary will have access to the metal lines, vias, contacts, and poly lines of the circuit. However, it is important to note that the adversary does not have access to LDE-level visibility, which means they cannot observe the detailed characteristics and behavior of the transistors. Upon obtaining the locked netlist, the adversary will observe groups of transistors with identical sizes, representing the arrangements used in our locking scheme. However, since we do not manipulate the transistor’s width (W) or length (L), the adversary’s model will not capture the layout-dependent effects that were originally designed to exploit. Therefore, simulating the obtained netlist with different keys will result in the same behavior, which is incorrect if the circuit was specifically designed to utilize LDEs. Even if the adversary has access to an oracle that can confirm that different keys lead to different performance, they have no means to map these performance variations back to the circuit’s design. This lack of detailed knowledge about the LDEs prevents the adversary from establishing useful distinguishing input patterns, similar to the SAT attack [29]. Consequently, the adversary’s chances of unlocking the circuit are not higher than those of a malicious foundry, even when they possess an oracle.

Along similar lines, the genetic algorithm-based attack [24], which relies on oracle and locked netlist, is unlikely to be effective against the proposed approach. The genetic algorithm-based attack utilizes evolutionary search techniques to explore the design space and find potential keys that unlock the circuit. However, since our threat model does not provide access to the detailed locked netlist, the adversary lacks the necessary information to conduct such an attack. Without access to the detailed locked netlist, the adversary is unable to accurately model the circuit’s behavior and the impact of different keys on its performance. This lack of detailed information about the circuit’s design and layout-dependent effects makes it extremely challenging for the adversary to successfully apply the genetic algorithm-based attack to reverse engineer or unlock the locked analog ICs.

In summary, the absence of LDE-awareness in the netlist obtained through reverse engineering makes it extremely challenging for the adversary to accurately understand and exploit the design’s key-dependent performance variations, thus impeding their ability to unlock the circuit.

5 Conclusion

This paper presents a novel approach for locking analog integrated circuits by leveraging layout-based effects such as well proximity effect and length of oxide diffusion. The proposed approach is demonstrated on an operational transconductance amplifier circuit using a large number of keys to showcase the effectiveness of the obfuscation achieved. By applying the layout-based effects to the circuit, we show that the gain, phase margin, 3 dB bandwidth, and power characteristics are significantly altered, thereby enhancing the security of the locked circuit. These layout-based effects serve as a form of obfuscation, making it difficult for adversaries to reverse engineer or counterfeit the circuit. The results of this work demonstrate the potential of the proposed approach in protecting analog circuits against counterfeiting and reverse engineering attacks, which are common threats in the semiconductor industry.

As a future direction, we plan to validate the methodology in silicon by utilizing a commercial foundry service. This step will provide a realistic scenario of outsourcing, where the circuit is fabricated by a third-party foundry. By implementing the proposed approach in silicon, the authors can evaluate its practicality, performance, and effectiveness in a real-world setting.