Modeling SAT-Attack Search Complexity

Abstract

In this paper, a metric based on mathematical modeling is proposed to evaluate the strength in security of a logic-locked circuit against a satisfiability (SAT) based attack. Current approaches estimate the SAT resilience experimentally based on time-to-solve or the number of calls to a SAT-solver. However, the estimate is often based on one sample or a small sample size. Due to the possible variation in the search path length of the SAT-attack, a measure of resilience based on statistical characterization is proposed. A probabilistic model of a SAT-attack search process is developed to properly capture the variation in the path length and report the SAT resilience as an expectation of the computational complexity. An estimator of the expected complexity, assuming an equally likely branching probability, is proposed. The model and the estimator allow for 1) the derivation of a closed-form estimate of the expected security, and 2) characterization of the key search space without experimental bias toward SAT-attack implementation or circuit topology. As a case study, an analysis of the security gain per inserted key gate is performed on a full adder circuit. The study reveals a monotonically increasing resilience and provides insights on the most efficient key gate placement strategy that maximizes the achievable security.