OMLA: An Oracle-Less Machine Learning-Based Attack on Logic Locking

Abstract

Hardware-based attacks on the semiconductor supply chain are emerging due to the globalization of the design flow. Logic locking is a design-for-trust scheme that promises protection throughout the supply chain. While attacks have heavily relied on an oracle to break logic locking, machine learning (ML)-based attacks demonstrate the daunting possibility of breaking locking even without an oracle. Although very potent, current ML-based attacks recover only a subset of the transformations introduced by locking. We aim to address this shortcoming by developing an oracle-less graph neural network-based attack called <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">OMLA</monospace> , questioning once again the security of logic locking. Our experiments on ISCAS-85 and ITC-99 benchmarks demonstrate that <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">OMLA</monospace> achieves a key-prediction accuracy up to 97.22% and outperforms state-of-the-art <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SnapShot</monospace> and <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SAIL</monospace> attacks for all evaluated benchmarks.