Implementing Homomorphic Encryption-Based Logic Locking in System-On-Chip Designs

This paper presents PrimLock, a logic locking framework that employs integer linear programming (ILP) to optimize key gate placement in integrated circuits (ICs), addressing vulnerabilities like IP theft and hardware Trojans in untrusted supply chains. Existing methods suffer from heuristic key placement, scalability limitations, and susceptibility to SAT attacks. PrimLock introduces a du-al-circuit ILP model that maximizes output corruption under incorrect keys while minimizing computational overhead. A standardized security metric quantifies resilience as the percentage of corrupted outputs, validated on the C17 benchmark. Results show 100% corruption in critical test cases, out-per-forming heuristic and SAT-resistant approaches. Constraint reduction tech-niques reduce computational complexity significantly, enabling scalability to industrial designs. This work establishes a mathematically rigorous founda-tion for logic locking, balancing provable security with practical efficiency.

Logic Locking Based Configurable Obfuscation Cell for Enhanced IC Security

Once, discrete circuit elements, called components, were heaped up on boards inside steel cages using wire-lead technology in just five short years. Fast forward to today, and your computer CPU fits about half an inch square on a chip. Both this constant miniaturization of electronic circuits and the rapid growth in the prevalence of third-party intellectual property parts have made hardware protection more worrisome than ever. Among all these issues, Hardware Trojans (HTs)—which represent corrupted or harmful additions during various design and fabrication stages—pose significant threats to system integrity, privacy of data, and essential infrastructure. Recent studies have investigated machine learning (ML) and artificial intelligence (AI) techniques designed to enable Hardware Trojans to be found, located, and eliminated in all stages from the register transfer level (RTL) and beyond. This survey gives an in-depth look at how AI can enhance RTL security. It classifies these AI-based techniques into four main categories: Graph-Based Techniques GNNs, for instance, can be used to estimate the topology of circuits, extract structural characteristics, and thus find where some corruption has occurred. The SALTY framework applies Jumping-Knowledge GNNs to improve the accuracy location for hardware Trojans. Deep Learning in Side-Channel and Power-Analysis Techniques Deep learning methods—such as Siamese Neural Networks (SNNs) and Long Short-Term Memory (LSTM) models—have been developed to detect abnormalities brought about by Trojans in power consumption or electromagnetic (EM) radiation, granting non-invasive practices clear security benefits. Studies show that these techniques are superior to the traditional golden-model side-channel detection techniques. Machine Learning Analysis of RTL Code: In conjunction with AI, research teams are now building nearest-neighbor classifiers and decision trees and using reinforcement learning (RL) to recognize occurrences of Trojans inside RTL code. Some research uses Verilog/VHDL conditional statements as features for ML, making it possible for early warning signals to be effectively detected and introducing a proactive security mechanism during the design phase. Comprehensive Security Measures and Logic Locking: A step-by-step methodology has evolved for prevention measures such as logic locking and layout hardening, which aims against a splendid prospect within reach. The TroLLoc framework uses logic obfuscation combined with security-aware placement and routing, thus mitigating security exposures post-design. However, comprehensive studies point out several outstanding problems: key recovery attacks and unintended data leakage related to security in logic locking. In this way, the paper evaluates various AI-driven security strategies in an organized, facilitative manner, thereby highlighting significant challenges and proposing future research directions.

As chip fabrication costs rise, designers have shifted to a fabless and outsourced development model which opens up the possibility for IP piracy. To address these challenges, logic locking methods modify designs to limit functionality to authorized users that present a valid secret key. However, existing techniques often face limitations in resilience against advanced attacks and do not provide solutions to achieve user-defined constraints and goals. In this article, we propose SRLL, a user-defined constraint-aware logic locking technique that aims to improve the security and reliability of hardware designs. SRLL bridges the gap between exact and approximate attacks and allows the user to balance the resiliency against satisfiability-based, machine-learning-based, and constant propagation attacks while securing design constraints provided by the user. To enable this, we limit the locking functions to the non-critical path components and insert key gates at specific nodes, introducing a new set of critical parameters specifically designed to prevent target attacks. Finally, we obfuscate the netlist to hide inserted key gates and locking functions. Results show that SRLL maintains strong resiliency by exponentially increasing the required number of distinguishing input patterns, the complexity of finding these patterns, and adding sufficient structural complexity to the design. We evaluate SRLL using ISCAS ’85, MCNC ’91, and ITC ’99 benchmarks, demonstrating resiliency with low overhead against modern attacks, including SAT, AppSAT, OMLA, SAIL, and SCOPE.

DCLL: Depth-coupling Based Approach On Logic Locking

FeSATLock: An Energy Efficient and SAT Attack Resilient Logic Locking Design with FeFET LUT Architecture for Enhanced Hardware Security

On the Efficacy and Vulnerabilities of Logic Locking in Tree-Based Machine Learning

DSMLock: Low Overhead Logic Locking for System Security with Design Space Modeling

OptiLock: Automated Optimization of Learning-Resilient Logic Locking

Building and maintaining a silicon foundry is a costly endeavor that requires substantial financial investment. From this scenario, the semiconductor business has largely shifted to a fabless model where the Integrated Circuit (IC) supply chain is globalized but potentially untrusted. In recent years, several hardware obfuscation techniques have emerged to thwart hardware security threats related to untrusted IC fabrication. Reconfigurable-based obfuscation schemes have shown great promise of security against state-of-the-art attacks—these are techniques that rely on the transformation of static logic configurable elements such as Look Up Tables (LUTs). This survey provides a comprehensive analysis of reconfigurable-based obfuscation techniques, evaluating their overheads and enumerating their effectiveness against all known attacks. The techniques are also classified based on different factors, including the technology used, element type, and IP type. Additionally, we present a discussion on the advantages of reconfigurable-based obfuscation techniques when compared to Logic Locking techniques and the challenges associated with evaluating these techniques on hardware, primarily due to the lack of tapeouts. The survey’s findings are essential for researchers interested in hardware obfuscation and future trends in this area.

FCLock: harnessing functional non-combinational cycles in logic locking

The decentralized semiconductor supply chain is vulnerable to different security threats such as intellectual property (IP) theft and malicious modifications. Logic locking (LL) can be used to secure digital designs from some of these threats and is typically carried out by inserting a set of logic gates/flops in the design such that the design can only be operated with the right key or key sequence. However, many LL techniques have been shown to be vulnerable to learning guided structural attacks such as SAIL. The goal of this work is to demonstrate the versatility, extensibility, and wide applicability of SAIL towards reinforcing the need for structural security in LL.

CRLock: A SAT and FALL Attacks Resistant Logic Locking Method for Controller at Register Transfer Level

Logic locking is an efficient defense against attacks to the intellectual property of integrated circuits. However, in recent years, boolean satisfaction based attack (SAT attack) and a structural based attack named Valkyrie were proposed. As far as we know, most of the locking methods failed to achieve security for both of them and keep an acceptable overhead. In this paper, we present a self-adaptive striped-function logic locking method named SFLL-AD, based on repeatedly modifying the structure of the encryption block to a form that: (1) permits splitting and dispersing the encryption block across the netlist to have resilience to Valkryie (2) and guarantees not losing SAT resilience. Experimental results of our mehtod confirm the security to both attacks and show a small overhead (about 10% on average).

Machine Learning-Based Security Evaluation and Overhead Analysis of Logic Locking

Thwarting GNN-Based Attacks Against Logic Locking

The Boolean satisfiability (SAT) attack is an oracle-guided attack that can break most combinational logic locking schemes by efficiently pruning out all the wrong keys from the search space. Extending such an attack to sequential logic locking requires multiple time-consuming rounds of SAT solving, performed using an "unrolled" version of the sequential circuit, and model checking, used to determine the successful termination of the attack. This article addresses these challenges by formally characterizing the relation between the minimum unrolling depth required to prune out the wrong keys of an SAT-based attack and a notion of functional corruptibility (FC) for sequential circuits, which can be efficiently estimated from a locked circuit to indicate the progress of an SAT-based attack. Based on this analysis, we present an FC-guided SAT-based attack that can significantly reduce unnecessary SAT and model-checking tasks. We present two versions of the attack, namely, <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Fun-SAT</monospace> and <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Fun-SAT+</monospace> , based on whether the attacker has a priori knowledge of the key length. <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Fun-SAT</monospace> aims to find the correct key sequence, while <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Fun-SAT+</monospace> aims to retrieve the correct initial state of the circuit. The numerical evaluation shows that <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Fun-SAT</monospace> can be, on average, <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$90\boldsymbol {\times }$ </tex-math></inline-formula> faster than previous attacks against state-of-the-art locking methods. On the other hand, when using an approximate termination condition, <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Fun-SAT+</monospace> can find an initial state that leads to at most 0.1% FC in 76.9% instances that would otherwise time out after one day.

Due to the adoption of horizontal business models following the globalization of semiconductor manufacturing, the overproduction of integrated circuits (ICs) and the piracy of intellectual properties (IPs) can lead to significant damage to the integrity of the semiconductor supply chain. Logic locking emerges as a primary design-for-security measure to counter these threats, where ICs become fully functional only when unlocked with a secret key. However, Boolean satisfiability (SAT)-based attacks have rendered most locking schemes ineffective. This gives rise to numerous defenses and new locking methods to achieve SAT resiliency. This article provides a unique perspective on the SAT attack efficiency based on conjunctive normal form (CNF) stored in SAT solver. First, we show how the attack learns new relations between keys in every iteration using distinguishing input patterns and the corresponding oracle responses. The input-output pairs result in new CNF clauses of unknown keys to be appended to the SAT solver, which leads to an exponential reduction in incorrect key values. Second, we demonstrate that the SAT attack can break any locking scheme within linear iteration complexity of key size. Moreover, we show how key constraints on point functions affect the SAT attack complexity. We explain why proper key constraint on AntiSAT reduces the complexity effectively to constant 1. The same constraint helps the breaking of CAS-Lock down to linear iteration complexity. Our analysis provides a new perspective on the capabilities of SAT attack against multiplier benchmark c6288, and we provide new directions to achieve SAT resiliency.

Having access to a unique quantum circuit that one wants to protect against use by others is a very likely scenario in industrial computing. However, currently, users rely on classical computer security schemes, which have known shortcomings. In this paper, we introduce a novel protection scheme along with a survey of other known methods to protect quantum information. In particular, we review physically unclonable functions (PUFs), obfuscation, and introduce quantum logic locking (QLL). The latter technique provisions end users to protect their circuit from an adversary through the use of a secret key.