RESCUE: Resilient, Scalable, High-corruption, Compact-Key-Set Locking Framework

Logic locking has gained traction for protecting the intellectual property (IP) of integrated circuits (IC) from untrusted foundries, test facilities, and end-users. A working chip or an oracle is a significant resource for an attacker to retrieve the secret locking key. Recently, a radically different logic locking shield (DisORC) was proposed to safeguard an IC against oracle-guided attacks such as SAT-based attacks which rely on scan access. This scheme was shown to be resilient on larger circuits with large sequential depths; however, it fails to protect smaller circuits, such as specialized controllers, even for large key sizes as attacks can succeed even without scan access. A truly random logic locking (TRLL) technique was proposed to thwart learning-based attacks, by making random decisions on absorbing inverters in the design into key-gates. However, small design blocks may not contain enough inverters to replace, and thereby when locked with TRLL, they may not resist learningbased attacks. Further, for large key sizes, high corruption schemes such as TRLL produce multiple correct keys, simplifying the key recovery for an attacker. In this work, we propose a scalable, learning-resilient, high-corruption technique to protect even small design blocks from all known oracle-less and oracleguided attacks all the while returning only a few correct keys. Our technique (i) randomly generates enough inversions in the design to provably thwart learning-based attacks, (ii) strategically inserts key-gates to return only a few correct keys and obtain high output corruption, and (iii) heuristically selects key-gate locations to improve resilience against sequential SAT-based attacks. We regress our technique on 14 representative ISCAS-89 and ITC-99 benchmarks.