Abstract
Researchers have developed numerous strategies to alleviate the threat of malicious third-party foundries, including logic locking and its numerous sophisticated variants for hardware intellectual property (IP) protection. Recent work at the register-transfer level has opened the door to “large-scale” locking of large IPs (comprising thousands of gates) with hundreds to thousands of key bits. Recent security evaluation of such techniques treats the locked design as a monolith and has suggested that large logic-locked designs are practically secure, even from powerful SAT-based attacks. In this work, we challenge such findings by proposing and evaluating a novel algorithmic method to de-obfuscate large logic-locked circuits by attacking a set of small sub-circuit cones. The algorithm chooses a sub-optimal set of sub-circuit cones and proposes an attack sequence on these cones by leveraging the observation that each locking key-bit is distributed across multiple sub-circuit cones of varying sizes. This Divide And Conquer SAT (DACSAT) attack framework can de-obfuscate large designs, like an AES IP comprising 300,000 gates, logic-locked with up to 50,000 keys in around 3600 seconds, while an out-of-the-box, state-of-the-art SAT attack tool fails.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 1 |
| Number of pages | 1 |
| Journal | IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems |
| DOIs | |
| State | Accepted/In press - 2023 |
Keywords
- Discrete Fourier transforms
- Flip-flops
- Integrated circuits
- IP networks
- Logic gates
- Logic Locking
- RTL Locking
- SAT Attack
- Scalability
- Security
ASJC Scopus subject areas
- Software
- Computer Graphics and Computer-Aided Design
- Electrical and Electronic Engineering