Go to DBLP homepageScaling Attacks on Large Logic-Locked Designs
Abstract: Researchers have developed numerous strategies to alleviate the threat of malicious third-party foundries, including logic locking and its numerous sophisticated variants for hardware intellectual property (IP) protection. Recent work at the register-transfer level has opened the door to “large-scale” locking of large IPs (comprising thousands of gates) with hundreds to thousands of key bits. Recent security evaluation of such techniques treats the locked design as a monolith and has suggested that large logic-locked designs are practically secure, even from powerful SAT-based attacks. In this work, we challenge such findings by proposing and evaluating a novel algorithmic method to de-obfuscate large logic-locked circuits by attacking a set of small subcircuit cones. The algorithm chooses a suboptimal set of subcircuit cones and proposes an attack sequence on these cones by leveraging the observation that each locking key-bit is distributed across multiple subcircuit cones of varying sizes. This divide-and-conquer SAT (DACSAT) attack framework can de-obfuscate large designs, like an AES IP comprising ~300000 gates, logic-locked with up to 50000 keys in around 3600 s, while an out-of-the-box, state-of-the-art SAT attack tool fails.
External IDs:dblp:journals/tcad/MoosaTK25
Loading