# SUBLOCK: SUB-CIRCUIT REPLACEMENT BASED INPUT DEPENDENT KEY-BASED LOGIC LOCKING FOR ROBUST IP **PROTECTION**

A PREPRINT

Vijaypal Singh Rathor Department of CSE PDPM IIITDM Jabalpur India, 482005 vrathor@iiitdmj.ac.in

Kshira Sagar Sahoo Department of Computing Science Umeå University, Umeå Sweden, 901 87 kshirasagar12@gmail.com

Munesh Singh Department of CSE PDPM IIITDM Jabalpur India, 482005 munesh.singh@iiitdmj.ac.in

Saraju P. Mohanty Department of CSE University of North Texas, Denton TX, USA, 76207 saraju.mohanty@unt.edu

June 28, 2024

#### ABSTRACT

Intellectual Property (IP) piracy, overbuilding, reverse engineering, and hardware Trojan are serious security concerns during integrated circuit (IC) development. Logic locking has proven to be a solid defence for mitigating these threats. The existing logic locking techniques are vulnerable to SAT-based attacks. However, several SAT-resistant logic locking methods are reported; they require significant overhead. This paper proposes a novel input dependent key-based logic locking (IDKLL) that effectively prevents SAT-based attacks with low overhead. We first introduce a novel idea of IDKLL, where a design is locked such that it functions correctly for all input patterns only when their corresponding valid key sequences are applied. In contrast to conventional logic locking, the proposed IDKLL method uses multiple key sequences (instead of a single key sequence) as a valid key that provides correct functionality for all inputs. Further, we propose a sub-circuit replacement based IDKLL approach called SubLock that locks the design by replacing the original sub-circuitry with the corresponding IDKLL based locked circuit to prevent SAT attack with low overhead. The experimental evaluation on ISCAS benchmarks shows that the proposed SubLock mitigates the SAT attack with high security and reduced overhead over the well-known existing methods.

*Keywords* Logic Locking · IP Piracy · Overbuilding · hardware Trojan · SAT-Attack · IP Protection

# 1 Introduction

Recent advancement in technology (i.e., artificial intelligence, Internet of Thing (IoT) and cyber-physical systems) encourages using high-functioning, automated and intelligent electronic devices, specifically IC, for various missioncritical applications such as financial, national defence, health care, transportation, and energy. Security is a critical concern in all these mission-critical applications. Due to the unaffordable cost of constructing and maintaining a foundry with advanced fabrication capabilities, semiconductor industries are becoming fabless. Further, critical time-to-market forces companies to use third-party intellectual property (IP) blocks to design an integrated circuit (IC). Due to these economic and timing constraints, outsourcing from third parties is unavoidable in IC development. The involvement of several untrusted third parties and people in IC development makes the IC vulnerable to various hardware-based attacks

such as IP piracy, overbuilding, reverse engineering (RE), and hardware Trojan (HT) insertion [Rostami et al.](#page-17-0) [\[2014\]](#page-17-0), [Xiao et al.](#page-17-1) [\[2016\]](#page-17-1). These attacks pose serious security concerns during the IC life cycle as they can compromise the whole system's security. For example, the insertion of hardware Trojan not only deviates IC from its normal function but also can leak sensitive information during infield operation [Bhunia et al.](#page-17-2) [\[2014\]](#page-17-2). Further, as a result of these supply chain assaults, the IC industries lose billions of dollars every year [Est](#page-17-3) [\[2015\]](#page-17-3), [SEMI](#page-17-4) [\[2008\]](#page-17-4).



<span id="page-1-0"></span>Figure 1: Logic Locking in IC development. Applying logic locking for mitigating various threats (i.e., IP Piracy, Overbuilding, Hardware Trojan and Reverse Engineering) during the IC life cycle.

To mitigate these attacks, different design-based defence techniques such as removing rare-triggered nets [Salmani et al.](#page-17-5) [\[2012\]](#page-17-5), [Rathor et al.](#page-17-6) [\[2020a\]](#page-17-6), HT detection [Narasimhan et al.](#page-17-7) [\[2013\]](#page-17-7), [Salmani](#page-17-8) [\[2017\]](#page-17-8), logic locking/obfuscation [Roy](#page-17-9) [et al.](#page-17-9) [\[2010\]](#page-17-9) [Rajendran et al.](#page-17-10) [\[2015\]](#page-17-10), [Yasin et al.](#page-17-11) [\[2016a\]](#page-17-11), logic camouflaging [Cocchi et al.](#page-17-12) [\[2014\]](#page-17-12), [Rathor et al.](#page-17-13) [\[2017\]](#page-17-13), etc. are reported in the literature to mitigates these threats. In the last five years, logic locking has emerged as the most effective and prominent method to thwart these attacks during the IC life cycle. Logic locking locks/obfuscates the design functionality by embedding a secret key sequence during the IC development, as shown in Figure [1.](#page-1-0) The design provides correct functionality only when a valid secret key sequence is applied. The correct key sequence is stored in on-chip tamper-evident memory, which is inaccessible to the attacker [Zhang](#page-17-14) [\[2016\]](#page-17-14), [Rajendran et al.](#page-17-15) [\[2012a\]](#page-17-15).

The security of the logic locking techniques mainly depends on the secrecy of the key. Since the attacker always has access to the unlocked IC from the open market, he/she reveals the correct key by applying different attack mechanisms to the locked IC. In the last six years, boolean satisfiability (SAT) has emerged as the most effective attack that can compromise the security of a logic locking technique within a few minutes, even using a large key size. This attack iteratively eliminates the wrong keys by applying the distinguishing input patterns (DIPs) and identifying the correct key [Subramanyan et al.](#page-17-16) [\[2015\]](#page-17-16), [El Massad et al.](#page-17-17) [\[February 8-11, 2015\]](#page-17-17) . To mitigate the SAT attack, several SAT resilience logic locking techniques have been reported in the literature such as Anti-SAT block (ASB) [Xie and Srivastava](#page-18-0) [\[2016\]](#page-18-0), [Xie and Srivastava](#page-18-1) [\[2018\]](#page-18-1), SARLock [Yasin et al.](#page-18-2) [\[2016b\]](#page-18-2), stripped functionality logic locking (SFLL) [Yasin et al.](#page-18-3) [\[2017a\]](#page-18-3), cascaded locking (CAS-Lock) [Shakya et al.](#page-18-4) [\[2020\]](#page-18-4) and Strong Anti-SAT (SAS) [Liu et al.](#page-18-5) [\[2020\]](#page-18-5). These methods either vulnerable to other attacks such as removal [Yasin et al.](#page-18-6) [\[2017b\]](#page-18-6), [Yasin et al.](#page-18-7) [\[2020\]](#page-18-7), AppSAT [Shamsi](#page-18-8) [et al.](#page-18-8) [\[2017a\]](#page-18-8), Bypass [Xu et al.](#page-18-9) [\[2017\]](#page-18-9), Functional Analysis (FALL) [Sirone and Subramanyan](#page-18-10) [\[2020\]](#page-18-10), Identify flip signal (IFS) attack [Sengupta et al.](#page-18-11) [\[2021\]](#page-18-11) or provide trade-off between security and effectiveness with large overhead. However, recently an input dependent key-based logic locking (IDKLL) method called GateLock to prevent the SAT attacks [Rathor et al.](#page-18-12) [\[2024\]](#page-18-12). This method may not be vulnerable to structural analysis attacks due to using fixed structures for IDKLL gates. This paper proposes a new lightweight IDKLL based SAT resilient method that can effectively mitigate SAT and structural analysis attacks and provides robust IP protection. The contributions of this paper are presented in the next section.

# 2 Contributions of This Paper

This section first presents the problem being addressed in this paper, the proposed solution, followed by the novelty and significance of the proposed solution.

### 2.1 Problem Addressed in this Paper

The IC is vulnerable to hardware-based attacks, i.e., piracy, overbuilding, RE, HT, etc. Though several logic locking techniques attempt to mitigate these attacks, they are vulnerable to SAT-based attacks and require significant design overhead. Most of the existing SAT-resistant logic locking techniques are vulnerable to SAT variants such as App-SAT, Bypass, removal, and FALL and require high implementation costs. Further, the recent methods such as CAS-Lock and SAS also provide the trade-off between SAT and other attacks and require a large overhead. Further, to the best of our knowledge, none of the existing SAT-resistant logic locking techniques has focused on preventing SAT attacks instead of increasing SAT attack time or DIPs. This paper considers preventing SAT-based attacks completely with low overhead and providing effective protection during the IC life cycle.

# 2.2 Solution Proposed in this Paper

This paper proposes a novel lightweight sub-circuit replacement based input dependent key-based logic locking (IDKLL) technique to prevent SAT-based attacks. The proposed method uses multiple key sequences as the correct key to unlock the design. The IDKLL divides the input patterns into multiple sets and uses a different key sequence as a valid key for each set of inputs. This means a separate key sequence is used to unlock the circuit for a specific set of inputs. None of the key sequences exists out of total key space that can achieve correct functionality for all the input patterns. Therefore, the design functions correctly for all sets of inputs only when their respective correct key sequences are applied. Further, in the proposed methods, design functionality is locked by replacing the original sub-circuits with their corresponding IDKLL based locked circuits. Due to sub-circuit replacement, it is hard to apply structural analysis attacks.

# 2.3 Novelty and Significance of the Solution

Unlike existing techniques, the proposed IDKLL based technique utilizes multiple key sequences (instead of a single key sequence) as a valid key to lock/unlock the design. Design can provide correct functionality for all inputs only when their respective correct key sequence is applied. Instead of storing single key sequences in normal tamper-proof memory, the proposed IDKLL uses the LUT-based tamper-proof memory to store and retrieve the corresponding valid key sequences to the applied inputs. In the proposed method, the SAT attack eliminates all the key sequences as all the key sequences are individually incorrect. Thus SAT attack failed to identify the correct key sequences. The existing techniques suffer from a trade-off between SAT and effectiveness and other attacks and require a large overhead. In contrast, the proposed IDKLL provides high security against SAT attacks while providing effective protection against other attacks such as removal [Yasin et al.](#page-18-7) [\[2020\]](#page-18-7), App-SAT [Shamsi et al.](#page-18-8) [\[2017a\]](#page-18-8), and Bypass [Xu](#page-18-9) [et al.](#page-18-9) [\[2017\]](#page-18-9). The quantitative security analysis of the proposed IDKLL shows that the attacker has to require more than brute force attempts to decipher the correct key sequences. Further, the experimental evaluation on ISCAS and ITC benchmarks shows that the proposed technique effectively prevents SAT-based attacks with low overhead over the recent SAT-resistant logic locking.

The rest of the paper is organized as follows: Section [3](#page-2-0) analyses the existing SAT-resistant logic locking techniques. Section [4](#page-5-0) presents a novel concept of input dependent key-based logic locking to prevent SAT attacks. Further, Section [5](#page-9-0) presents a lightweight sub-circuit replacement based IDKLL method followed by its quantitative security analysis. The experimental evaluation and comparative analysis of our technique are presented in Section [7.](#page-12-0) The conclusion of the paper is provided in Section [8.](#page-16-0)

# <span id="page-2-0"></span>3 Related Prior Works

The researchers have proposed various logic locking techniques which either insert the additional key gates like XOR/XNOR [Roy et al.](#page-17-9) [\[2010\]](#page-17-9), [Rajendran et al.](#page-17-15) [\[2012a\]](#page-17-15), AND/OR [Dupuis et al.](#page-18-13) [\[2014\]](#page-18-13), MUX [Rajendran et al.](#page-17-10) [\[2015\]](#page-17-10) or replaces the existing logic with corresponding new locked logic [Juretus and Savidis](#page-18-14) [\[2016a\]](#page-18-14), LUTs [Liu and Wang](#page-18-15) [\[2014\]](#page-18-15). However, several attacks such as key-sensitization [Rajendran et al.](#page-18-16) [\[2012b\]](#page-18-16), [Yasin et al.](#page-17-11) [\[2016a\]](#page-17-11), logic cone analysis [Lee and Touba](#page-18-17) [\[2015\]](#page-18-17), hill climbin[gPlaza and Markov](#page-18-18) [\[2015\]](#page-18-18), SAT [Subramanyan et al.](#page-17-16) [\[2015\]](#page-17-16), [El Massad et al.](#page-17-17) [\[February 8-11, 2015\]](#page-17-17) are reported to compromise the security above logic locking methods. Locking a design using an interference graph-based method and inserting an additional AES module in the locked design improves the security against these attacks [Yasin et al.](#page-17-11) [\[2016a\]](#page-17-11). However, the interference graph-based method is topology dependent and vulnerable to logic cone analysis attacks. Also, AES insertion causes a large design overhead [Lee and Touba](#page-18-17) [\[2015\]](#page-18-17). A lightweight and topology independent key-gate replacement based logic locking is reported in [Rathor and Sharma](#page-18-19) [\[2021\]](#page-18-19) to neutralize the key-sensitization and logic cone analysis attacks.

The SAT-resistant logic locking techniques such as SARLock [Yasin et al.](#page-18-2) [\[2016b\]](#page-18-2), Anti-SAT block [Xie and Srivastava](#page-18-0) [\[2016\]](#page-18-0), and AND Tree insertion [Li et al.](#page-18-20) [\[2016\]](#page-18-20) are reported to mitigate the SAT attack with reduced overhead. The

<span id="page-3-0"></span>

# Table 1: SUMMARY OF DIFFERENT SAT RESISTANT LOGIC LOCKING TECHNIQUES ALONG WITH THE IDENTIFIED LIMITATIONS

AND tree insertion-based approach is vulnerable to sensitization-guided SAT attack [Yasin et al.](#page-18-7) [\[2020\]](#page-18-7). Whereas, the SARLock and Anti-SAT are vulnerable to removal [Yasin et al.](#page-18-6) [\[2017b\]](#page-18-6), [Yasin et al.](#page-18-7) [\[2020\]](#page-18-7), App-SAT [Shamsi et al.](#page-18-8) [\[2017a\]](#page-18-8), double DIP [Shen and Zhou](#page-19-2) [\[2017\]](#page-19-2), and Bypass [Xu et al.](#page-18-9) [\[2017\]](#page-18-9) attacks. Moreover, the security of SARALock and Anti-SAT block can also be compromised using SAT-based Signature [Shen et al.](#page-19-3) [\[2019\]](#page-19-3) and Bit-flipping [Shen](#page-19-4) [et al.](#page-19-4) [\[2018\]](#page-19-4) attacks. Similar to the removal attacks, these attacks also separate the SAT-resistant block from the locked circuit. Although, the security of the Anti-SAT block against removal attack is increased [Xie and Srivastava](#page-18-1) [\[2018\]](#page-18-1) by obfuscating it using LUT-based design withholding and wire entanglement approach [Khaleghi et al.](#page-19-5) [\[2015\]](#page-19-5). The use of these LUT-based approaches for obfuscation introduces a large design overhead [Khaleghi et al.](#page-19-5) [\[2015\]](#page-19-5). A lightweight Anti-SAT design and obfuscation technique is reported in [Rathor et al.](#page-19-6) [\[2020b\]](#page-19-6) to reduce the design overhead and increase the security against removal attacks. This technique increases security with reduced design overhead by constructing the Anti-SAT block using existing circuitry.

Besides the above, a tenacious and traceless logic locking called TTlock is reported in [Yasin et al.](#page-19-0) [\[2017c\]](#page-19-0) where the SARLock is re-architected to mitigate the SAT and removal attacks simultaneously. The TTLock is an extension of SARLock where the original netlist is modified to protect a secret input pattern such that the output of the original and modified netlist differ only for one input pattern. Similar to SARLock and Ant-SAT, TTLock is also vulnerable to App-SAT [Shamsi et al.](#page-18-8) [\[2017a\]](#page-18-8), double DIP [Shen and Zhou](#page-19-2) [\[2017\]](#page-19-2) and Bypass [Xu et al.](#page-18-9) [\[2017\]](#page-18-9) attacks. These attacks mainly compromise the security of the above SAT-resistant methods due to their low output corruptibility. Though it is reported that output corruptibility of Anti-SAT can be increased [Yasin et al.](#page-18-7) [\[2020\]](#page-18-7), [Xu et al.](#page-18-9) [\[2017\]](#page-18-9), increasing the output computability may decrease the effectiveness of the logic locking against SAT attack [Rajendran et al.](#page-17-10) [\[2015\]](#page-17-10), [Xu](#page-18-9) [et al.](#page-18-9) [\[2017\]](#page-18-9), [Yasin et al.](#page-18-7) [\[2020\]](#page-18-7).

In order to mitigate the App-SAT, Double DIP and Bypass attacks, an extension of TTLock called stripped functionality logic locking (SFLL) has also been proposed in [Yasin et al.](#page-18-3) [\[2017a\]](#page-18-3). The SFLL selects multiple protected input patterns to increase the output corruptibility and increase the security against App-SAT, Bypass and Double DIP attacks. However, increasing the number of protected patterns increases the corruptibility; it decreases SAT iterations and increases the required overhead [Liu et al.](#page-18-5) [\[2020\]](#page-18-5), [Shakya et al.](#page-18-4) [\[2020\]](#page-18-4). Thus, SFLL creates the trade-off between security and effectiveness [Liu et al.](#page-18-5) [\[2020\]](#page-18-5). Besides, the SFLL is also proven vulnerable to Functional Analysis (FALL) attack as reported in [Sirone and Subramanyan](#page-18-10) [\[2020\]](#page-18-10). An attack framework has been proposed in [Yang et al.](#page-19-1) [\[2019\]](#page-19-1) that breaks the SFLL by exploiting structural traces left in the locked design.

However, a CAS-Lock [Shakya et al.](#page-18-4) [\[2020\]](#page-18-4), and strong Anti-SAT called SAS [Liu et al.](#page-18-5) [\[2020\]](#page-18-5) based logic locking methods are proposed to mitigate the threats of App-SAT, Bypass and simultaneously ensure the effectiveness against SAT attack. The CAS-Lock basically adopts the merits of SARlock, and Anti-SAT uses cascaded key controlled AND/OR gates. But it is found that CAS-Lock is vulnerable to removal attacks. Therefore, the authors [Shakya et al.](#page-18-4) [\[2020\]](#page-18-4) have mirrored the CAS-Lock called M-CAS in the original design to mitigate the removal attacks at the increased design overhead. Although M-CAS increase the security against removal, the design becomes vulnerable to SAT attack. The authors in [Sengupta et al.](#page-18-11) [\[2021\]](#page-18-11) have proposed IFS/Key-bit mapping & SAT called IFS-SAT/KBM-SAT that exploits the structural traces such as single point function and breaks the CAS and M-CAS locking. Another side, SAS also adopts the merits of Anti-SAT and SFLL, where it introduces the error in the design for the selected set of input minterms called critical minterms. Though SAS based locking achieves high effectiveness without compromising security against SAT attacks over SFLL, it increases design overhead significantly. Further, it will also require additional design overhead for obfuscating and integrating the SAS block with standard logic locking to thwart removal and other attacks. The summary of the different related SAT-resistant logic locking techniques and their identified limitations is presented in Table [1.](#page-3-0)

<span id="page-4-0"></span>Table 2: Comparison of effectiveness of proposed and existing methods to mitigates different attacks. Here, "✓" and "×" denote a method mitigates and does not mitigate the specified attack respectively. The "−" denotes the partial mitigation of the attack.

| Methods                   | Attacks    |              |               |            |         |              |               |                |  |
|---------------------------|------------|--------------|---------------|------------|---------|--------------|---------------|----------------|--|
|                           | <b>SAT</b> | APP-SAT      | <b>Bypass</b> | Double DIP | Removal | FALL         | SFLL-Unlocked | <b>IFS/KBM</b> |  |
| SARLock                   |            | ×            | $\times$      | ×          | ×       |              |               |                |  |
| Anti-SAT                  |            | ×            | $\times$      | $\times$   | ×       |              |               |                |  |
| <b>TTL</b>                |            | $\checkmark$ | $\times$      | X          |         | $\checkmark$ |               |                |  |
| <b>SFLL</b>               |            |              |               |            |         | $\times$     |               |                |  |
| CAS                       |            |              |               |            | ×       |              |               |                |  |
| M-CAS                     |            |              |               |            |         |              |               |                |  |
| <b>SAS</b>                |            |              |               |            |         |              |               |                |  |
| <b>Proposed (SubLock)</b> |            |              |               |            |         |              |               |                |  |

It is also reported in the literature that SAS and SFLL provide low output corruptibility. Therefore, two methods called CORruption adaptable logic locking (CORALL) [Juretus and Savidis](#page-19-7) [\[2021\]](#page-19-7) and DisORC [Limaye et al.](#page-19-8) [\[2021\]](#page-19-8) are reported that increased the output corruptibility in comparison to SAS and SFLL techniques. In addition to SAT attacks, these methods also increase the security against structural or netlist analysis attacks. Besides these methods, the generalized Anti-SAT (G-Anti-SAT) [Zhou and Zhang](#page-19-9) [\[2021\]](#page-19-9) and SKG-Lock+ [Nguyen et al.](#page-19-10) [\[2022\]](#page-19-10) are also reported, which significantly increase output corruption without compromising the security of logic locking against SAT and other related attacks. A ChaoLock method is reported in [Kamali et al.](#page-19-11) [\[2021\]](#page-19-11) that uses asymmetric chaotic Boolean gates and dummy inputs to increase the security against SAT attack.

However, the G-Anti-SAT is susceptible to a vulnerability assessment tool called Valkyrie [Limaye et al.](#page-19-12) [\[2022\]](#page-19-12), SigAttack [Shen et al.](#page-19-3) [\[2019\]](#page-19-3) and generalized [Patnaik et al.](#page-19-13) [\[2022\]](#page-19-13) attacks and SKG-Lock+ and ChaoLock incur around 10% area overhead in most of the ISCAS-85 benchmarks even with low size key. In addition to these techniques, some other SAT-resistant logic locking methods are proposed. In [Shamsi et al.](#page-19-14) [\[2017b\]](#page-19-14), the authors have added the dummy cycles in the locked design to significantly increase the attacker's efforts while deciphering the correct key using SAT attack. Since cyclic logic locking failed against the CycSAT attack [Zhou et al.](#page-19-15) [\[2017\]](#page-19-15), the unreachable states are added in [Rezaei et al.](#page-19-16) [\[2019\]](#page-19-16) to improve the security of cyclic logic locking against the CycSAT attack. Recently, an extension of cyclic logic locking called LoopLock 2.0 [Yang et al.](#page-19-17) [\[2022\]](#page-19-17) and LoopLock 3.0 [Chen et al.](#page-19-18) [\[2024\]](#page-19-18) are proposed to enhance the security against the CycSAT and SAT attacks simultaneously. However, LoopLock 3.0 provides better security than LoopLock 2.0.

All the previously proposed techniques primarily focus on increasing the number of SAT iterations rather than preventing them at the cost of significant overhead. This is because the traditional SAT attacks work in such a manner that it requires exponential time/iterations to break them. However, the analysis of the SAT attack presented in [Zhong and](#page-19-19) [Guin](#page-19-19) [\[2023\]](#page-19-19) shows that the SAT attack can defeat any logic locking method in linear time by using a different relation between keys using DIPs and their respective oracle responses. Hence, it is highly desirable to develop a method that can prevent the SAT attack instead of just enhancing security against SAT attacks. However, the input-dependent key-based logic locking (IDKLL) method called GateLock is reported in [Rathor et al.](#page-18-12) [\[2024\]](#page-18-12) that attempts to prevent the SAT attacks. Since this method uses IDKLL-based gates, thus it may be vulnerable to structural analysis attacks. Therefore, this paper proposes a novel sub-circuit replacement-based IDKLL method called SubLock to effectively prevent the SAT attack and its variants with less overhead and provide robust IP protection. Due to using sub-circuit replacement, the proposed method also provides effective security against structural analysis-based attacks compared

to GateLock. The comparison of the efficacy of proposed and existing methods for mitigating different attacks is presented in Table [2.](#page-4-0) The next section discuss the concept of IDKLL in details and its use in logic locking followed by the proposed SubLock method.

# <span id="page-5-0"></span>4 IDKLL: INPUT DEPENDENT KEY-BASED LOGIC LOCKING

In the previous logic locking techniques, the locked design provides the correct output for all the input patterns when a valid key sequence is applied. A key sequence is considered correct or valid if it gives the correct output for all the input patterns; otherwise, it is incorrect. Therefore, the designer stores only that valid key sequence in a tamper-proof memory to activate or unlock the design. The SAT-based attacks eliminate the incorrect key sequences and identify the correct key sequence by iteratively applying DIPs [Yasin et al.](#page-18-2) [\[2016b\]](#page-18-2), [Rathor et al.](#page-19-6) [\[2020b\]](#page-19-6). Since DIP is an input pattern that provides different outputs for two key sequences, SAT attack eliminates a key sequence that provides incorrect output. This process repeats until all the wrong keys are eliminated. The computation time of SAT attacks mainly depends on the number of iterations or DIPs required to eliminate the incorrect keys. Though the existing logic locking techniques increase SAT attack computation time, they fail to prevent it completely. Therefore, this paper introduces a novel idea of logic locking called input dependent key-based logic locking (IDKLL) that effectively prevents SAT-based attacks.

## 4.1 Concept of IDKLL

The proposed idea for preventing the SAT attack is to lock a design utilizing several key sequences (rather than a single key sequence) as the valid key so that the locked design only gives correct output for all input patterns when their respective valid key sequence is applied. In other words, each set of input patterns has a separate correct key sequence in the locked design. As a result, the inputs determine the correct key sequence for unlocking the design. It implies that a key sequence can only unlock the design for a single set of input patterns. A different key sequence must be used to unlock the functionality for the second set of input patterns. Consequently, other key sequences could be used to unlock the design functionality for the third, fourth, and other sets of inputs. Consider a circuit with n primary inputs and  $k$ key-inputs supposed to be locked. Suppose we employ m key sequences out of a total of  $2^k$  to unlock the design. In that case, the  $2^n$  input patterns must be separated into m sets so that the locked design gives accurate output for each input set when its corresponding valid key sequence (KS) is applied. If we choose key sequences  $KS_1$ ,  $KS_2$ ,...,  $KS_m$ sequences as valid for input patterns sets  $XS_1, XS_2, ..., XS_m$  respectively, then the locked design produces correct output for  $XS_1, KS_2,..., KS_m$  only when  $KS_1, KS_2,..., KS_m$  key sequences are applied respectively. Moreover, there must not exist any key sequence that can unlock the design or provide correct output for all input patterns. The correct outputs for all the input patterns can only be generated when their corresponding key sequences are applied.

# 4.2 Locking a Design using IDKLL

To use IDKLL to lock the circuit, we make the original circuit's functionality dependent on key inputs such that circuit only produces correct output for all input patterns when their respective valid key sequence is applied. For example, consider a half-adder circuit as shown in Figure [2\(](#page-6-0)a). We lock this half-adder circuit using input dependent key-based logic locking, as shown in Figure [2\(](#page-6-0)c). To lock the functionality of this circuit, we divide the input patterns into two sets, *i.e.*,  $XS_1 = \{``00", "01"\}$  and  $XS_2 = \{``10", "11"\}$ . The original circuit is locked by making the functionalities of its original outputs, i.e., sum (S) and/or carry (C), dependent on two key-inputs  $K_1$  and  $K_2$  according to the truth table as shown in Figure [2\(](#page-6-0)b). Here, we use  $m = 2$  key sequences  $KS_1 = "01"$  and  $KS_2 = "10"$  as a valid key for the input sets  $XS_1$  and  $XS_2$  respectively. The locked functionality of circuit is represented with  $S_L$  and  $C_L$ , the correct output would be obtained for the input sets  $XS_1 = \{``00", "01"\}$  and  $XS_2 = \{``10", "11"\}$  only when the key sequences  $KS_1$  = "01" and  $KS_2$  = "10" will be applied respectively. It is also ensured that  $KS_1$  and  $KS_2$  only provide correct output for the specified set of inputs and must provide complementary or incorrect output for the other set of inputs. Otherwise, it may be possible that a single key sequence provides the correct output for all inputs. Therefore, we keep  $S_L$  as complementary of S (i.e.,  $S_L = S$ ) in this example for the inputs {"0110", "0111", "1000", "1001"}.

Since here we mainly lock the functionality of the sum  $(S)$  logic of the half adder circuit, we keep the  $C<sub>L</sub>$  don't care (x) for all the other input patterns except {"0100", "0101", "1010", "1011"}. It is observed that the overhead for implementing IDKLL can be reduced when a design is locked by keeping the output value don't care for the invalid key sequences. Therefore, we also lock the circuit functionality ( $S_L$  and  $C_L$ ) by keeping them don't care (x) for the remaining key-values (*i.e.*, "00" and "11"). But due to optimization, the expression (obtained from the K-map) of  $S_L$ does not depend on all the inputs (i.e, A and B). Thus, to ensure the dependency of  $S_L$  on both inputs (A and B), we keep  $S_L$  '1'/'0' instead of don't care (x) for a few patterns, *i.e.*, "0000" and "0010". However, a designer can also select different patterns to do the same. If the designer is not worried about the dependency, then he/she can keep don't care for the remaining key values.



<span id="page-6-0"></span>Figure 2: Locking a half adder circuit using input dependent key-based logic locking. The locked circuit provides correct output for the input patterns  $\{``00", ``01"\}$  and  $\{``10", '11"\}$  only when the two key sequences  $K_1K_2 = "01"$ and "10" are applied respectively as a valid key.

In case the locked functionality already depends on all inputs while retaining, don't care (x) for incorrect key-values. Then, we should keep don't cares (x) to produce an optimized locked design as illustrated in Figure [3.](#page-6-1) In this figure, the original circuit is locked using two key inputs  $K_1$  and  $K_2$ , where  $m = 2$  key sequences, *i.e.*, {"01", "10"} out of four key sequences, *i.e.*, {"00", "01", "10", "11"} are selected to provide correct output for the sets of input patterns, i.e., {"000", "001", "010", "011"} and {"100", "101", "110", "111"} respectively. It is clear from this figure that the Boolean expression of the locked circuit already depends on all the inputs while keeping  $Y_L$  don't care for the reaming key sequences, i.e. "00" and "11". We also lock this circuit by keeping output bits '0'/'1' for the incorrect key sequences with different input combinations. Finally, we discovered that compared to all other locked circuits, the circuit locked by preserving the output value don't care for the rest of the key sequences always requires fewer number literals. However, keeping the wrong output (!Y) instead of don't care (x) for the remaining key sequences results in high output corruption. As a result, one significant advantage of our method is that it allows the designer to achieve desired output corruption, which may not be possible with existing logic locking solutions.



<span id="page-6-1"></span>Figure 3: An example of input dependent key-based logic locking, where the output bits are kept don't cares (x) for all the remaining incorrect key values, i.e. "00" and "11". The locked circuit provides correct output for the sets of input patterns {"000", "001", "010", "011"} and {"100", "101", "110", "111"} only when "01" and "10" key sequences are applied respectively.

#### 4.3 Use of LUT based Tamper-Proof Memory for IDKLL

In the prior logic locking works, a single key sequence was employed as a valid key to unlock the design for all the input patterns. As a result, the designer stores a single key sequence in the tamper-proof memory. However, the proposed

logic locking method unlocks the design by using numerous key sequences as the valid key. Therefore, our method keeps all of these correct key sequences in a tamper-evident memory to unlock the design for all input patterns. The different key sequences are valid for different input patterns. Therefore, we employ LUT-based tamper-proof memory to extract the correct key sequence for the applied input pattern. Figure [4\(](#page-7-0)a) and (b) presents the use of LUT based memory for the locked circuits presented in Figure [3](#page-6-1) and Figure [2,](#page-6-0) respectively.



<span id="page-7-0"></span>Figure 4: The structure of LUT based memory for extracting the correct key sequence for the locked circuit shown as in (a) Figure [3](#page-6-1) (b) Figure [2](#page-6-0) (c) Optimized structure of LUT based memory.

It is clear from Figure [4\(](#page-7-0)a) that for the set of input patterns {"000", "001", "010", "011"} the correct key sequence, i.e., "01" can be easily fetched from the tamper-proof memory by applying any of these patterns at the selection line of the multiplexer. In the same manner, Figure [4\(](#page-7-0)b) shows the extraction of the right key sequence for the applied input. However, it can be realized from Figure  $\overline{4}$ (a) and  $4$ (b) that the key sequences, *i.e.* "01" and "10", are repeated numerous times in memory, which results in increased design cost. Therefore, to save the required memory, we should store unique, valid key sequences as shown in Figure [4\(](#page-7-0)c). Moreover, in Figure [4\(](#page-7-0)a) an[d4\(](#page-7-0)b), the value of the correct key for different patterns only changes (from "01" to "10") with input A and it is independent of the other inputs, *i.e.* B, C. Therefore, we remove these two inputs for optimized implementation of LUT based tamper-proof memory to store correct key sequences "01" and "10" as shown in Figure [4\(](#page-7-0)c).

However, one thing can also be observed from the above that using LUT based tamper-proof memory requires more overhead compared to the conventional normal tamper-proof memory. This is because the LUT based memory stores multiple key sequences valid for different input sets. Whereas the conventional normal memory stores only a single key sequence that is valid for all input patterns. Further, LUT based memory uses an additional multiplexer unit to fetch the respective valid key for different sets of inputs. Due to these reasons, the LUT based tamper-proof memory requires more overhead than the conventional normal tamper-proof memory. However, analysis of this is out of scope in this paper. This paper uses LUT based memory as one solution to store multiple key sequences and fetch respective valid key sequences on applying an input. One can also explore any other cost-effective solution to achieve the same. The next section presents the generalized structure of IDKLL and its integration with LUT based memory.

#### 4.4 Complete Generalized Structure of IDKLL after Integrating LUT based Memory

The truth tables of the above-locked circuit, as shown in Figure [2\(](#page-6-0)b) and Figure [3\(](#page-6-1)b), exhibit don't care values for some outputs. However, the boolean expression or circuit obtained after solving the K-Map will always produce deterministic outputs. Therefore, we also present the truth table in Figure [5\(](#page-8-0)a), which exhibits deterministic output for every input of the locked circuit/expression as shown in Figure [2\(](#page-6-0)c). We observed from this table that the locked circuit also provides correct output for the inputs "11" and "10" on applying key sequences"00" and "11" respectively. Though these key sequences cannot produce the correct output for all patterns, they may be used in combination with other valid key sequences to achieve the correct output. For example, utilizing "00" and "11" key sequences (instead of "10") along with "01" (i.e., key set {"00", "01", "11"}) can also achieve correct output for all patterns i.e, "11", "10" and {"00", "01"} respectively. Hence, it cannot be ensured that only a single valid key set exists that provide correct output for a locked circuit. However, one can easily ensure that only a single valid set can lock/unlock the design at the cost of increased overhead. To do this, we can specify the complementary (i.e., wrong output) output instead of don't care  $(x)$ for all the remaining/unused key sequences (which are not part of valid key sequences). In this case, only valid key sequences will only provide correct output for the input patterns, and all the unused/remaining (invalid) key sequences will guaranteed provide incorrect output for the input patterns. However, the locked design requires a large overhead if we mention complementary/wrong output for all unused key sequences. Therefore, the proposed method use don't care (x) for the remaining key sequences to obtain the optimized design and ensure that no single key sequence exists that provides correct output for all input patterns by manually verifying the truth table of synthesized locked sub-circuits.

Since none of the single key sequences generates the correct output, the attacker cannot apply SAT attack, or SAT attack will either return a single key that will not make it successful. In addition to the above, we cannot ensure in the proposed method that a returned key sequence does not belong to the valid key set because SAT attack always eliminates wrong key sequences and retain the key sequence, which provides the correct output for at least one pattern. However, if a key sequence provides correct output for a few patterns, then still SAT attack cannot be applied/worked on the proposed method even if returned key sequences provide correct output for a few patterns or belong to a valid key set. This is because, in our method, all key sequences are incorrect individually; SAT attack eliminates all key sequences and returns a single key sequence. Though in our method, the returned key sequence may belong to a set of correct key sequences or a set of incorrect/unused key sequences, it can never provide correct output for all patterns, which will make SAT unsuccessful. Therefore, in our method, we do not consider that the key returned by SAT attack must not belong to the valid key set.

Finally, we combine the locked design with the LUT based tamper-proof memory to obtain the correct output. The integration of the locked circuit(shown in Figure [2\(](#page-6-0)c)) with its LUT based tamper-proof memory is given in Figure [5.](#page-8-0) It is clear from this that correct output can be easily obtained for all patterns, as shown in Truth Table.



<span id="page-8-0"></span>Figure 5: Example for integrating LUT based tamper-proof memory with the locked circuit to achieve correct functionality.

Furthermore, Figure [6](#page-9-1) shows the generalized structure of LUT based tamper-proof memory and its integration for generating the input dependent key (or storing valid key sequences) for unlocking the design locked using the proposed IDKLL. Only the key sequences that produce correct output are considered valid and stored in this memory. In the proposed IDKLL, all the key sequences are individually invalid, and no key sequence exists that can provide the correct output for all the inputs. Therefore, the attacker will fail to determine the valid key sequences by applying DIPs in SAT-based attacks. This is because the application of a DIP produces different outputs for two valid key sequences. The SAT solver eliminates one correct key sequence, which provides incorrect output for that DIP. Similarly, the second DIP will eliminate the second key sequence. Finally, the SAT solver either eliminates all the key sequences or returns a single valid/invalid key sequence. The returned key sequence would be insufficient to obtain the correct output for all the inputs because the locked circuit cannot produce the correct output for all the inputs until all their respective correct key sequences are applied.

The implementation of the proposed IDKLL and LUT-based tamper-proof memory for storing the valid key sequences for the small circuit is explained above. The concept of LUT based tamper-proof memory can also be easily represented at the block level, as shown in Figure [7.](#page-9-2)



<span id="page-9-1"></span>Figure 6: Generalized structure and integration of LUT based tamper-proof memory with the design locked using IDKLL.



<span id="page-9-2"></span>Figure 7: Block level implementation of proposed input dependent key-based logic locking approach.

However, locking a small circuit using the proposed IDKLL is explained above. Locking a large design that exhibits many inputs/outputs using the above procedure (where we also make the output dependent on the key inputs) would be very complex and challenging. Further, it may also require significant overhead, which may be unaffordable sometimes. Therefore, we also propose a low-cost approach for locking a design using input dependent key-based logic locking in the next section.

# <span id="page-9-0"></span>5 SUB-Lock: Sub-Circuit Replacement based IDKLL

The locking design by considering the whole functionality (discussed in Section [4\)](#page-5-0) is very challenging and may require unaffordable design overhead. However, we can insert an additional locked circuit similar to Anti-SAT to lock the design functionality. The additional insertion may also incur a large overhead. Therefore, we propose an approach that locks the design by replacing the original sub-circuitry of the design with the corresponding new circuit that is locked using input dependent key-based logic locking. In the proposed approach, we select several sub-circuits in a design and then the selected circuits are replaced with their corresponding locked circuits, which are locked using proposed logic locking as discussed in Section [4.](#page-5-0)

The example of locking a design by replacing its sub-circuit is shown in Figure [8.](#page-10-0) Here, an example circuit, as shown in Figure [8\(](#page-10-0)a), is considered for locking by replacing its sub-circuit  $(Y = \overline{cd} + de)$  with the corresponding circuit, which is locked using input dependent key-based logic locking. To achieve this, we first construct the lock version of the selected sub-circuit as shown in Figure [8\(](#page-10-0)b) using proposed input dependent key-based logic locking. Finally, the original circuit is locked by replacing the selected sub-circuit  $(Y = \overline{cd} + de)$  with its locked version as shown in Figure [8\(](#page-10-0)c)). This figure presents the complete locked design, where the locked version of the originally selected sub-circuit is mentioned with the dotted box. In this locked circuit, if we analyzed the overhead in terms of gate count, then only three additional gates are required due to replacing the existing sub-circuitry. Hence, locking a design by replacing multiple sub-circuits with their corresponding locked circuits can significantly reduce the design overhead compared to the insertion-based logic locking technique, i.e., Anti-SAT [Xie and Srivastava](#page-18-1) [\[2018\]](#page-18-1).

The selection of sub-circuits for locking the design can be random or judicious. Though random selection can introduce some non-determinism while locking the design, it may fail to provide high output corruption. On the other hand, a judicious replacement can provide high output corruption. For example, selecting the sub-circuits whose output exhibits the highest fault impact point [Rajendran et al.](#page-17-10) [\[2015\]](#page-17-10) for replacement can significantly increase output corruption. The



<span id="page-10-0"></span>Figure 8: The example of locking a design by replacing a small sub circuit with their corresponding IDKLL based locked circuit.

designer can combine both the above approaches to achieve high security. It can also be observed in proposed logic locking that no additional special structure or key-gates (i.e., XOR/XNOR, MUX etc.) are inserted [Juretus and Savidis](#page-20-0) [\[2016b\]](#page-20-0), [Rajendran et al.](#page-17-10) [\[2015\]](#page-17-10). Hence, it would be very difficult to identify the replaced/locked circuitry in the design exactly. Moreover, the designer can also lock the design by inserting the additional locked circuits and by replacing the existing sub-circuits with their locked circuits, as reported in [Rathor et al.](#page-19-6) [\[2020b\]](#page-19-6). In this case, it is very difficult for the attacker to distinguish which part of the circuit is additionally inserted or which part is an existing part. The quantitative security analysis of the proposed logic locking is given in the next section.

## 6 Security Analysis of Proposed Technique

It is clear from the above that the proposed input dependent key-based logic locking technique completely prevents SAT-based attacks. The attacker cannot apply the SAT-based attack to decipher the correct key from the circuit locked using the proposed input dependent key-based logic locking. Hence, the attacker has to employ only a brute force attack to extract the key. Therefore, in this subsection, we also quantitatively analyze and compare the security of the proposed technique against the brute force attack. Let us consider the above discussion as shown in Section [4,](#page-5-0) where a circuit with n primary inputs is locked by inserting  $k$  key-inputs. If this design is locked using standard logic locking techniques, the attacker has to apply all key sequences or brute force attempts to unlock the design [Rajendran et al.](#page-17-10) [\[2015\]](#page-17-10), [Yasin et al.](#page-17-11) [\[2016a\]](#page-17-11) [Karmakar et al.](#page-20-1) [\[2017\]](#page-20-1). If the total key sequences or brute force attempts for  $k$  bit-length key are denoted with  $l$ , then  $l$  can be represented as

<span id="page-10-2"></span>
$$
l = 2^k \tag{1}
$$

Although, the SAT-based attacks can break these standard logic locking techniques within a few attempts [Subramanyan](#page-17-16) [et al.](#page-17-16) [\[2015\]](#page-17-16). The use of SAT-resistant logic locking techniques such as Anti-SAT [Xie and Srivastava](#page-18-0) [\[2016\]](#page-18-0), [Xie and](#page-18-1) [Srivastava](#page-18-1) [\[2018\]](#page-18-1) forces the attacker to apply at least  $\lambda$  attempts/iterations to extract the correct key sequence. Here, the value of  $\lambda$  for k bits key is represented with Eq. [\(2\)](#page-10-1) [Xiao et al.](#page-17-1) [\[2016\]](#page-17-1).

<span id="page-10-1"></span>
$$
\lambda = 2^{k/2} \tag{2}
$$

On the other hand, if we use m key key-sequences out of  $l$  to lock the entire design functionality using the proposed technique, then to know the correct key sequences and their order, the attacker has first to know the output corresponding to each key sequence. Next, he/she has to identify correct combinations of key sequences as well as their order of application as a secret key, such that it provides correct output for all input patterns. The number of attempts required to know the output of each key sequence would be equivalent to the brute force attempts, *i.e.*,  $l = 2^k$  as shown in Eq. [1.](#page-10-2) Though we utilize  $m$  key sequences as a correct key out of  $l$ , the attacker would not be aware of how many key sequences, which combination, and which order (*i.e.* which key sequence is used for which input pattern) they have used to lock design. Therefore, the attacker has to apply all possible permuted combinations of  $l$  key sequences to determine a correct combination and order of application of key sequences. If the total permuted combinations for  $l$  key sequences are denoted with  $PC$ , then  $PC$  can be represented as follows.

$$
PC = {}^{l}C_{1}.l! + {}^{l}C_{2}.2! + {}^{l}C_{3}.3! + \dots + {}^{l}C_{l}.l!
$$
\n(3)

The above equation can also be represented in the form of permutation as follows

<span id="page-11-0"></span>
$$
PC = {}^{l}P_1 + {}^{l}P_2 + {}^{l}P_3 + \dots + {}^{l}P_l
$$
\n<sup>(4)</sup>

Since,

$$
{}^{l}P_{r} = \frac{l!}{(l-r)!}
$$

Thus, we can also write the Eq. [4](#page-11-0) as follows.

$$
PC = \frac{l!}{(l-1)!} + \frac{l!}{(l-2)!} + \frac{l!}{(l-3)!} + \dots + \frac{l!}{(l-l)!}
$$
\n(5)

$$
PC = l! \left( \frac{1}{(0)!} + \frac{1}{(1)!} + \frac{1}{(2)!} + \dots + \frac{1}{(l-1)!} \right)
$$
 (6)

<span id="page-11-1"></span>
$$
PC = l! \sum_{r=1}^{l-1} \frac{1}{(r)!}
$$
 (7)

However, the above equation can also be represented in other forms; this is out of scope in this paper. Thus, we compute the total attempts required by the attacker to decipher the correct key sequences by adding the attempts of finding the output, *i.e.*,  $l$  (Eq. [\(1\)](#page-10-2)) with the total permuted combinations (Eq. [\(7\)](#page-11-1)) of key sequences as follows.

$$
Total\_Attemps = l + PC
$$
\n(8)

Finally, the total number of brute force attempts required by the attacker to extract correct key sequences in the proposed technique can be computed by placing the value of l and PC from Eq. [\(1\)](#page-10-2) and Eq. [\(7\)](#page-11-1) into the Eq. (7) as follows

<span id="page-11-2"></span>
$$
Total\_Attempts = 2^{k} + (2^{k})! \sum_{r=1}^{2^{k}-1} \frac{1}{(r)!}
$$
\n(9)

Now, it can be observed from Eq. [\(1\)](#page-10-2) and Eq. [\(2\)](#page-10-1) that existing logic locking techniques are only able to maintain  $2^k$ brute force attempts without preventing SAT attack. They can provide security against SAT attacks while maintaining only  $2^{k/2}$  attempts/iterations. On the other hand, the proposed technique significantly increases the number of brute force attempts for the attacker to decipher the correct key over the existing techniques while preventing SAT attack, as shown in Eq. [\(9\)](#page-11-2). This equation basically presents the attack complexity for the entire locked circuit. The attacker may also attempt to identify the locked sub-circuits/sub-cones and break them individually. However, it will require knowing the original functionality of the replaced sub-circuit. But due to replacement, it will be approximately impossible for the attacker to know the original functionality of the replaced sub-circuit. Further, due to the use of multiple key sequences as valid for each sub-circuit, the attacker cannot apply SAT attack even on individual sub-circuits. Therefore, the attacker must apply brute force similar to Eq. [\(9\)](#page-11-2), which will require exponential complexity.

Due to the replacement, if the attacker also tries to break the multiple sub-circuits simultaneously, he/she also cannot solve them simultaneously. Further, the output of one locked sub-circuit may also interfere with the output of another locked sub-circuit. Due to this and using multiple key sequences as the valid key, the attacker cannot even apply sensitization and any other attack to break the proposed IDKLL method. Hence, an attacker will always require exponential complexity (or brute force) to break the proposed method in every case. In the proposed method, the number of increased brute force can be computed by subtracting the Eq. [\(1\)](#page-10-2) from Eq. [\(9\)](#page-11-2) as shown below.

$$
Increasing\_Attemps = (2k)! \sum_{r=1}^{2k - 1} \frac{1}{(r)!}
$$
 (10)

It is clear from the above equation that the proposed input dependent key-based logic locking technique prevents SAT-based attacks and significantly increases the required number of brute force attempts over all the existing techniques. We also justify this claim with the experimental evaluation of the proposed technique, as presented in the next section.

# <span id="page-12-0"></span>7 Experimental Results and Analysis

This section first presents the experimental setup, followed by simulation results and comparative analysis.

### 7.1 Experimental Setup

We locked the ISCAS/ITC benchmark circuits by randomly replacing the 3-input and 4-input sub-circuities with their corresponding locked circuits which are locked using the proposed IDKLL method as discussed in Section [5.](#page-9-0) To analyze the effectiveness of the proposed technique, the varying number of keys (i.e., 16, 32, 64, 128) are embedded in the benchmarks, and different locked circuits are generated, namely Prop\_16K, Prop\_32K, Prop\_64K and Prop\_128K. The security of the proposed technique against SAT-based attacks is evaluated using the SAT attack tool as reported in [Subramanyan et al.](#page-17-16) [\[2015\]](#page-17-16). Finally, to analyze the implementation overhead, the locked circuits are synthesized using Cadence RTL compiler with Nangate Open Cell Library 45nm [nag](#page-20-2) [\[2011\]](#page-20-2), and different design metrics (area, power, delay) are extracted. We compared our approach with the existing methods.

### 7.2 SAT Attack Results and Analysis

To validate the effectiveness of the proposed method against SAT attacks, the locked versions of the selected sub-circuits are also individually verified for functionality and security against SAT attacks. Afterwards, we locked the benchmark circuits by randomly replacing their sub-circuits with the corresponding IDKLL based locked versions. We have embedded the different number of keys (16, 32, 64, 128) in each benchmark while locking them. Finally, we evaluate the effectiveness of the proposed sub-circuit replacement based IDKLL method against SAT attack by applying SAT attack on the above-locked benchmarks using SAT solver tool [Subramanyan et al.](#page-17-16) [\[2015\]](#page-17-16). As a result of the SAT solver, we found that the SAT attack cannot extract the correct key from the individual locked sub-circuits as well as from the locked benchmarks circuits. It either provides the "UNSAT Model" or returns a key that has been proven wrong on its verification. The screen-shots of the demonstration of SAT attack on the c7552 and c1908 benchmark circuits locked by inserting 16 keys are shown in Figure [9.](#page-12-1)

| vs rathor@VS-Rathor-VirtualBox:~/SAT Attack/SAT9/bin\$ ./sld /benchmarks/Locke<br>dSub Prop/c7552 enc16.bench /benchmarks/myoriginal/c7552.txt |
|------------------------------------------------------------------------------------------------------------------------------------------------|
| inputs=207 keys=16 outputs=108 gates=3536                                                                                                      |
| iteration: 1: vars: 17676; clauses: 3244; decisions: 1675                                                                                      |
| iteration: 2; vars: 23380; clauses: 3974; decisions: 2432                                                                                      |
| iteration: 3; vars: 29084; clauses: 4578; decisions: 2432                                                                                      |
| finished solver loop.                                                                                                                          |
| UNSAT model!                                                                                                                                   |
| key=xxxxxxxxxxxxxxxx                                                                                                                           |
| iteration=3; backbones count=0; cube count=63506; cpu time=1.20122; maxrss=17.0                                                                |
| 742                                                                                                                                            |
| (a) $RAT$ attack require an $2552$ leaked circuit with 16 hit lies.                                                                            |

(a) SAT attack results on c7552 locked circuit with 16-bit key

| vijay@vijay-VirtualBox:~/SAT9/bin\$ ./sld /benchmarks/LockedSub Prop/c1908 enc16.bench |
|----------------------------------------------------------------------------------------|
| /benchmarks/myoriginal/c1908.txt                                                       |
| inputs=33 keys=16 outputs=25 gates=904                                                 |
| iteration: 1; vars: 3881; clauses: 1230; decisions: 1270                               |
| iteration: 2: vars: 5127; clauses: 1624; decisions: 1428                               |
| iteration: 3; vars: 6373; clauses: 2460; decisions: 2769                               |
| finished solver loop.                                                                  |
| sim failed.                                                                            |
| key=0101100000000000                                                                   |
| iteration=3; backbones count=0; cube count=13680; cpu time=0.042248; maxrss=9.05469    |
|                                                                                        |

(b) SAT attack results on c1908 locked circuit with 16-bit key



(c) Validation of key resturned by SAT attack for c1908 locked circuit

<span id="page-12-1"></span>Figure 9: Sample snapshots of the demonstration of SAT attack on the benchmarks locked using proposed sub-circuit replacement based IDKLL.

SAT attack completely failed to identify the correct key even with applying the Partial-Break algorithm along with fault analysis [Rajendran et al.](#page-17-10) [\[2015\]](#page-17-10). It can be observed from this figure that the application of SAT attack on the c7552 locked benchmark provides the "UNSAT Model", which means it is unable to determine the correct key as shown in Figure [9\(](#page-12-1)a). Although SAT attack returns a key for the c1908 locked benchmark (Figure [9\(](#page-12-1)b)), the returned key is declared wrong or incorrect after verification using SAT solver program as shown in Figure [9\(](#page-12-1)c). Apart from c7552 and c1908, we have also applied the SAT attack on other locked ISCAS and ITC benchmark circuits. We observed that SAT attack has completely failed to identify the correct key in any locked benchmark circuit that is locked using the proposed IDKLL. The SAT attacks simulation results for ISCAS benchmarks locked with 16 and 32 keys are shown in Table [3.](#page-13-0)

| <b>Circuits</b>     |       | $Prop_16K$ |               | Prop_32K       |            |               |  |  |
|---------------------|-------|------------|---------------|----------------|------------|---------------|--|--|
|                     | #Itr. | Time(Sec.) | <b>Status</b> | #Itr.          | Time(Sec.) | <b>Status</b> |  |  |
| c499                | 14    | 0.621622   | <b>UNSAT</b>  | 27             | 1.12494    | <b>UNSAT</b>  |  |  |
| c880                | 5     | 0.175454   | Wrong Key     | 6              | 0.2497     | <b>UNSAT</b>  |  |  |
| c1355               | 8     | 0.439975   | <b>UNSAT</b>  | 14             | 1.70843    | <b>UNSAT</b>  |  |  |
| $\overline{c}$ 1908 | 3     | 0.312497   | Wrong Key     | 2              | 0.273019   | <b>UNSAT</b>  |  |  |
| c2670               | 9     | 0.487856   | <b>UNSAT</b>  | 16             | 0.753063   | Wrong Key     |  |  |
| c3540               | 8     | 0.709153   | <b>UNSAT</b>  | 3              | 0.583499   | <b>UNSAT</b>  |  |  |
| c5315               | 7     | 0.935628   | <b>UNSAT</b>  | 7              | 0.975759   | <b>UNSAT</b>  |  |  |
| c7552               | 3     | 1.20122    | <b>UNSAT</b>  | $\mathfrak{D}$ | 1.13674    | <b>UNSAT</b>  |  |  |

<span id="page-13-0"></span>Table 3: Analysis of Proposed Technique using SAT Attack Tool

While performing the SAT attack, we have extracted three evaluation metrics, i.e., the number of SAT iterations, SAT attack time (in seconds) and status (whether the correct key was found or not), to validate the proposed IDKLL. It can be observed from this table that SAT attack fails to determine any key  $(i.e., "UNSAT Model")$  or provides an "wrong key" for the implementations of the proposed method. On the other hand, SAT attack identifies the correct key for all the benchmark circuits locked using exiting Anti-SAT, CAS-Lock and other SAT resistant methods in an average  $2^k$  iterations with  $2k$  keys ( here k= 8, 16). However, the SAT attack time and the number of SAT iterations are significantly low in the proposed sub-circuit replacement based IDKLL. This is because the execution of SAT attack fails or terminates unsuccessfully. Therefore, the attacker has to employ brute force only in our method. The comparison of SAT/brute-force iterations/attempts required by the proposed SubLock and existing methods are shown in Table [4.](#page-13-1) Here m is the number of critical inputs. The SAT attack does not fail in the existing SAT-resistant methods; it runs until the worst-case time and returns the correct key afterwards.

Table 4: Comparison of SAT/brute-force iterations/attempts (k=2\*n keys) achieved by different SAT resistant methods

<span id="page-13-1"></span>

| ethods      | ock     | $\sqrt{2}$<br>Anti-SA    | TTT<br>ock          | ock                                          | .S AT<br>Strong<br>Anti- $\cdot$                | _ock<br>Subl<br><b>Proposed</b>                                                |
|-------------|---------|--------------------------|---------------------|----------------------------------------------|-------------------------------------------------|--------------------------------------------------------------------------------|
| <br>rations | ഹര<br>- | $\cap$ <sup>n</sup><br>- | $\Delta\kappa$<br>- | $\Omega$ <sup><math>\Omega</math></sup><br>- | $\Omega$ <sup><math>\Omega</math></sup><br>$+m$ | $\Omega$<br>$\overline{\phantom{a}}$<br>nК<br>∼<br>$\sqrt{2}$<br>$\sim$ 1<br>= |

In the proposed method, SAT attack would never identify the correct key in the proposed IDKLL method, even locking with any number of keys. Therefore, the proposed IDKLL method completely prevents the SAT attack. This is basically happening because the proposed technique uses multiple key sequences as a correct key; thus, SAT attack either eliminates all the keys or leaves with a single key sequence that can never be correct for all the input patterns. On the other hand, the existing SAT-resistant methods approach uses a single key sequence as a correct key for all input patterns. Hence, the existing SAT resistance logic locking techniques failed to prevent the SAT attack. Further, we also analyze the effectiveness of the proposed method against variants of SAT attacks such as App-SAT, removal, IFS and others. Since the proposed method is not based on a single-point function and can provide desired output corruption, applying these attacks is approximately impossible on our method. The proposed sub-circuit replacement based IDKLL method will be very effective in mitigating all the known attacks. The overhead analysis of SubLock is presented in the next subsection.

# 7.3 Overhead Results and Analysis

To analyze the implementation overhead of our technique, we have implemented the proposed method by embedding the varying number of keys in ISCAS and ITC benchmarks. The original, as well as locked benchmarks, are synthesized using the Cadence RTL compiler and different design metrics such as area, power and delay are extracted. It has been analyzed during synthesis that the proposed sub-circuit replacement based IDKLL (SubLock) requires a significantly large overhead for small benchmarks (ISCAS-85), even with a small key size. The average percentage overhead for the area, power and delay required by the proposed SubLock method for 16 (Prop\_32K) and 32 (Prop\_32K) keys are

| Circuit | Area $(\mu m^2)$ |            |           |            | Power $(nW)$ |             | Delay $(ps)$ |            |             |  |
|---------|------------------|------------|-----------|------------|--------------|-------------|--------------|------------|-------------|--|
|         | $Prop_32K$       | $Prop_64K$ | Prop 128K | $Prop_32K$ | $Prop_64K$   | $Prop_128K$ | $Prop_32K$   | $Prop_64K$ | $Prop_128K$ |  |
| s35932  | 12371            | 12428      | 12673     | 842968     | 848411       | 884143      | 3102         | 3131       | 2430        |  |
| s38417  | 11826            | 11825      | 11931     | 664726     | 695979       | 670394      | 5855         | 5828       | 5750        |  |
| s38584  | 9936             | 9957       | 10181     | 628548     | 633068       | 653932      | 4152         | 4230       | 4227        |  |
| b14     | 3430             | 3574       | 3610      | 272687     | 316452       | 312861      | 17891        | 21107      | 21448       |  |
| b15     | 6574             | 6699       | 6744      | 333576     | 345179       | 360123      | 21749        | 21872      | 22130       |  |
| b17     | 20762            | 20826      | 20880     | 1025126    | 1036394      | 1041532     | 21228        | 20649      | 21516       |  |
| b18     | 51947            | 51994      | 52044     | 3031686    | 3060482      | 3052163     | 15119        | 14654      | 15357       |  |
| b20     | 7297             | 7318       | 7353      | 498601     | 542410       | 513114      | 23616        | 24430      | 24634       |  |
| b21     | 7547             | 7563       | 7593      | 495198     | 496952       | 531195      | 22884        | 24238      | 24256       |  |
| b22     | 10909            | 10909      | 10969     | 732907     | 748867       | 823871      | 23190        | 23444      | 23455       |  |
| Average | 14260            | 14309      | 14398     | 852602     | 872419       | 884333      | 15879        | 16358      | 16520       |  |

<span id="page-14-1"></span>Table 5: Design Metrics of Proposed Sub-circuit replacement based IDKLL method for varying key-size

presented in Figure [10.](#page-14-0) Here, it can be seen that the proposed SubLock require 16%, 9.3% and 5%, area, power and delay overhead for embedding 32 keys.



<span id="page-14-0"></span>Figure 10: Average percentage overhead required by proposed method for embedding 16 and 32 keys in the small benchmarks (ISCAS-85).

However, we have also evaluated the proposed SubLock method on large benchmarks with large key sizes. This evaluation proved that our SubLock method could effectively thwart SAT-based attacks with low overhead. The area, power and delay required for locking large ISCAS-89 and ITC benchmark circuits using the proposed method while embedding 32, 64, and 128 keys are shown in Table [5.](#page-14-1) It can be easily observed from this table that the design metrics (area, power, delay) are not significantly increasing while changing the key size from 32 to 128. It means that the proposed SubLock method will not require high area, power, and delay while locking a design even with more large size key, i.e., K=256 or K=512.

In addition, we have also implemented the existing SAT resistant methods ASB [Xie and Srivastava](#page-18-0) [\[2016\]](#page-18-0), CAS [Shakya](#page-18-4) [et al.](#page-18-4) [\[2020\]](#page-18-4), and SAS [Liu et al.](#page-18-5) [\[2020\]](#page-18-5) by randomly inserting different key size blocks (K=32, K=64 and K=128) in ISACS-89 and ITC benchmarks. The same locked benchmarks are synthesized using the Cadence RTL compiler, and different design metrics, i.e., area, power and delay, are extracted. The comparison of comparative analysis of the proposed method is presented next subsection.

### 7.4 Comparative Analysis

To concisely compare the area, power and delay, we calculated the average of each design metric for the proposed and existing ASB [Xie and Srivastava](#page-18-0) [\[2016\]](#page-18-0), CAS [Shakya et al.](#page-18-4) [\[2020\]](#page-18-4), and SAS [Liu et al.](#page-18-5) [\[2020\]](#page-18-5) methods. The comparison of average area, power and delay required by proposed and existing methods on large ISCAS-89 and ITC benchmarks is shown in Table [6.](#page-15-0)

It can be observed from this table that the ASB requires slightly less overhead compared to CAS and SAS blocks. However, the SAS block requires a large overhead in comparison to ASB and CAS blocks; it provides high security against SAT over ASB and CAS blocks. On the other hand, the proposed SubLock method required low area, power and delay over all these SAT-resistant methods. Furthermore, we also compute the average percentage overhead required

| ັ<br>ັ<br>ັ    |        |                  |         |        |              |         |              |        |           |
|----------------|--------|------------------|---------|--------|--------------|---------|--------------|--------|-----------|
| Circuit        |        | Area $(\mu m^2)$ |         |        | Power $(nW)$ |         | Delay $(ps)$ |        |           |
|                | $K=32$ | $K=64$           | $K=128$ | $K=32$ | $K=64$       | $K=128$ | $K=32$       | $K=64$ | $K = 128$ |
| Original       | 14254  | 14254            | 14254   | 879823 | 879823       | 879823  | 15918        | 15918  | 15918     |
| ASB            | 14339  | 14477            | 14633   | 866187 | 887057       | 906152  | 16550        | 17005  | 18098     |
| CAS            | 14350  | 14475            | 14698   | 872427 | 891093       | 916603  | 17268        | 18617  | 20898     |
| <b>SAS</b>     | 14396  | 14514            | 14755   | 866754 | 882127       | 912844  | 17360        | 18894  | 20379     |
| <b>SubLock</b> | 14260  | 14309            | 14398   | 852602 | 872419       | 884333  | 15879        | 16358  | 16520     |

<span id="page-15-0"></span>Table 6: Comparison of Average Design Metrics Required by Existing and Proposed Techniques

by proposed and existing methods, as shown in Figure [11.](#page-15-1) It can be analysed from this figure that the ASB, CAS and SAS methods require low overhead for area and power, whereas they require a large overhead for the delay, specifically for K=128, i.e., more than 25%. This is because we randomly inserted the ASB, CAS and SAS blocks in the design, causing the insertion of these blocks in critical paths. However, the delay overhead can be reduced for these methods by judicious insertion or by avoiding insertion in critical paths. On the other hand, the proposed SubLock method requires low delay overhead (i.e., 3.8%) because we replace the small sub-circuits (3-input/4-input) with the corresponding IDKLL based locked circuit.



<span id="page-15-1"></span>Figure 11: Comparison of average overhead (%) required by proposed and existing methods for embedding K=16, K=32 and K=128 keys in the large ISCAS-89 and ITC benchmarks.

In addition, it can also be easily analysed that area and power overhead for all the methods are less than the 5% even for 128-bit key size. Though the SAS block insertion-based method provides high security, it requires a large area and power overhead compared to ASB and CAS insertion-based methods. For the 128-bit key, the SAS-based method requires 3.5% and 3.8% area and power overhead, and the ASB method requires 2.7% and 3% area and power overhead receptively. All these existing methods are implemented without any obfuscation; they may be vulnerable to Removal attacks [Yasin et al.](#page-18-7) [\[2020\]](#page-18-7). The implementation of these methods with obfuscation will require significantly high overhead. On the other hand, the proposed SubLock method requires significantly less area and power overhead compared to ASB, CAS and SAS block insertion-based methods for all the key sizes. For the 128-bit key, the proposed method requires 1% and 0.5% area and power overhead, whereas, for the 64-bit key, it requires only 0.4% and -0.8% area and power overhead, respectively.

It can also be observed from Figure [11](#page-15-1) and Table [6](#page-15-0) that the proposed method requires less power and delay (negative value in the figure for K=32 and K=64) in comparison to the original circuit. However, it is majorly happening for K=32, where both power and delay overhead are negative in the proposed method. This is happening because 1) we intentionally designed and optimized the locked sub-circuits to reduce the overhead of the proposed logic locking method, 2) the replacement of sub-circuits with corresponding IDKLL based optimized locked sub-circuits changes the original logic of the replaced sub-circuits; afterwards, the synthesizer optimizes the entire locked circuits to reduces power, area and delay. These optimizations slightly reduce the overhead of a locked circuit over the original circuit. Due to the low number of replacements, this slight reduction is clearly visualized while embedding a small number of keys (i.e., K=32 or K=64) in large benchmarks. Due to many replacements, it is not visualizing in the case of K=128. Hence, in practical key size  $(K=128, K=256$  and  $K=512$ ), the power and delay overhead in the proposed method will always be high compared to the original circuit.

Besides the above, we have also compared our approach with the TTLock [Yasin et al.](#page-19-0) [\[2017c\]](#page-19-0). The comparison of the average percentage overhead required by proposed and TTLock methods on large ISACS-89 benchmarks for the key size of 32 and 64 is shown in Figure [12.](#page-16-1) It can be observed here that the delay overhead in TLock is approximately near to our approach. But TTLock requires significantly high area and power overhead compared to the proposed approach. We have also analyzed the implementation overhead of the SFLL [Yasin et al.](#page-18-3) [\[2017a\]](#page-18-3) method. It is found that the proposed method also requires significantly less overhead compared to SFLL. The SFLL is the extension of TTLock, which provides high security over TTLock but requires more overhead over the TTLock. Since the proposed SubLock method requires less overhead over TTLock even for the same key size, thus the proposed method will also require low overhead over the SFLL method for the same key size. In addition to these methods, other recently reported methods such as CORALL [Juretus and Savidis](#page-19-7) [\[2021\]](#page-19-7), DisORC [Limaye et al.](#page-19-8) [\[2021\]](#page-19-8), G-Anti-SAT [Zhou and Zhang](#page-19-9) [\[2021\]](#page-19-9) and SKG-Lock+ [Nguyen et al.](#page-19-10) [\[2022\]](#page-19-10) are also required around 10% overhead while only increasing the security against SAT attack not preventing it.



<span id="page-16-1"></span>Figure 12: Comparison of average percentage overhead of proposed SubLock and TTLock methods on ISCAS-89 benchmarks for 32 and 64 keys.

In the above analysis, we compared and analyzed that the implementation of the proposed SubLock method for the same key size requires low implementation overhead compared to existing SAT-resistant methods. On the other hand, it can be observed from Eq. [\(9\)](#page-11-2) that the proposed method achieves minimum  $2^k$  more attack iterations for the same key size over the existing ASB, CAS, and SAS methods. It means the proposed method can achieve the same security with the 64-bit key, which is achieved by existing methods with a 128-bit key. In this case, the required overhead of the proposed method will be further reduced while comparing the proposed SubLock and existing methods for the same security. For the 64-bit key, the proposed SubLock method can provide the same or higher security with 0.4%, -0.8% and 2.76% area, power, and delay overhead. In contrast, the existing SAS/CAS method requires around 3.5%/3%, 3.8%/4.2% and 28%/31% area, power and delay overhead, respectively for achieving the same security. Here, it is clear that the proposed method requires significantly less overhead than all the existing methods for the same security. Overall, it can be easily said that the proposed SubLock method outperforms all the well-known SAT-resistant methods in terms of security and design overhead.

# <span id="page-16-0"></span>8 Conclusion

This paper proposes a new SAT-resistant logic locking method based on the idea of input dependent key-based logic locking called IDKLL. The existing SAT-resistant logic locking techniques utilize a single key sequence as a correct key to unlock the design, whereas the proposed IDKLL approach uses multiple key sequences as correct to unlock the design functionality for all inputs. The use of multiple key sequences as the correct key neutralizes the SAT attack completely. In order to lock the whole design functionality using IDKLL, we propose a lightweight sub-circuit replacement based IDKLL method called SubLock that provides effective security against SAT based attacks with low overhead. The proposed SubLock approach replaces the original small sub-circuitries with their corresponding IDKLL based locked circuits. Further, we present the security analysis of the proposed method, which shows that our method tremendously increases the security or brute force attempts over all the existing SAT-resistant methods and effectively prevents SAT based attacks. The experimental evaluation of the proposed SubLock on ISCAS and ITC benchmarks shows that the proposed method effectively prevents the SAT attack while requiring very low overhead compared to the well-known method such as Anti-SAT, CAS-Lock and Strong Anti-SAT.

The concept of IDKLL is based on using multiple correct key sequences to unlock the design for all inputs. This paper uses LUT based tamper-proof memory to store multiple valid key sequences and retrieve the correct key sequence corresponding to a given input set. Implementing LUT based tamper-proof memory for storing multiple key sequences may require high implementation costs over implementing normal taper-proof memory for storing a single key sequence. Therefore, our future work will focus on identifying the cost-effective implementation/way to store multiple correct key sequences.

### References

- <span id="page-17-0"></span>Masoud Rostami, Farinaz Koushanfar, and Ramesh Karri. A primer on hardware security: Models, methods, and metrics. *Proceedings of the IEEE*, 102(8):1283–1295, 2014.
- <span id="page-17-1"></span>K Xiao, D Forte, Y Jin, R Karri, S Bhunia, and M Tehranipoor. Hardware trojans: Lessons learned after one decade of research. *ACM Transactions on Design Automation of Electronic Systems (TODAES)*, 22(1):6:1–6:23, 2016.
- <span id="page-17-2"></span>Swarup Bhunia, Michael S Hsiao, Mainak Banga, and Seetharam Narasimhan. Hardware trojan attacks: threat analysis and countermeasures. *Proceedings of the IEEE*, 102(8):1229–1247, 2014.
- <span id="page-17-3"></span>International chamber of commerce, impacts of counterfeiting and piracy to reach us \$1.7 trillion by 2015. [Online]. Available: http://www.iccwbo.org/News/Articles/2011/Impacts-ofcounterfeiting-and-piracy-to-reach-US\$1-7-trillionby-2015/, 2015.
- <span id="page-17-4"></span>SEMI. Innovation is at risk as semiconductor equipment and materials industry loses up to \$4 billion annually due to IP infringement. [Online]. Available: www.semi.org/en/Press/P043775, 2008.
- <span id="page-17-5"></span>Hassan Salmani, Mohammad Tehranipoor, and Jim Plusquellic. A novel technique for improving hardware trojan detection and reducing trojan activation time. *IEEE Transactions on Very Large Scale Integration (VLSI) Systems*, 20 (1):112–125, 2012.
- <span id="page-17-6"></span>Vijaypal Singh Rathor, Bharat Garg, and G. K. Sharma. A novel low complexity logic encryption technique for design-for-trust. *IEEE Transactions on Emerging Topics in Computing*, 8(3):688–699, 2020a. doi[:10.1109/TETC.2018.2795706.](https://doi.org/10.1109/TETC.2018.2795706)
- <span id="page-17-7"></span>Seetharam Narasimhan, Dongdong Du, Rajat Subhra Chakraborty, Somnath Paul, Francis G Wolff, Christos A Papachristou, Kaushik Roy, and Swarup Bhunia. Hardware trojan detection by multiple-parameter side-channel analysis. *IEEE Transactions on computers*, 62(11):2183–2195, 2013.
- <span id="page-17-8"></span>Hassan Salmani. Cotd: Reference-free hardware trojan detection and recovery based on controllability and observability in gate-level netlist. *IEEE Transactions on Information Forensics and Security*, 12(2):338–350, 2017.
- <span id="page-17-9"></span>Jarrod A Roy, Farinaz Koushanfar, and Igor L Markov. Ending piracy of integrated circuits. *Computer*, 43(10):0030–38, 2010.
- <span id="page-17-10"></span>Jeyavijayan Rajendran, Huan Zhang, Chi Zhang, Garrett S Rose, Youngok Pino, Ozgur Sinanoglu, and Ramesh Karri. Fault analysis-based logic encryption. *IEEE Transactions on Computers*, 64(2):410–424, 2015.
- <span id="page-17-11"></span>Muhammad Yasin, Jeyavijayan JV Rajendran, Ozgur Sinanoglu, and Ramesh Karri. On improving the security of logic locking. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 35(9):1411–1424, 2016a.
- <span id="page-17-12"></span>Ronald P Cocchi, James P Baukus, Lap Wai Chow, and Bryan J Wang. Circuit camouflage integration for hardware ip protection. In *2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC)*, pages 1–5. IEEE, 2014.
- <span id="page-17-13"></span>Vijaypal Singh Rathor, Bharat Garg, and G. K. Sharma. New light weight threshold voltage defined camouflaged gates for trustworthy designs. *Journal of Electronic Testing: Theory and Application*, 33(5):657–668, Oct 2017.
- <span id="page-17-14"></span>Jiliang Zhang. A practical logic obfuscation technique for hardware security. *IEEE Transactions on Very Large Scale Integration (VLSI) Systems*, 24(3):1193–1197, 2016.
- <span id="page-17-15"></span>Jeyavijayan Rajendran, Youngok Pino, Ozgur Sinanoglu, and Ramesh Karri. Logic encryption: A fault analysis perspective. In *Proceedings of the Conference on Design, Automation and Test in Europe*, pages 953–958. EDA Consortium, 2012a.
- <span id="page-17-16"></span>Pramod Subramanyan, Sayak Ray, and Sharad Malik. Evaluating the security of logic encryption algorithms. In *Hardware Oriented Security and Trust (HOST), 2015 IEEE International Symposium on*, pages 137–143. IEEE, 2015.
- <span id="page-17-17"></span>Mohamed El Massad, Siddharth Garg, and Mahesh V Tripunitara. Integrated circuit (IC) decamouflaging: Reverse engineering camouflaged ICs within minutes. In *22nd Annual Network and Distributed System Security Symposium, NDSS, San Diego, California, USA*, pages 1–14, February 8-11, 2015.
- <span id="page-18-0"></span>Yang Xie and Ankur Srivastava. Mitigating SAT attack on logic locking. In *International Conference on Cryptographic Hardware and Embedded Systems*, pages 127–146. Springer, 2016.
- <span id="page-18-1"></span>Yang Xie and Ankur Srivastava. Anti-sat: Mitigating sat attack on logic locking. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 38(2):199–207, 2018.
- <span id="page-18-2"></span>Muhammad Yasin, Bodhisatwa Mazumdar, Jeyavijayan JV Rajendran, and Ozgur Sinanoglu. Sarlock: SAT attack resistant logic locking. In *IEEE International Symposium on Hardware Oriented Security and Trust (HOST)*, pages 236–241. IEEE, 2016b.
- <span id="page-18-3"></span>Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan Rajendran, and Ozgur Sinanoglu. Provably-secure logic locking: From theory to practice. In *Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security*, pages 1601–1618, 2017a.
- <span id="page-18-4"></span>Bicky Shakya, Xiaolin Xu, Mark Tehranipoor, and Domenic Forte. Cas-lock: A security-corruptibility trade-off resilient logic locking scheme. *IACR Transactions on Cryptographic Hardware and Embedded Systems*, pages 175–202, 2020.
- <span id="page-18-5"></span>Yuntao Liu, Michael Zuzak, Yang Xie, Abhishek Chakraborty, and Ankur Srivastava. Strong anti-sat: Secure and effective logic locking. In *2020 21st International Symposium on Quality Electronic Design (ISQED)*, pages 199–205. IEEE, 2020.
- <span id="page-18-6"></span>Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran. Security analysis of anti-SAT. In *Design Automation Conference (ASP-DAC), 2017 22nd Asia and South Pacific*, pages 342–347. IEEE, 2017b.
- <span id="page-18-7"></span>Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran. Removal attacks on logic locking and camouflaging techniques. *IEEE Transactions on Emerging Topics in Computing*, 8(2):517–532, 2020. doi[:10.1109/TETC.2017.2740364.](https://doi.org/10.1109/TETC.2017.2740364)
- <span id="page-18-8"></span>Kaveh Shamsi, Meng Li, Travis Meade, Zheng Zhao, David Z Pan, and Yier Jin. Appsat: Approximately deobfuscating integrated circuits. In *2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)*, pages 95–100. IEEE, 2017a.
- <span id="page-18-9"></span>Xiaolin Xu, Bicky Shakya, Mark M Tehranipoor, and Domenic Forte. Novel bypass attack and bdd-based tradeoff analysis against all known logic locking attacks. In *International Conference on Cryptographic Hardware and Embedded Systems*, pages 189–210. Springer, 2017.
- <span id="page-18-10"></span>Deepak Sirone and Pramod Subramanyan. Functional analysis attacks on logic locking. *IEEE Transactions on Information Forensics and Security*, 15:2514–2527, 2020.
- <span id="page-18-11"></span>Abhrajit Sengupta, Nimisha Limaye, and Ozgur Sinanoglu. Breaking cas-lock and its variants by exploiting structural traces. In *IACR Transactions on Cryptographic Hardware and Embedded Systems*. Cryptology ePrint Archive, Paper 2021/581, 2021.
- <span id="page-18-12"></span>Vijaypal Singh Rathor, Munesh Singh, Kshira Sagar Sahoo, and Saraju P. Mohanty. Gatelock: Input-dependent key-based locked gates for sat resistant logic locking. *IEEE Transactions on Very Large Scale Integration (VLSI) Systems*, 32(2):361–371, 2024. doi[:10.1109/TVLSI.2023.3340350.](https://doi.org/10.1109/TVLSI.2023.3340350)
- <span id="page-18-13"></span>Sophie Dupuis, Papa-Sidi Ba, Giorgio Di Natale, Marie-Lise Flottes, and Bruno Rouzeyre. A novel hardware logic encryption technique for thwarting illegal overproduction and hardware trojans. In *2014 IEEE 20th International On-Line Testing Symposium (IOLTS)*, pages 49–54. IEEE, 2014.
- <span id="page-18-14"></span>Kyle Juretus and Ioannis Savidis. Reducing logic encryption overhead through gate level key insertion. In *2016 IEEE International Symposium on Circuits and Systems (ISCAS)*, pages 1714–1717. IEEE, 2016a.
- <span id="page-18-15"></span>Bao Liu and Brandon Wang. Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks. In *Proceedings of the conference on Design, Automation & Test in Europe (DATE)*, pages 1–6. IEEE, 2014.
- <span id="page-18-16"></span>Jeyavijayan Rajendran, Youngok Pino, Ozgur Sinanoglu, and Ramesh Karri. Security analysis of logic obfuscation. In *Proceedings of the 49th Annual Design Automation Conference*, pages 83–89. ACM, 2012b.
- <span id="page-18-17"></span>Yu-Wei Lee and Nur A Touba. Improving logic obfuscation via logic cone analysis. In *2015 16th Latin-American Test Symposium (LATS)*, pages 1–6. IEEE, 2015.
- <span id="page-18-18"></span>Stephen M Plaza and Igor L Markov. Solving the third-shift problem in IC piracy with test-aware logic locking. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 34(6):961–971, 2015.
- <span id="page-18-19"></span>Vijaypal Singh Rathor and G. K. Sharma. A lightweight robust logic locking technique to thwart sensitization and cone-based attacks. *IEEE Transactions on Emerging Topics in Computing*, 9(2):811–822, 2021. doi[:10.1109/TETC.2019.2935250.](https://doi.org/10.1109/TETC.2019.2935250)
- <span id="page-18-20"></span>Meng Li, Kaveh Shamsi, Travis Meade, Zheng Zhao, Bei Yu, Yier Jin, and David Z Pan. Provably secure camouflaging strategy for IC protection. In *International Conference on Computer-Aided Design (ICCAD)*, pages 1–8. IEEE, 2016.
- <span id="page-19-2"></span>Yuanqi Shen and Hai Zhou. Double dip: Re-evaluating security of logic encryption algorithms. In *Proceedings of the Great Lakes Symposium on VLSI 2017*, pages 179–184. ACM, 2017.
- <span id="page-19-3"></span>Yuanqi Shen, You Li, Shuyu Kong, Amin Rezaei, and Hai Zhou. Sigattack: New high-level sat-based attack on logic encryptions. In *2019 Design, Automation & Test in Europe Conference & Exhibition (DATE)*, pages 940–943. IEEE, 2019.
- <span id="page-19-4"></span>Yuanqi Shen, Amin Rezaei, and Hai Zhou. Sat-based bit-flipping attack on logic encryptions. In *2018 Design, Automation & Test in Europe Conference & Exhibition (DATE)*, pages 629–632. IEEE, 2018.
- <span id="page-19-5"></span>Soroush Khaleghi, Kai Da Zhao, and Wenjing Rao. IC piracy prevention via design withholding and entanglement. In *The 20th Asia and South Pacific Design Automation Conference*, pages 821–826. IEEE, 2015.
- <span id="page-19-6"></span>Vijaypal Singh Rathor, Bharat Garg, and G.K. Sharma. New lightweight anti-sat block design and ob-<br>fuscation technique to thwart removal attack. *Integration*, 75:178-188, 2020b. ISSN 0167-9260. fuscation technique to thwart removal attack. *Integration*, 75:178–188, 2020b. ISSN 0167-9260. doi[:https://doi.org/10.1016/j.vlsi.2020.05.001.](https://doi.org/https://doi.org/10.1016/j.vlsi.2020.05.001) URL [https://www.sciencedirect.com/science/article/](https://www.sciencedirect.com/science/article/pii/S0167926019306510) [pii/S0167926019306510](https://www.sciencedirect.com/science/article/pii/S0167926019306510).
- <span id="page-19-0"></span>Muhammad Yasin, Abhrajit Sengupta, Benjamin Carrion Schafer, Yiorgos Makris, Ozgur Sinanoglu, and Jeyavijayan Rajendran. What to lock? functional and parametric locking. In *Proceedings of the on Great Lakes Symposium on VLSI 2017*, pages 351–356, 2017c.
- <span id="page-19-1"></span>Fangfei Yang, Ming Tang, and Ozgur Sinanoglu. Stripped functionality logic locking with hamming distance-based restore unit (sfll-hd)–unlocked. *IEEE Transactions on Information Forensics and Security*, 14(10):2778–2786, 2019.
- <span id="page-19-7"></span>Kyle Juretus and Ioannis Savidis. Increased output corruption and structural attack resilience for sat attack secure logic locking. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 40(1):38–51, 2021. doi[:10.1109/TCAD.2020.2988629.](https://doi.org/10.1109/TCAD.2020.2988629)
- <span id="page-19-8"></span>Nimisha Limaye, Emmanouil Kalligeros, Nikolaos Karousos, Irene G. Karybali, and Ozgur Sinanoglu. Thwarting all logic locking attacks: Dishonest oracle with truly random logic locking. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 40(9):1740–1753, 2021. doi[:10.1109/TCAD.2020.3029133.](https://doi.org/10.1109/TCAD.2020.3029133)
- <span id="page-19-9"></span>Jingbo Zhou and Xinmiao Zhang. Generalized sat-attack-resistant logic locking. *IEEE Transactions on Information Forensics and Security*, 16:2581–2592, 2021.
- <span id="page-19-10"></span>Quang-Linh Nguyen, Sophie Dupuis, Marie-Lise Flottes, and Bruno Rouzeyre. Skg-lock+: A provably secure logic locking schemecreating significant output corruption. *Electronics*, 11(23):3906, 2022.
- <span id="page-19-11"></span>Hadi Mardani Kamali, Kimia Zamiri Azar, Houman Homayoun, and Avesta Sasan. Chaolock: Yet another sat-hard logic locking using chaos computing. In *2021 22nd International Symposium on Quality Electronic Design (ISQED)*, pages 387–394. IEEE, 2021.
- <span id="page-19-12"></span>Nimisha Limaye, Satwik Patnaik, and Ozgur Sinanoglu. Valkyrie: Vulnerability assessment tool and attack for provably-secure logic locking techniques. *IEEE Transactions on Information Forensics and Security*, 17:744–759, 2022.
- <span id="page-19-13"></span>Satwik Patnaik, Nimisha Limaye, and Ozgur Sinanoglu. Hide and seek: Seeking the (un)-hidden key in provably-secure logic locking techniques. *IEEE Transactions on Information Forensics and Security*, 17:3290–3305, 2022.
- <span id="page-19-14"></span>Kaveh Shamsi, Meng Li, Travis Meade, Zheng Zhao, David Z Pan, and Yier Jin. Cyclic obfuscation for creating SAT-unresolvable circuits. In *Proceedings of the on Great Lakes Symposium on VLSI 2017*, pages 173–178. ACM, 2017b.
- <span id="page-19-15"></span>Hai Zhou, Ruifeng Jiang, and Shuyu Kong. Cycsat: Sat-based attack on cyclic logic encryptions. In *2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)*, pages 49–56. IEEE, 2017.
- <span id="page-19-16"></span>Amin Rezaei, You Li, Yuanqi Shen, Shuyu Kong, and Hai Zhou. Cycsat-unresolvable cyclic logic encryption using unreachable states. In *Proceedings of the 24th Asia and South Pacific Design Automation Conference*, pages 358–363, 2019.
- <span id="page-19-17"></span>Xiang-Min Yang, Pei-Pei Chen, Hsiao-Yu Chiang, Chia-Chun Lin, Yung-Chih Chen, and Chun-Yao Wang. Looplock 2.0: An enhanced cyclic logic locking approach. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 41(1):29–34, 2022. doi[:10.1109/TCAD.2021.3053912.](https://doi.org/10.1109/TCAD.2021.3053912)
- <span id="page-19-18"></span>Pei-Pei Chen, Xiang-Min Yang, Yu-Cheng He, Yung-Chih Chen, Yi-Ting Li, and Chun-Yao Wang. Looplock 3.0: A robust cyclic logic locking approach. In *2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC)*, pages 594–599, 2024. doi[:10.1109/ASP-DAC58780.2024.10473877.](https://doi.org/10.1109/ASP-DAC58780.2024.10473877)
- <span id="page-19-19"></span>Yadi Zhong and Ujjwal Guin. Complexity analysis of the sat attack on logic locking. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, PP:1–1, 10 2023. doi[:10.1109/TCAD.2023.3240933.](https://doi.org/10.1109/TCAD.2023.3240933)
- <span id="page-20-0"></span>Kyle Juretus and Ioannis Savidis. Reduced overhead gate level logic encryption. In *Proceedings of the 26th edition on Great Lakes Symposium on VLSI*, pages 15–20. ACM, 2016b.
- <span id="page-20-1"></span>Rajit Karmakar, N Prasad, Santanu Chattopadhyay, Rohit Kapur, and Indranil Sengupta. A new logic encryption strategy ensuring key interdependency. In *VLSI Design and 2017 16th International Conference on Embedded Systems (VLSID), 2017 30th International Conference on*, pages 429–434. IEEE, 2017.
- <span id="page-20-2"></span>(2011) nangate freepdk45 open cell library. nangate inc, 2011. In *[Online]. Available: http://www.nangate.com/?pageid=2325/*, 2011.



Vijaypal Singh Rathor is currently working as an Assistant Professor in the Department of CSE at PDPM Indian Institute of Information Technology, Design and Manufacturing (IIITDM), Jabalpur, India, since August 2021. His research interest includes Hardware Security, Machine Learning and IoT, and Cloud Computing. He is also a member of IEEE since 2017.



Munesh Singh is currently working as an Assistant Professor in PDPM Indian Institute of Information Technology, Design and Manufacturing (IIITDM), Jabalpur, India. He has published many research articles in IEEE, Springer, and Elsevier journals. His research interests include Sensor Networks, Cooperative Computing, Radar Surveillance, Cyber Security, Machine Learning, and Intelligent Robotics.



Kshira Sagar Sahoo (Senior Member, IEEE) completed his Ph.D. (2019) and M.Tech (2014) from Dept. of CSE, National Institute of Technology, Rourkela, India and Indian Institute of Technology, Kharagpur, India respectively. He is currently acting as a postdoctoral *Kempe* fellow at the dept of computing science, Umeå University, Sweden. He has authored more than 90 research articles in top tier journals and conferences, 2 edited books, and 8 granted and pending patents. He is recognized as top 2% scientists in the world 2023 list by Stanford University. His research interests are SDN, SDIoT, Edge Computing, IoT, Machine Learning and Distibuted Computing. He is a senior member of IEEE and IETE.



Saraju P. Mohanty (Senior Member, IEEE) received the bachelor's degree (Honors) in electrical engineering from the Orissa University of Agriculture and Technology, Bhubaneswar, in 1995, the master's degree in Systems Science and Automation from the Indian Institute of Science, Bengaluru, in 1999, and the Ph.D. degree in Computer Science and Engineering from the University of South Florida, Tampa, in 2003. He is a Professor with the University of North Texas. His research is in "Smart Electronic Systems" which has been funded by National Science Foundations (NSF), Semiconductor Research Corporation (SRC), U.S. Air Force, IUSSTF, and Mission Innovation. He has authored 500 research articles, 5 books, and 10 granted and pending patents. His Google Scholar h-index is 56 and i10-index is 258 with 14,000 citations. He is regarded as a visionary researcher on Smart Cities technology in which his research deals with security and energy aware, and AI/ML-integrated smart components. He introduced the Secure Digital Camera (SDC) in 2004 with built-in security features designed using Hardware Assisted Security (HAS) or Security by Design (SbD) principle. He is widely credited as the designer for the first digital watermarking chip in 2004 and first the low-power digital watermarking chip in 2006. He is a recipient of 19 best paper awards, Fulbright Specialist Award in 2021, IEEE Consumer Electronics Society Outstanding Service Award in 2020, the IEEE-CS-TCVLSI Distinguished Leadership Award in 2018, and the PROSE Award for Best Textbook in Physical Sciences and Mathematics category in 2016. He has delivered 29 keynotes and served on 15 panels at various International Conferences. He has been serving on the editorial board of several peer-reviewed international transactions/journals, including IEEE Transactions on Big Data (TBD), IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), IEEE Transactions on Consumer Electronics (TCE), and ACM Journal on Emerging Technologies in Computing Systems (JETC). He has been the Editor-in-Chief (EiC) of the IEEE Consumer Electronics Magazine (MCE) during 2016-2021. He served as the Chair of Technical Committee on Very Large Scale Integration (TCVLSI), IEEE Computer Society (IEEE-CS) during 2014-2018 and on the Board of Governors of the IEEE Consumer Electronics Society during 2019-2021. He serves on the steering, organizing, and program committees of several international conferences. He is the steering committee chair/vice-chair for the IEEE International Symposium on Smart Electronic Systems (IEEE-iSES), the IEEE-CS Symposium on VLSI (ISVLSI), and the OITS International Conference on Information Technology (OCIT). He has mentored 3 post-doctoral researchers, and supervised 17 Ph.D. dissertations, 27 M.S. theses, and 27 undergraduate projects.