Resynthesis-based Attacks Against Logic Locking

TL;DR

This paper presents a novel resynthesis-based attack method that leverages commercial EDA tools to uncover vulnerabilities in logic locking schemes, including breaking secure methods and deciphering key bits with high accuracy.

Contribution

It introduces a resynthesis-based attack strategy that manipulates locked netlists to reveal security flaws without needing the original circuit.

Findings

Successfully breaks a recently proposed secure logic locking method.

Deciphers a large number of key bits in CSAW'19 circuits with high accuracy.

Demonstrates the effectiveness of the attack on multiple benchmark circuits.

Abstract

Logic locking has been a promising solution to many hardware security threats, such as intellectual property infringement and overproduction. Due to the increased attention that threats have received, many efficient specialized attacks against logic locking have been introduced over the years. However, the ability of an adversary to manipulate a locked netlist prior to mounting an attack has not been investigated thoroughly. This paper introduces a resynthesis-based strategy that utilizes the strength of a commercial electronic design automation (EDA) tool to reveal the vulnerabilities of a locked circuit. To do so, in a pre-attack step, a locked netlist is resynthesized using different synthesis parameters in a systematic way, leading to a large number of functionally equivalent but structurally different locked circuits. Then, under the oracle-less threat model, where it is assumed that the adversary only possesses the locked circuit, not the original circuit to query, a prominent attack is applied to these generated netlists collectively, from which a large number of key bits are deciphered. Nevertheless, this paper also describes how the proposed oracle-less attack can be integrated with an oracle-guided attack. The feasibility of the proposed approach is demonstrated for several benchmarks, including remarkable results for breaking a recently proposed provably secure logic locking method and deciphering values of a large number of key bits of the CSAW'19 circuits with very high accuracy.