Late Breaking Results: On the One-Key Premise of Logic Locking

TL;DR

This paper challenges the traditional assumption in logic locking security that only the correct key reveals the true circuit functionality, proposing an attack that finds multiple incorrect keys producing correct outputs, significantly reducing attack time.

Contribution

It introduces a novel attack methodology targeting multiple keys instead of one, demonstrating a substantial runtime reduction and questioning the core security premise of logic locking.

Findings

Achieves up to 99.6% reduction in attack runtime.

Effectively finds multiple incorrect keys producing correct functionality.

Parallelizable attack suited for multi-core environments.

Abstract

The evaluation of logic locking methods has long been predicated on an implicit assumption that only the correct key can unveil the true functionality of a protected circuit. Consequently, a locking technique is deemed secure if it resists a good array of attacks aimed at finding this correct key. This paper challenges this one-key premise by introducing a more efficient attack methodology, focused not on identifying that one correct key, but on finding multiple, potentially incorrect keys that can collectively produce correct functionality from the protected circuit. The tasks of finding these keys can be parallelized, which is well suited for multi-core computing environments. Empirical results show our attack achieves a runtime reduction of up to 99.6% compared to the conventional attack that tries to find a single correct key.