CircuitGuard: Mitigating LLM Memorization in RTL Code Generation Against IP Leakage

TL;DR

This paper introduces CircuitGuard, a novel method to reduce LLM memorization of proprietary RTL designs during code generation, balancing privacy protection with correctness preservation.

Contribution

CircuitGuard presents an RTL-aware similarity metric and an activation-level steering technique to mitigate memorization in LLMs generating RTL code, a novel approach for hardware synthesis security.

Findings

Achieves up to 80% reduction in semantic similarity to proprietary patterns.

Identifies 275 memorization-critical features across Llama 3.1-8B layers.

Maintains generation quality while significantly reducing memorization.

Abstract

Large Language Models (LLMs) have achieved remarkable success in generative tasks, including register-transfer level (RTL) hardware synthesis. However, their tendency to memorize training data poses critical risks when proprietary or security-sensitive designs are unintentionally exposed during inference. While prior work has examined memorization in natural language, RTL introduces unique challenges: In RTL, structurally different implementations (e.g., behavioral vs. gate-level descriptions) can realize the same hardware, leading to intellectual property (IP) leakage (full or partial) even without verbatim overlap. Conversely, even small syntactic variations (e.g., operator precedence or blocking vs. non-blocking assignments) can drastically alter circuit behavior, making correctness preservation especially challenging. In this work, we systematically study memorization in RTL code generation and propose CircuitGuard, a defense strategy that balances leakage reduction with correctness preservation. CircuitGuard (1) introduces a novel RTL-aware similarity metric that captures both structural and functional equivalence beyond surface-level overlap, and (2) develops an activation-level steering method that identifies and attenuates transformer components most responsible for memorization. Our empirical evaluation demonstrates that CircuitGuard identifies (and isolates) 275 memorization-critical features across layers 18-28 of Llama 3.1-8B model, achieving up to 80% reduction in semantic similarity to proprietary patterns while maintaining generation quality. CircuitGuard further shows 78-85% cross-domain transfer effectiveness, enabling robust memorization mitigation across circuit categories without retraining.