A pre-publication draft of our HOST 2015 paper, Evaluating the Security of Logic Encryption Algorithms, is now available online.

The decryption tool described in the paper is also available on Bitbucket. Pull requests, especially with the benchmarks circuits encrypted using new combinational encryption algorithms are welcome.

What is Logic Encryption?

If you know what logic encryption is, you can skip the next few paragraphs.

Logic encryption, which is also called logic obfuscation and/or hardware metering by some authors is an idea that was first introduced by Roy, Koushanfar and Markov in their DATE 2008 paper, "EPIC: Ending Piracy of Integrated Circuits."

The goal of logic encryption is to prevent an untrusted foundry from overproducing and/or pirating an IC design. This is done by modifying the IC by adding new inputs, called key inputs, and additional logic to the IC, such that the circuit only operates correctly when these key inputs are set to the correct value(s). This correct value is not revealed to the foundry. The value is programmed in, perhaps using a tamper-proof memory, after the chips are manufactured and before they are marketed.

Since the foundry does not know the correct values of the key inputs, it cannot produce functional chips. The key assumption here is that not only does the foundry not know the correct values of the key inputs, it also cannot compute them.

Are Logic Encryption Schemes Secure?

One difference between logic encryption and traditional cryptographic schemes is due to the fact that hardware is expensive. It is not feasible to spend significant parts of the area and timing budgets of an IC on implementing something like AES in hardware and then using this for the logic encryption. So instead many authors have proposed a variety of simpler logic encryption schemes. A number of these schemes are purely combinational and boil down to the insertion of AND/OR/XOR/XNOR gates at selected locations in the circuit.

The big question is whether these "home-made" encryption schemes are good enough and this is the question we address in the paper. A previous attack using automatic test pattern generation (ATPG) tools was published by JV, Ramesh Karri and colleagues in DAC 2012. However, they also showed an insertion methodology that made circuits resistant to their attack.

In this paper, we demonstrate an attack that is able to fully decrypt a large number of circuits, encrypted using a variety of insertion schemes, including the state-of-the-art insertion methodology proposed in the DAC 2012 paper. The decryption is successful even in many ridiculous scenarios, such as when a budget of 50% additional area is allocated for logic encryption! Based on these results, we assert that stronger encryption algorithms are required and make some suggestions about what properties these algorithms might need to have.

Hopefully this description has piqued your interest, and now you are motivated to read the paper.