

# **SMT Attack**: Next Generation Attack on Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks

Conference on Cryptographic Hardware and Embedded Systems 2019 (CHES 2019)

Kimia Zamiri Azar, Hadi Mardani Kamali, Houman Homayoun, and Avesta Sasan





Department of Electrical and Computer Engineering George Mason University, USA.

#### Outline



- Intro to Hardware Security
- Intro to Logic Locking
- SAT Attack and its Limitations
- SMT attack
  - □ SMT reduced to SAT Attack
  - □ Eager SMT Attack
  - □ Lazy SMT Attack
  - Accelerated Lazy SMT Attack
- Experimental Results
- Conclusion

# Design Flow



- High Cost of Manufacturing in ASIC Design has pushed most of needed fabrication offshore
  - Some Fabs are untrusted
- Security threats for untrusted supply chain
  - Trojan Insertion
  - Overproduction
  - □ Intellectual Property (IP) Theft
  - Counterfeiting
  - □ Reverse Engineering, etc.



# Logic Locking



- Logic Locking: Adding Ambiguity to the Design
  - ☐ Inserting Key Programmable Gates (**KPGs**)
  - No Information on Key at Untrusted Entities



#### Logic Locking



# SAT Attack: a Turning Point in Logic Locking



#### SAT Attack Recipe:

1. Reverse-engineered netlist (CL)

2. A functionally activated chip (CO)





- SAT attack broke all logic obfuscation scheme prior to its debut!
  - Random insertion (RLL)
  - Fault-analysis (FLL)
  - Interference-based logic locking (SLL)

#### SAT Attack



#### SAT Attack



#### **Algorithm** SAT-based Attack Algorithm

- Set of Correct Keys (SCK) Set of Invalid Keys (SIK)
  - Breaks within few minutes (few iterations)!

- 1: **function** SAT\_ATTACK(Circuit  $C_L$ , Circuit  $C_O$ )
  - $i \leftarrow 0$ ;  $F_0 \leftarrow C_L(X, K_1, Y_1) \wedge C_L(X, K_2, Y_2)$ ;
- 3: while  $SAT(F_i \wedge (Y_1 \neq Y_2))$  do
- 4:  $X_d[i] \leftarrow \text{sat\_assignment} (F_i \land (Y_1 \neq Y_2)); Y_d[i] \leftarrow C_O(X_d[i]);$
- $F_{i+1} \leftarrow F_i \wedge C_L(X_d[i], K_1, Y_d[i]) \wedge C_L(X_d[i], K_2, Y_d[i]); i \leftarrow i+1;$ 5:
- $K^* \leftarrow \text{sat\_assignment}_{K_1}(F_i);$

## Limitation of SAT Attack



SAT-Resilient Logic Obfuscation Solutions



## Limitation of SAT Attack



- A SAT Attack works if Logic obfuscation is of Boolean nature
- Model Translation Flow:
  - □ Boolean logic → Conjunctive Normal Form (CNF)
  - □ CNF → Satisfiability assignment problem
- Defense solutions to trap the SAT solver?
  - □ Use **non-logical** properties for locking
  - Can not be modeled if could not be translated to CNF



# Behavioral logical obfuscation



- Delay and Logic Locking (DLL)
  - Obfuscation control the setup and hold
  - Incorrect key → Setup and Hold time violation
  - □ Timing is **not translatable** to CNF
    - SAT solver remains **oblivious** to the keys used for timing obfuscation



| $k_1k_2$ | f(x)                        | Delay |
|----------|-----------------------------|-------|
| 00       | y = x                       | $d_0$ |
| 01       | y = x                       | $d_1$ |
| 10       | $y = \overline{\mathbf{x}}$ | $d_0$ |
| 11       | $y = \overline{\mathbf{x}}$ | $d_1$ |

## Solution



Satisfiability Modulo Theory (SMT) Attack

## **SMT Solver**



- A SMT is used to solve a decision problem
- Close integration of a SAT solver with Theory solver
- Uses first-order theories
  - Equality
  - Reasoning
  - Arithmetic
  - Graph-based deduction
- Modern SMT solvers provide the capability
  - Combining theory solvers
  - Can support more powerful languages as its input

# Approaches to SMT Solver



- Two approaches for solving an SMT problem
  - Eager approach
  - Lazy approach







Lazy approach

# SMT Eager Approach



- Eager approach
  - □ **Translating** the problem into a Boolean SAT instances
  - □ The existing Boolean **SAT solvers** are **used as is**
  - □ The SMT solver has to work a lot harder
    - e.g. for checking the equivalence of two 32-bit values
  - By deploying a theory solver
    - this could be achieved in no time



# SMT Lazy Approach



- Lazy approach
  - □ Integrates the Boolean satisfiability solvers and theory solvers
- **Capabilities** of the Theory solvers:
  - **□** Theory propagation
    - for checking possible conflicts on partial assignments
  - Clause learning
    - to speed-up pruning the decision tree.









#### Step 1

□ Obfuscated cells → equivalent Key Programmable Gates (KPG)

#### $\Box$ A **KPG**

- performs the same function as the obfuscated cell
- allows building a key controlled representation





- Step 2
  - Before invoking a theory solver
    - Input model → model which is understood by that theory solver
    - Different translation step for each theory solver





- Invoking the SMT solver returns
  - □ A satisfiable assignment
  - □ list of **learned theory**
  - conflict clauses



## **Attack Modes**



- **Mode 1**: SMT **reduced** to SAT Attack
  - □ To show SMT is a superset of SAT
- Mode 2: Eager SMT Attack
  - To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Serialized!
- Mode 3: Lazy SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Parallelized!
- Mode 4: Accelerated Lazy SMT Attack (AccSMT)
  - To show more efficiency
  - □ Uses BitVector Theory Solver

#### **Attack Modes**



- **Mode 1**: SMT **reduced** to SAT Attack
  - □ To show SMT is a superset of SAT
- Mode 2: Eager SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Serialized!
- Mode 3: Lazy SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Parallelized!
- Mode 4: Accelerated Lazy SMT Attack (AccSMT)
  - □ To show more efficiency
  - □ Uses BitVector Theory Solver

## Mode 1: SMT reduced to SAT Attack



- SMT solver is a superset of SAT solver
  - $\Box$  Any attack formulated for SAT  $\rightarrow$  can be formulated using SMT
- one-to-one translation of the original SAT attack

#### **Algorithm** SMT Reduced to SAT Attack

```
1: function SAT_ATTACK(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
         KPC \leftarrow \text{ReplaceKPG}(N_{obf});
         C(X, K, Y) \leftarrow \text{Circuit Translation to CNF}(KPC);
         KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
         SCKVC = TRUE:
         SATC = KDC \wedge SCKVC;
        LC = TRUE;
                                                                     ▶ Learned Clauses
         SMT_{LC} \leftarrow SATC;
         while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC})) = TRUE) do
10:
            Y_f \leftarrow C_{org}(X_{DI});
11:
            DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
12:
            SCKVC = SCKVC \land DIVC;
13:
            LC = LC \wedge CC
14:
            SMT_{LC} = KDC \wedge SCKVC \wedge LC;
15:
         Key \leftarrow SMT.Solve(SMT_{LC});
```

## Mode 1: SMT reduced to SAT Attack



- The recently found **Conflict Clauses** (**CC**) are **added** to the set of previously found **Learned Clauses** (**LC**).
- Note that this step is done implicitly if SMT is stateful.

#### **Algorithm** SMT Reduced to SAT Attack

```
1: function SAT ATTACK(Obfuscated Netlist N_{obf}, Functional Circuit C_{org})
 2:
        KPC \leftarrow \text{ReplaceKPG}(N_{obf});
        C(X, K, Y) \leftarrow \text{Circuit Translation to CNF}(KPC);
        KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
        SCKVC = TRUE:
        SATC = KDC \wedge SCKVC;
        LC = TRUE;
                                                                   ▶ Learned Clauses
        SMT_{LC} \leftarrow SATC;
        while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC})) = TRUE) do
10:
            Y_f \leftarrow C_{org}(X_{DI});
11:
            DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
12:
            SCKVC = SCKVC \wedge DIVC;
13:
         LC = LC \wedge CC
            SMT_{LC} = KDC \wedge SCKVC \wedge LC:
14:
15:
        Key \leftarrow SMT.Solve(SMT_{LC});
```

## **Attack Modes**



- **Mode 1**: SMT **reduced** to SAT Attack
  - □ To show SMT is a superset of SAT
- Mode 2: Eager SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Serialized!
- Mode 3: Lazy SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Parallelized!
- Mode 4: Accelerated Lazy SMT Attack (AccSMT)
  - □ To show more efficiency
  - □ Uses BitVector Theory Solver

# Case Study



Case Study: Delay and Logic Locking (DLL) \*1



<sup>\*1</sup> Y. Xie and A. Srivastava, "Delay Locking: Security Enhancement of Logic Locking against IC Counterfeiting and Overproduction," In Proceedings of the 54th Annual Design Automation Conference (DAC'17), 2017.

# Case Study



- Case Study: Delay and Logic Locking (DLL) \*1
- $\blacksquare$  K<sub>1</sub> and K<sub>3</sub>
  - **No impact** on the **logical behavior** of the circuit
  - Only changes its delay
- SAT attack results
  - $\blacksquare$  **Random assignment** to  $K_1$  and  $K_3$



\*1 Y. Xie and A. Srivastava, "Delay Locking: Security Enhancement of Logic Locking against IC Counterfeiting and Overproduction," In Proceedings of the 54th Annual Design Automation Conference (DAC'17), 2017.



#### **Algorithm** Eager SMT Attack on DLL

```
1: function SMT_EAGER_ATT(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
         KPC \leftarrow \text{ReplaceKPG}(N_{obf});
 3:
         C(X,K,Y) \leftarrow \text{Circuit\_Translation\_to\_CNF}(KPC);
         KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
         SCKVC = TRUE:
         SATC = KDC \wedge SCKVC:
         LC = TRUE:
                                                                                                            ▶ Learned Clauses
         G(X,K) \leftarrow \text{Graph Translation}(N_{obf});
         T_{LC} \leftarrow GenTLC(G(X,K));
 9:
                                                                                                  ▶ Theory Learned Clauses
10:
         SMT_{LC} \leftarrow SATC \land T_{LC};
                                                                                                               ▶ SMT Clauses
         while (((X_{DL}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC})) = TRUE) do
11:
12:
             Y_f \leftarrow C_{org}(X_{DI});
13:
             DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
             SCKVC = SCKVC \land DIVC;
14:
15:
             LC = LC \wedge CC
16:
             SMT_{LC} = KDC \wedge SCKVC \wedge LC;
17:
         Key \leftarrow SMT.Solve(SMT_{LC});
     Pre-Processing step by using a graph theory solver for SMT attack (Eager)
 1: function GENTLC(Graph G)
         Inputs \leftarrow G.find start points();
 3:
         Outputs \leftarrow G.find end points();
 4:
         T_{LC} \leftarrow []
         for each (Sp in Inputs) do
 6:
             for each (Ep in Outputs) do
                 Upper(Sp,Ep)(K) \leftarrow !(distance leq(Sp, Ep, t_{cd}));
                 Lower(Sp,Ep)(K) \leftarrow distance_leq(Sp, Ep, t_p);
 9:
                 T_{LC} \leftarrow \text{SMT.solve}(\text{Upper}(\text{Sp,Ep})(\text{K}) \wedge \text{Lower}(\text{Sp,Ep})(\text{K}) \wedge T_{LC});
10:
         return T_{LC}
```





Calculating Hold Time and Setup Time



$$t_{cs-lr} + t_{clk-q} + t_p + t_{setup} + U \le t_{cs-cr} + T_{clk}$$
  
 $t_{cs-lr} + t_{clk-q} + t_{cd} \ge t_{hold} + t_{cs-cr} + U$ 

$$\mathbf{t}_{p} \leq T_{clk} + (t_{cs-cr} - t_{cs-lr}) - t_{clk-q} - t_{setup} - U = Upper$$

$$\mathbf{t}_{cd} \geq t_{hold} + (t_{cs-cr} - t_{cs-lr}) - t_{clk-q} + U = Lower$$



Calculating Hold Time and Setup Time



$$t_{cs-lr} + t_{clk-q} + t_p + \underbrace{t_{setup}} + U \le t_{cs-cr} + T_{clk}$$
$$t_{cs-lr} + \underbrace{t_{clk-q}} + t_{cd} \ge \underbrace{t_{hold}} + t_{cs-cr} + U$$

$$\mathbf{t}_{p} \leq T_{clk} + (t_{cs-cr} - t_{cs-lr}) - t_{clk-q} - t_{setup} - U = Upper$$

$$\mathbf{t}_{cd} \geq t_{hold} + (t_{cs-cr} - t_{cs-lr}) - t_{clk-q} + U = Lower$$



#### **Algorithm** Eager SMT Attack on DLL

```
1: function SMT_EAGER_ATT(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
 2:
         KPC \leftarrow \text{ReplaceKPG}(N_{obf});
 3:
         C(X,K,Y) \leftarrow \text{Circuit Translation to CNF}(KPC);
 4:
         KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
 5:
         SCKVC = TRUE;
 6:
         SATC = KDC \wedge SCKVC:
 7:
         LC = TRUE:
                                                                                                                ▶ Learned Clauses
 8:
         G(X,K) \leftarrow \text{Graph\_Translation}(N_{obf});
 9:
          T_{LC} \leftarrow GenTLC(G(X,K));

    ▶ Theory Learned Clauses

10:
         SMT_{LC} \leftarrow SATC \wedge T_{LC};
                                                                                                                   ▶ SMT Clauses
11:
         while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC})) = TRUE) do
12:
             Y_f \leftarrow C_{org}(X_{DI});
13:
             DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
14:
             SCKVC = SCKVC \land DIVC:
15:
             LC = LC \wedge CC
16:
             SMT_{LC} = KDC \wedge SCKVC \wedge LC;
17:
         Key \leftarrow SMT.Solve(SMT_{LC});
     Pre-Processing step by using a graph theory solver for SMT attack (Eager)
     function GenTLC(Graph G)
         Inputs \leftarrow G.find start points();
 3:
         Outputs \leftarrow G.find end points();
 4:
         T_{LC} \leftarrow []
 5:
         for each (Sp \text{ in } Inputs) \text{ do}
 6:
             for each (Ep \text{ in } Outputs) do
 7:
                 Upper(Sp,Ep)(K) \leftarrow !(distance_leq(Sp, Ep, t<sub>cd</sub>));
 8:
                 Lower(Sp.Ep)(K) \leftarrow distance leg(Sp.Ep.t.):
 9:
                  T_{LC} \leftarrow \text{SMT.solve}(\text{Upper}(\text{Sp,Ep})(\text{K}) \wedge \text{Lower}(\text{Sp,Ep})(\text{K}) \wedge T_{LC})
10:
         return T_{LC}
```



#### **Algorithm** Eager SMT Attack on DLL

```
1: function SMT_EAGER_ATT(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
 2:
         KPC \leftarrow \text{ReplaceKPG}(N_{obf});
 3:
         C(X,K,Y) \leftarrow \text{Circuit Translation to CNF}(KPC);
 4:
         KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
 5:
         SCKVC = TRUE;
 6:
         SATC = KDC \wedge SCKVC;
 7:
         LC = TRUE:
                                                                                                              ▶ Learned Clauses
 8:
         G(X,K) \leftarrow \text{Graph\_Translation}(N_{obf});
 9:
         T_{LC} \leftarrow GenTLC(G(X,K));

    ▶ Theory Learned Clauses

10.
         SMT_{LC} \leftarrow SATC \land T_{LC};
                                                                                                                 ▶ SMT Clauses
         while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC})) = TRUE) do
11:
12:
             Y_f \leftarrow C_{org}(X_{DI});
13:
             DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
14:
             SCKVC = SCKVC \land DIVC:
15:
             LC = LC \wedge CC
16:
             SMT_{LC} = KDC \wedge SCKVC \wedge LC;
17:
         Key \leftarrow SMT.Solve(SMT_{LC});
     Pre-Processing step by using a graph theory solver for SMT attack (Eager)
     function GenTLC(Graph G)
         Inputs \leftarrow G.find start points();
 3:
         Outputs \leftarrow G.find end points();
 4:
         T_{LC} \leftarrow []
 5:
         for each (Sp in Inputs) do
 6:
             for each (Ep in Outputs) do
 7:
                 Upper(Sp,Ep)(K) \leftarrow !(distance_leq(Sp, Ep, t<sub>cd</sub>));
 8:
                 Lower(Sp,Ep)(K) \leftarrow distance\_leq(Sp, Ep, t_p);
                 T_{LC} \leftarrow \text{SMT.solve}(\text{Upper}(\text{Sp,Ep})(\text{K}) \wedge \text{Lower}(\text{Sp,Ep})(\text{K}) \wedge T_{LC});
 9:
10:
         return T_{LC}
```

# Limitation of Eager SMT Attack



- For some problems the Eager approach does not work!
  - **Why?** Eager relies on **reduction** of a problem to a SAT problem

#### SRCLock

- The run time of pre-processing is exponential
  - w.r.t. the # of inserted feedbacks
- □ Preventing us to ever reach the SAT attack

## **Attack Modes**



- **Mode 1**: SMT **reduced** to SAT Attack
  - □ To show SMT is a superset of SAT
- Mode 2: Eager SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Serialized!
- Mode 3: Lazy SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Parallelized!
- Mode 4: Accelerated Lazy SMT Attack (AccSMT)
  - □ To show more efficiency
  - □ Uses BitVector Theory Solver



- Lazy approach of SMT attack
  - Moves from **pre-processing** to **co-processing**





```
Algorithm Overall SMT Attack (Lazy Approach)
```

```
1: function SMT_LAZY_ATT(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
         KPC \leftarrow \text{ReplaceKPG}(N_{obf});
 3:
         C(X,K,Y) \leftarrow \text{Circuit Translation to CNF}(KPC);
         KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
         SCKVC = TRUE;
         SATC = KDC \wedge SCKVC;
         LC = TRUE:
                                                                                      ▶ Learned Clauses
         G(X,K) \leftarrow \text{Graph\_Translation}(N_{obf});
         T_{CE}(K) \leftarrow GenTCE(G(X, K));
                                                       ▶ Theory Constraint Expressions (Not Solved)
10:
         T_{CE}(K1, K2) \leftarrow T_{CE}(K1) \cup T_{CE}(K2);
11:
        while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SATC, T_{CE}(K1, K2))) = TRUE) do
12:
            Y_f \leftarrow C_{org}(X_{DI});
13:
            DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
14:
            SCKVC = SCKVC \land DIVC;
15:
            LC = LC \wedge CC
16:
            SMT_{LC} = KDC \wedge SCKVC \wedge LC;
17:
         Key \leftarrow SMT.Solve(SMT_{LC}, T_{CE}(K));
     Initialization of constraints for SMT attack (Lazy Approach)
 1:
         function GenTCE(Graph G)
             Inputs \leftarrow G.find start points();
 3:
             Outputs \leftarrow G.find\_end\_points();
             T_{CE}(K) \leftarrow []
 5:
            for each (Sp in Inputs) do
 6:
                for each (Ep in Outputs) do
                    Upper(Sp,Ep)(K) \leftarrow !(distance_leq(Sp, Ep, t_{cd}));
 8:
9:
                    Lower(Sp,Ep)(K) \leftarrow distance leq(Sp, Ep, t_p);
                    Range(Sp, Ep)(K) \leftarrow Lower(Sp, Ep)(K) \wedge Upper(Sp, Ep)(K);
10:
                     T_{CE}(K) \leftarrow T_{CE}(K) \cup Range(Sp, Ep)(K);
11:
            return T_{CE}(K)
```

The big difference between Eager and Lazy approach: After model generation for Theory solver the SMT solve function is not called.

The theory model is defined but is not solved.



```
Algorithm Overall SMT Attack (Lazy Approach)
```

```
1: function SMT_LAZY_ATT(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
         KPC \leftarrow \text{ReplaceKPG}(N_{obf});
 3:
         C(X,K,Y) \leftarrow \text{Circuit Translation to CNF}(KPC):
         KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
 5:
         SCKVC = TRUE;
         SATC = KDC \wedge SCKVC:
                                                                                      ▶ Learned Clauses
         LC = TRUE:
         G(X,K) \leftarrow \text{Graph\_Translation}(N_{obf});
         T_{CE}(K) \leftarrow GenTCE(G(X, K));
 9:
                                                       ▶ Theory Constraint Expressions (Not Solved)
10:
         T_{CE}(K1, K2) \leftarrow T_{CE}(K1) \cup T_{CE}(K2);
        while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT. Solve(SATC, T_{CE}(K1, K2))) = TRUE) do
11:
12:
            Y_f \leftarrow C_{org}(X_{DI});
13:
             DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
14:
            SCKVC = SCKVC \land DIVC:
15:
            LC = LC \wedge CC
            SMT_{LG} = KDC \wedge SCKVC \wedge LC;
16:
17:
        Key \leftarrow SMT.Solve(SMT_{LC}, T_{CE}(K));
     Initialization of constraints for SMT attack (Lazy Approach)
 1:
         function GENTCE(Graph G)
             Inputs \leftarrow G.find start points();
 3:
             Outputs \leftarrow G.find end points();
             T_{CE}(K) \leftarrow []
 5:
             for each (Sp in Inputs) do
 6:
                for each (Ep in Outputs) do
                    Upper(Sp,Ep)(K) \leftarrow !(distance_leq(Sp, Ep, t_{cd}));
                    Lower(Sp,Ep)(K) \leftarrow distance leq(Sp, Ep, t_p);
 9:
                    Range(Sp, Ep)(K) \leftarrow Lower(Sp, Ep)(K) \wedge Upper(Sp, Ep)(K);
10:
                    T_{CE}(K) \leftarrow T_{CE}(K) \cup Range(Sp, Ep)(K);
11:
            return T_{CE}(K)
```

The SMT solve function is then called to find the assignment for keys which can satisfy both SAT solver and Theory solver(s).



#### **Algorithm** Overall SMT Attack (*Lazy* Approach)

```
1: function SMT_LAZY_ATT(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
         KPC \leftarrow \text{ReplaceKPG}(N_{obf});
 3:
         C(X,K,Y) \leftarrow \text{Circuit Translation to CNF}(KPC);
         KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
 5:
         SCKVC = TRUE;
         SATC = KDC \wedge SCKVC:
         LC = TRUE:
                                                                                      ▶ Learned Clauses
         G(X,K) \leftarrow \text{Graph\_Translation}(N_{obf});
         T_{CE}(K) \leftarrow GenTCE(G(X, K));
 9:
                                                       ▶ Theory Constraint Expressions (Not Solved)
10:
         T_{CE}(K1, K2) \leftarrow T_{CE}(K1) \cup T_{CE}(K2);
11:
        while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SATC, T_{CE}(K_1, K_2))) = TRUE) do
12:
            Y_f \leftarrow C_{org}(X_{DI});
13:
             DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
14:
             SCKVC = SCKVC \land DIVC;
15:
            LC = LC \wedge CC
16:
             SMT_{LG} = KDC \wedge SCKVC \wedge LC;
17:
        Key \leftarrow SMT.Solve(SMT_{LC}, T_{CE}(K));
     Initialization of constraints for SMT attack (Lazy Approach)
```

```
1:
        function GENTCE(Graph G)
            Inputs \leftarrow G.find start points();
 3:
            Outputs \leftarrow G.find end points();
            T_{CE}(K) \leftarrow []
            for each (Sp in Inputs) do
 6:
                for each (Ep in Outputs) do
                    Upper(Sp,Ep)(K) \leftarrow !(distance_leq(Sp, Ep, t_{cd}));
                    Lower(Sp,Ep)(K) \leftarrow distance leq(Sp, Ep, t_p);
 9:
                    Range(Sp, Ep)(K) \leftarrow Lower(Sp, Ep)(K) \wedge Upper(Sp, Ep)(K);
10:
                    T_{CE}(K) \leftarrow T_{CE}(K) \cup Range(Sp, Ep)(K);
11:
            return T_{CE}(K)
```

The decision tree and search Space for the SMT solver is Significantly Reduced.

## **Attack Modes**



- **Mode 1**: SMT **reduced** to SAT Attack
  - □ To show SMT is a superset of SAT
- Mode 2: Eager SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Serialized!
- Mode 3: Lazy SMT Attack
  - □ To show the Strength of SMT
  - □ Theory solver(s) and SAT solver are Parallelized!
- Mode 4: Accelerated Lazy SMT Attack (AccSMT)
  - To show more efficiency
  - □ Uses BitVector Theory Solver



- DIPs are Important
  - Number of DIPs = Number of Iterations
- Categorizing DIPs based on their Pruning Power
  - Stronger DIP rule outs more incorrect keys
    - Based on the number of inconsistencies that could sensitize to the primary outputs





- Depending of the pruning power of DIPs
  - The size of the complete set of DIPs could be different
- Minimal complete set of DIPs
  - The smallest set of DIPs that could de-obfuscate the circuit
    - Minimum Number of Iterations
      - The Fastest Solution for De-obfuscation





- Lazy approach
  - Reduce the size of complete set of DIPs
  - Results in smaller number of iterations
- In SAT attack only a **single difference** in the output results in generation of a DIP





- Stronger requirement for the generation of DIPs
- DIPs with the largest Hamming Distance in their propagated value to the primary output
- Such a DIP has a much higher pruning capability





- Assessing DIPs based on HD of the primary output
- Using a BitVector theory solver
  - □ Allows us to perform integer-oriented arithmetic operations
    - Addition
    - Subtraction
    - Multiplication
- The HD of output  $Y_1$  and  $Y_2$  is obtained using

$$HD(C(X_{DI},K_1),C(X_{DI},K_2)) = HD(Y_1,Y_2) = \sum_{i=1}^{N} Y_1(i) \oplus Y_2(i)$$
 Sweeping from Maximum to Minimum (Variable) (Constant) 
$$Th_{Lower} \leq HD(Y_1,Y_2) \leq Th_{Upper} = Size(Output)$$

# Enabling Approximate Attack



- Applicable to SAT-hard Logic Locking
  - e.g. **Point functions** such as SARLock and Anti-SAT
- Point Function obfuscation properties:
  - Small output corruption
  - Each DIP eliminates a single key value
  - □ The number of iterations are **exponentially large**
- To increase the corruption SAT hard obfuscation is usually combined with a high corruption obfuscation





# Enabling Approximate Attack



- Adding a termination strategy in Accelerated SMT
- Using BitVector (based on Hamming Distance)
  - □ Find keys related to **high corruption obfuscation** 
    - Hamming Distance > 1
  - □ Stop when we keep finding many keys with HD=1
    - This is the sat-hard trap zone
  - □ Return the Key as Approximate (with known HD)



| $Y_O$ | IN | k=0      | k=1      | k=2          | k=3        | k=4      | k=5      | k=6          | k=7 |
|-------|----|----------|----------|--------------|------------|----------|----------|--------------|-----|
| 1     | 0  | 1        | 1        | ✓            | 1          | Х        | 1        | ✓            | 1   |
| ✓     |    | X        | ✓        | <b>✓</b>     | ✓          | ✓        | ✓        | ✓            | ✓   |
| ✓     | 2  | <b>√</b> | <b>√</b> | <b>*</b> [X] | ✓          | ✓        | ✓        | ✓            | ✓   |
| ✓     | 3  | ✓        | ✓        | ✓            | ✓          | ✓        | X        | ✓            | ✓   |
| ✓     |    |          |          |              |            | ✓        |          | $\checkmark$ |     |
| ✓     | 5  | 1        | <b>√</b> | <b>√</b>     | <b>√</b>   | <b>/</b> | <b>√</b> |              | ✓   |
| ✓     | 6  |          |          |              |            | ✓        |          |              | X   |
| ✓     | 7  | <b>√</b> | <b>√</b> | <b>√</b>     | <b>*</b> X | ✓        | ✓        | ✓            | ✓   |

## Mode 4: AccSMT



#### **Algorithm** Accelerated SMT Attack

```
1: function AccSMT_ATTACK(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
 2:
        HD_{High} = Number of output bits;
                                                                            ▶ Upper hamming distance limit;
 3:
                                                                            ▶ Lower hamming distance limit;
        HD_{Low} = HD_{High} - 1;
 4:
                                                                                        ▶ Timeout constraint;
        TO = 50s;
 5:
        R = 20;
                                                                                            ▶ Repetition limit;
 6:
        R_{HD} = 1;
                                                                                       ▶ Repetition condition;
 7:
                                                                                  ▶ Repetition count variable;
        R_{count} = 0;
 8:
        KPC \leftarrow \text{Replace\_KPG}(N_{obf});
 9:
         C(X,K,Y) \leftarrow \text{Circuit Translation to } CNF(KPC);
10:
        KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
11:
        SCKVC = TRUE;
                                                                Calculate HD using BitVector
12:
        SATC = KDC \wedge SCKVC:
13:
        LC = TRUE:
                                                                                            ▶ Learned Clauses
        BV(X,K) \leftarrow \text{Circuit Output to\_BitVector}(N_{obf});
14:
15:
        BVS(X, K_1, K_2) = SUM \text{ of } 1s(BV(X, K_1) \oplus BV(X, K_2))
16:
                                                                                Theory constraint expression;
         T_{CE} \leftarrow BVS(X, K_1, K_2) \geq HD_{Low};
17:
         T_{CE} \leftarrow T_{CE} \cup (BVS(X, K_1, K_2) \leq HD_{High});
18:
        while HD_{Low} > 1 do
19:
            while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC}, T_{CE}, TO)) = T) do
20:
                Y_f \leftarrow C_{org}(X_{DI});
21:
                DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
22:
                SCKVC = SCKVC \land DIVC;
23:
                LC = LC \wedge CC
24:
                SMT_{LC} = KDC \wedge SCKVC \wedge LC;
25:
                if (HD_{Low} < HD_R) then
26:
                    if (R_{count} == R) then
27:
                        Break:
28:
                    R_{count} ++;
29:
            \mathrm{HD}_{Low}--;
30:
        Key \leftarrow SMT.Solve(SMT_{LC});
```

## Mode 4: AccSMT



#### **Algorithm** Accelerated SMT Attack

```
1: function AccSMT_ATTACK(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
 2:
        HD_{High} = Number of output bits;
                                                                          ▶ Upper hamming distance limit;
 3:
        HD_{Low} = HD_{High} - 1;
                                                                           ▶ Lower hamming distance limit;
 4:
                                                                                      ▶ Timeout constraint;
        T\hat{O} = 50s;
                                     Maximum HD = Output Width (Constant)
 5:
        R = 20;
                                                                                          ▶ Repetition limit;
 6:
                                     Minimum HD = Starts from Maximum
        R_{HD} = 1;
                                                                                     ▶ Repetition condition;
 7:
                                                                                ▶ Repetition count variable;
        R_{count} = 0;
 8:
        KPC \leftarrow \text{Replace\_KPG}(N_{obf});
 9:
        C(X,K,Y) \leftarrow \text{Circuit Translation to CNF}(KPC);
        KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
10:
11:
        SCKVC = TRUE;
12:
        SATC = KDC \wedge SCKVC:
13:
        LC = TRUE;
                                                                                           ▶ Learned Clauses
14:
        BV(X,K) \leftarrow \text{Circuit Output to BitVector}(N_{obf});
15:
        BVS(X, K_1, K_2) = SUM \text{ of } 1s(BV(X, K_1) \oplus BV(X, K_2))
16:
         T_{CE} \leftarrow BVS(X,K_1,K_2) > HD_{Low};
                                                                            ▶ Theory constraint expression;
17:
        T_{CE} \leftarrow T_{CE} \cup (BVS(X, K_1, K_2) \leq HD_{High});
18:
        while HD_{Low} > 1 do
19:
            while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC}, T_{CE}, TO)) = T) do
20:
                Y_f \leftarrow C_{org}(X_{DI});
21:
                DIVC = C(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
22:
                SCKVC = SCKVC \land DIVC;
23:
                LC = LC \wedge CC
24:
                SMT_{LC} = KDC \wedge SCKVC \wedge LC;
25:
                if (HD_{Low} < HD_R) then
26:
                    if (R_{count} == R) then
27:
                       Break:
28:
                   R_{count} ++;
                                             → Minimum HD → Sweeping (Iteratively Decreasing)
29:
            \mathrm{HD}_{Low}--;
30:
         Key \leftarrow SMT.Solve(SMT_{LC});
```

# Experimental Results



- Evaluation of SMT reduced to SAT Attack
  - □ **Purpose:** to show SMT is **superset** of SAT
  - □ We experimented using **two obfuscation** methods
    - random XOR/XNOR insertion (RLL)
    - obfuscation using nets with unbalanced probabilities IOLTS'14
  - We used **ISCAS-85 benchmarks** with obfuscation overhead ranging from 1% to 25%.

| Circuit                             | c432           | c499                                                                       | c880            | c1355           | c1908           | c2670             | c3540              | c5315              | c7552              |
|-------------------------------------|----------------|----------------------------------------------------------------------------|-----------------|-----------------|-----------------|-------------------|--------------------|--------------------|--------------------|
| # of Inputs # of Outputs # of Gates | 36<br>7<br>120 | $     \begin{array}{r}       41 \\       32 \\       162     \end{array} $ | 60<br>26<br>320 | 41<br>32<br>506 | 33<br>25<br>603 | 233<br>140<br>872 | $50 \\ 22 \\ 1179$ | 178<br>123<br>1726 | 207<br>108<br>2636 |

## Evaluation of SMT Reduced to SAT



#### Random XOR/XNOR insertion (RLL)

| Circuit | it $c2670$ |       |       |        |       | c3540 |       |                      |       | c5315 |       |                      |       | c7552 |       |                                 |  |
|---------|------------|-------|-------|--------|-------|-------|-------|----------------------|-------|-------|-------|----------------------|-------|-------|-------|---------------------------------|--|
|         | SAT        |       | S     | SMT    |       | SAT   |       | $\operatorname{SMT}$ |       | SAT   |       | $\operatorname{SMT}$ |       | SAT   |       | $\overline{\Lambda \mathrm{T}}$ |  |
|         | #iter      | time  | #iter | time   | #iter | time  | #iter | time                 | #iter | time  | #iter | time                 | #iter | time  | #iter | time                            |  |
| 1%      | 3          | 0.102 | 5     | 0.474  | 10    | 0.513 | 8     | 1.31                 | 9     | 0.405 | 10    | 0.441                | 11    | 0.577 | 19    | 0.806                           |  |
| 5%      | 45         | 1.514 | 57    | 3.589  | 19    | 1.502 | 25    | 1.249                | 32    | 1.354 | 24    | 2.433                | 67    | 5.271 | 42    | 4.261                           |  |
| 10%     | 312        | 14.08 | 342   | 15.752 | 36    | 1.782 | 36    | 2.973                | 59    | 3.798 | 57    | 4.881                | 97    | 15.82 | 94    | 15.67                           |  |
| 25%     | 781        | 114.5 | 692   | 108.6  | 77    | 9.796 | 65    | 8.462                | 95    | 19.63 | 107   | 22.48                | 215   | 225.6 | 228   | 270.8                           |  |

#### Obfuscation using nets with unbalanced probabilities IOLTS'14





## Evaluation of Eager SMT Attack



- DLL as the case study
  - cannot be modeled in a SAT attack.
  - □ DLL + MUX/XOR-based logic locking
- Serial invocation of theory and SAT solver.



| Circuit            | c1908                            | c2670                          | c3540                                                         | c5315                         | c7552                            |
|--------------------|----------------------------------|--------------------------------|---------------------------------------------------------------|-------------------------------|----------------------------------|
| 1%<br>2%           | 0.077 + 1.663<br>0.016 + 1.919   | 0.068 + 170.0 $0.221 + 175.6$  | 0.053 + 4.054<br>0.200 + 5.001                                | 1.291 + 114.6 $1.535 + 144.6$ | 0.580 + 138.6 $1.808 + 185.5$    |
| 3%                 | 0.054 + 2.161                    | 0.337 + 212.7                  | 1.359 + 6.328                                                 | 3.057 + 160.4                 | 2.247 + 245.9                    |
| $\frac{5\%}{10\%}$ | $0.075 + 2.810 \\ 0.499 + 3.812$ | 0.495 + 248.4<br>38.78 + 497.1 | $\begin{array}{r} 1.553 + 8.325 \\ 1.524 + 14.35 \end{array}$ | 3.891 + 256.9 $16.19 + 550.3$ | $7.812 + 353.3 \\ 33.92 + 782.7$ |
| 25%                | 8.951 + 21.71                    | 112.4 + 972.5                  | 9.459 + 92.42                                                 | 60.30 + 1567                  | 2920 + 5244                      |

SMT execution time = x + y, x: The execution time of the SAT engine of the SMT Solver, y: The execution time of the theory engine of the SMT Solver

# Evaluation of Lazy SMT Attack



- DLL as the case study
  - cannot be modeled in a SAT attack.
  - □ DLL + MUX/XOR-based logic locking
- Parallel invocation of theory and SAT solver



## Evaluation of AccSMT



- Ability to find stronger DIPs
  - Pruning power of DIPs is higher!
  - □ Higher rate in decreasing the number of remaining keys



Set of potential Correct Keys (SCK)

Set of Invalid Keys (SIK)



# **Enabling Approximate Attack**



- SARLock + IOLTS'14
  - □ Finds the **correct keys** for **high-corruption**
  - detects the SAT-hard trap
  - exits, and reports the approximate key



| Circuit | c1908 |       | c2670 |       | c35   | 540   | c53   | 315   | c7552 |       |  |
|---------|-------|-------|-------|-------|-------|-------|-------|-------|-------|-------|--|
|         | #iter | time  |  |
| 1%      | 7     | 0.512 | 16    | 3.075 | 8     | 1.304 | 3     | 0.384 | 7     | 2.905 |  |
| 5%      | 18    | 0.701 | 25    | 11.91 | 15    | 1.681 | 11    | 1.707 | 33    | 17.56 |  |
| 10%     | 31    | 4.085 | 51    | 26.47 | 21    | 3.779 | 35    | 7.402 | 61    | 44.07 |  |
| 25%     | 71    | 8.605 | 105   | 76.8  | 66    | 22.91 | 56    | 16.64 | 88    | 58.32 |  |

## Conclusion



- introduced the powerful SMT attacks
  - Benefits from the expressive nature of theory solvers
- Proved that SMT attack is a superset of the SAT attack
- Explained the **Eager** and **Lazy** mode of SMT attack
- Using both Eager and Lazy approach
  - We broke the DLL obfuscation That cannot be broken by a SAT attack
  - □ Why? SMT attack's capabilities go beyond a SAT attack
- Presented the accelerated SMT attack (AccSMT)
  - □ significant **speed-up** compare to pure SAT attack
- Presented a formulation for SMT approximate attack
  - □ To find an approximate key for compound obfuscation schemes

## Selected References



- [1] J. Roy et al. 2010. Ending piracy of integrated circuits. Computer, 43, 10 (2010), 30–38.
- [2] P. Tuyls et al. 2006. Read-proof hardware from protective coatings. In CHES. 369–383.
- [3] J. Rajendran et al. 2012. Security analysis of logic obfuscation. In DAC. 83–89.
- [4] K. Shamsi *et al.* 2017. AppSAT: Approximately deobfuscating integrated circuits. In HOST. 95–100.
- [5] M. Yasin *et al.* 2017. Removal attacks on logic locking and camouflaging techniques. IEEE Trans. on Emerging Topics in Computing1 (2017).
- [6] P. Subramanyan *et al.* 2015. Evaluating the security of logic encryption algorithms. In HOST.137–143.
- [7] Y. Shen and H. Zhou. 2017. Double dip: Re-evaluating security of logic encryption algorithms. In GLSVLSI. 179–184.
- [8] D. Sirone and P. Subramanyan. 2018. Functional Analysis Attacks on Logic Locking. arXiv preprint arXiv:1811.12088 (2018).
- [9] M. Yasin et al. 2016. SARLock: SAT Attack Resistant Logic Locking. In HOST. 236–241.
- [10] Y. Xie and A. Srivastava. 2016. Mitigating sat attack on logic locking. In CHES. 127–146.
- [11] M. Yasin et al. 2017. Provably-secure logic locking: From theory to practice. In ACM-CCS. 1601–1618.
- [12] H. M. Kamali *et al.* 2019. Full-Lock: Hard Distributions of SAT Instances for Obfuscating Circuits using Fully Configurable Logic and Routing Blocks. In DAC. 6.
- [13] S. Roshanisefat *et al.* 2018. SRCLock: SAT-Resistant Cyclic Logic Locking for Protecting the Hardware. In GLSVLSI. 153–158.
- [14] Y. Xie *et al.* 2017. Delay locking: Security enhancement of logic locking against ic counterfeiting and overproduction. In DAC. 9.
- [15] M. Yasin et al. 2017. Security analysis of anti-sat. In ASP-DAC. 342–347.
- [16] H. Zhou et al. 2017. CycSAT: SAT-based attack on cyclic logic encryptions. In ICCAD. 49–56.
- [17] Y. Shen et al. 2019. BeSAT: behavioral SAT-based attack on cyclic logic encryption. In ASP-DAC.ACM, 657–662.
- [18] C. Barrett et al. 2015. Satisfiability modulo theories. In Handbook of Model Checking. 305–343.
- [19] S. Bayless et al. 2015. Sat Modulo Monotonic Theories. In AAAI. 2015. 3702–3709.







#### SAT Attack



Replace all obfuscated cells with key programmable gates

#### **Adding Key Inputs**

Set of Correct Keys (SCK)



Breaks within few minutes (few iterations)!

#### **Algorithm** SAT-based Attack Algorithm

```
1: function SAT_ATTACK(Circuit C_L, Circuit C_O)
2: i \leftarrow 0; F_0 \leftarrow C_L(X, K_1, Y_1) \wedge C_L(X, K_2, Y_2);
3: while SAT(F_i \wedge (Y_1 \neq Y_2)) do
4: X_d[i] \leftarrow \text{sat\_assignment} (F_i \wedge (Y_1 \neq Y_2)); Y_d[i] \leftarrow C_O(X_d[i]);
5: F_{i+1} \leftarrow F_i \wedge C_L(X_d[i], K_1, Y_d[i]) \wedge C_L(X_d[i], K_2, Y_d[i]); i \leftarrow i+1;
6: K^* \leftarrow \text{sat\_assignment}_{K_1}(F_i);
```



#### SAT Attack



#### **Duplicating KPC**

- Primary Inputs are in Common
- Keys are Different
- XORed

# Set of Correct Keys (SCK) Set of Invalid Keys (SIK) Clause added Cla

#### **Algorithm** SAT-based Attack Algorithm

```
1: function SAT_ATTACK(Circuit C_L, Circuit C_O)
2: i \leftarrow 0; F_0 \leftarrow C_L(X, K_1, Y_1) \wedge C_L(X, K_2, Y_2);
3: while SAT(F_i \wedge (Y_1 \neq Y_2)) do
4: X_d[i] \leftarrow \text{sat\_assignment} (F_i \wedge (Y_1 \neq Y_2)); Y_d[i] \leftarrow C_O(X_d[i]);
5: F_{i+1} \leftarrow F_i \wedge C_L(X_d[i], K_1, Y_d[i]) \wedge C_L(X_d[i], K_2, Y_d[i]); i \leftarrow i+1;
6: K^* \leftarrow \text{sat\_assignment}_{K_1}(F_i);
```



#### SAT Attack



#### **Duplicating KPC**

- Primary Inputs are in Common
- Keys are Different
- XORed



#### **Algorithm** SAT-based Attack Algorithm

1: **function** SAT\_ATTACK(Circuit  $C_L$ , Circuit  $C_O$ )
2:  $i \leftarrow 0$ ;  $F_0 \leftarrow C_L(X, K_1, Y_1) \wedge C_L(X, K_2, Y_2)$ ;
3: **while**  $SAT(F_i \wedge (Y_1 \neq Y_2))$  **do** Observing  $C_O$  for new DIP
4:  $X_d[i] \leftarrow \text{sat\_assignment}(F_i \wedge (Y_1 \neq Y_2)); Y_d[i] \leftarrow C_O(X_d[i]);$ 5:  $F_{i+1} \leftarrow F_i \wedge C_L(X_d[i], K_1, Y_d[i]) \wedge C_L(X_d[i], K_2, Y_d[i]); i \leftarrow i+1;$ 6:  $K^* \leftarrow \text{sat\_assignment}_{K_1}(F_i);$ 



#### SAT Attack



#### Set of Correct Keys (SCK) Set of Invalid Keys (SIK)



Breaks within few minutes (few iterations)!

#### **Algorithm** SAT-based Attack Algorithm

```
1: function SAT_ATTACK(Circuit C_L, C reuit C_O)

2: i \leftarrow 0; F_0 \leftarrow C_L(X, K_1, Y_1) \wedge C_L(X, K_2, Y_2);

3: while SAT(F_i \wedge (Y_1 \neq Y_2)) do

4: X_d[i] \leftarrow \text{sat\_assignment} (F_i \wedge (Y_1 \neq Y_2)) : [Y_d[i] \leftarrow C_O(X_d[i]);

5: F_{i+1} \leftarrow F_i \wedge C_L(X_d[i], K_1, Y_d[i]) \wedge C_L(X_d[i], K_2, Y_d[i]); i \leftarrow i+1;

6: K^* \leftarrow \text{sat\_assignment}_{K_1}(F_i);
```



#### SAT Attack



Iteratively, Finding and Validating new DIP

- ANDed to confirms all of the previously found DIPs

- Set of Correct Keys (SCK)

  Set of Invalid Keys (SIK)
- Clause added Clause added Clause added Clause added Clause added

**Breaks within few minutes (few iterations)!** 

#### **Algorithm** SAT-based Attack Algorithm

1: **function** SAT\_ATTACK(Circuit  $C_L$ , Circuit  $C_O$ )
2:  $i \leftarrow 0$ ;  $F_0 \leftarrow C_L(X, K_1, Y_1) \wedge C_L(X, K_2, Y_2)$ ;
3: **while**  $SAT(F_i \wedge (Y_1 \neq Y_2))$  **do**4:  $X_d[i] \leftarrow \text{sat\_assignment}(F_i \wedge (Y_1 \neq Y_2))$ ;  $Y_d[i] \leftarrow C_O(X_d[i])$ ;
5:  $F_{i+1} \leftarrow F_i \wedge C_L(X_d[i], K_1, Y_d[i]) \wedge C_L(X_d[i], K_2, Y_d[i])$ ;  $i \leftarrow i+1$ ;
6:  $K^* \leftarrow \text{sat\_assignment}_{K_1}(F_i)$ ;



#### SAT Attack



#### **Terminate Condition:**

- SAT is not able to find a new DIP
- Finding Correct Key based on all previously found DIPs.
- Set of Correct Keys (SCK)
- Set of Invalid Keys (SIK)



**Breaks within few minutes (few iterations)!** 

#### **Algorithm** SAT-based Attack Algorithm

- 1: **function** SAT\_ATTACK(Circuit  $C_L$ , Circuit  $C_O$ )
- 2:  $i \leftarrow 0; F_0 \leftarrow C_L(X, K_1, Y_1) \wedge C_L(X, K_2, Y_2);$
- 3: while  $SAT(F_i \land (Y_1 \neq Y_2))$  do
- 4:  $X_d[i] \leftarrow \text{sat\_assignment } (F_i \land (Y_1 \not= Y_2)); Y_d[i] \leftarrow C_O(X_d[i]);$
- 5:  $F_{i+1} \leftarrow F_i \wedge C_L(X_d[i], K_1, Y_d[i]) \wedge C_L(X_d[i], K_2, Y_d[i]); i \leftarrow i+1;$
- 6:  $K^* \leftarrow \text{sat\_assignment}_{K_1}(F_i)$ ;

# Mode 2: Eager SMT Attack



- By having K TDK cells
  - $\square$  2K in total
  - SAT solver returns one logically correct key sequence among (2<sup>k</sup>) different set
    - Only one of such key does not result in setup and hold time violations
- The correct attack should consider the delay and timing

**properties** of the netlist

■ In addition to its logical correctness!



## Using TimeOut



The execution of SAT and SMT attack



t(i) is the execution time of the i<sup>th</sup> iteration of an SMT attack

- By just reducing the number of SAT iterations (*N*)
  - □ We cannot guarantee a shorter execution time
  - We limit the time allowance for finding a DIP in each iteration
- *TO* prevents the SMT solver from spending a long time for finding a DIP with large HD

## Using TimeOut(Cont.)



- TO prevents the SMT solver from spending a long time for finding a DIP with large HD
- By adapting TO feature during SMT attack, the HD requirement is reduced
  - □ The SMT solver returns UNSAT
    - There is no such input
  - □ We encounter TO interrupt
    - The HD constraints posed on BitVector theory solver is reduced by one
    - The SMT solver is called
- Time interrupt is supported by MonoSAT used in this paper
- Our experiments illustrate that this usually results in considerably smaller execution time.

## Mode 4: AccSMT



#### **Algorithm** Accelerated SMT Attack

```
1: function AccSMT_ATTACK(Obfuscated_Netlist N<sub>obf</sub>, Functional_Circuit C<sub>org</sub>)
 2:
        HD_{High} = Number of output bits;
                                                                            ▶ Upper hamming distance limit;
 3:
                                                                            ▶ Lower hamming distance limit;
        HD_{Low} = HD_{High} - 1;
 4:
                                                                                         ▶ Timeout constraint;
        TO = 50s;
 5:
        R = 20;
                                                                                             ▶ Repetition limit;
 6:
        R_{HD} = 1;
                                                                                        ▶ Repetition condition;
 7:
                                                                                  ▶ Repetition count variable;
        R_{count} = 0;
 8:
        KPC \leftarrow \text{Replace\_KPG}(N_{obf});
 9:
        C(X,K,Y) \leftarrow \text{Circuit\_Translation\_to\_CNF}(KPC);
10:
        KDC = C(X, K_1, Y_1) \wedge C(X, K_2, Y_2) \wedge (Y_1 \neq Y_2);
11:
        SCKVC = TRUE;
12:
        SATC = KDC \wedge SCKVC:
13:
        LC = TRUE:
                                                                                             ▶ Learned Clauses
14:
        BV(X,K) \leftarrow \text{Circuit Output to BitVector}(N_{obf});
15:
        BVS(X, K_1, K_2) = SUM \text{ of } 1s(BV(X, K_1) \oplus BV(X, K_2))
         T_{CE} \leftarrow BVS(X,K_1,K_2) \geq HD_{Low};
16:
                                                                              ▶ Theory constraint expression;
17:
         T_{CE} \leftarrow T_{CE} \cup (BVS(X, K_1, K_2) \leq HD_{High});
18:
        while HD_{Low} > 1 do
19:
            while (((X_{DI}, K_1, K_2, CC) \leftarrow SMT.Solve(SMT_{LC}, T_{CE}, TO)) = T) do
20:
                Y_f \leftarrow C_{org}(X_{DI});
21:
                DIVC = \check{C}(X_{DI}, K_1, Y_f) \wedge C(X_{DI}, K_2, Y_f);
22:
                SCKVC = SCKVC \land DIVC;
23:
                LC = LC \wedge CC
24:
                SMT_{LC} = KDC \wedge SCKVC \wedge LC;
                if (HD_{Low} < HD_B) then
25:
                    if (R_{count} == R) then
26:
                                                                   Check Repetitive \rightarrow avoid trapping
27:
                        Break:
                                                                                         (Approximate Key)
28:
                    R_{count} ++;
29:
            \mathrm{HD}_{Low}--;
30:
         Key \leftarrow SMT.Solve(SMT_{LC});
```

## Evaluation of AccSMT



- Comparison of the execution time and the number of iterations between the SAT solver and the AccSMT solver
- AccSMT attack is carried in a smaller number of iterations and requires order(s) of magnitude smaller execution time

| Circuit |            | c26   | 670      |       | c3540                     |         |       |        | c5315 |       |       |        | c7552 |       |       |              |
|---------|------------|-------|----------|-------|---------------------------|---------|-------|--------|-------|-------|-------|--------|-------|-------|-------|--------------|
|         | SAT AccSMT |       | SAT AccS |       | $\overline{\mathrm{SMT}}$ | SMT SAT |       | AccSMT |       | SAT   |       | AccSMT |       |       |       |              |
|         | #iter      | time  | #iter    | time  | #iter                     | time    | #iter | time   | #iter | time  | #iter | time   | #iter | time  | #iter | $_{ m time}$ |
| 1%      | 3          | 0.102 | 2        | 0.316 | 10                        | 0.513   | 3     | 0.185  | 9     | 0.405 | 2     | 0.163  | 11    | 0.577 | 3     | 0.374        |
| 5%      | 45         | 1.514 | 11       | 3.589 | 19                        | 1.502   | 6     | 0.761  | 32    | 1.354 | 6     | 0.408  | 67    | 5.271 | 17    | 2.607        |
| 10%     | 312        | 14.08 | 26       | 5.817 | 36                        | 1.782   | 11    | 1.236  | 59    | 3.798 | 12    | 1.753  | 97    | 15.82 | 19    | 4.721        |
| 25%     | 781        | 114.5 | 107      | 24.05 | 77                        | 9.796   | 16    | 1.606  | 95    | 19.63 | 27    | 7.916  | 215   | 225.6 | 24    | 23.52        |

# Eager vs. Lazy



- Eager vs. Lazy
  - **majority of cases:** 
    - Lazy approach outperforms the Eager
  - some cases (e.g. for Benchmark C1908 with 50% overhead):
    - The Lazy approach is slower than Eager approach
    - Lazy approach doesn't always result in the stronger attack
  - □ There exist a set of problems that Eager is not even applicable
    - leaving the Lazy approach as the only solution forward

# Calculating Setup time and Hold time



- Standard flow for extracting the register setup time
  - we are looking at 5% increase in  $t_{clk-q}$  when we sweep the data-clock arrival time difference from a large negative to a large positive number.



# Conjunctive Normal Form (CNF)



- A Conjunction of one or more Clauses
  - each Clause is a Disjunction of Literals
- Similar to Product of Sum (PoS)