迴路化邏輯加密法是在硬體安全領域中的一種新型的技術，其用以對抗布林滿足性破解法。近年來，第二代迴路鎖(LOOPLock 2.0)被提出來，它是一種迴路化的邏輯加密法，其在已加密的電路中故意創建迴路，以同時抵抗SAT Attack、CycSAT、BeSAT和Removal Attack。第二代迴路鎖的關鍵概念是，無論金鑰是否正確，結果的電路仍然是有迴路的。此特性阻絕了攻擊者並證明其成功地防禦攻擊者。 在本論文中，我們提出了一種基於結構分析和布林滿足性求解器的破解方法，可用於攻擊第二代迴路鎖。具體來說，我們在運行布林滿足性求解器之前，先識別並刪除已加密的電路中的非組合性迴路。此外，我們也進一步提出了一種增強式加密法來使所提出的新攻擊失效。實驗結果顯示，我們所提出的破解和加密方法是很有效的。

Cyclic logic locking is a new type of SAT-resistant techniques in hardware security. Recently, LOOPLock 2.0 was proposed, which is a cyclic logic locking method creating cycles deliberately in the locked circuit to resist SAT Attack, CycSAT, BeSAT, and Removal Attack simultaneously. The key idea of LOOPLock 2.0 is that the resultant circuit is still cyclic no matter the key vector is correct or not. This property refuses attackers and demonstrates its success on defending against attackers. In this thesis, we propose an unlocking approach to LOOPLock 2.0 based on structure analysis and SAT solvers. Specifically, we identify and remove non-combinational cycles in the locked circuit before running SAT solvers. Furthermore, we propose an enhanced locking approach to invalidate the proposed new attack. The experimental results show that the proposed unlocking and locking approaches are promising.

中文摘要 i
Abstract ii
誌謝辭 iii
Contents iv
List of Tables vi
List of Figures vii
1 Introduction 1
2 Preliminaries 5
2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 5
2.2 Node Merging (NM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3 NM-based cycle generation . . . . . . . . . . . . . . . . . . . . . . . . 6
2.4 LOOPLock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 7
2.5 LOOPLock 2.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 9
3 Our Unlocking Approach 11
3.1 Shortcomings of LOOPLock 2.0 . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Our Unlocking Approach . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.3 Cycle Groups in LOOPLock 2.0 . . . . . . . . . . . . . . . . . . . . . . 15
4 Our Locking Approach 17
4.1 Enhanced Locking Structure . . . . . . . . . . . . . . . . . . . . . . . 17
4.2 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5 Experimental results 24
6 Conclusion 34

[1] K. Z. Azar et al., "SMT Attack: Next Generation Attack on Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks," IACR Trans. on Cryptographic Hardware and Embedded Systems, vol. 2019, no. 1, pp. 97-122, 2019.
[2] J.-H. Chen et al., "Synthesis and Verication of Cyclic Combinational Circuits," in Proc. of SOCC, pp. 257-262, 2015.
[3] Y.-C. Chen and C.-Y. Wang, "Fast Detection of Node Mergers using Logic Implications," in Proc. of ICCAD, pp. 785-788, 2009.
[4] Y.-C. Chen and C.-Y.Wang, "Fast Node Merging with Don't Cares Using Logic Implications," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, vol. 29, no. 11, pp. 1827-1832, 2010.
[5] H.-Y. Chiang et al., "LOOPLock: LOgic OPtimization based Cyclic Logic Locking," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, vol. 39, no. 10, pp. 2178-2191, 2020.
[6] H. M. Kamali et al., "Full-Lock: Hard Distributions of SAT instances for Obfuscating Circuits using Fully Congurable Logic and Routing Blocks," in Proc. of DAC, pp. 1-6, 2019.
[7] L. Li and A. Orailoglu, "Piercing Logic Locking Keys through Redundancy Identication," in Proc. of DATE, pp. 540-545, 2019.
[8] A. Rezaei et al., "Cyclic Locking and Memristor-based Obfuscation Against CycSAT and Inside Foundry Attacks," in Proc. of DATE, pp. 85-90, 2018.
[9] A. Rezaei et al., "CycSAT-Unresolvable Cyclic Logic Encryption Using Unreachable States," in Proc. of ASPDAC, pp. 358-363, 2019.
[10] S. Roshanisefat et al., "SRClock: SAT-Resistant Cyclic Logic Locking for Protecting the Hardware," in Proc. of GLSVLSI, pp. 153-158, 2018.
[11] S. Roshanisefat et al., "SAT-Hard Cyclic Logic Obfuscation for Protecting the IP in the Manufacturing Supply Chain," IEEE Trans. on Very Large Scale Integration Systems, vol. 28, no. 4, pp. 954-967, 2020.
[12] J. A. Roy et al., "Ending Piracy of Integrated Circuits," Computer, vol. 43, no. 10, pp. 30-38, 2010.
[13] J. P. Roth et al., "Programmed Algorithms to Compute Tests to Detect and Distinguish Between Failures in Logic Circuits," IEEE Trans. on Electronic Computers, vol. EC-16, no. 5, pp. 567-580, 1967.
[14] B. Shakya et al., "CAS-Lock: A Security-Corruptibility Trade-o Resilient Logic Locking Scheme," in IACR Trans. on Cryptographic Hardware and Embedded Systems, vol. 2020, no. 1, pp. 175-202, 2019.
[15] K. Shamsi et al., "Cyclic Obfuscation for Creating SAT-Unresolvable Circuits," in Proc. of GLSVLSI, pp. 173-178, 2017.
[16] K. Shamsi et al., "AppSAT: Approximately Deobfuscating Integrated Circuits," in Proc. of HOST, pp. 95-100, 2017.
[17] Y. Shen et al., "BeSAT: Behavioral SAT-based Attack on Cyclic Logic Encryption," in Proc. of ASPDAC, pp. 657-662, 2019.
[18] Y. Shen et al., "A Comparative Investigation of Approximate Attacks on Logic Encryptions," in Proc. of ASPDAC, pp. 271-276, 2018.
[19] Y. Shen et al., "SAT-based bitipping attack on logic encryptions," in Proc. of DATE, pp. 629-632, 2018.
[20] Y. Shen and H. Zhou, "Double DIP: Re-Evaluating Security of Logic Encryption Algorithms," in Proc. of GLSVLSI, pp. 179-184, 2018.
[21] Y. Shen et al., "SigAttack: New High-level SAT-based Attack on Logic Encryptions," in Proc. of DATE, pp. 940-943, 2019.
[22] P. Subramanyan et al., "Evaluating the Security of Logic Encryption Algorithms," in Proc. of HOST, pp. 137-143, 2015.
[23] Y. Xie and A. Srivastava, "Mitigating SAT Attack on Logic Locking," in Proc. of International Conference on Cryptographic Hardware and Embedded Systems, pp. 127-146, 2016.
[24] Y. Xie and A. Srivastava, "Anti-SAT: Mitigating SAT Attack on Logic Locking," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, vol. 38, no. 2, pp. 199-207, 2019.
[25] X.-M. Yang et al., "LOOPLock 2.0: An Enhanced Cyclic Logic Locking Approach," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, doi: 10.1109/TCAD.2021.3053912, 2021.
[26] M. Yasin et al., "SARlock: SAT Attack Resistant Logic Locking," in Proc. of HOST, pp. 236-241, 2016.
[27] M. Yasin et al., "Provably-Secure Logic Locking: From Theory To Practice," in Proc. of CCS, pp. 1601-1618, 2017.
[28] M. Yasin et al., "Security Analysis of Anti-SAT," in Proc. of ASPDAC, pp. 342-347, 2016.
[29] M. Yasin et al., "Removal Attacks on Logic Locking and Camouflaging Techniques," IEEE Trans. on Emerging Topics in Computing, vol. 8, no. 2, pp. 517-532, 2020.
[30] H. Zhou et al., "CycSAT: SAT-Based Attack on Cyclic Logic Encryptions," in Proc. of ICCAD, pp. 49-56, 2017.
[31] IWLS2005 Benchmarks. [Online]. Available: http://iwls.org/iwls2005/benchmarks.html
[32] Berkeley Logic Synthesis and Verication Group, "ABC: a system for sequential synthesis and verication," Available: https://people.eecs.berkeley.edu/alanmi/abc/.