邏輯鎖定已成為保護積體電路（IC）的關鍵策略，透過加入額外的邏輯閘（key gates）和輸入，僅在正確密鑰下才能正常運作。然而，利用DIPs迅速篩除錯誤密鑰的SAT攻擊，對傳統邏輯鎖定方法的效能提出了挑戰。為了對抗這一點，像是AND樹的點函數被利用來確保SAT攻擊每次迭代僅能排除一個錯誤鑰匙，顯著增加了解密的難度。

儘管技術上有所進步，點函數所產生的相對低輸出錯誤仍是一個重要的限制。為了應對這一挑戰，本研究介紹了一種新的加密方法，使用大小樹結構旨在增加錯誤率，同時保持對SAT攻擊的抵抗力。我們的方法稱為減恢復框架 (Subtract-Recovery framework)，採用AND和OR邏輯閘，更容易被合成工具重新合成，提升了電路性能並隱藏了加密的線索。

我們的基準測試結果顯示，我們的方法在抵禦SAT攻擊方面表現良好，並且顯著增加了輸出損壞，同時防禦結構攻擊。此外，與ObfusLock進行的比較分析顯示，儘管兩種技術都展現出對SAT攻擊的強大抵抗力，我們的方法不僅造成顯著的輸出錯誤，還在面積開銷上平均減少了2.34％。

Logic locking has become a pivotal strategy in securing integrated circuits (ICs) by integrating key gates and inputs, which activate the ICs only with the correct keys. However, SAT attacks, which leverage distinguishable input patterns (DIPs) to filter out incorrect keys rapidly, have challenged the efficacy of conventional logic locking methods. To counteract this, one-point functions like AND-trees have been utilized to ensure that a SAT attack can only eliminate a single incorrect key per iteration, significantly increasing the decryption effort.

Despite advancements, the relatively low output corruption produced by one-point functions remains a critical limitation. In response, this study introduces a new encryption methodology that employs a Big+Little tree structure aimed at increasing the error rate while maintaining resistance to SAT attacks. Our approach, called the Subtract-Recovery framework, utilizes AND and OR gates and is compatible with popular synthesis tools, enhancing circuit performance and concealing any evidence of encryption.

Our benchmarking results demonstrate that our method performs well against SAT attacks and significantly increases output corruption while defending against structural attacks. Additionally, a comparative analysis with ObfusLock reveals that although both techniques exhibit robust resistance to SAT attacks, our method not only causes significant output corruption but also achieves an average reduction of 2.34\% in area overhead.

1 Introduction 1
2 Previous Work 4
2.1 Defending Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Random Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 Point Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.3 High Output Corruption . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Attack Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2.1 Sensitization Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2.2 SAT Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2.3 AppSAT Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.4 Structural Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Framework and Properties of Big+Little Tree 11
3.1 Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1 Subtraction-Recovery Logic Locking Technique . . . . . . . . . . . . 11
3.1.2 Advanced Big+Little Tree Encryption Architecture . . . . . . . . . . 13
3.2 Preliminary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2.1 Boolean Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2.2 Distinguish Input Pattern(DIP) . . . . . . . . . . . . . . . . . . . . . 14
3.2.3 Point Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.4 Encrypted And-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2.5 Output Corruption (OC) . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.3 Propositions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4 Big+Little Construction 22
4.1 Overall Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2 Find AND-trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.3 Subtract AND-trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4 Handling Tree Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4.1 Small Big Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4.2 Large Little Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.5 Proof of Circuit Equivalence . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5 Security Analysis 32
5.1 SPI Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.2 Valkyrie Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.3 Brute-force Attack on Little-tree . . . . . . . . . . . . . . . . . . . . . . . . . 33
6 Experimental Results 34
6.1 Effectiveness of Big-tree for SAT Attack . . . . . . . . . . . . . . . . . . . . 34
6.2 Effectiveness of Little-tree for Output Corruption . . . . . . . . . . . . . . . 35
6.3 Effectiveness of Multiple Little-trees for Area, SAT, and Output Corruption 36
6.4 Comprehensive Analysis of Encryption Resilience to SAT, AppSAT, and Valkyrie
Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6.5 Comparisons with ObfusLock . . . . . . . . . . . . . . . . . . . . . . . . . . 38
7 Conclusions and Future Work 41

[1] Luca Amar ́u et al. The epfl combinational benchmark suite. In IWLS, 2015.
[2] J. Rajendran et al. Security analysis of logic obfuscation. In DAC, pages 83–89, 2012.
[3] P. Subramanyan et al. Evaluating the security of logic encryption algorithms. In HOST,
pages 137–143, 2015.
[4] Y. Xie and A. Srivastava. Anti-sat: Mitigating sat attack on logic locking. IEEE TCAD,
38(2):199–207, Feb 2019.
[5] M. Yasin et al. Sarlock: Sat attack resistant logic locking. In HOST, pages 236–241,
2016.
[6] Meng Li, Kaveh Shamsi, Travis Meade, Zheng Zhao, Bei Yu, Yier Jin, and David Z.
Pan. Provably secure camouflaging strategy for ic protection. IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems, 38(8):1399–1412, 2019.
[7] Muhammad Yasin, Bodhisatwa Mazumdar, Jeyavijayan J V Rajendran, and Ozgur
Sinanoglu. Ttlock: Tenacious and traceless logic locking. In 2017 IEEE International
Symposium on Hardware Oriented Security and Trust (HOST), pages 166–166, 2017.
[8] Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf,
Jeyavijayan (JV) Rajendran, and Ozgur Sinanoglu. Provably-secure logic locking: From
theory to practice. In Proceedings of the 2017 ACM SIGSAC Conference on Computer
and Communications Security, CCS ’17, page 1601–1618, New York, NY, USA, 2017.
Association for Computing Machinery.
[9] K. Shamsi et al. Appsat: Approximately deobfuscating integrated circuits. In HOST,
pages 95–100, 2017.
[10] Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajen-
dran. Security analysis of anti-sat. In 2017 22nd Asia and South Pacific Design Au-
tomation Conference (ASP-DAC), pages 342–347, 2017.
[11] X. Xu et al. Novel bypass attack and bdd-based tradeoff analysis against all known
logic locking attacks. In CHES, pages 189–210, 2017.
[12] Lilas Alrahis, Satwik Patnaik, Faiq Khalid, Muhammad Abdullah Hanif, Hani Saleh,
Muhammad Shafique, and Ozgur Sinanoglu. Gnnunlock: Graph neural networks-based
oracle-less unlocking scheme for provably secure logic locking. In 2021 Design, Automa-
tion Test in Europe Conference Exhibition (DATE), pages 780–785, 2021.
[13] Abhrajit Sengupta, Mohammed Nabeel, Nimisha Limaye, Mohammed Ashraf, and
Ozgur Sinanoglu. Truly stripping functionality for logic locking: A fault-based per-
spective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and
Systems, 39(12):4439–4452, 2020.
[14] Jingbo Zhou and Xinmiao Zhang. Generalized sat-attack-resistant logic locking. IEEE
TIFS, 16:2581–2592, 2021.
[15] Yuntao Liu, Michael Zuzak, Yang Xie, Abhishek Chakraborty, and Ankur Srivastava.
Strong anti-sat: Secure and effective logic locking. In 2020 21st International Symposium
on Quality Electronic Design (ISQED), pages 199–205, 2020.
[16] B. Shakya et al. Cas-lock: A security-corruptibility trade-off resilient logic locking
scheme. In CHES, pages 175–202, 2020.
[17] Z. Han et al. Does logic locking work with EDA tools? In USENIX, pages 1055–1072,
2021.
[18] Nimisha Limaye, Satwik Patnaik, and Ozgur Sinanoglu. Valkyrie: Vulnerability as-
sessment tool and attack for provably-secure logic locking techniques. IEEE TIFS,
17:744–759, 2022.
[19] Yung-Chih CHEN. Smartlock: Sat attack and removal attack-resistant tree-based logic
locking. IEICE Transactions on Fundamentals of Electronics, Communications and
Computer Sciences, E103.A(5):733–740, 2020.
[20] Kaveh Shamsi, Travis Meade, Meng Li, David Z. Pan, and Yier Jin. On the approxi-
mation resiliency of logic locking and ic camouflaging schemes. IEEE Transactions on
Information Forensics and Security, 14(2):347–359, 2019.
[21] M. Yasin et al. Provably-secure logic locking: From theory to practice. In ACM CCS,
pages 1601–1618, New York, NY, USA, 2017.
[22] Y. Li et al. Obfuslock: An efficient obfuscated locking framework for circuit ip protec-
tion. In DATE, pages 1–6, 2023.
[23] J. Rajendran et al. Fault analysis-based logic encryption. IEEE TC, 64(2):410–424,
Feb 2015.
[24] M. Yasin et al. Removal attacks on logic locking and camouflaging techniques. IEEE
TETC, 8(2):517–532, April-June 2020.
[25] S. Yang. Logic synthesis and optimization benchmarks user guide: Version 3.0. MCNC,
1991.
[26] R. Wang et al. Expanding in-cone obfuscated tree for anti sat attack. In DATE, pages
1–6, 2023.
[27] Abc: Berkeley logic synthesis and verification group. ”ABC: A system for sequential
synthesis and verification”.
[28] F. Brglez. A neural netlist of 10 combinational benchmark circuits. In Proc. IEEE
ISCAS: Special Session on ATPG and Fault Simulation, pages 151–158, 1985.
[29] F. Corno et al. Rt-level itc’99 benchmarks and first atpg results. IEEE Design & Test
of Computers, 17(3):44–53, 2000.