Corruption Exposes You: Statistical Key Recovery from Compound Logic Locking

ARSHDEEP KAUR1, Sayandeep Saha2, Chandan Karfa3, Debdeep Mukhopadhyay4
1Intel India Pvt. Ltd., 2IIT Kharagpur, 3IIT Guwahati, 4Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur


Logic locking (LL) has recently gained significant attention from both VLSI and the security community for preventing intellectual property (IP) piracy and unwanted modifications of hardware circuits. While a continuous development in this area can be observed both in terms of attacks and defenses, practical application of these schemes is still challenging, as several schemes have been found vulnerable against Boolean Satisfiability and functional analysis-based attacks. In this paper, we add yet another attack strategy in the arsenal. The proposed attack is statistical and utilizes Welch's t-test to enable key recovery from logic-locked netlists assuming oracle access to an activated chip. The key fact we utilize is the variation in output corruptibility for different key bits. Experimental evaluation on state-of-the-art LL benchmarks ensures that the proposed strategy can be a useful aid for conventional SAT and functional analysis-based attacks on LL schemes.