Formal Framework for Hardware Trojans
In [6] , the class of hardware Trojans that the authors formally characterized is called H D , which is referred to the class of trigger-based pre-silicon hardware Trojans embedded in a deterministic function (IP core), and its malicious payload is only delivered by Standard I/O channels. In H D class, the authors further discovered four advanced properties (d, t, α and l) to formally characterize all possible hardware Trojans in H D . The readers are referred to [6] and its extended version [8] for a detailed discussion of these four properties.
Based on this formal definitional framework, Haider et al. proposed one hardware Trojan detection algorithm, called HaTCh, that offers negligible false negative rate and controllable false positive rate for the detection of all possible hardware Trojans in H D [7] . The readers are referred to [7] for a detailed algorithm and formal proofs.
3 Detailed Hardware Trojan Design in [3] The hardware Trojan design in [3] is based on an AES (Advanced Encryption Standard [12] ) core and a PRSG (Pseudorandom bit Sequence Generator). The authors argued that in some cases, in order to provide traffic flow confidentiality as suggested in [9] , the output port of an AES core needs to keep outputting random bit strings even when the AES core is not working. The authors introduced a coding method to embed the secret key into the random string sent out during the idle time to establish a covert channel with an eavesdropping adversary. Since the adversary knows how the key is encoded, he/she is able to decode the random string and retrieve the key. The authors also ran some statistical analysis to show that the random string generated by their hardware Trojan is indistinguishable from a "real" random string, so they choose to keep their hardware Trojan always on, in other words, this Trojan does not have a trigger. This is why they claim they can evade the detection of HaTCh and defeat HaTCh, but actually this hardware Trojan design is not in H D class, because it is not a trigger-based hardware Trojan. Thus, their final claim of defeating HaTCh is incorrect, because HaTCh is designed for detecting all possible Trojans in H D class. 
Common Misunderstandings about HaTCh
It is usually very easy for the readers of [7, 8] to miss some crucial requirements for using HaTCh. Let us list some important properties of hardware Trojans to fall within the scope of HaTCh as follows:
1. The hardware Trojans need to be trigger-based, so the Trojans in [3, 10] are not in H D class, and therefore HaTCh cannot provide security guarantees. 2. The malicious payload should only be delivered by standard I/O channel, so the side channel Trojans, e.g. [10, 5] , are out of the scope of HaTCh. 3. HaTCh is designed for pre-silicon Trojans, so all the Trojans inserted during fabrication, like [2, 13] , will not be detected by HaTCh. 4. HaTCh requires the original IP core to be a deterministic function for its functional testing, and therefore any IP core has non-deterministic function (True Random Number Generator) needs to test its deterministic part separately. 5. Since HaTCh algorithm takes the four advanced properties (d, t, α and l) of hardware Trojans as inputs, so a HaTCh instance with a given set of these four parameters can provably detect all possible Trojans in the class of H d,t,α,l .
Another common misunderstanding about HaTCh is that the way how a Trojan is triggered will affect the detection capability of HaTCh. This is not correct. As long as there is a trigger activation condition that only appears when the Trojan is triggered, HaTCh is able to detect it. Thus, a clock glitch triggered Trojan [1] or a sensor triggered Trojan [11] both fall into the category of H D , and therefore will lead to detection by HaTCh.
Conclusion
HaTCh [7] and its definitional framework [8] are the first formal treatment of hardware Trojan design and detection. They are supported by formal analysis and rigorous proofs, so the readers are suggested to read and understand the theory and proof in their study.
Recent Updates on October 8, 2018
Recently, Bhardwaj et al. uploaded one new article "Validating the ClaimDefeating HaTCh : Building Malicious IP cores" [4] on 9/18/2018. According to the arguments presented in [4] , it shows that the authors still failed to fully understand the formal definitional framework in [8] that our detection algorithm HaTCh [7] is based on.
The Claim in [4]
The authors claim that their hardware Trojans introduced in [3] is in the class of H D , and it is not an always-on hardware Trojan. Its trigger mechanism is embedded in the AES core, because when the AES core is not encrypting anything, the hardware Trojan is active and leaking secret key.
Our Claim
The hardware Trojan introduced in [3] is not in H D . We agree with the claim that one can consider the trigger mechanism is in the AES core, if one considers the AES core, PRSG and the MUX jointly as a single IP core. However, there is a simple fact that shows why the hardware Trojan in [4] is not in H D . The whole IP core, comprising of AES, PRSG and MUX, does not have a deterministic behaviour.
Let us first revisit the definition of H D in [8] . Let us see the reason why a detection algorithm will not be able to catch the abnormal behaviour of the hardware Trojan in [3] .
Quoting from [3] : "The key bits are randomized before transmission by the Trojan, so to a benign observer the flow of output bit patterns appears random, much like the cipher text and/or the PRSG bits, however an eavesdropper with prior knowledge of the proposed Trojan design can extract the encryption key bits."
Hardware Trojan class H D requires a specification to exactly predict the IP core behavior, so if a benign observer (or a detection algorithm like HaTCh) sees an output does not match the specification, it should have already detected this Trojan, let alone when a random-looking output is observed. Thus, the reason why the Trojan proposed in [3] can evade detection relies on the fact that the specification of the large IP core allows random outputs. This means that the IP core, compromising of AES, PSRG and MUX, is not a deterministic function, so any hardware Trojan embedded in this IP core is not in H D .
Moreover, the analysis of the four properties (d, t, α and l) of their hardware Trojan in [4] is incorrect as well. The authors only show a few vague explanations to argue that the parameters of their Trojan are very large, but given the precise mathematical definitions of these four properties in [8] , one can precisely calculate the values of these four properties, instead of saying "they are extremely large". In particular, the trigger signal dimension of the Trojan in [3] is very likely to be 1, instead of being very large. In fact, one can determine whether the Trojan is active or not by checking the selection wire (single wire) of the 2-to-1 MUX, that chooses to output either the AES output (when AES is running and the Trojan is deactivated) or PRSG output (when AES is not running and therefore the Trojan is active).
Summary
We strongly encourage the authors of [3, 4] to study the full version of our theory paper [8] , and understand the formal rigorous definitions in [8] , especially Definition 6 to 11.
We also would like to emphasize that HaTCh framework is formally and rigorously proved in [7] . So, a claim like "defeating HaTCh" is equivalent to finding a mistake in our proofs or designing a hardware Trojan does not satisfy the statistical assumptions that our claims and proofs are based on. However, notice that a claim like "defeating HaTCh" does not mean designing a hardware Trojan not in our characterized hardware Trojan classes.
