Abstract-The threat of hardware Trojans and countermeasures for the same have attracted considerable research attention in recent times. A hardware Trojan is a malicious circuit that is directly incorporated into large-scale integration (LSI). The LSI acts according to its specifications during normal operations. However, under predetermined conditions specified by a malicious third person, the hardware Trojan is triggered and activated. The LSI then suffers undesirable problems such as system downtime and information leakage. As a step toward countering hardware Trojans in the future, the present study proposes a new Trojan trigger and verifies its threat.
malicious person, the hardware Trojan is triggered and activated.
An LSI controlled by a hardware Trojan, when part of important devices and systems, may cause serious damage such as network interruption, traffic problems, suspension of financial transactions, and leakage of private information [7] , [8] . Therefore, the threat of hardware Trojans and countermeasures for the same have attracted considerable research attention in recent times.
The trigger that activates a hardware Trojan is of great importance. The present study proposes a new trigger to activate a hardware Trojan and verifies its threat through evaluation experiments.
II. PRELIMINARIES

A. Related Studies
Hardware Trojans reported thus far are commonly known to attack cryptographic circuits designed to protect confidential data, which may cause serious damage. Upon being activated by a trigger under predetermined conditions, such Trojans can leak confidential information by, for example, outputting plain text instead of the cryptogram that is output under normal conditions. Another type of Trojan leaks secret keys necessary for encryption and decryption. Almost all known Trojans are triggered by a specific external input [9] .
In other words, a Trojan trigger judges whether the external input agrees with the predetermined value set by the malicious person who has installed the hardware Trojan. When the external input agrees and disagrees with the predetermined value, the LSI performs abnormal and normal operations, respectively.
B. Advanced Encryption Standard
Advanced Encryption Standard (AES) consists of 128-bit block ciphers, in which a round is composed of SubBytes, ShiftRows, MixColumns, and AddRoundKey processes, and in which data are transformed by repeating the round processing multiple times. The number of rounds is determined according to the key length. The present study adopts the key length of 128 bits, which is a key length that is most often used. In this present case, 10 rounds are used. MixColumns is omitted only at round 10, the final round. For the round processing, the key values used at each round are repeatedly calculated using the KeySchedule process. SubBytes is used for numeric transformation in the form of a byte unit.
III. PROPOSED TRIGGER
The present study uses the AES and proposes a new trigger that is actuated by a reset signal instead of a specific input. At present, LSI mainly uses the synchronous design methodology. In synchronous circuits, the same clock and reset signals are input to all flip-flops (FFs). Moreover, FFs are used for counter circuits. Therefore, normal circuit configurations cannot count the number of inputs of a reset signal. This means that the number of inputs of a reset signal and the reset status cannot be used as a Trojan trigger.
The present study creates delay flip-flops (DFFs) that can count the number of reset actions using combinational logic circuits, and it proposes a trigger that activates a hardware Trojan when the number of reset inputs reaches a certain value. Figure 1 shows the DFFs that have been created in the present study. Actually, three DFFs are incorporated into the AES, and an octal counter is created. When the outputs of all three DFFs are 1, the trigger is actuated. The DDFs' actions are that when the RST signal of input is 1, Q outputs 1. When the RST signal of input is 0, the output of Q is retained. A Dvld signal is used to reset the DFFs. The Dvld signal rises when the encryption processing of the AES is completed. When the Dvld signal is 1, Q outputs 0 and the DFFs are reset, regardless of the RST signal. 
IV. EVALUATION EXPERIMENTS
To validate the proposed trigger, a hardware Trojan was installed in an AES cryptographic circuit, and this circuit was embedded in a field-programmable gate array (FPGA).
A. Operation verification
During encryption, the AES cryptographic circuit performed normal operations when the trigger did not activate the hardware Trojan, and it output the value of a secret key at the 10th round when the trigger activated the hardware Trojan. When encryption was completed, the Dvld signal rose; consequently, the octal counter was reset. During decryption, the AES cryptographic circuit also performed normal operations when the trigger did not activate the hardware Trojan, and it output the value of a secret key at the 10th round when the trigger activated the hardware Trojan. Figures 2 and 3 show the results obtained in the abovementioned experiments.
Correct cypher text In these experiments, seven reset signals were set as the condition to activate the hardware Trojan. As shown in Figure 2 , when the trigger did not activate the hardware Trojan, the AES cryptographic circuit performed normal operations. As shown in Figure 3 , when the trigger activated the hardware Trojan, the AES cryptographic circuit output the value of a secret key.
B. Verification of ease of detection
The operation waveforms of AES cryptographic circuits without and with a hardware Trojan were compared to confirm the confidentiality of the AES cryptographic circuit. Figures  4−6 show the power consumption waveforms obtained when the number of DFFs created was changed. To define the similarity between power consumption waveforms, the present study defined a new similarity using the Euclidean distance. The Euclidean distance between the power consumptions of AES cryptographic circuits with and without a hardware Trojan was obtained. Table 1 shows the obtained results. The Euclidean distance D was obtained using Eq. (1).
(
The degree of similarity between these two waveforms decreased as the Euclidean distance D approached 0.
As shown in Table 1 , the power consumptions of AES cryptographic circuits with and without a hardware Trojan were similar, suggesting that a hardware Trojan with the proposed trigger is difficult to detect.
V. CONCLUSION
The present study proposed a hardware Trojan to develop key technologies necessary for establishing measures against hardware Trojans. A device to count the number of reset inputs was developed, and a trigger that activated a hardware Trojan when the number of reset inputs reached a certain value was proposed. A hardware Trojan with the proposed trigger was installed in an AES cryptographic circuit embedded in a FPGA. Subsequently, the proposed trigger was validated and shown to be difficult to detect.
Regarding future work, the detection technique against the hardware Trojan is most important priority.
