Functional Analysis Attacks on Logic Locking by Sirone, Deepak & Subramanyan, Pramod
1Functional Analysis Attacks on Logic Locking
Deepak Sirone Pramod Subramanyan
Department of Computer Science and Engineering,
Indian Institute of Technology, Kanpur.
spramod@cse.iitk.ac.in
Abstract—This paper proposes Functional Analysis attacks
on Logic Locking algorithms (abbreviated as FALL attacks).
FALL attacks have two stages. Their first stage is dependent
on the locking algorithm and involves analyzing structural and
functional properties of locked circuits to identify a list of
potential locking keys. The second stage is algorithm agnostic
and introduces a powerful addition to SAT-based attacks called
key confirmation. Key confirmation can identify the correct key
from a list of alternatives and works even on circuits that are
resilient to the SAT attack.
In comparison to past work, the FALL attack is more practical
as it can often succeed (90% of successful attempts in our
experiments) by only analyzing the locked netlist, without requir-
ing oracle access to an unlocked circuit. Further, FALL attacks
successfully defeat Secure Function Logic Locking (SFLL), the
only locking algorithm resilient to all prior attacks on logic
locking. Our experimental evaluation shows that FALL attacks
are able to defeat 65 out of 80 (81%) circuits locked using SFLL.
I. INTRODUCTION
Globalization and concomitant de-verticalization of the
semiconductor supply chain have resulted in IC design houses
becoming increasingly reliant on potentially untrustworthy off-
shore foundries. This reliance has raised concerns of integrated
circuit (IC) piracy, unauthorized overproduction, and malicious
design modifications by adversarial entities that may be part
of these contract foundries [8, 12, 25]. These issues have both
financial [10] and national security implications [19].
A potential solution to these problems is logic locking [2,
6, 9, 15, 16]: a set of techniques that introduce additional
logic and new inputs to a digital circuit in order to create a
“locked” version of it. The locked circuit operates correctly
if and only if the new inputs, referred to as key inputs, are
set to the right values. Typically, key inputs are connected
to a tamper-proof memory and the circuit is activated by
the design house by programming the correct key values in
the tamper-proof memory after manufacturing and prior to
sale. The security assumption underlying logic locking is that
the adversary (untrusted foundry) does not know the correct
values of the key inputs and cannot compute them.
Initial proposals for logic locking did not satisfy this as-
sumption and were vulnerable to attack [13, 14, 22, 29, 32].
For example, Rajendran et al. [14] used automatic test pattern
generation (ATPG) tools to compute input values that would
allow an adversary to reveal the values of key bits. Subra-
manyan et al. [22] developed the SAT attack which defeated all
known logic encryption techniques at the time. The SAT attack
works by using a Boolean SATisfiability solver to iteratively
find inputs that distinguish between equivalence classes of
keys. For each such input, an activated IC (perhaps purchased
from the market by the adversary) is queried for the correct
output and this information is fed back to the SAT solver when
computing the next distinguishing input. The practicality of
this attack depends on the number of equivalence classes of
keys present in the locked circuit.
Functionality-Stripped Circuit
X = 〈x1, . . . , xm〉
Cube Stripper
strip(Kc)(X)
Functionality
Restoration Unit
K = 〈k1, . . . , km〉
Original Circuit
Y
Fig. 1: Overview of SAT attack resilient locking algorithms
like TTLock and SFLL-HDh. We show a single output circuit
for simplicity, additional outputs are handled symmetrically.
Much subsequent work has focused on SAT attack resilient
logic locking [26, 27, 30, 33, 34]. These proposals attempt
to guarantee that the number of equivalence classes of keys is
exponential in the key length. Broadly speaking, they have the
structure shown in Figure 1. They introduce a circuit which
“flips” the output of the original circuit for a particular cube or
set of cubes. We refer to this component as the cube stripping
unit. This flipped output is then inverted by a key-dependent
circuit that we refer to as the progammable functionality
restoration unit. This latter circuit is guaranteed to have an
exponential number of equivalence classes of keys and ensures
SAT attack resilience. Initial proposals along these lines were
Anti-SAT [26, 27] and SARLock [30]. However, Anti-SAT
was vulnerable to the signal probability skew (SPS) [30] attack
while SARLock was vulnerable to the Double DIP [18] attack
and the Approximate SAT [17] attack. Both schemes are vul-
nerable to removal and bypass attacks [28, 31]. Subsequently,
Yasin et al. proposed TTLock [34] and Secure Function Logic
Locking (SFLL) [33]. To the best of our knowledge, SFLL
was the only logic locking technique that was resilient to all
of the above attacks prior to the publication of our conference
paper on FALL attacks [21].
In this paper, we introduce a novel class of Functional
Analysis attacks on Logic Locking (abbreviated as FALL
ar
X
iv
:1
81
1.
12
08
8v
2 
 [c
s.C
R]
  1
8 J
ul 
20
19
2attacks). FALL attacks defeat locking methods which use cube
stripping and programmable functionality restoration.
Our approach is to use structural and functional analyses
of circuit nodes to first identify the gates that are the out-
put of the cube stripping module. There are two challenges
involved in this. First, the locked netlist is a sea of gates,
and it is unclear which of these is the gate being searched
for. Examining every gate using computationally expensive
functional analyses is not feasible. Testing whether a gate is
equivalent to the cube stripping function for some key value
involves solving a quantified Boolean formula (QBF). QBF
is PSPACE-complete [1] in comparison to to SAT which is
“only” NP-complete [7]. Therefore, the naı¨ve approach of
examining every gate does not even scale to small netlists. We
tackle these problems by the development of a set of structural
and functional properties of the cube stripping function used
in SFLL and use SAT-based analyses to find nodes with these
properties. The second challenge is determining the key given
the output of cube stripping unit. Here too, we develop SAT-
based analyses to extract a shortlist of potential locking keys
from a given circuit node.
In about 90% of successful attempts in our experiments, the
first stage of the attack shortlists exactly one potential key. In
such cases, the FALL attack does not require input/output (I/O)
oracle access to an unlocked circuit. Any malicious foundry
who can reconstruct gate-level structures from the masks can
use FALL without setting up logic analyzers, loading the scan
chain, etc. This suggests that attacking logic locking may be
much easier than previously believed.
In a few cases, more than one key may be shortlisted.
To address this problem, we introduce a novel SAT-based
key confirmation algorithm. Given a list of suspected key
values and I/O oracle access, key confirmation can be used
to find which one (or none) of these suspected key values is
correct. This has important implications as key confirmation
can be used in isolation with arbitrary analysis techniques
and not just the structural and functional analyses developed
for SFLL in this paper. An attacker need only guess a key
value through some circuit analysis and key confirmation can
be used to verify this guess. For instance, recent work has
introduced the SURF attack [5] which uses machine learning
(ML) techniques to guess the key input values. While ML
techniques can determine a likely key, they cannot guarantee
that the key is correct. This is where key confirmation comes
in: it can convert a high-probability guess into a correct guess.
Key confirmation succeeds even on circuits resilient to the SAT
attack and provides a new pathway for the use of powerful
Boolean reasoning engines in the analysis of logic locking.
We present a thorough experimental analysis of the FALL
attack. Our evaluation shows that FALL attacks succeed on 65
out of 80 benchmark circuits (81%) in our evaluation. Among
these 65, the functional analysis shortlists exactly one key for
58 circuits (90% of successful attempts), supporting our claim
that Oracle-less attacks are indeed practical. Finally, we show
experimentally that our key confirmation attack succeeds on all
the benchmark circuits we examine and is orders of magnitude
faster than the SAT attack [22].
A. Contributions
This paper makes the following contributions.
• We present functional analysis attacks on logic locking
which use structural and functional analyses to defeat
the only known locking scheme that was hitherto attack-
resilient: Secure Function Logic Locking (SFLL).
• We present an important improvement to the SAT attack
called key confirmation that enables the combination
of key value hints gathered from structural/functional
analyses with the SAT-based analyses. Key confirmation
allows the SAT attack to succeed even against SAT-
resilient logic locking.
• We present a thorough evaluation of FALL attacks and
key confirmation on set of 80 benchmarks circuits locked
using SFLL. Our attacks defeat 65 (81%) of these circuits.
Conference Publication: This paper is based on a con-
ference publication in DATE 2019 [21]. This journal paper
introduces the following novel contributions: (i) the key con-
firmation attack that extends the SAT attacks to target so called
“SAT-resilient” attack schemes (§ V), and (ii) proofs for the
FALL lemmas and the correctness of key confirmation, and
(iii) a working example of locking using SFLL and TTLock
(§ II-B) and FALL attacks on this example (interspersed with
the text in § III and § IV), and (iv) an experimental evaluation
of the key confirmation attack (§ VI-C).
B. Paper Organization
The rest of this paper is organized as follows. Section II
presents the threat model and an intuitive informal overview
of the structural and functional analyses. Section III introduces
the structural analyses while Section IV describes the func-
tional analyses. Section V focuses on the extension to the SAT
attack: the key confirmation attack. Section VI contains the ex-
perimental evaluation. Section VII provides some concluding
remarks.
II. ATTACK OVERVIEW
This section first describes the adversary model for the FALL
attack. It then provides an overview of the attack itself and
describes the notation used in the rest of this paper.
A. Adversary Model
The adversary is assumed to be a malicious foundry with
layout and mask information. The gate level netlist can be
reverse engineered from this [24]. The adversary knows the
locking algorithm and its parameters (e.g., h in SFLL-HDh)
and can distinguish between key inputs and circuit inputs. We
assume that the adversary may have access to an activated
circuit which can be used to observe the output for a specific
input. We follow [14, 22, 33] etc. and restrict our attention
to combinational circuits. Sequential circuits can viewed as
combinational by treating flip-flop inputs and outputs as com-
binational outputs and inputs respectively.
3a
b
c
d
y
(a) Original circuit.
F
c1
c2
c3
c4
G
a
b
c
d
k1
k2
k3
k4
y
Functionality-Stripped Circuit
Functionality
Restoration Unit
(b) Circuit locked using TTLock. The protected cube is abcd.
F
c1
c2
c3
c4
G
a
b
c
d
k1
k2
k3
k4
s
q
p
q
r
s
r
p
y
Functionality-Stripped Circuit
Functionality
Restoration Unit
(c) Circuit locked using SFLL-HD1. All cubes exactly
Hamming distance 1 from the protected cube abcd are
flipped by the functionality-stripped circuit. The node F
implements the function F (p, q, r, s) = pqrs + pqrs +
pqrs + pqrs while the node G implements G(p, q, r, s) =
(p+ q + r)(p+ r + s)(p+ q + s)(q + r + s)
Fig. 2: Example circuit locked with TTLock and SFLL-HD1.
Note for simplicity we use the notation pq+pq to mean (¬p∧
¬q) ∨ (p ∧ q) in this figure.
B. Overview of TTLock and SFLL
Figure 2a shows a simple circuit that computes the Boolean
function y = (a ∧ b) ∨ (b ∧ c) ∨ (c ∧ a) ∨ d. This circuit
is locked using the TTLock algorithm [34] and the resulting
circuit is shown in Figure 2b. The same circuit locked using
the SFLL-HDh algorithm is shown in Figure 2c. In the rest of
this subsection, we provide an overview of how these locked
circuits protect the original circuit, the challenges in attacking
the locking algorithms and the vulnerabilities in the locking
algorithm that are exploited by FALL attacks.
1) Overview of TTLock: The locked circuit shown in Fig-
ure 2b has two components: (i) a functionality-stripped circuit
shown in the dashed blue box, and (ii) the functionality
restoration unit shown in the dashed cyan box.
Let us first consider the functionality-stripped circuit. The
two new additions to the circuit in comparison to Figure 2a
are the two gates shown in red. What is the impact of the
gate labelled F ? The output of this gate is high only when
a ∧ ¬b ∧ ¬c ∧ d = 1, or equivalently when a = b = 1 and
c = d = 0. In the SFLL/TTLock terminology, the product
term a ∧ ¬b ∧ ¬c ∧ d is called a protected cube. Notice the
functionality-stripped circuit’s output differs from the original
circuit (in Figure 2a) for exactly this cube.
Now let us turn our attention to the functionality restoration
unit. This circuit compares the values of inputs a, b, c and d
with the key inputs k1, k2, k3 and k4 respectively. If a = k1,
b = k2, c = k3 and d = k4, then the functionality restoration
unit flips the output of the functionality-stripped circuit. So,
what is the purpose of the functionality restoration unit? If the
key inputs k1, k2, k3 and k4 are set to the same value as the
protected cube, that is if k1 = k4 = 1 and k2 = k3 = 0, then
output y of the locked circuit in Figure 2b is identical to the
output of the original circuit in Figure 2a. In other words, the
circuit only produces the correct output when the keys are set
to the protected cube.
2) Overview of SFLL-HDh: Notice that Figure 2c is very
similar to Figure 2b except for the nodes F and G. As
mentioned in the caption of the figure, node F implements
the following function.
F (a, b, c, d) = (¬a ∧ ¬b ∧ ¬c ∧ d) ∨ (a ∧ b ∧ ¬c ∧ d) ∨
(a ∧ ¬b ∧ c ∧ d) ∨ (a ∧ ¬b ∧ ¬c ∧ ¬d)
(1)
The output of the function F (a, b, c, d) is 1 for all cubes that
Hamming distance 1 from the protected cube a∧¬b∧¬c∧ d.
This value 1 corresponds to the parameter h in SFLL-HDh
and is the crucial difference between SFLL-HD and TTLock.
In TTLock, the functionality-stripped circuit’s output differs
from the original circuit for exactly one cube. In contrast, the
functionality-stripped circuits output differs from the protected
cube for all inputs that are Hamming distance h from the
protected cube in SFLL-HDh. As a result, SFLL-HDh can
cause exponentially more output corruption than TTLock.
The functionality restoration unit in SFLL-HDh is analo-
gously changed. It flips the output of the functionality-stripped
circuit for all cubes that are Hamming distance h from the
4values of the key inputs. If the key inputs are equal to the
protected cube, then the original functionality of the circuit
is restored because the functionality restoration unit “undoes”
the corruption introduced by the functionality-stripped circuit.
y
39
37 38
36
24 34 35
23
21
30
3322
18
29
d
12 1528
27
32
10 11 13 14 16 17 19 2025 2631
cak1 b k2 k3 k4
Fig. 3: Optimized version of the circuit shown in Figure 2b.
Since ABC uses the AND-Inverter-Graph (AIG) representa-
tion, each node in this circuit is a AND gate. Dotted edges
represent inverted inputs while solid edges represent non-
inverted inputs. Upward facing triangles are inputs and the
downward facing triangle is the output.
C. Overview of Attacking TTLock and SFLL-HDh
Observe that the protected cube must be hard-coded into the
circuit in both Figures 2b and 2c. For instance, if the protected
cube (and hence correct key) were to be changed from
(k1, k2, k3, k4) = (1, 0, 0, 1) to (1, 1, 1, 1), the locked circuit
would need to change as well: the inputs to the gate F would
not have any inverters (negation bubbles). Therefore, structural
and functional analyses of the circuit could potentially leak the
correct key and this is the key insight we use in this paper.
Specifically, if the adversary could identify the NAND gate
F and the comparators (XOR gates) labelled c1, c2, c3 and
c4, it would be easy to figure out what the protected cube is
and set the key inputs appropriately. The catch is that finding
these gates is difficult due to synthesis-time optimizations.
Figure 3 shows the same circuit as Figure 2b but after it has
been processed using ABC’s [11] structural hashing (strash)
command. We see that it is not at all obvious which node in
Figure 3 is equivalent to the gate F in Figure 2b and which
nodes are equivalent to the four comparators. This is despite
the fact that we have both the unlocked and unoptimized
circuits available to us. An attacker would not have this
information, so it would be harder to find the gate.
Overview of Attack Stages: We now provide a high-level
overview of the FALL attack. Figure 4 shows the three main
stages of the FALL attack. The first two stages use structural
analyses to identify candidate gates that may be the output of a
Comparator Analysis (§ III-A)
Support Set Analysis (§ III-B)
Functional Analyses (§ IV-A and § IV-B)
Equivalence Checking (§ IV-C)
Key Confirmation (§ V)
comparators Comp
candidate cube stripping gates Cand
potential key values {K1c , K2c , . . . }
filtered potential key values {K1c , K2c , . . . }
key value Kc
Fig. 4: Attack algorithm overview.
cube stripping module. These are described in Section III. The
next two stages subject these candidate nodes to functional
analyses to identify suspected key values. Algorithms for
functional analysis exploit unateness and Hamming distance
properties of the cube stripping functions used in SFLL and
are described in Section IV. Given a shortlist of suspected key
values, the final stage verifies whether one of these key values
is correct using the key confirmation algorithm described in
Section V. This stage of the attack need not be carried out if
only one key was identified by the functional analyses or if
the adversary does not have I/O oracle access to an activated
circuit.
D. Notation
We now introduce the formal notation used in the rest
of this paper. Let B = {0, 1} be the Boolean domain. A
combinational logic circuit is modeled as a directed acyclic
graph G = (V,E). Nodes in the graph correspond to logic
gates and input nodes. Edge (v1, v2) ∈ E if v2 is a fanin
(input) of the gate v1.
Given a node v ∈ V , define fanins(v) = {v′ | (v, v′) ∈ E}.
#fanins(v) is the cardinality of fanins(v). For v ∈ V such
that #fanins(v) = n, nodefnv is the n-ary Boolean function
associated with the node; nodefnv : V → (Bn → B). For
example, if v1 is a 2-input AND gate, nodefnv1 = λab. a∧ b.
For input nodes, nodefnv is an uninterpreted 0-ary Boolean
function (or equivalently, a propositional variable). The circuit
function of node v, denoted cktfnv is defined recursively
as: cktfnv = nodefnv(cktfnv1 , . . . , cktfnvn) where vi ∈
fanins(v). The transitive fanin cone of a node v, denoted
TFC(v), is the set of all nodes vj such that (v, vj) ∈ E or there
exists some vi ∈ V such that (vi, vj) ∈ E and vi ∈ TFC(v).
The support of a node, denoted by Supp(v), is the set of all
nodes vj such that vj ∈ TFC(v) and #fanins(vj) = 0.
5In a locked netlist, some input nodes are specially distin-
guished key inputs. Define the predicate isKey(v) such that
isKey(v) = 1 iff and node v ∈ V is a key input.
Given two bit vectors X1 = 〈x11, . . . , x1m〉 and X2 =
〈x21, . . . , x2m〉, define HD(X1, X2) .=
∑m
i=1(x
1
i ⊕ x2i ) to be
their Hamming distance. ⊕ is the eXclusive OR operator, and∑
is arithmetic sum.
Finally, given a Boolean function f : Bn → B, the function
obtained by setting xi = 1 in f(x1, . . . , xi, . . . , xn), i.e.,
f(x1, . . . , 1, . . . , xn) and denoted as fxi is called a positive
cofactor of f . f(x1, . . . , 0, . . . , xn) denoted f¬xi , is a negative
cofactor of f .
III. STRUCTURAL ANALYSES
This section describes structural analyses to identify nodes
that may be the output of the cube stripping unit.
A. Comparator Identification
The first step in systematically attacking TTLock and SFLL
is to identify the comparators (XOR gates) – gates c1, c2, c3
and c4 – in Figures 2b and 2c. Identifying these gates is helpful
because it gives the pairing between the key inputs and the
circuit inputs. In these example circuits, k1 is compared with
a, k2 with b, k3 with c and k4 with d.
If we somehow find that the protected cube is a ∧ ¬b ∧
¬c ∧ d, we can then deduce that (k1, k2, k3, k4) = (1, 0, 0, 1)
is the correct key. However, finding the comparators is easy
in Figure 2a, but how do we do it in an optimized netlist
like Figure 3? Here, the FALL attack uses structural analysis
followed by functional analysis.
1) First, we find all nodes in the circuit whose support1
consists of one key input and one circuit input. Some
nodes in Figure 3 which satisfy this criterion are nodes
10, 11, 12, 13, 14 and 15. Examples of nodes which do
not satisfy this criterion are node 25, which depends on
two circuit inputs and node 28 which depends on more
than two inputs.
2) Second, among the nodes identified in step 1 which sat-
isfy the provided criterion, we check using a SAT solver
if their functionality is equivalent to an XOR/XNOR gate.
If so the gate is marked as a comparator. In Figure 3 both
node 12’s and node 13’s functionality are equivalent to
an XNOR gate but node 10 is not.
Stated precisely, comparator identification is an algorithm
that finds all gates in the locked circuit whose circuit function
is equivalent to (z ⊕ xi) ⇐⇒ ki for some z. Here xi must
be a circuit input, ki must be a key input and z captures
whether ki is being compared with xi or ¬xi. The result of
comparator identification is the set Comp = {〈vi, xi, ki〉, . . . }
where each tuple 〈vi, xi, ki〉 is such that Supp(vi) = {xi, ki},
isKey(xi) = 0, isKey(ki) = 1, and one of the following
two formulas is valid: (i) cktfnvi ⇐⇒ xi ⊕ ki and (ii)
cktfnvi ⇐⇒ ¬(xi ⊕ ki).
1The support set of a node is the set of inputs that determine its value.
B. Support Set Matching
The set of all circuit inputs that appear in the comparators
identified by the algorithm described in the previous subsec-
tion also tells us the set of circuit inputs appearing in protected
cube. This insight can help us shortlist potential circuit nodes
corresponding to the protected cube.
In formal notation, the above insight says that all circuit
inputs xi that appear in Comp should be the support of
the cube stripping unit. Support set matching finds all such
nodes. Given the set Comp = {〈vi, xi, ki, 〉, . . . }, define the
projection Compx as Compx = {xi | (vi, xi, ki) ∈ Comp}.
Cand is set of all gates whose support is identical to Compx.
This set of gates contains the output of the cube stripping unit.
In Figure 3, nodes 30 and 33 have a, b, c and d in their
support but not any of the key inputs. Therefore, both nodes
are part of Comp. One of these likely to be the node F in
Figures 2b and 2c, the output of the cube stripping unit.
To identify which of these two nodes is the actual output
of the cube stripper, we use Boolean functional analysis. This
will be described in the next section.
IV. FUNCTIONAL ANALYSES
This section first develops functional properties of the
cube stripping function used in SFLL. It then describes three
algorithms that exploit these properties to find the “hidden”
key input parameters of the cube stripping unit.
A. Functional Properties of Cube Stripping
Cube stripping involves the choice of a protected cube,
represented by the tuple Kc = 〈k1, . . . , km〉 where m =
|Comp| and ki ∈ B. A stripping function strip : Bm →
(Bm → B) is parameterized by this protected cube. The
output of the functionality stripped circuit (the dashed box
in Figure 1) is inverted for the input X = 〈x1, . . . , xm〉
when strip(Kc)(X) = 1. For a given locked circuit and
associated key value, the value of Kc is “hard-coded” into the
implementation of strip, which is why we typeset Kc in a fixed
width font. The attacker’s goal is to learn this value of Kc.
In this paper we study functional properties of the following
cube stripping function: striph(Kc)(X)
.
= HD(Kc, X) = h.
striph flips the output for all input patterns exactly Hamming
distance h from the protected cube 〈k1, . . . , km〉. This is the
cube stripping function for SFLL-HDh and the special case of
h = 0 corresponds to the cube stripping function for TTLock.
This function has three specific properties that can be exploited
to determine the value of Kc.
1) Unateness (TTLock/SFLL-HD0): Our final insight in
attacking TTLock is that regardless of the exact values of the
key inputs, the function computed by the gate F has the special
property of unateness in all its variables. A Boolean function
f is said to be positive (resp. negative) unate in the value
x if changing the variable x from 0 to 1 while keeping all
the other variables the same, never changes the output of the
function f from 1 to 0 (resp. 0 to 1). Intuitively, unateness
is a monotonicity property which states that the function
monotonically increases/decreases with a specific variable x.
6Formally, we say that a Boolean function f(x1, . . . , xm) :
Bm → B is positive unate in the variable xi if
f(x1, . . . , xi−1, 0, xi+1, . . . ) ≤ f(x1, . . . , xi−1, 1, xi+1, . . . ).
We say that f is negative unate in the variable xi if
f(x1, . . . , xi−1, 1, xi+1, . . . ) ≤ f(x1, . . . , xi−1, 0, xi+1, . . . ).
Function f is said to be unate in xi if it is either positive or
negative unate in xi.2
In our running example, the functionality of node 30 in
Figure 3 is cktfn30(a, b, c, d) = a ∧ ¬b ∧ ¬c ∧ d. Consider
cktfn30(1, b, c, d), this is ¬b∧¬c∧d while cktfn30(0, b, c, d) =
0. Therefore, changing a from 0 to 1 while keeping all the
other variables the same will never cause F to go from 1
to 0. This means that F is positive unate in a. By a similar
argument, F is negative unate in the variables b and c, while
it is positive unate in the variable d. From this, we can deduce
that the protected cube is a∧¬b∧¬c∧d and hence a potential
key is (k1, k2, k3, k4) = (1, 0, 0, 1).
For another example, let 〈k1, k2, k3〉 = 〈1, 0, 1〉. Then
strip0(k1, k2, k3)(x1, x2, x3) = x1∧¬x2∧x3. This is positive
unate in x1 as 0 ≤ ¬x2 ∧ x3, and negative unate in x2 as
0 ≤ x1 ∧ x3.
(Lemma 1) The cube stripping function for TTLock/SFLL-
HD0 is unate in every variable xi. Further, it is positive unate
in xi if ki = 1 and negative unate in xi if ki = 0.
Proof: The proof is by induction on the number of literals
in the protected cube. In the base case, the protected cube has
only one literal; it is either xi or ¬xi. The function f(xi) .= xi
is positive unate in the variable xi while the function f(xi)
.
=
¬xi is negative unate in the variable xi.
Now consider the inductive step. We have cube
C(x1, . . . , xi−1) consisting of i− 1 literals which is assumed
to be unate in all its variables. We have to show that both
the cubes C(x1, . . . , xi−1) ∧ xi and C(x1, . . . , xi−1) ∧ ¬xi
are unate in the variable xi. Let us consider only the cube
C(x1, . . . , xi−1) ∧ xi w.l.o.g as the argument is symmetric
for C(x1, . . . , xi−1) ∧ ¬xi. This cube is positive unate in the
variable xi. For all the other variables in C(x1, . . . , xi−1),
since C is unate in each of those variables, it is also unate in
C(x1, . . . , xi−1) ∧ xi for those variables.
2) Non-Overlapping Errors Property (SFLL-HDh): Con-
sider the definition of striph, let Kc = 〈k1, . . . , k4〉 =
〈1, 1, 1, 1〉 and h = 1. Consider the two input values X1 =
〈1, 1, 1, 0〉 and X2 = 〈0, 1, 1, 1〉. strip1(Kc)(X1) = 1 =
strip1(Kc)(X
2). X1 and X2 are Hamming distance 2 apart. Due
to the definition of strip1 they are also Hamming distance 1
from Kc. This means that the values of xi on which the two
patterns agree – x2 and x3 – must be equal to k2 and k3
respectively. This is because the “errors” in X1 and X2 cannot
overlap as they are Hamming distance 2h apart. Generalizing
this observation leads to the following result.
(Lemma 2) Suppose X1 = 〈x11, . . . , x1m〉, X2 =
〈x21, . . . , x2m〉, Kc = 〈k1, . . . , km〉 and striph(Kc)(X1) = 1 =
striph(Kc)(X
2). If HD(X1, X2) = 2h, then for every j such
that x1j = x
2
j , we must have x
1
j = x
2
j = kj .
Proof: The proof is by induction on h. The base case for
h = 0 is clearly true, because in this case striph(Kc)(X
1) =
2a ≤ b is defined as ¬a ∨ b.
striph(Kc)(X
2) = 1 iff Kc = X1 = X2. This implies that x1j =
x2j = kj for all j.
In the inductive step, assume the lemma holds for h − 1.
Consider some arbitrary X1, X2 such that striph−1(Kc)(X
1) =
striph−1(Kc)(X
2) = 1 and HD(X1, X2) = 2h − 2. Suppose
there exist i and l with i 6= l and x1i = x2i and x1l = x2l .
By the lemma for h − 1, we have x1i = x2i = ki and x1l =
x2l = kl. Now consider the vectors Y
1 = 〈y11, . . . , y1m〉 and
Y2 = 〈y21, . . . , y2m〉 which are constructed as follows. Y1 is
the same as X1 except that index i is flipped, while Y2 is
the same as X2 except at index l which is flipped. Notice
that striph(Kc)(Y
1) = striph(Kc)(Y
2) = 1 because each of
these vectors differ from the protected cube on one more index
(either i or l). Further HD(Y1, Y2) = 2h because i 6= l. We see
that for all j such that y1j = y
2
j , we must have y
1
j = y
2
j = kj
because these indices are the same in both Y1 and X1 as well
as Y2 and X2 respectively. In other words, we have shown the
lemma also holds for h if it holds for h− 1.
Let us return to the example circuit in Figure 2c and the cube
stripping function F for this circuit shown in Equation 1. The
four values of (a, b, c, d) that result in F (a, b, c, d) = 1 are
(0, 0, 0, 1), (1, 1, 0, 1), (1, 0, 1, 1) and (1, 0, 0, 0). Recall that
h = 1 for this circuit and the protected cube is (a, b, c, d) =
(1, 0, 0, 1). Consider the pair (0, 0, 0, 1) and (1, 1, 0, 1). These
two vectors are Hamming distance 2 apart and we see that the
two indices on which the vectors agree (c and d) are equal to
their respective values in the protected cube. Therefore from
these two vectors, we can deduce that c = 0 and d = 1.
Similarly from the vectors (1, 0, 1, 1) and (1, 0, 0, 0) we can
deduce that a = 1 and b = 0.
3) Sliding Window Property (SFLL-HDh): Let us revisit the
example from the non-overlapping errors property. Let Kc =
〈k1, . . . , k4〉 = 〈1, 1, 1, 1〉 and h = 1. For the input value
X1 = 〈1, 1, 1, 0〉, we have strip1(Kc)(X1) = 1. Notice that
there cannot exist another assignment X2 = 〈x21, . . . , x24〉 with
x24 = 0, HD(X
1, X2) = 2 and strip1(Kc)(X
2) = 1. This is
because x24 6= k4, so the remaining bits in X2 must be equal to
Kc so that strip1(Kc)(X
2) = 1. But this forces the Hamming
distance between X1 and X2 to be 0 (and not 2 as desired).
This observation leads to the following result.
(Lemma 3) Consider the assignments X1 = 〈x11, . . . , x1m〉
and X2 = 〈x21, . . . , x2m〉. Let Kc = 〈k1, . . . , km〉 as before.
The formula striph(Kc)(X
1) = 1 ∧ striph(Kc)(X2) = 1 ∧
HD(X1, X2) = 2h∧ x1j = x2j ∧ x1j = b is satisfiable iff b = kj .
Proof: The proof of this lemma is a direct consequence of
Lemma 2. In fact, it is just a restatement of Lemma 2 but
viewed as satisfiability problem.
B. Functional Analysis Algorithms
In this subsection, we describe three attack algorithms on
SFLL that are based on Lemmas 1, 2 and 3. Each algorithm
takes as input a candidate node c in the circuit DAG. Let X =
Supp(c). The functional analyses described in this subsection
determine whether the circuit function of this node cktfnc(X)
is equivalent to strip(Kc)(X) for some assignment to Kc. In
other words, we are trying to solve the quantified Boolean for-
mula (QBF): ∃Kc. ∀X. cktfnc(X) = strip(Kc)(X). However,
7Algorithm 1 Algorithm ANALYZEUNATENESS
1: procedure ANALYZEUNATENESS(c)
2: keys← ∅
3: for xi ∈ Supp(c) do
4: if isPositiveUnate(c, xi) then
5: keys← keys ∪ (xi 7→ 1)
6: else if isNegativeUnate(c, xi) then
7: keys← keys ∪ (xi 7→ 0)
8: else return ⊥
9: end if
10: end for
11: return keys
12: end procedure
solving this QBF instance is computationally hard. So instead
we exploit Lemmas 1, 2 and 3 to determine potential values
of Kc and verify this “guess” using combinational equivalence
checking.
1) ANALYZEUNATENESS: This is shown in Algorithm 1
and can be used to attack SFLL-HD0/TTLock. It takes as input
a circuit node c and outputs an assignment to each node in
the support set of c if the function represented by c is unate,
otherwise it returns ⊥. This assignment is the protected cube.
Algorithm 2 Algorithm SLIDINGWINDOW
1: procedure SLIDINGWINDOW(c)
2: keys← ∅
3: S ← Supp(c)
4: c′ ← subsitute(c, {(xi, x′i) | x ∈ S})
5: F ← c ∧ c′ ∧HD(Supp(c),Supp(c′)) = 2h
6: if solve(F ) = UNSAT then return ⊥
7: end if
8: for xi ∈ S do
9: (mi, m
′
i)← (modelxi(F ), modelx′i(F ))
10: if mi = m′i then
11: keys← keys ∪ (xi 7→ mi)
12: else
13: ri ← solve(F ∧ (xi = x′i ∧ x′i = mi))
14: r′i ← solve(F ∧ (xi = x′i ∧ x′i = m′i))
15: if ri = SAT ∧ r′i = UNSAT then
16: keys← keys ∪ (xi 7→ mi)
17: else if ri = UNSAT ∧ r′i = SAT then
18: keys← keys ∪ (xi 7→ m′i)
19: else
20: return ⊥
21: end if
22: end if
23: end for
24: return keys
25: end procedure
2) SLIDINGWINDOW: This is shown in Algorithm 2 and
can be used to attack SFLL-HDh for h < bm/2c; m is the
number of key inputs. Again, the input is circuit node c and
the algorithm checks if c behaves as a Hamming distance
calculator in the cube stripping unit of SFLL-HDh. It works
by asking if there are two distinct satisfying assignments to
cktfnc which are Hamming distance of 2h apart. If no such
assignment exists then ⊥ is returned. Otherwise, by Lemma 2,
bits which are equal in both satisfying assignments must also
be equal to the corresponding key bits. The remaining bits are
obtained by iterating through each remaining bit and applying
the SAT query in Lemma 3. If any query is inconsistent with
Lemma 3 during this process then ⊥ is returned. If successful,
the return value is the protected cube.
3) DISTANCE2H: This is shown in Algorithm 3. It is based
on Lemma 2 and is applicable when 4h ≤ m; m is the number
of key inputs. This procedure is similar to SLIDINGWINDOW
in that it computes two satisfying assignments to c that are
distance of 2h apart. Any bits that are equal between the
two assignments must be equal to the key bits. The remaining
bits are computed by asking if there are two more satisfying
assignments such that the bits which were not equal in the
first pair of assignments are now equal. These new assignments
must also be Hamming distance of 2h apart. The second query,
if successful, determines the remaining key bits by Lemma 3.
Algorithm 3 Algorithm DISTANCE2H
1: procedure DISTANCE2H(c)
2: S ← Supp(c)
3: c′ ← subsitute(c, {(xi, x′i) | x ∈ S})
4: F ← c ∧ c′ ∧HD(Supp(c),Supp(c′)) = 2h
5: if solve(F ) = UNSAT then return ⊥
6: end if
7: MF ← {(xi, modelxi(F ), modelx′i(F )) | xi ∈ S}
8: keysA ← {(xi 7→ mi) | (xi, mi, m′i) ∈MF ∧ mi = m′i}
9: Cnst ← {(xi = x′i) | (xi, mi, m′i) ∈MF ∧ mi 6= m′i}
10: G← F ∧ (∧pi∈Cnst pi)
11: if solve(G) = UNSAT then return ⊥
12: end if
13: MG ← {(xi, modelxi(G), modelx′i(G)) | xi ∈ S}
14: keysB ← {(xi 7→ mi) | (xi, mi, m′i) ∈MG ∧ mi = m′i}
15: return keysA ∪ keysB
16: end procedure
C. Equivalence Checking
It is important to note that Lemmas 1, 2 and 3 encode neces-
sary but not sufficient properties of the cube stripping function.
We ensure sufficiency by using combinational equivalence
checking. Suppose the key value returned by Algorithm 1, 2 or
3 is Kc. We check satisfiability of striph(Kc)(X) 6= cktfnc(X)
where X is the support of the node c. If this query is
unsatisfiable, this means that the node c is equivalent to cube
stripping function striph(Kc).
V. KEY CONFIRMATION
In most cases the functional analyses determine exactly one
correct locking key. However, there are few exceptions. One
case occurs when both the output of the cube stripper module
(F in Figure 2c) as well as its negation (¬F ) appear in the
circuit. In this case, the algorithms may shortlist both the
correct key (1, 0, 0, 1) and its complement (0, 1, 1, 0). Another
8scenario is when purely by coincidence the circuit contains a
function that happens to look like the cube stripper module, but
is actually not. In the case of TTLock, the latter case occurs
when the circuit contains any unate function of all the circuit
inputs. In this case too, the algorithms will output multiple
keys: one of these will be correct while the remaining are
spurious. How do we determine which of the keys in this list is
the correct key? We introduce the key confirmation algorithm
to solve this problem.
The key confirmation algorithm takes as input a circuit
described by the characteristic function of its input/output
relation C, a predicate over the key values ϕ(K), and an
I/O oracle denoted by oracle. The predicate ϕ is a Boolean
formula over the key variables that constrains the search
space of the algorithm. For example, suppose the circuit
analyses have shortlisted two keys 〈1, 1, 0, 1〉 and 〈0, 0, 1, 0〉.
The ϕ(K) .= (k1 ∧ k2 ∧¬k3 ∧ k4)∨ (¬k1 ∧¬k2 ∧ k3 ∧¬k4).
The algorithm either returns a key value Kc s.t. Kc |= ϕ or ⊥
if no key value is consistent with ϕ and the oracle.
If no information about the keys is available then we set
ϕ(K1) = true. In this case, the algorithm devolves into the
standard SAT attack [22].
A. Algorithm Description
To understand the algorithm, it is helpful to review the
notion of a distinguishing input introduced by Subramanyan
et al. [22] in the SAT attack paper. Following the notation
in that paper, we will represent the circuit by its character-
istic relation C(X,K, Y ), where X is the vector of circuit
inputs, K is the vector of key inputs and Y is the vector
of circuit outputs. The relation C(X, K, Y) is satisfiable iff the
circuit produces output Y for input X when the key inputs
are set to K. Given the above relation, we say that Xd is a
distinguishing input pattern for the key inputs K1 and K2 iff
C(Xd, K1, Y
d
1)∧C(Xd, K2, Yd2)∧(Yd1 6= Yd2) is satisfiable. In other
words, a distinguishing input pattern for two keys is an input
such that the circuit produces different outputs for this input
and the corresponding keys.
The SAT-based key confirmation is shown in Algorithm 4.
The two main components of the algorithm are the sequences
of formulas Pi and Qi, which we implemented using two SAT
solver objects. Pi are used to produce candidate key values
that are consistent with ϕ and the I/O patterns observed thus
far. Note that since P1 is ϕ, all subsequent Pi =⇒ ϕ. Qi
is used to generate distinguishing inputs. When Pi becomes
UNSAT, it means no key value is consistent with ϕ and the
oracle. Or equivalently, the initial “guess” encoded in ϕ was
incorrect. The algorithm terminates with a correct key when
Qi becomes UNSAT, i.e. no more distinguishing inputs exist.
The algorithm works as follows. In line 9, we extract the key
value Ki that is consistent with predicate ϕ and the input/output
patterns seen thus far. In line 10, we pose a query to the
SAT solver to find a distinguishing input such that K1 = Ki.
In line 13, we extract this distinguishing input. The oracle
is queried for the output for this input in line 14. Finally,
the formulas Pi and Qi are updated with the newly obtained
input/output pattern in lines 15 and 16.
Algorithm 4 Key Confirmation Algorithm
1: procedure KEYCONFIRMATION(C,ϕ, oracle)
2: i← 1
3: P1 ← ϕ(K1)
4: Q1 ← C(X,K1, Y1) ∧ C(X,K2, Y2) ∧ Y1 6= Y2
5: while true do
6: if solve[Pi] = UNSAT then
7: return ⊥
8: end if
9: Ki ← modelK1(Pi)
10: if solve[Qi ∧ (K1 = Ki)] = UNSAT then
11: return Ki
12: end if
13: Xdi ← modelX(Qi)
14: Ydi ← oracle(Xdi )
15: Pi+1 ← Pi ∧ C(Xdi ,K1, Ydi )
16: Qi+1 ← Qi ∧ C(Xdi ,K2, Ydi )
17: i← i+ 1
18: end while
19: end procedure
Differences From the SAT Attack: The two significant
differences from the SAT attack [22] are: (i) the two solver
objects corresponding to Pi and Qi which helps separate the
generation of candidate keys from the generation of distin-
guishing inputs, and (ii) the restriction that Pi =⇒ ϕ. The
former allows us to differentiate between two different types
of UNSAT results from the solver: no key value being consistent
with ϕ (line 7), and no more distinguishing inputs (line 10).
This would not be possible in the SAT attack formulation
because we only get one type of UNSAT result. The latter
change ensures that instead of searching over the entire space
of keys, we restrict the search to keys satisfying ϕ.
B. Correctness of Key Confirmation
Correctness of Algorithm 4 is stated in the following lemma.
(Lemma 4) Algorithm 4 terminates and returns either (i)
the key Kc or (ii) ⊥. The former occurs iff Kc |= ϕ and
∀X. C(X, Kc, Y ) ⇐⇒ Y = oracle(X). The latter occurs iff
no such Kc exists.
Proof : Each iteration of the loop rules out at least one
distinguishing input. Since there are only a finite number
of distinguishing inputs of the circuit, this guarantees the
algorithm will terminate. If the algorithm returns a key Kc, then
this key is satisfies Pi, so this ensures that Kc |= ϕ. Further,
this also means there are no distinguishing inputs for Kc and
any other key as line 10 was UNSAT. This guarantees that Kc
is the correct key. If the algorithm returns ⊥, it means that
there is no input consistent with ϕ(K1) and the input/output
patterns from the oracle.
The second clause of Lemma 4 is important to emphasize.
Key confirmation terminates with the result ⊥ iff no key value
Kc s.t. Kc |= ϕ is correct for the given oracle. This implies key
confirmation can be safely used even if the key value was
“incorrectly” guessed – the algorithm will detect this.
90 200 400 600 800 1000
Execution Time (s)
0
4
8
12
16
# 
of
 b
en
ch
m
ar
ks
 so
lv
ed
SFLL-HD0
SAT-Attack
AnalyzeUnateness
0 200 400 600 800 1000
Execution Time (s)
0
4
8
12
16
# 
of
 b
en
ch
m
ar
ks
 so
lv
ed
SFLL-HDh where h = m/8
SAT-Attack
SlidingWindow
Distance2H
0 200 400 600 800 1000
Execution Time (s)
0
4
8
12
16
# 
of
 b
en
ch
m
ar
ks
 so
lv
ed
SFLL-HDh where h = m/4
SAT-Attack
SlidingWindow
Distance2H
0 200 400 600 800 1000
Execution Time (s)
0
4
8
12
16
# 
of
 b
en
ch
m
ar
ks
 so
lv
ed
SFLL-HDh where h = m/3
SAT-Attack
SlidingWindow
Fig. 5: Circuit analyses: execution time vs number of benchmarks solved in that time.
VI. EVALUATION
This section describes our experimental evaluation of FALL
attacks. We describe the evaluation methodology, then present
the results of the functional analyses, after which we present
our evaluation of the key confirmation attack.
A. Methodology
We evaluated the effectiveness of FALL attacks on a set
of ISCAS’85 benchmark circuits and combinational circuits
from the Microelectronics Center of North Carolina (MCNC).
Details of these circuits are shown in Table I. These bench-
mark circuits remain reflective of contemporary combinational
circuits and have been used extensively in prior work on logic
locking, e.g. [18, 22, 27]. We implemented the TTLock and
SFLL locking algorithms for varying values of the Hamming
distance parameter h and maximum key size of 128 bits.
Due to space limitations, we only show graphs/tables for the
maximum key size of 64 bits. Results for the larger key size are
discussed in the text in subsection VI-B. Locked netlists were
optimized using ABC v1.01 [11] to minimize any structural
bias introduced by our locking implementation.
1) Implementation: The circuit analyses were implemented
in Python and use the Lingeling SAT Solver [4]. Source code
for these analyses is available at [20]. The key confirmation
ckt #in #out #keys # of gatesOriginal SFLL
min max
ex1010 10 10 10 2754 2783 2899
apex4 10 19 10 2886 2938 3058
c1908 33 25 33 414 1322 1376
c432 36 7 36 209 1119 1155
apex2 39 3 39 345 1367 1407
c1355 41 32 41 504 1729 1746
seq 41 35 41 1964 3177 3187
c499 41 32 41 400 1729 1750
k2 46 45 46 1474 2890 2903
c3540 50 22 50 1038 2591 2595
c880 60 26 60 327 2338 2368
dalu 75 16 64 1202 3284 3312
i9 88 63 64 591 2981 3015
i8 133 81 64 1725 3609 3637
c5315 178 123 64 1773 4076 4108
i4 192 6 64 246 2261 2289
i7 199 67 64 663 3038 3066
c7552 207 108 64 2074 4076 4105
c2670 233 140 64 717 2733 2775
des 256 245 64 3839 7229 7257
TABLE I: Benchmark circuits. #in, #out and #key refer to the
number of inputs, outputs and keys respectively.
algorithm was implemented in C++ as a modification to the
open source SAT attack tool [23].
2) Execution Platform: Our experiments were conducted
on the CentOS Linux distribution version 7.2 running on
10
ex
10
10
ap
ex
4
c1
90
8
c4
32
ap
ex
2
c1
35
5
se
q
c4
99 k2
c3
54
0
c8
80
da
lu i9 i8
c5
31
5 i4 i7
c7
55
2
c2
67
0
de
s10
1
100
101
102
103
104
M
ea
n 
ex
ec
ut
io
n 
tim
e 
(s
)
Key Verification SAT Attack
Fig. 6: Mean execution times of key confirmation and SAT attacks.
28-core Intel R© Xeon R© Platinum 8180 (“SkyLake”) Server
CPUs. Although many opportunities for parallelization exist,
our prototype implementation is single threaded. All algo-
rithms were run with a time limit of 1000 seconds.
B. Circuit Analysis Results
Figure 5 show the performance of the circuit analyses
attacks on the benchmarks in our experimental framework.
Four graphs are shown: the left most of which is for SFLL-
HD0 while the remaining are for SFLL-HDh with varying
values of the Hamming Distance h. For each graph, the x-
axis shows execution time while the y-axis shows the number
of benchmark circuits decrypted within that time.
The DISTANCE2H attack defeats all SFLL-HDh locked
circuits for h = bm/8c and h = bm/4c. We repeated this
experiment for the seven largest circuits with a key size of
128 bits and the DISTANCE2H attack defeated all of these
locked circuits. Recall that DISTANCE2H is not applicable
when 4h > m. ANALYZEUNATENESS is able to defeat 18
out of 20 SFLL-HD0/TTLock circuits. SLIDINGWINDOW is
able to defeat all locked circuits for h = bm/8c, but does not
perform as well for larger values of h. This is because the
SAT calls for larger values of h are computationally harder
as they involve more adder gates in the Hamming Distance
computation. In summary, 65 out of 80 circuits (81%) are
defeated by at least one of our attack algorithms.
Among these 65 circuits for which the attack is successful,
a unique key is identified for 58 circuits (90%). This means
58 out of 80 circuits were defeated without oracle access
(I/O access to an unlocked IC) — only functional analysis of
the netlist was required. Among the seven circuits for which
multiple keys were shortlisted, the attack shortlists two keys
which are bitwise complements of each other for four circuits,
three keys are shortlisted for two other circuits. One corner
cases occurs for c432: 36 keys are shortlisted, this is still a
huge reduction from the initial space of 236 possible keys.
C. Key Confirmation Results
Figure 6 shows the execution time of the key confirmation
algorithm and compares and contrasts this with the “vanilla”
SAT attack. Note that the y-axis is shown on a log scale. The
bars represent the mean execution time of key confirmation for
a particular circuit encoded with the various locking algorithms
and parameters discussed above. Key values are obtained
from the results of the experiments described in the previous
subsection. The thin black line shows error bars corresponding
to one standard deviation. We note that key confirmation
is orders of magnitude faster than the SAT attack while
providing the same correctness guarantees.
Key confirmation provides a powerful new tool for attackers
analyzing a locked netlist. Attackers can use some arbitrary
circuit analysis to guess a few likely keys, and then use key
confirmation to determine which (if any) of these is the correct
key. Key confirmation is applicable even if the locked netlist
is SAT attack resilient. Indeed, the SAT attack fails on most
of these locked circuits as shown in Figure 5.
D. Discussion
Our results reinforce the observation that all known logic
locking schemes are vulnerable to attack. We assert this is
because the logic locking community has not adopted notions
of provable security from cryptography. For instance, consider
an adaptation of indistinguishability under chosen plaintext
attacks (IND-CPA) [3] to logic locking. In this game, the de-
fender initially picks two keys K1c and K
2
c , and a bit b ∈ {0, 1}.
The game now proceeds in rounds. Each round consists of the
adversary providing two different circuits to the defender. The
defender locks one of them with Kbc. The adversary wins if
they can guess which of the two circuits was locked with a
non-negligible advantage over guessing. It is easy to see that
the adversary always wins this game for SFLL-HDh as the
original circuit is largely unchanged by locking and only the
cube stripper and functionality restoration unit are added to
11
the circuit. Hence the adversary can easily win the game with
an algorithm for circuit equivalence. In fact, to the best of
our knowledge, the adversary would win the game described
above for all logic locking schemes proposed so far. Secure
logic locking needs a methodology that can win this game.
A second important contribution of this paper is the key
confirmation attack which opens up new possibilities for
the application of Boolean reasoning engines based on SAT
solvers to logic locking research. This is an important exten-
sion to the SAT attack that shows how keys that are “guessed”
using some structural and functional analysis can be provided
as a hint to the SAT attack. These hints are usable by the
key confirmation attack even against SAT-resilient locking
schemes. In fact, the key confirmation attack can also be
used to parallelize the SAT attack by partitioning the key
input space into different regions and setting ϕ to search over
these distinct regions in each parallel invocation. Exploration
of these and other related ideas is left for future work.
VII. CONCLUSION
This paper proposed a set of Functional Analysis attacks
on Logic Locking (FALL attacks). We developed structural
and functional analyses to determine potential key values of a
locked logic circuit. We then showed how these potential key
values could be verified using our key confirmation algorithm.
Our work has three important implications. First, we showed
how arbitrary structural and functional analyses can be syner-
gistically combined with powerful Boolean reasoning engines
using the key confirmation algorithm. Second, our attack
was shown to often succeed (90% of successful attempts
in our experiments) without requiring oracle access to an
unlocked circuit. This suggests that logic locking attacks may
be much more easily carried out than was previous assumed.
Finally, the FALL attack successfully defeated secure function
logic locking (SFLL), the only locking algorithm resilient
to known attacks on logic locking. Experiments showed that
FALL defeated 65 out of 80 benchmark circuits locked using
SFLL, the only logic locking technique that was resistant to
previously known attacks.
REFERENCES
[1] Bengt Aspvall, Michael F. Plass, and Robert Endre
Tarjan. A linear-time algorithm for testing the truth
of certain quantified boolean formulas. Information
Processing Letters, 8(3):121 – 123, 1979.
[2] A. Baumgarten, A. Tyagi, and J. Zambreno. Preventing
IC Piracy Using Reconfigurable Logic Barriers. IEEE
Design and Test, 27(1), Jan 2010.
[3] M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A
Concrete Security Treatment of Symmetric Encryption.
In Proceedings of the 38th Annual Symposium on Foun-
dations of Computer Science. IEEE, 1997.
[4] A. Biere. Lingeling, Plingeling and Treengeling. In
A. Balint, A. Belov, M. Heule, and M. Ja¨rvisalo, editors,
Proceedings of the SAT Competition, 2013.
[5] P. Chakraborty, J. Cruz, and S. Bhunia. Surf: Joint
structural functional attack on logic locking. pages 181–
190, May 2019.
[6] R.S. Chakraborty and S. Bhunia. Hardware Protection
and Authentication Through Netlist Level Obfuscation.
In IEEE/ACM International Conference on Computer-
Aided Design, 2008.
[7] Stephen A Cook. The complexity of theorem-proving
procedures. In Proceedings of the third annual ACM
symposium on Theory of computing, pages 151–158.
ACM, 1971.
[8] Defense Science Board Task Force on High Performance
Microchip Supply. http://www.acq.osd.mil/dsb/reports/
ADA435563.pdf, 2005.
[9] S. Dupuis, P.-S. Ba, G. Di Natale, M.-L. Flottes, and
B. Rouzeyre. A Novel Hardware Logic Encryption Tech-
nique for Thwarting Illegal Overproduction and Hard-
ware Trojans. In IEEE International On-Line Testing
Symposium, 2014.
[10] IHS Technology Press Release: Top 5 most
counterfeited parts represent a $169 billion potential
challenge for global semiconductor industry.
https://technology.ihs.com/405654/top-5-most-
counterfeited-parts-represent-a-169-billion-potential-
challenge-for-global-semiconductor-market, 2012.
[11] Alan Mishchenko. ABC: System for Sequential Logic
Synthesis and Formal Verification. https://github.com/
berkeley-abc/abc, 2018.
[12] M. Pecht and S. Tiku. Bogus! Electronic manufactur-
ing and consumers confront a rising tide of counterfeit
electronics. IEEE Spectrum, May 2006.
[13] S.M. Plaza and I.L. Markov. Solving the third-shift
problem in ic piracy with test-aware logic locking. In
IEEE Transactions on CAD of Integrated Circuits and
Systems, 2015.
[14] J. Rajendran, Y. Pino, O. Sinanoglu, and R. Karri.
Security Analysis of Logic Obfuscation. In Proceedings
of the Design Automation Conference, 2012.
[15] J. Rajendran, H. Zhang, C. Zhang, G. S. Rose, Y. Pino,
O. Sinanoglu, and R. Karri. Fault Analysis-Based Logic
Encryption. IEEE Transactions on Computers, 64(2), Feb
2015.
[16] J. A. Roy, F. Koushanfar, and I. L. Markov. EPIC: Ending
Piracy of Integrated Circuits. In Proceedings of Design,
Automation and Test in Europe, 2008.
[17] K. Shamsi, M. Li, T. Meade, Z. Zhao, D. Z. Pan, and
Y. Jin. Appsat: Approximately deobfuscating integrated
circuits. In 2017 IEEE International Symposium on
Hardware Oriented Security and Trust (HOST), 2017.
[18] Yuanqi Shen and Hai Zhou. Double DIP: Re-Evaluating
Security of Logic Encryption Algorithms. In Proceedings
of the on Great Lakes Symposium on VLSI 2017, 2017.
[19] Semiconductor Industry Association: Anti-
Counterfeiting Whitepaper One-Pager. http:
//www.semiconductors.org/clientuploads/directory/
DocumentSIA/Anti%20Counterfeiting%20Task%
20Force/ACTF%20Whitepaper%20Counterfeit%
20One%20Pager%20Final.pdf, 2013.
[20] Deepak Sirone and Pramod Subramanyan. Fall Attacks
Source. https://bitbucket.org/spramod/fall-attacks, 2018.
[21] Deepak Sirone and Pramod Subramanyan. Functional
12
Analysis Attacks on Logic Locking. In Proceedings of
Design Automation and Test in Europe (DATE), 2019.
[22] P. Subramanyan, S. Ray, and S. Malik. Evaluating the
Security Logic Encryption Algorithms. In 2015 IEEE
International Symposium on Hardware Oriented Security
and Trust (HOST), 2015.
[23] Pramod Subramanyan and Sayak Ray. SAT and Key
Confirmation Attacks Repository . https://bitbucket.org/
spramod/host15-logic-encryption, 2019.
[24] R. Torrance and D. James. The State-of-the-Art in
IC Reverse Engineering. In Proceedings of the 11th
International Workshop on Cryptographic Hardware and
Embedded Systems, 2009.
[25] J. Villasenor and M. Tehranipoor. The Hidden Dangers
of Chop-Shop Electronics. IEEE Spectrum, Sep 2013.
[26] Y. Xie and A. Srivastava. Mitigating SAT Attack on
Logic Locking. In International Conference on Crypto-
graphic Hardware and Embedded Systems, 2016.
[27] Y. Xie and A. Srivastava. Anti-sat: Mitigating sat attack
on logic locking. IEEE Transactions on Computer-Aided
Design of Integrated Circuits and Systems, 2018.
[28] X. Xu, B. Shakya, M.M Tehranipoor, and D. Forte.
Novel Bypass Attack and BDD-based Tradeoff Analysis
Against all Known Logic Locking Attacks. In Cryptology
ePrint Archive, 2017.
[29] M. Yasin, B. Mazumdar, S.S. Ali, and Sinanoglu O.
Security Analysis of Logic Encryption against the Most
Effective Side-Channel Attack: DPA. In IEEE Interna-
tional Symposium on Defect and Fault Tolerance in VLSI
and Nanotechnology Systems, 2015.
[30] M. Yasin, B. Mazumdar, J. J. V. Rajendran, and
O. Sinanoglu. SARLock: SAT attack resistant logic
locking. In 2016 IEEE International Symposium on
Hardware Oriented Security and Trust (HOST), pages
236–241, 2016.
[31] M. Yasin, B. Mazumdar, O. Sinanoglu, and Rajendran
J. Removal Attackson Logic Locking and Camouflaging
Techniques. In IEEE Transactions on Emerging Topics
in Computing, 2017.
[32] M. Yasin, S.M. Saeed, J. Rajendran, and O. Sinanoglu.
Activation of logic encrypted chips: Pre-test or post-test?
In Design, Automation Test in Europe., 2016.
[33] Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari
Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran,
and Ozgur Sinanoglu. Provably-secure logic locking:
From theory to practice. In Proceedings of the 2017 ACM
SIGSAC Conference on Computer and Communications
Security, CCS ’17, 2017.
[34] Muhammad Yasin, Abhrajit Sengupta, Benjamin Carrion
Schafer, Yiorgos Makris, Ozgur Sinanoglu, and Jeyav-
ijayan (JV) Rajendran. What to lock?: Functional and
parametric locking. In Proceedings of the on Great Lakes
Symposium on VLSI 2017, 2017.
