Abstract-We present a methodology for the watermarking of synchronous sequential circuits that makes it possible to identify the authorship of designs by imposing a digital watermark on the state transition graph (STG) of the circuit. The methodology is applicable to sequential designs that are made available as firm intellectual property, the designation commonly used to characterize designs specified as structural hardware description languages or circuit netlists. The watermarking is obtained by manipulating the STG of the design in such a way as to make it exhibit a chosen property that is extremely rare in nonwatermarked circuits while, at the same time, not changing the functionality of the circuit. This manipulation is performed without ever actually computing this graph in either implicit or explicit form. Instead, the digital watermark is obtained by direct manipulation of the circuit description. We present evidence that no known algorithms for circuit manipulation can be used to efficiently remove or change the watermark and that the process is immune to a variety of other attacks. We present both theoretical and experimental results that show that the watermarking can be created and verified efficiently. We also test possible attack strategies and verify that they are inapplicable to realistic designs of medium to large complexity.
I. INTRODUCTION

W
ATERMARKING is a technique traditionally used to securely identify the authenticity of the source of official documents, usually in paper format. The name comes from the original technique that used semitransparent marks made on paper.
Recently, the application of similar techniques to protect and identify documents in other formats has raised considerable interest. In particular, digital watermarking has been applied to the protection of intellectual property (IP) in digital form [1] - [3] . Digital watermarking unambiguously embeds digital information in a piece of IP in such a way that it is very hard to remove and, in general, also very hard to detect. The hidden information can be anything that uniquely identifies the author or proprietary of the piece of IP, which is undetectable to the human perception. If necessary, the digital watermark can be used in court to prove the ownership of the piece of IP. More commonly, the presence (or potential presence) of a digital watermark will discourage unauthorized use of the IP, thus avoiding the need for legal action altogether.
Manuscript received January 16, 1999 ; revised October 9, 2000. This paper was recommended by Associate Editor R. Gupta.
The author is with the Department of Informatics, Instituto Superior Téc-nico, Lisbon Technical University, 1000 Lisbon, Portugal. He is also with the INESC-ID, 1000 Lisbon, Portugal, and the Lisbon Center of the Cadence European Laboratories, Lisbon, Portugal (e-mail: aml@inesc-id.pt).
Publisher Item Identifier S 0278-0070(01)06890-7.
In the context of digital systems design, the interest in watermarking stems from the fact that, increasingly, reuse-based design methodologies offer the promise of increased productivity and reduced time to market. In this paper, we are concerned with the protection of IP for digital hardware designs.
Hardware made available as IP may be described in a variety of formats. From behavioral descriptions in hardware description languages (HDLs) to actual layouts, the problem of protecting IP from being used in inappropriate ways is relevant to both the IP producer and the computer-aided design companies that develop the integration software.
Traditionally, IP has been classified as hard, firm, or soft, according to the degrees of freedom left to the user to manipulate it. Hard IP, available, for instance, in the form of a partially (or totally) routed layout, cannot be modified by the user and should be used as is, presumably with a minimum degree of freedom to allow for technology evolution. Soft IP, on the other hand, needs to be processed and can be mapped to a variety of supports. For instance, soft IP made available as synthesizable HDL has to be synthesized, mapped, and laid out by the user.
At an intermediate level, we have the so-called firm IP. This could be, for example, a design that is specified as a circuit netlist or as a structural HDL description mapped or not to a specific technology.
A variety of methods exists for the protection of diverse types of hard IP using digital watermarking. In particular, techniques for watermarking layouts, field programmable gate array (FPGA) realizations, and results of optimization steps have been proposed. These techniques and their relation with the present work are discussed in Section II.
The watermarking of other types of IP, such as firm or soft IP, is conceptually harder since the user has a larger amount of freedom and can manipulate the designs in ways that will, in many cases, remove the watermark. In fact, the user can use techniques like variable or signal renaming, resynthesis, retiming, redundancy removal, and other forms of design manipulation that will erase any watermarks created using other known methods.
In this paper, we present a technique for the watermarking of firm IP designs that is hard to remove, since removal of the watermark requires a computationally expensive procedure. This can be done because the watermark is obtained by creating a specific property on the state transition graph (STG) of the circuit. Since the STG is, in general, exponentially larger than the circuit description itself, analyzing it to perform watermark detection or removal is computationally very expensive.
The basic idea underlying the approach described is described in Section III. The method can be applied by imposing a va-0278-0070/01$10.00 © 2001 IEEE riety of properties on the STG. To test the approach, we have selected one particular transformation yielding a specific set of properties. Algorithms that can be used to create and verify a watermark, defined by this set of properties, are presented in Section IV. Section V analyzes in detail a number of possible attacks that aim at removing the watermark or otherwise defeat the purpose of the watermarking process. Section VI describes the results obtained in a prototype implementation of the algorithms described in Section IV. We conclude by presenting the conclusions and promising directions for future work.
II. RELATED WORK
Watermarking techniques for the protection of digital circuit designs have received a lot of attention recently. Most techniques use the fact that the design cycle requires multiple transformations on a given design, thereby allowing designers to impose a variety of watermarks at different stages of the design process.
The process of hierarchical watermarking [4] can be accomplished by marking each step of the synthesis and layout processes with a specific watermark. This can be easily accomplished by imposing specific characteristics on the solutions of optimization problems encountered in the design process [5] . In this way, not only one, but several watermarks may be present in the final design. Moreover, if a specific watermark is created during a given phase of the design process, all posterior phases of this process will be protected by that watermark. For example, if a watermark is created in the technology mapping phase of a design, not only will the technology mapped circuit be protected by the watermark, but also the placement, routing, and actual layout will be unambiguously marked by this process.
A variety of techniques has been proposed for watermarking different steps of the design process. In particular, algorithms have been proposed for watermarking solutions of general purpose optimization problems like graph coloring [6] , combinational logic synthesis solutions [7] , FPGA mappings of digital circuits [8] , [9] , and the results of the final layout design stage [4] , [5] .
Although these results are highly relevant and useful on a large number of conditions, they fail to provide a solution for the following very important problem: how to identify unambiguously the origin of a given digital design made available in the form of firm IP (circuit netlist or structural HDL) in such a way as to make this identification resistant to tampering.
In fact, a very large fraction of the work involved in specifying a digital design goes in the design at the behavioral and structural levels with many designs being carried out entirely at the structural level. All the watermarking techniques described above can be used to protect many subsequent steps, but they do not protect the design itself. Furthermore, they are not resistant to an automated reverse engineering approach, where, for instance, the logic level netlist is extracted from the layout and used to create a new design 1 from scratch. Clearly, all the work involved in the synthesis and physical design steps will have to be redone, but this may be a small part of the total design effort involved, especially if the timing requirements of the design are not overly demanding.
For these reasons, this paper aims at protecting the design itself by encoding a digital watermark on the STG of the circuit. This technique is the first to give a positive answer to the question raised above and, therefore, stands as a very interesting possibility for designers interested in preserving their IP rights upon designs made available in the form of firm IP.
Different approaches for the watermarking of sequential functions that use the degrees of freedom allowed by the existence of incompletely specified descriptions of logic functions have also been proposed [10] - [12] . These approaches create the watermark by forcing specific values on transitions that were originally unspecified. Our approach differs from these in that it does not specifically use don't care information. Instead, it manipulates implicitly the STG of the finite state machines (FSMs) to implant a specific watermark.
III. WATERMARKING FIRM IP BY STG MANIPULATION
The approach proposed in this work manipulates the STG of the original design with the objective of creating a watermark that identifies uniquely and with high probability the author of a given design.
The basic idea is to change the STG in such a way that a specific topological property is present in the sequence of states traversed by a sequence of inputs that corresponds to a given signature. If this property is chosen in the right way, it will rarely be present in designs that have been obtained independently, but will be present in any design that is a copy of the original one, even if this design is manipulated and changed in a variety of ways. For the method to be efficient and robust, the change in the STG has to be accomplished without actually storing the STG, either in explicit or implicit form.
We consider a somewhat idealized, but otherwise realistic case in which a given sequential design that belongs to its legitimate owner (Alice) is made available to a user (Bob). We will assume that the sequential design in question represents a fully synchronous design and that the specification of its functionality from an input-output (I/O) perspective is publicly available.
Furthermore, we will consider that the functionality of the design is fixed, i.e., its I/O behavior is completely specified. Therefore, we will create a distinctive watermark without changing the function of the circuit. The possibility of actually changing the function of the design in a minor, but significant way is analyzed in Section IV-I.
We will assume that the set of inputs and outputs 2 is well identified and each input is known by a specific name, described in a publicly available data sheet. We further assume that a specific ordering is used on the inputs.
The techniques we propose are applicable to the case where the piece of IP is made available either in a structural HDL description or in the form of a netlist either technology-specific or technology-independent. Such a description defines, in a unique way, the behavior of the sequential circuit and the structure of the STG.
The typical user will start from such a description, map it, if needed, to a specific technology, perform retiming and other logic level optimizations, and use it as part of more complex designs. The difficulty arises when a user that has access to the description of this piece of IP wishes to use it in ways that are not compatible with the existing agreement between him and the IP provider.
In this case, the user may decide to perform a variety of changes to the IP description that may make it difficult to identify the origin of the design. Straightforward ways to change such a design include signal renaming, resynthesis of the combinational logic, reencoding of the states, retiming, redundancy removal or accrual, etc. If the design is not marked in some way that makes it easy to identify, it may be impossible to prove that it was actually stolen. In fact, equivalent functionality is not proof of wrongdoing, as the I/O specifications are public and a redesign from scratch is always possible.
There are many ways to create a change in the STG that embeds a specific watermark. In general, any change in the STG that can be used as a watermark in this framework should have the following characteristics.
1) The change in the STG can be performed by direct manipulation of the circuit.
2) The sequence of states traversed by the sequence of inputs specified by the watermark exhibits a specific property that: a) is rarely present in nonwatermarked designs; b) can be checked efficiently if the sequence of inputs that represents the signature is known; c) is hard to detect if the sequence of inputs that represents the signature is not known; d) can not be easily removed by methods that manipulate the circuit netlist.
3) The change has a limited impact on the size and speed of the circuit. The choice of the specific STG manipulation to perform is an important one since if affects the quality of the watermark, the difficulty of removal, and the impact on circuit quality.
To analyze the feasibility of the approach, we selected one specific STG transformation, which is obtained with the addition of a small number of registers and some additional combinational logic. This specific transformation is used in the remaining of the article. Although the detailed description, the analysis of possible attacks, and the experimental results are all obtained with this specific transformation, that transformation is by no means unique. Designers interested in applying this method may decide to use a different transformation, either inspired in the one used here or obtained in a totally independent way.
A. Creating the Watermark
The basic idea underlying the proposed method can be described in a simple way. Alice, the IP rightful owner, starts by defining an arbitrary long string that clearly describes her ownership rights. For example, she may decide to mark the design with the message "This design is the property of the Regents of the University of California." After encrypting this message with her private key of a known public key cryptosystem, she uses a one-way hash function, such as MD5, to obtain a compact signature of this arbitrarily long sentence. In this particular case, MD5 will produce a 128-bit message digest that is hard to invert, i.e., it is computationally infeasible to find another message that hashes to that same value.
Alice breaks this sequence of 128 bits into a sequence of input combinations. For example, if the design has 16 inputs, the sequence of 128 bits defines a unique sequence of eight input combinations.
Alice then proceeds to change the STG in such a way that the sequence of states reached by this sequence of inputs exhibits a specific property, which is rare in nonmodified STGs. This property is purely topological and does not depend on the specific encoding used for the states, the number of registers, or the details of the combinational logic.
If, later on, Alice wishes to prove in court that Bob stole her property, she only has to show that the sequence of 128 bits obtained from her message defines a path in the STG such that the set of traversed states exhibits that specific property.
IV. ALGORITHM FOR WATERMARKING STGS
A. Basic Definitions
This section introduces some general definitions that will be used throughout the paper. Other more specific definitions will be introduced as needed.
Definition 1: A Mealy-type FSM is a tuple , where is a finite set of input symbols, is a finite set of output symbols, is a finite set of states, is the initial "reset" state, is the transition function, and is the output function.
We will assume that and will use will use to denote a particular state, a particular input symbol, and a particular output symbol. We will use binary decision digrams ( BDDs) [13] - [15] as a data structure to represent implicitly the transition and output functions of the FSM under study, a method that is well known in the logic verification literature and first proposed in the seminal work of Coudert et al. [16] . Although a detailed description of the properties and characteristics of BDDs is outside the scope of this work, we will introduce the basic concepts required.
Given a set of present-state variables, a set of primary inputs, and a set of next-state variables, we define the transition relation 3 as follows. Definition 6: The transition relation of an FSM , defined over and , is
The equation denotes sets of valid triples , where each triple represents a transition in the STG [17] . Manipulation of STGs using transition relations is particularly interesting when the relation and the transition and output functions are defined implicitly using BDDs as the underlying data structures. Given a transition relation, it is possible to compute the image of a set of states defined by its characteristic function using the following expression:
In a similar way, it is possible to compute the preimage of a set defined by its characteristic function using
In the above expressions, the existential quantification is obtained using BDD operations by computing
By initializing and performing successive applications of the image computation operator in accordance with expression 7 and until a fixed point is reached, it is possible to compute , the set of states reachable from
This set of reachable states represents a very important characteristic of the FSM and will be used extensively when attacks on the method are studied. Finally, by computing the product machine and its set of reachable states , it is possible to compute, in implicit form, the equivalence relation between states [18] , which defines pairs of states in that are equivalent.
Hash functions and one-way hash functions will also be used in the sequence. A hash function is a transformation that takes an input and returns a fixed-size value, called the hash value , i.e.,
. A hash function is said to be one-way if it is hard to invert, which means that it is computationally infeasible to find some input such that for a given fixed .
B. Watermark Creation
To execute the algorithm outlined in Section III-A, Alice will need to perform the following tasks.
1) Create the signature message.
2) Encrypt it using the private key of a public key cryptosystem. 3) Apply the one-way hash function to obtain the message digest. 4) From the bits in the message digest, create a sequence of inputs. 5) Modify the STG to obtain the desired watermark. Later on, if Alice wishes to prove that the piece of IP was stolen, she will also need to be able to show, with very high confidence, that the watermark is present.
Finally, it is critical for the effectiveness of the approach that the changes in the STG are performed directly by manipulation of the circuit. The sections that follow detail each one of these steps.
C. Creation of the Signature Message
The definition of the signature message can be performed, in principle, in an arbitrary way. Given the difficulty inherent to the inversion of the one-way hash function, it is computationally infeasible to select a message that hashes to a desired input sequence. If that were possible, Alice might be accused of creating a message that, after being hashed, traverses a sequence of states that exhibits the desired property, even though the design was not hers originally.
Therefore, Alice can pick any reasonable message and use it to sign her design. The message should contain information that clearly identifies Alice as the rightful owner of the IP together with any additional information that might be considered useful.
D. Encryption of the Message
Alice carries out this step by encrypting the message obtained in the previous section with the private key of a public/private key pair of some well-known public key cryptosystems as, for example, Rivest-Shamir-Adleman algorithm [19] .
The public key should be known, made public, and available through the normal channels for public key distribution.
E. Application of the One-Way Hash Function
The application of the one-way hash function to the encrypted message will yield the desired sequence of input bits. Although, in principle, any one-way hash function can be used, we recommend the use of a standard well-known message digest algorithm like MD5 [20] . This will later simplify the task of proving that the specific design is indeed Alice's property, since the use of a less well-known one-way hash function may raise doubts about the intrinsic difficulty of computing its inverse.
F. Creation of the Input Sequence
Given the sequence of 128 bits obtained in the previous step, it is relatively straightforward to break this sequence in a sequence of input strings. If the circuit has primary inputs, a set of input combinations can be derived in the natural way. All that is needed is a specific order of the input pins, which can be obtained (if no other natural order exists) by alphabetical ordering of the input names defined in the publicly available specifications.
As an example, if the 128-bit signature starts with and the circuit has three primary inputs , the first two input combinations will be and . If 128 does not divide the number of inputs evenly, the remaining bits in the final combination can be padded with zeros.
After this simple procedure, we are left with input combinations, which will be applied to the circuit in consecutive time steps.
G. Modification of the STG
The modification of the STG is the crucial component of the process, since it is this step that will create the actual watermark in the piece of IP that Alice wishes to protect. This section presents a particular modification that satisfies all the criteria defined in Section III. We first describe the modification introduced from a point of view of changes in the structure of the STG and, after that, describe how this particular modification can be accomplished by direct circuit manipulation.
1) Modification Imposed on the Structure of the STG:
Consider the original STG for the design. The sequence of input combinations will traverse a sequence of (not necessarily distinct) states starting at the reset state . Let and the sequence of STG edges traversed by this sequence be . The particular STG modification we propose in this section, which will be used to evaluate experimentally the method, is obtained by performing the following changes in the STG: for each time step , Alice will create a state . Let . The modified STG is created by performing the following operations.
1) Duplicate all the states and transitions in the STG, creating a state for each state . Let . to a state by a transition to , the duplicate of created in Step 1. After this procedure terminates, the sequence of inputs will start at and traverse the sequence of states . The next input will cause a transition to a state in . Note that there is no other sequence of inputs that will traverse this specific sequence of states. As an example, consider the STG shown in Fig. 1 . Although this STG represents a particular example, it will be used to illustrate the procedure in its generality. For this example, assume a three bit signature given by that, for this STG, traverses states . After creating states together with the states and after changing the source and destination of the involved edges in Fig. 1 , we will obtain the STG shown in Fig. 2 . Note that in this modified STG, the only way to traverse states in this order is to apply the sequence . We now claim that the sequence of states traversed by the application of input sequence exhibits a very specific property that can be used to identify this design, regardless of the state encoding used. This property is the following.
Property 1: Each state can only be reached from state (8) Proof: By construction of the STG, each state has only one incoming edge and this edge comes from state . The existence of this property for a given sequence of inputs can now be checked, as described in I-H. Clearly, the presence of this property for the sequence is not an absolute proof that this design was marked with Alice's signature. Indeed, given an arbitrary random sequence of inputs and an STG randomly picked from some arbitrary distribution, there is a finite nonnull probability that the sequence of states traversed by exhibits Property 1. We will call the probability of a false positive watermark detection.
Although it is hard to derive upper bounds for the value of , we present empirical evidence that for the large majority of the designs is very low. We discuss the importance of this fact in some detail in Section V. Note that the security of this watermarking procedure is entirely based on the inability of the would be attacker to perform state minimization on the resulting STG. If a state minimizer program [21] - [23] could be applied to this STG, all the redundant states would be removed and the watermark deleted. In practice, the majority of the designs that represent interesting IP are too complex for this procedure to be applied, since the STG cannot, in general, be extracted. There is, however, the possibility of actually changing the functionality of the FSM to avoid this method of attack. We address this possibility in Section IV-I.
Clearly, this particular STG modification is only of interest because it can be obtained without ever manipulating the STG directly, a procedure detailed in Section IV-G2.
Additionally, we will define a second less-strict property that is also exhibited by the sequence of states . Property 2: Each state can only be reached from state by applying input (9) Proof: This result is a direct consequence of the way states were defined, with only one incoming transition from . Clearly, Property 2 is usually less strict than Property 1. Property 1 states that there is only one particular state in the preimage of , while Property 2 states that there is only one input minterm that causes the transition from to , but leaves open the possibility of other edges incoming into , possibly coming from other states in the STG. Although this does not happen in the modified STG, the motivation for the introduction of this weaker property will be made clear when a series of methods of attack are described in Section V.
These two properties lead to our main result, which represents the cornerstone of the watermarking procedure. , if ; c) otherwise, . Fig. 3 illustrates the modifications that need to be made in the circuit to obtain the modified STG. For illustration purposes, counter has three synchronous control inputs: En, Rst, and Ld, which enable its counting, reset it, and enable the external load. External load has priority over count enable and reset has priority over external load.
Analyzing these changes, it is straightforward to verify that the STG of the modified circuit has the following characteristics.
1) Until gate
becomes active, the circuit behaves identically to the original one, with all the registers in counter keeping the value zero. 2) When input is applied in state , the output of gate becomes one and the counter increments to one. 3) For each successive application of , applied in this order, gate becomes active and the counter is incremented up to the value . If some other input is applied, the counter is reset to zero. 4) Once the counter reaches the value , its value is incremented to in the next clock cycle and stays at that value. This behavior realizes the STG illustrated in Fig. 2 . For this circuit, the registers in counter can be viewed as representing an extra set of state variables. States correspond to the counter having the value zero. States correspond to values in varying from one to . Finally, states in correspond to having the value . We remark that the presence of gate is actually not necessary and that the STG still exhibits all the properties described above even if this gate is not there. If this gate is not present, there will exist a sequence of states with the properties exhibited by starting at each state in . There will be, in fact, chains of states with these properties. By default, the watermarking procedure does not include gate unless specified by the user.
Although the modified circuit shown in Fig. 3 has a functionality represented by a modified STG, clearly the value of the extra state variables does not affect the value of the outputs. Therefore, although this change modifies the STG in such a way as to create the desired watermark, it is trivial to remove it by simply removing any logic and registers not connected to the primary outputs. 4 The next step will make the extra state variables influence the value of the primary outputs, thereby making their removal a complicated and time-consuming process. The idea is to change the state encodings in such a way that the new state variables will change value even when inputs not belonging to the sequence representing the signature are applied. Note that the circuit in Fig. 3 is a fully synchronous circuit and, therefore, it can be represented by the leftmost circuit in Fig. 4 . By adding two transcoders, (blocks A and B) as shown on the rightmost circuit of Fig. 4 , the newly introduced state variables will not only influence the value of the primary outputs, but will also change value for inputs other than . In our experiments, the transcoders shown are obtained by performing a series of linear transformations [24] .
It may seem that the extra circuits added to obtain the modified FSM will have such a complexity that the method will impose a large overhead if applied to any circuit of medium complexity. Note, however, that the final circuit [see Fig. 4(b) ] can be optimized using any logic synthesis tools available. This optimization may also include retiming operations, which means that the extra delay added will not be as significant as it may seem from a cursory analysis of Figs. 3 and 4. The experimental results in Section VI show that in most cases, the area and delay overhead are very small and well within the range of normal variations expectable from the performance of state-of-the-art synthesis tools.
H. Watermark Verification
Given a specific design and Alice's signature, the verification of the presence of Alice's watermark in that design can be made be checking for the presence of the desired properties for the set of states traversed by inputs . Although the theoretical worst case complexity of this procedure is provably high, it can usually be performed with reasonable computational resources using one of the approaches described in the following sections. We will first describe how the presence of Property 1 can be verified, since the changes required to check for the presence of Property 2 are straightforward.
1) Computation of the Preimage of Each State in :
Given the transition relation for the circuit and the state codes for the set of states reached by , it is straightforward to check for the presence of Property 1.
This can be done by computing the preimage of each state . Given a transition relation , the preimage of a set of states, defined in terms of the variables , can be computed using (5) . By performing preimage computations, one for each state , the check for Property 1 is successful if for . In practice, and for complex designs, it may be difficult or impossible to compute . In this case, it is possible to perform the above computation without actually computing . This method is described in the next section. For even larger designs, the most efficient method is based on the use of automatic test pattern generation (ATPG) techniques [25] . This approach is described in Section IV-H3. 
2) Faster Computation of the Preimage:
To avoid the need to actually compute the transition relation, we note that to compute the preimage of a state , represented by the values of the state variables , it is sufficient to compute the following expression: (10) In general, the computation of this expression requires much less computational resources than the computation of the full transition relation, since in (10), represents a constant value. Note that this specific technique can only be applied because we are interested in the computation of the preimage of a small number of specific states and cannot be applied to the general case of preimage computation of a set of states.
3) Application of ATPG to Compute the Preimage: Although the techniques shown in the previous section are easy to state and understand, their applicability is restricted to small and medium size designs. Given the nature of Property 1 is interested in verification, the use of ATPG techniques provides the most efficient method to check for its existence. Knowing the set of states traversed by and knowing the specific primary input values that exercised each transition , it is possible to use a standard ATPG tool to answer the following question: is it true that for each value of ? This question can be answered by forcing specific values for the output signals that correspond to the next state variables that represent and using the ATPG tool to find all the assignments to the state variables that justify the observed output values. This is easily done by executing the following algorithm. 6) Otherwise, create the circuit shown in Fig. 6 , where is a primary output. 7) Check for the existence of an input combination for the fault node stuck-at 0. 8) If a pattern exists, conclude that the circuit does not exhibit Property 1 and stop. 9) Otherwise, we proved that the only way to reach is from state . Continue.
To understand the way the algorithm works, note that an input pattern for the fault node , stuck-at 0 in Fig. 5 Note that, in practice, only the circuit in Fig. 6 is required as long as both and are observable outputs, since this circuit contains the circuit in Fig. 5 .
4) Verifying Property 2:
The results described in the previous sections describe how a circuit can be tested for the presence of Property 1 given a specific signature. It will be useful, in some cases, to be able to check also for the presence of Property 2. This property, although slightly more likely to appear by chance in an unmarked STG, is more resilient to removal by sophisticated attacks and its presence is also sufficiently conclusive to prove the presence of the watermark. Clearly, the approach described in Section IV-H2 can be easily adapted to check for Property 2. In fact, it is sufficient to verify if the expression (11) is true only for . If that is the case, then it exists one and exactly one input combination that leads from state to state . In an analogous way, it is easy to adapt the ATPG-based method described in Section IV-H3. Using this method, the verification for the presence of Property 2 is performed by creating a extra gates that force the previous state to be , as shown in Fig. 7 . The second part of the procedure consists simply in verifying that no test exists for the fault node stuck-at 0, since that would mean that inputs other than would cause the transition from .
I. Changing the Function of the Circuit
Given the result in theorem 1, it is clear that the watermark is created by introducing redundancy in the transition graph and, therefore, can be removed if a state reduction method is applied to the modified STG. Although this redundancy is extremely difficult to remove for any circuit of medium or large complexity, there is clearly some interest in considering the possibility of changing the functionality in such a way as to avoid this line of attack. This is usually possible since, in many cases, there are some degrees of freedom in the system specification that allow for minor changes in the circuit behavior. Assume, therefore, that in some state , one of the output variables may take either the value zero or one. This is equivalent to the presence of one sequential output don't care. Furthermore, assume that this state can be reached from state . If this is the case, it is possible to change the circuit functionality in the following way.
1) Determine what is the encoding of state , the copy of state created in the watermarking procedure. 2) For state , force to take the opposite value it takes in state by decoding state and using an EXOR gate. If this procedure is followed, the two FSMs are no longer equivalent since any state that can reach is no longer equivalent to state . This means that STG reduction or other forms of redundancy removal will no longer remove the watermark.
Although this procedure is useful and likely to be used in practice, in Sections V and VI we will analyze the performance and the vulnerabilities of the method in the situation where this change is not performed. There are two reasons for this: 1) even without changing the functionality of the FSM, removal of the watermark is a very difficult process and 2) when this modification is not applied, the creation of the watermark is a totally automatic procedure that works solely on the circuit description and does not require intervention of the designer or the definition of output don't cares.
J. Fraud Detection
The verification scheme described in Section IV-H can only be applied if the structural description of the circuit is available for analysis. This is the case, in general, if a claim of stolen ownership comes to court and the defendant wants to prove his innocence. Many other watermarking schemes work based on the principle that the stolen piece is available for analysis by a team of experts.
However, there remains the important point of detecting with reasonable confidence that a piece of stolen IP was unduly used and integrated in a complex system, such as a system-on-a-chip. Given that firm IP is provided as a structural description of the circuit and can be manipulated in many ways before being used, an analysis of the layout or other characteristics of the circuit is unlikely to be of any help. However, if the final circuit supports structured test facilities, it may be possible to infer with high confidence the presence of the watermark in a given module.
Infact, if it possible totestthefunctionalityofagiven moduleby applying a selected set of tests,the IPprovidermay use that feature to verify with some level of confidence the presence of Properties 1or2.Thiscanbedonebyapplyingthesequenceofinputsthatcorresponds to the signature and obtaining the sequence of states visited by this sequence. If the application of similar (but different) sequences of inputs does never lead to the same sequence of states, then there exists strong evidence that, in fact, the special properties evidenced by the watermarked design are present. This procedure can be carried out efficiently since the actual hardware is being used to test for the presence of the watermark.
Note, however, that unless exhaustive tests are conducted, the confidence exhibited by this evidence is weaker than if the circuit is examined directly by the presence of Properties 1 and 2.
V. POSSIBLE ATTACKS ON THE METHOD
There are two different ways in which an attacker may try to circumvent the methodology presented in this paper and falsely claim a given piece of IP as his own. Suppose Alice designed a given piece of IP and watermarked it with a specific signature, as described in the previous section. Bob, having stolen this piece of IP, may basically resort to two courses of action: he may remove Alice's watermark from the design or he may claim that the watermark is not there and is simply an artifact that Alice discovered after the fact.
A. Attacks Based on the Removal of the Watermark
To remove the watermark, Bob will have to change the design in such a way that the specific property exhibited by that sequence of states is no longer present. To do this, Bob will have to perform a rather radical change. In fact, the following approaches will not remove the watermark from the design, since they do not change enough the structure of the STG: 1) resynthesis of the combinational logic; 2) retiming of the circuit; 3) arbitrary reencoding of the states; 4) combinational redundancy removal. All the above methods can be applied directly to the circuit itself with little cost and would, therefore, be damaging if they indeed removed the watermark. We will examine each one of them and show that they will not remove the watermark.
Bob may also try to apply more radical methods that either guarantee the removal of the watermark or have a good probability of achieving this objective. More radical methods that actually or potentially change the structure of the STG in such a way as to remove the watermark are the following: 1) perform the extraction of the STG from the circuit and apply a state reduction method and 2) perform sequential redundancy removal to remove the watermark without affecting circuit function.
We will address the applicability of these methods and will present empirical evidence that their range of applicability is restricted to relatively small circuits, therefore, not barring the applicability of the watermarking method to realistic medium and high complexity designs.
1) Combinational Circuit Resynthesis:
In an attempt to remove the watermark from the design, Bob may try to resynthesize the combinational logic of the circuit. A variety of tools can be used for this approach [26] , but all the techniques applicable to combinational logic optimization will not change the structure of the STG.
In fact, from the point of view of combinational logic synthesis, the inputs to the latches represent primary outputs, and the outputs of the latches represent primary inputs. Any resynthesis operations will leave unaltered the I/O behavior represented by the circuit and, therefore, will not change the structure of the STG.
2) Circuit Retiming: Retiming is a technique that moves registers across combinational logic without changing the functionality of the circuit [27] . Retiming does change the structure of the STG and, therefore, a careful analysis of its impact on the presence of the watermark is important. Fig. 8 shows the two possible elementary operations involved in the retiming process, when a circuit is implemented only as registers and NAND gates. 5 It is known that each of these elementary retiming operations can only change the structure of the STG in a very specific way. To describe the transformations, we need to define the concept of one-step equivalence between states. Two states and are said to be one-step equivalent iff 1) for each input, the two states have the same output label on the transitions, i.e., and 2) for each input, the destination state of each transition originating in states and is the same, i.e., . It has been shown [28] that the only transformations that can be obtained by applying retiming operations are the following: 1) merge two states that are one step equivalent and 2) split one existing state, creating two new states that are one-step equivalent. It can be shown that the transformation performed in the STG described in Section IV.G and illustrated in Fig. 2 does not introduce any one-step equivalent states. Therefore, the application of retiming to the watermarked circuit will not change the structure of STG in any way that implies the removal of the watermark, since removal of any state in the chain could only be accomplished by collapsing them with some other state to which they are one-step equivalent.
3) State Reencoding: It is possible to perform a reencoding of the states by applying to the watermarked circuit modifications similar to the ones used in Section IV-G2 to change the encoding of the states. However, no reencoding of the states will change the structure of the STG, even though the values stored in the state variables will change.
Since the watermark verification procedure is not based on the existence of any specific state encoding, changing the encodings of the states will not remove the presence of any of the properties described in Section IV.
Note that, theoretically, it should be possible to invert the process that was used in the final state of the watermark creation. However, given the large number of possible reencodings and considering that the circuit was resynthesized and retimed, this approach is unlikely to be successful with any reasonable probability.
4) Combinational Redundancy Removal:
Combinational redundancy removal is a procedure that aims at removing from the circuit any combinational logic that is not necessary for the correct behavior of the circuit. As such and if no attention is paid to the sequential behavior of the circuit, this technique will not be more powerful than combinational logic resynthesis.
However, combinational redundancy removal techniques have been proposed that take into account the set of reachable states of the FSM under examination [29] . The argument is if a given state is unreachable, that particular combination of state variables will never be present at the inputs of the circuit. This information can be used to remove logic that could not otherwise be removed.
There are two important questions to answer concerning the applicability of this technique to watermark removal: 1) can it be applied to large circuits and 2) does it remove the watermark?
The answer to the first question is that computing the set of reachable states, in general, can only be done for relatively small circuits, even using implicit enumeration techniques. This limits the applicability of this technique to circuits with relatively small size, although the exact behavior depends heavily on the circuit characteristics and the exact approach taken to enumerate the set of reachable states.
To answer the second question, we must understand what sort of changes can this approach impose on the structure of the STG. It is clear that the computation of the next state function will not change for any state reachable from the reset state. Therefore, the structure of the STG, when considering only the reachable states, will not be changed.
However, transitions originating in unreachable states can be changed by this approach. This means that the situation depicted in Fig. 9 is possible, where states and are the states created by the watermarking procedure and states and are unreachable states. Transitions like the ones shown between states and in this figure may be created by combinational redundancy removal that takes into account the reachable states. This means that Property 1 may no longer be valid in this circuit after this sort of combinational redundancy removal has been applied. Note, however, that Property 2 is still valid and can be easily verified.
5) State Reduction: Extraction of the STG from the circuit description followed by its reduction to the minimum state equivalent is an approach that is guaranteed to remove the watermark. In fact, since the reduced STG is canonical and, therefore, unique for a given circuit functionality, no watermarking methodology based on the principles used in this work may survive such a transformation. 6 Fig. 9 . Changes in the STG caused by combinational redundancy removal that takes into account the set of reachable states.
It is well known that the STG for a completely specified FSM with input combinations and states can be reduced in time [30] . However, for any sequential circuit of reasonable complexity, extraction of the STG is basically infeasible, since the STG itself is too large to represent explicitly.
Most implementations of existing state reduction algorithms need an explicit description of the STG [21] , [22] . Although implicit state reduction methods have been proposed [23] , they could not be applied to solve this problem, since they manipulate BDDs with a number of variables that is a multiple of the number of states in the STG.
An important alternative to consider are algorithms for state reduction that do not need to explicitly extract the STG from the circuit [31] . These algorithms compute the transition relation of the reduced STG by first computing an equivalence relation between states and then applying a BDD operation: the compatible projection operator. The critical step in this procedure is the computation of , which obtained by computing the product machine, something that, in general, is possible only for machines of relatively small size.
6) Sequential Redundancy Removal: Sequential redundancy removal techniques aim at removing combinational logic [32] - [34] that, although unremovable from a purely combinational analysis point of view, is redundant if the sequential behavior of the circuit is taken into account.
One of the most powerful techniques proposed aim at identifying stuck-at faults that are undetectable. Stuck-at faults at circuit nodes can be classified in two classes [34] : sequentially nonexcitable (SNE) faults and nondistinguishable (ND) faults. An SNE fault is a fault that cannot be excited from any reachable state, while a ND fault can be excited but the sequential excitation vector cannot be extended to a full test since its effect never reaches one of the primary outputs.
SNE faults can be identified by the procedure described above for combinational redundancy removal with reachable states computation. Removal of these faults will not change the reachable part of the STG, but, as in Section V-A4, may change the unreachable part of the STG and create edges incoming into states . As such, all the comments made in Section V-A4 apply: the computation of the reachable states is expensive and removal of such faults will not remove the presence of Property 2.
Removal of ND faults, on the other hand, may actually change the structure of the STG in such a way as to remove the watermark. This happens because nodes in the added circuitry may be identified as exhibiting nondetectable faults and removal of that redundancy may, in certain cases, remove the watermark.
The most efficient procedures for ND fault removal are based on the verification of equivalence between the original circuit (in this case the watermarked one) and the circuit obtained by forcing one node in the circuit at either the zero or one value [34] . If the original circuit and the circuit obtained by shorting a specific node to a constant value are equivalent, then a stuck-at fault at that node is nondetectable and some redundancy can be removed.
However, this procedure is expensive since it requires, for each node, a computation of equivalence between two possibly large sequential circuits. This equivalence is obtained by computing the product machine and its set of reachable states . Even with the use of implicit STG traversal techniques, the applicability of this type of sequential redundancy removal is restricted to not very large circuits. In Section VI, we present tests conducted with different types of redundancy removal in an attempt to characterize the range of applicability of the watermarking technique proposed.
Methods for redundancy removal that are based on the identification of sets of latches that can be either removed or replaced by combinational functions of other latches have also been proposed [35] , [36] . These methods can also be effective on the removal of the type of redundancy introduced by the watermarking procedure, but they have roughly the same computational cost of the methods described above.
One possibility is latch removal based on the identification of equivalent states followed by their collapsing. This procedure requires the computation of the equivalence relation between states , which has the computational complexity described above. A more efficient method needs only the set of reachable states and identifies latches that do not distinguish between any state in the reachable and unreachable sets of states [36] . As happens with the more sophisticated forms of combinational redundancy removal described in Section V-A4, such an algorithm will, potentially, remove Property 1, but not Property 2.
7) Other Forms of Watermark Removal: Alternatively, Bob could try to find a set of states that exhibit Property 1 and find a way to change the STG as to remove these states. However, not knowing the sequence of inputs , this task is difficult. The task is further complicated by the fact that changes other than the one described in Section IV (but still following the same general idea presented in Section III) may have been used to watermark the circuit, making the search for the specific property used a very difficult and time consuming task.
Bob may finally try to circumvent the watermarking by understanding the design and changing its functionality in some way that preserves the original specification. In general, specifications for sequential designs will always have some unspecified details that opens the possibility that two nonequivalent FSMs will match the specification.
However, this method is labor intensive and is not at all guaranteed to remove the watermark, two factors that should, by themselves, discourage would be attackers.
Finally, note that any of the attacks described in this section, even the ones that are computationally very expensive, will not remove the watermark if the procedure described in Section IV-I is applied.
8) Complexity of Methods for Watermark Removal:
As described in the previous sections, methods that can possibly remove the watermark can be classified in the following classes.
1) Methods that only require the computation of the reachable states of the original machine: combinational redundancy removal with sequential information (Section V-A4) and efficient latch removal (Section V-A6). These methods will not remove Property 2, but may remove Property 1. 2) Methods that require the computation of the reachable states of the product machine: state reduction without performing STG extraction (Section V-A5), latch removal with equivalent state information, and removal of sequentially redundant ND faults (Section V-A6). These methods will, in many cases, be able to remove the presence of both properties. 3) Methods that require the extraction of the STG, in explicit form, that are guaranteed to remove both properties. It is clear that this enumeration of possible attack methods is not complete or exhaustive, but is describes an array of possibilities that may be tried by a decided attacker. Section VI-F describes the results of applying one attack of each of these categories in an attempt to evaluate the complexity of these methods and the range of circuit sizes where removal of the methods is computationally very challenging.
Ideally, one would like to show that the problem of removing the watermark belongs to a complexity class that is strictly larger than the complexity class of the problems of watermark creation and verification.
Regrettably, this is probably not the case. In fact, while watermark creation can be done in polynomial time, watermark verification is likely to be NP-complete. In fact, watermark verification using ATPG techniques requires the solution of an NP-complete problem, while its verification using the method in Section IV-H2 requires the computation of the BDDs for each nextstate variable, a procedure that, although usually much more efficient than the procedure for the computation of , is probably in the same complexity class.
B. Attacks Based on the Denial that the Watermark Exists
To deny that the watermark is there, even though he has not modified the design, Bob may resort to a number of possibilities.
1) Claim that, after having seen the design, Alice has created a signature message, i.e., a sequence of English words such that for that sequence of English words, the circuit exhibits Property 1. This claim is, however, unsustainable. To do that, Alice would have had to do the following. a) Identify a sequence of states with that specific property. This is not an easy task. Although it may be possible in some designs, it is much harder than the procedure for verifying the existence of the watermark. b) Generate a signature that, after being encrypted and hashed by the one-way hash function, generates the very specific sequence of inputs needed to traverse the sequence of states identified above. Given what is known about the difficulty of inverting a one-way hash function, this method is computationally infeasible.
Alternatively, Bob could argue that Alice has tried a number of signature messages until one of them verified the desired property. In this way, Alice would not have needed to perform the two difficult tasks described above. However, since Alice's signature is a relatively simple message, this approach would only work if the probability for this design is high enough, say, above 1%. Clearly, before using this method, Alice should convince herself that, for this circuit, is not high enough to permit this attack. An upper bound on the value of can be easily estimated by checking for the presence of a watermark for a high number of randomly generated signatures. Therefore, if the circuit does not exhibit a high value for , Bob could not possibly convince a court that Alice's claim is false. 2) Claim that the property that Alice is claiming is unique to her design is, in fact, a very common property of other designs. To do this, Bob would have to prove that a significantly large fraction of random input sequences would generate a sequence of states with that special property. Clearly, while this may be true in some designs, these are exactly the designs where the method can not and should not be applied, at least with the specific property chosen. Therefore, if the method was properly applied, Bob will not be able to show that a significant fraction of input sequences exhibit that property. 3) Make an attack by signing up the design on top of Alice's signature. In principle, nothing stops Bob from applying this method to sign the design with its own signature, thereby claiming that, in fact, Alice has stolen the design and not the opposite. However, to prove this and if Bob was indeed the original designer, he should be able to present a design that exhibits only his signature and not Alice's. Since Bob simply appropriated Alice's IP, such a design does not exist. On the other hand, Alice's will have no problem presenting a design with the same functionality that only exhibits her signature and, therefore, the situation is clearly not symmetric.
VI. IMPLEMENTATION AND RESULTS
A. Implementation Details
To test the applicability of the method described in this paper, we implemented the watermarking method described in this work and integrated it with the SIS [37] , [38] framework.
More specifically, we created three commands in SIS that allowed us to perform a number of experiments. These commands are the following.
1) create watermark:
This command takes the current sequential network and performs the changes described in Section IV, changing the STG by direct manipulation of the network in accordance with a specified signature. 2) verify watermark: This command takes the current sequential network and checks for the presence of the watermark of a specific signature, using either the implicit image computation method described in Section IV-H2 or the ATPG-based technique described in Section IV-H3. The first method uses the Carnegie Mellon University BDD package [15] while the second method uses the satisfiability-based ATPG package available in SIS [39] . 3) verify random watermark: This command checks for the presence of randomly generated watermarks in a given design and is used mainly to obtain statistics on the value of .
B. Experimental Results
We used the extended set of ISCAS'89 [40] sequential benchmarks to evaluate the impact of the watermarking process. The size of the circuits in this benchmark varies widely, ranging from circuits that are too small to be effectively watermarked by the method proposed here to circuits that can be representative of real designs in terms of complexity and size.
For this set of benchmarks, we inserted the watermark that correspondstoaspecificsignature(actually,theonedescribedinSection III-A) and evaluated the time and resources required to create, verify, and attempt to remove the watermark. We also evaluated the impact of the watermarking creation process, both on circuit size and on circuit delay. The circuits were optimized before and after watermarking with the algebraicscript from SIS and mapped to the Mississippi State University standard cell library. The machine used to run the experiments was a 350-MHz Pentium II with 128 MB of memory. All experiments were performed with watermarks of 64 and 128 bits, with the former size being obtained by selecting only the first 64 bits of the MD5 hash value.
C. Resources Used in the Watermarking Process
Although the watermarking process is performed directly on the circuit and is, therefore, very efficient, it is important to evaluate the computational resources required to create the watermark. Table I shows the statistics for the circuits used with the circuits sorted in order of increasing number of registers. The last two columns show the CPU time required to watermark them with a 128-bit and a 64-bit watermark, respectively.
More important than the CPU time used in process is, however, the impact of this process on the characteristics of the circuit, both in terms of size and delay. Table II shows the resulting sizes, measured in number of literals, and the delays exhibited by the original and watermarked circuits.
We remark that although the area and delay overhead are important for the smaller circuits, they are almost negligible for the larger circuits. In fact, for the last ten circuits, the average area increase is only 3.2% and the average delay increase is 0.2%. For the last five circuits, the area and delay actually decrease, on the average, 0.4% and 0.3%, respectively. These results mean that for circuits of reasonable size, the watermarking procedure has a negligible impact on both the performance and the used silicon area.
D. Resources Required for Watermark Verification
In this experiment, we used the verify watermark command to check for the presence of the watermark in all the circuits used. We performed experiments with both the watermark verification process described in Section IV-H2 that uses BDDbased enumeration techniques and the ATPG-based method described in Section IV-H3. Table III shows that watermark verification can be carried out in very little time, even for the largest circuits involved, if one uses the ATPG-based method. The implicit enumeration method, although much less expensive than the direct version described in Section IV-H1 (which requires the computation of the transition relation), is still too slow for the larger circuits.
The empirical evidence that ATPG-based watermark verification can be done efficiently represents a very important result. In fact, since the verification procedure requires the solution of an NP-complete problem, it is not obvious that it can be carried out efficiently in large circuits. Recent results [41] have addressed the apparent discrepancy between the theoretical and observed complexities of ATPG problems. It is possible that a similar analysis could also be applied to explain the efficiency of the verification procedure.
E. Probability of False Positive Detections
This set of experiments has the objective of identifying if the probability of false positives, , is high enough for some of the circuits to make the method inapplicable. For each nonwatermarked circuit, we performed 200 experiments of random watermark detection. From the total of 44 circuits, only two circuits exhibited a value of higher than zero. Note that we performed a relatively small number of experiments and may not be exactly zero for the other circuits. However, any reasonably low probability (say, below 1%) will make an attack as the Table IV . The value of is simply a property of the circuit. Some circuits will exhibit a high value of and, for these, the method, if applied, can be attacked using the procedure outlined in Section V-B. 7 
F. Attempts at Watermark Removal
For all the circuits that were watermarked, we attempted to remove the watermark using one method from each category described in Section V-A8. More specifically, we applied the following three techniques: 1) combinational redundancy removal performed after computation of the reachable states, as described in Section V-A4; 2) sequential redundancy removal based on implicit state enumeration [34] , as described in Section V-A6; 3) STG extraction and reduction [21] , as described in Section V-A5. Table V describes the CPU times required for each of these methods. Note that the first technique does not actually remove the watermark, since Property 2 remains present. Nevertheless, whenever it is possible to compute the set of reachable states, it is possible to apply other attacks that aim at identifying specific circuit properties related with the watermark. For that reason, we chose to also list the computational requirements needed to perform this noneffective attack. For all experiments, the timeout was set at 24 h of CPU time and the memory usage set to the largest amount of memory available. Since memory requirements are the limiting factor for some of these attacks, we also performed experiments using a 170-MHz Sun Ultra1 with 384 MB of memory. However, the larger amount of memory did not permit the attacks to succeed in any other example. For that reason, we report the results in the same hardware platform as used for the other operations. The results in this table show that attacks that actually remove the watermark are limited, for the examples and computational resources used, to circuits with less than 32 registers.
Any realistic design that needs to be protected using these techniques is likely to be considerably more complex than this limit, thereby making the watermarking technique proposed very resilient to these and related approaches that aim at removing the watermark.
Another approach that can be undertaken by a decided attacker is based on actually performing changes on the circuit, modifying its functionality. Such an attack cannot be performed easily, since any circuit changes that change the structure of the STG are also likely to damage the desired functionality of the circuit. However, a committed attacker may invest a reasonable amount of time understanding the detailed functionality of the circuit and then use that knowledge to change the actual structure of the circuit, in such a way that all desired functionalities are preserved.
Clearly, it is difficult to model such an attack in a formal way. However, in an attempt to empirically evaluate the resilience of the watermark against random changes in the circuit structure, we conducted an experiment, where for each circuit, a random two-input gate was selected and the polarity of one of its inputs changed. In all cases, where the verification was possible, the functionality of the circuit was not preserved (as expected). However, Property 1 remained present in 40 of the 44 circuits with the exception of s27, s208, s386, and s510. These were all relatively small circuits for which other forms of attack are also possible as shown in Table V .
Although this evidence shows some resilience of the watermark against local circuit changes, it also shows that a decided attacker that is able to perform changes safely on the circuit may be able to remove the watermark.
We believe this is a fundamental limitation of the method, but it does not invalidate its applicability, possibly in conjunction with other IP protection techniques. However, we believe this limitation is true for most watermarking techniques. In fact, if the attacker knows enough about the design to actually change it in an arbitrary way, then he will, in general, be able to remove the watermark with a high level of confidence independently of the watermarking method used.
VII. CONCLUSION AND FUTURE WORK
This paper presents novel methodology for the watermarking of sequential digital designs that is, for reasonably sized designs, robust to attacks and easy to apply. This technique is the first one proposed in the literature that actually protects a design specified as a netlist and should, therefore, be very interesting to designers interested in protecting their IP rights. This is specially true given the strong motivation for reuse of blocks that is the key for increased effectiveness in the design of complex systems.
The technique automatically introduces redundancy in the STG in such a way as to exhibit a specific characteristic that uniquely identifies the designer. When the method is applied in this manner, methods for the removal of redundancy can be applied to remove the watermark. Although we did not show formally that the removal methods are computationally too expensive, we presented empirical evidence that attacks can only be performed on relatively small designs.
Additionally and with designer assistance, a small change in the final design may be performed in order to make the final STG irredundant and, in this way, render inapplicable redundancy removal methods. In a real application where valuable IP is at stake, such a procedure is very likely to be applied and it will make the removal of the watermark by fully automatic methods extremely unlikely.
There are many possible directions for future research in this area. This paper left open the very interesting question of the characteristics that a design should have to be amenable to watermarking using this technique. Therefore, characterization both from a theoretical and practical standpoint of the class of designs for which the method is secure is an interesting topic for future research. Furthermore, if the method is to be applied in real designs, the detailed study and classification of possible attacks will be required.
It is also clear that this paper describes only one specific technique applicable in a very particular setting. More general techniques, which may include more extensive functional changes in the design, should be studied and analyzed and may eventually lead to watermarking methods that are more robust and hard to attack.
Finally, we believe the more interesting direction for future research consists on investigating the possibility of generalizing this or similar approaches to a larger class of design specifications, including soft IP potentially available in the form of behavioral HDL. This technique could also be extended to the watermarking of software, an application with enormous potential impact given the amount of investment made in the development of reusable software modules.
