The intellectual property @) business model is~erable to a number of potentirdly devastating obstructions, such as misappropriation and intellwtu~property fraud. We propose anew method for~protection @P) which facilitates design watermarking at the combinationrd logic synthesis level. We developd protocols for embedding designer-antior tool-spmific information into a logic nehvork while performing mtiti-level logic minimization and technology mapping. We demonstrate that the difficrdty of erasing author's signature or finding another signature in the synthwized design can be made arbhmrily computationtiy difficult. We dso developed a statistical method which enables us to estabfish the strength of the proof of authorship. The watermarking method has been tested on a standard set of rd-fife benchmarks where exceptionally high probability of authorship has been achievd with negligible overhead in solution qutity.
The complexity of modem system synthesis as well as shortened time-to-market requirement has restitd in design reuse as a predominant system development paradigm. The new core development strategies have affected the business model of virturdly rdl CAD and semiconductor companies. To overcome the difficdties in core-based system design, the VSI~ance has identified six technologies crucial for enabting effective design reusti system verification, mixed sigmd design integration, standardized on-chip bus, manufacturing related test, system-level design, and intellwtud property protmtion @P)~S197].
We have developed the first approach for PP which facilitates design waterruarking at the combinationrd logic synthesis level. The watermark, a designer-andor tool-specific information, is embeddd into the logic network of a design at a preprocessing step. The watermark is encoded as a set of design constraints which do not ezist in the origimd specification. The constraints are uniquely dependent upon author's signature. Upon imposing these constraints to the originrd logic network, a new input is generated which has the same functiorstity and contains user-specific information. The added constraints restit in a trade-off. The more addltiond constraints, the stronger the proof of authorship, but the higher overhead in terms of qufllty of the synthesis solution. However, the application of the synthesis rdgorithm results in a solution which satisfies both the origimd and constrained input. Proof of authorship is based upon the fact that the like~hood that another application returns a solution to both the original and constrained input is exception~y smfll. The developed waterruarking tmhPti<sion to de &#ti or &d copi~of aStor part of this \vork for personal or &<sroom we & granted~>tithout fee protidd tit copi= ae not made or distiũ tti for profit or comrnertid ad~,antageand that copim bear ti notice and the fuU dtation on the fit page. To copy ofien~, to repubhh, to post on semem or to red&Mbute to kts, rqti~prior s-c petisiorr and/or a fm. 1CC~9S, Sm Jew. C& USA O 19S A~i l-SS113@S-Z9SlMll.S5.~n ique is transparent to the synth~is step and can be used with any logic synthmis tool. We demonstrate that the developd FP approach can be used tmProve authorshipof the design at levek of abstractionequal or lower than logic~nthesis. Existence of a user-specific signature in the solution of a mdti-level optimization or technology mapping problem claly identifies the author of the input design specification (initird input logic network). Embedding signatures into a design at the logic synthesis level has advantages over corresponding efforts at the higher and lower levels of the design process. Firstly, watermarking a behavioral sptification often does not exhibit sufficient potential for embedding large signatures which are crucial for high authorship crdbility. Physical layout should not bean exclusive domain for~P because in that case ody the solution to the physicrd design is protected.
Combinationrd logic synthesis has been extensively studied. A good survey of minimization techniques and existing synthesis frameworks is presentd in~eM94, Hac96]. Rwent improvements in combinational logic synthesis include refind covering dalgorithmsia97], optirnizations on nehvorks describd using black boxes [Liu97], power optimization~lw96], etc. In addition, logic synthesis for FPGAs has been a very active research area (see survey in [Con96a] ).
The recentiy proposed Strawman initiative~S197] of the Development Working group on~P calls for the following desiderata for t~hniques which act as deterrents in order to properly ensure the rights of the originrd designers.
. Function~ty Reservation. Design specific finction~and timing requirements should not be rdterd by the application of~P tools.
q Mnid hle. The technique shotid be tiy transparent to already complex design and verification process.
q Mrriti COSL Both the cost of applying the protection twhnique and its hardware overhead should be as low as possible.
Enforcabifity. The technique shordd provide strong and undeniable proof of authorship.
Hexibihty. The technique shotid enable a spectrum of protection levels which correspond to variable cost overheads.
Persistence. The removal of the watermark shotid restit in a task of the difficul~equrd to the complete redesign of the specified functiomdhy.
In addition to the statd VSI inte~ecturd protection requirements, our approach rdso provides propofiond protection of dl parts of the design.
The synthesis flow which employs watermarking of combinational logic synthesis solutions encompasses several phasti illustrated in Figure 1 . The first three phases in the watemarking approach are the same for both multi-level logic minimization and technology mapping. In the first step, to ensure that the watermark cannot be ruisinterpreted, the gates in the initird logic network specification are sorted using an industry standard. As a restit of this procdure, each gate of a given logic network can be assigned a sin~e identifier which is unique with respect to the identifiers assignd to gates in the remainder of the network. Next, K gates are selected in a way spuific to the designer's or tool deveioper's signature. We use a keyed RSA one-way function to generate pseudo-random bits men97] which guide the urocess of iterative gate selection. The outputs of the sei~tcd gat& are expficitiy assified to become primary outputs. We have appticd this protocol to the technology mapping synth~is step. Mthough the same protocol can be applied to watermark mtiti-level logic minimization solutions, for this task we provide an rdtemative protocol. Initiflly, it dso generates pseudo-primary outputs according to the user's signature, and, in addition, uses them as inputs into an additiond logic network which is embedded into the iuitkd d~ign specification. me protocol builds the embcddd network according to the designer's or tool developer's signature.
After additiomdly constraining the initird design specification, the optimization dgorithrus are applied to the constrain logic nehvork. The resdt retrieved by the synthesis rdgorithm satisfies both the initial and constrained design specification. The proof of authorship is dependent upon the Mehhood that some other rdgorithru, when app~ed to the initial input, retrieves solution which dso satisfies the constrained input.
Gate Ordering
The watermarking process starts by assigning a unique identification number ID~to =ch gate G; from the set G of gates which are not used as primary outputs. The unique identification number ID~is selwted from the set ID~c ID = {1...N} of N successive numbers, where N is the cardintihy of the set G. We have two main gords in this step to map the network into a Enear array so that cryptographicrd tools can be direcfly applied and to develop a uniquely defined~P procedure in such a way that the degrees of fr~om for potentird attackers are maximrdly reduced.
To avoid misinterpretation of this ordering, we propose that an industry standard has to be =tabfishd. The network has to be numbered in such away that any two nodes that have different functionality and different transitive fan-in and fan-out networks are assigned different Ds. However, finding whether two nodes are functiomdly and topologicdly identicrd is a hard problem. The special case of the problem of finding whether two networks are identicd, when~gates perfom equiwdent functions, is quivaIent to the graph isomorpbism problem. This problem has been fisted as open in terms of its complexity [Gar79] . Therefore, we propose a heuristic function that exploits the functioned and timing properties of a node, to sort the nodes in a logic network. This function is explained using the pseudo-code in Figure 2 . It performs iterative sorting of nodes, not used as primary outputs, using a list of criteria with distinct priorities. The objective of the ordering function is to partition a logic network LN(G, C), where G is a set of nodes and G is a set of connections between nodes, into an ordered set M of node subsets M; c G such that each subset contains exacfly one node. We propose the following fist of eight criteria for node identification C[l] fie level LINj of node G~with rwpect to the input. A node Gi has a level K if the longest path in the logic network from any input to Gi is of cardintity K.
1ne level Lvuz; or nose ti~wlrn respect [0 me ourpuc. A node Gi has a level K if the long~t path in the logic network from any output to G{ is of cardintil~K.
Number of nodes in the transitive fan-in of Gi atlevel K < LIN;.
Number of nod= in the transitive fan-out of Gi at level
Functiontihy, fan-in, and fan-out of nodes in the transitive fan-in of Gi at level K < LINi.
Function&ty, fan-in, and fan-out of nod= in the transitive f~-out of Gi at level K < LOUTi.
Functionality, fan-in, and fan-out of the fan-in and fan-out of nodes in the transitive fan-in of Gi at level K < LINi.
Functiontiky, fan-in, and fan-out of the fan-in and fan-out of nodes in the transitive fan-in of Gi at level K < LOUTi. An example how nodes are identified using the proposed set of sorting rules is given in Figure 3 . Note that it is urdikely that two nodes have W parameters identicd.~s is due to the dependencies and non-symmetry between nodm in logic nemorks. If two nodes cannot be distinguish using the proposed set of ales, we assign random unique identifiers to these nod= and memorize the assignment for fiture proof of authorship.
Watermark Encoding and Embedding
In the next phase of watermarking, from the sortd set M of nonprimary nod=, a subset S c M of cardintilty ISI = K is selected. me selection is pseudo-random and corresponds uniquely to the designer's or tool developer's signature. Next, each node in the selmtd subset S is explicitly added to the fist of pseudo-primary outputs. By performing this step, the waterrnarfing routine enforces nod= from the set S to bq visible in the finrdtechnology mapping solution.
q computed during the multi-level logic minimization of the logic network. Note that many subfunctions that exist in the input logic network do not exist in the optirnizd output logic network. me node selection is performed in the following way. Since the node selection step of watermarking is not assumed to be the computation bottleneck, we use the RSA cryptographictiy secure pseudo-random bit-generator~en97] to generate a sequence of bits which decides upon node selection. me keys used to drive the randomization procas represent the user signature. me r~ult of this phase is a pseudo-random signature-specific selection of a combination of K network nod~.
In the case of technology mapping of L~-based FPGAs, the described node selection phase is the last phase in the protocol. However, it is important to stress the imphcations of a specific phenomenon in this problem. Cong and Ding [Con96a] have identified a class of~C nodw which are more Ekely to appear in the finrd solution than the remaining nodes. We have statistically evaluatedthe impact of this phenomenon on the strength of the proof of authorship enabled by our approach. For each instance of the problem, we have expticifly enumeratti the ratio of~C nodw in the initird input spmification (rin) and in the find solution (rout). We comuute the tiketihood of solution coincidence using the following . . is the number of no;-pnmary ga;& in";he find solution, T is the toti number of non-primary gates in the initial logic network, and W is the number of gates pseudo-randotiy selectd to become pseudo-primary outputs during the watermarking phase. me protocol described for technology mapping can be ap pfied to watermark solutions to the multi-level logic rninirnization problem. However, we propose an rdtemative protocol which provides stronger proof of authorship due to embeddd additiond constraints.~s protocol augments signature-specific constraints into the input logic network in two phases. h the first phase which is equivalent to the already describti protocol for watermarking technology mapping solutions, the protocol marks the outputs of selectd gat= as visible by explicitly denoting them as pseudoprimary outputs. h the second phase, m additionrd network is augmented into the input. me additiond network has as input variables the pseudo-primary output variabl= generated in the previous phase. me network is built according to the user's signature. me pseudo-code for building the additionrd signature is presented in Figure 4 . me sequence of pseudo-random bits from the previous phase is used to provide a source of undeniable determination. Fiwre -4 Promsed finction for watemarking multi-level logic ti-timization ;olutions using network augrnen~tion.
Using this sequence, firsfly, a gate G from the available fibrary of gates is selected. Then according to the pseudo-random sequence of bhs, G.junin pseudo primary outputs are selected and used as inputs to the selected gate G. The output G.janout is addd to the list of pseudo-primary outputs. This output is subject to selection in the future iterations of this procdure. This procedure can be infinitely repeatd. A possible tetination poficy may be established using industry adoptd standards. The additiontiy constrained original input netfist is fetchd to the optimization rdgorithm (mtiti-level logic minimization or technology mapping). The find solution is a network of cells (or subfunctions) which contains solution to the originfl problem and to the user-specific augmentation of the original problem. The proof of authorship relies on the difficulty to: modi~the input in such a way that the pseudo primary outputs that corrwpond to the attacker's signature and the modified network that corresponds to the the attacker's key have a subsolution that is a subsolution to the initial problem watermarked with the d~igner's watermark.
Persistence to Possible Aticks
The attacker may try to modify the output loc~y in such a way that the watermark disappears or the proof of authorship is lowered bellow a predetetined standard. Therefore, the watermarking scheme has to be such that, to delete the watermark and still preserve solution qutity, the attacker has to perturb gr=t dd of the obtained solution. This requires the attacker to develop a new optimization algorithm. For example, consider a design that has a toti of 100000 gates. In the find solution S, 1~nodw are visible &UT or cell outputs) and therefore the average probability, that anode from the initkd network is visible in the find solution, is p = &. If the watermarking strategy rtiults in a pseudo-random selection of 1000 visible vertices, inberenfly, the average probability that a node, visible in S, is visible in a solution obtaind by some other algorithm is p. That is, if the chrdlenging algorithm retrieves a solution of the same quality. The probablfity expwtation P, that some other algorithm selects exactiy the same subset S of nodes in the finrd solution, is P = plooo or one in 101OOO. Consider that the attacker aims to reduce the Wefihood of authorship by doing Iocd changes to the d~ign in order to remove the watermark. To reduce the proof of authorship to one in a mi~on, the attacker has to alter 851 node from the watermark, i.e. 85.1% of the find solution. To remove the watermark in such away that the remaining proof of authorship is P = 0.1, the attacker has to modify 888 vertic~in the watermark or SS.S90of the entire technology mapping solution.
There are two scenarios how the attacker can try to find his or her signature in an aheady watermark solution (see Figure 5 ). The first one is a top-down approach, where the attacker modifies the input hoping that the tool will produce an output that contains attacker's signature (as well as the author's signature). Since node pemmtation is pseudo-randomized, the Iikefihood that attacker's signature appears in the output is the same as the probability of two different rdgorithms retrieving the same solution. Thus, this attack is less efficient than wing to delete the signature.
h the bottom-up approach the attacker concludes from the output (or its modification), what is the input that produces output that contains her or his signature. However, in order to produce such an input (and possibly output), the attacker has to know which pseudo-mdom selection of nod= (and augmented ne~ork) corresponds to a specific input sequence. The attacker may obtain such information ordy if the reverse to the one-way function is known. For RSA-@pe one-way hash finctions such inverses are not known wen97]. We demonstrate the effectiveness and qudi~of the developed P protwtion approach on the problem of technology mapping for the set of MCNC benchmark designs (s= Table 1 ). For LUTbasd 5-input twhnology mapping we used the CutMap algorithm [Con96b] . Mthough the d=igns evduatd on the MCNC benchmark suite are much smaller than current industrird circuits (recenfly armouncd Xlinx Vlrtex serim of FPGAs implemented using a 0.25 micron technology are expected to encompass 1,000,000 gat=), we have acbievd likelihood of watermarked solution coincidence on average qud top <10-13 with average overhead of 4%. h two cases design watermarking r~tited in negative overhead. Similarly, we obtaind average p < 10-26 with average hardware overhwd of 7.6%.
We have appfied the~P protocol for technology mapping to a large industrid design example with over 47,000 non-primary and 5,000 primary gates. For 0.590 and l~o of non-primary gates selected for assignment to pseudo-ptimary outputs, our approach resulted in solution coincidence likelihood of 10-124 and 10-244, and with incurred hardware overhead of 0.8% and 1.87~0,respwtively. me run-time of the optimization program for the watermarked input was within *5Y0 of the program execution run-time for the original input. me evahration of the developed waterrnarking twhnique for multi-level logic minimization r~tited in results similar to technology mapping. We applied the MS suite of optimization dgoritbms~ra87] to the standard and watermark set of MCNC benchmark designs. After spwifying 1% or 2% of non-primõ utput nodes to become pseudo-primary outputs, the MIS suite retrieved in average solutions with 2% fewer or 670 more Iiterds, respectively.
6.CONCLUSION
We have developed the first waterrnarking-basd approach for PP of tools and desi~s in the combinational logic synthesis domain. The watermark, a set of constraints which correspond to the designer's andor tool developer's signature, are added to the original design specification in a synthesis preprocessing step. After the synthesis tool retrieves a solution to the optimization problem, the added constraints are satisfied in addition to the original set of design constraints.~s prope~is used to prove authorship in court. We demonstrate that the embedded watermarks are hard to delete and hard to find in an arbitrary solution. We have effectively applied our approach to the problem of technology mapping for L~-based FPGAs using a set of benchmark designs. 
3.027.
3.OAOA t -. .. .
1.07E
= 7.391 5 A9F
