Efficacy of Satisfiability Based Attacks in the Presence of Circuit Reverse Engineering Errors

Intellectual Property (IP) theft is a serious concern for the integrated circuit (IC) industry. To address this concern, logic locking countermeasure transforms a logic circuit to a different one to obfuscate its inner details. The transformation caused by obfuscation is reversed only upon application of the programmed secret key, thus preserving the circuit's original function. This technique is known to be vulnerable to Satisfiability (SAT)-based attacks. But in order to succeed, SAT-based attacks implicitly assume a perfectly reverse-engineered circuit, which is difficult to achieve in practice due to reverse engineering (RE) errors caused by automated circuit extraction. In this paper, we analyze the effects of random circuit RE-errors on the success of SAT-based attacks. Empirical evaluation on ISCAS, MCNC benchmarks as well as a fully-fledged RISC-V CPU reveals that the attack success degrades exponentially with increase in the number of random RE-errors. Therefore, the adversaries either have to equip RE-tools with near perfection or propose better SAT-based attacks that can work with RE-imperfections.