Globalization of Integrated Circuit (“IC”) design is making IC/Intellectual Property (“IP”) designers and users reevaluate their trust in hardware. (See, e.g., Reference 4). As the IC design flow can be distributed worldwide, hardware can be prone to new kinds of attacks such as, for example, reverse engineering and IP piracy. (See, e.g., Reference 5). An attacker, anywhere in this design flow can reverse engineer the functionality of an IC/IP. He/she can then steal and claim ownership of the IP. An untrusted IC fabrication company can overbuild ICs and sell them illegally. Finally, rogue elements in the fabs can insert malicious circuits into the design without the designer's knowledge. (See, e.g., Reference 4). Because of these attacks, the semiconductor industry loses $4 billion annually. (See, e.g., References 1 and 2). However, if a designer is able to conceal the functionality of an IC while it passes through the different, potentially untrustworthy, phases of the design flow, these attacks can be thwarted. (See, e.g., Reference 3).
Using logic encryption of hardware or “logic obfuscation” has been used. (See, e.g., References 3 and 6). Logic encryption of hardware does no not necessarily mean encrypting the design file by a cryptographic algorithm, instead it can mean hiding the hardware's functionality. Obfuscation, however, can have a different meaning in software. An obfuscated program can be difficult to reconstruct even if its functionality is known. Obfuscation can hide the implementation and not the function. To highlight this difference, logic encryption can be used to denote that the functionality can be encrypted when the valid key is not applied to the design, and “logic obfuscation can hide the functionality and the implementation of a design by inserting some additional circuit elements into the original design. In order for the design to exhibit its correct functionality (e.g., produce correct outputs), a valid key can be preferably supplied to the encrypted design. Upon applying a wrong key, the encrypted design can exhibit a wrong functionality (e.g., produce wrong outputs).
While it passes through the untrusted design phases, an IC can be in an encrypted form so that its functionality is not revealed; this can prevent reverse engineering, cloning, trojan insertion and overbuilding. The designer can give the valid key to the end-user of the IC so that the end-user can enable the IC to exhibit its correct functionality.
In an encrypted design, a wrong key preferably results in a wrong output for all input patterns. If a correct output is produced for a wrong key, then the encryption procedure is weak and the attacker can benefit. If a wrong key affects only one or a few of the output bits, then the attacker might be able to tolerate the wrong outputs. If all the output bits are affected, then the wrong output can be the complement of the correct output. Therefore, ideally, a wrong key preferably affects half of the output bits (e.g., the Hamming distance between the correct and wrong outputs should be 50%). (See, e.g., Reference 7). This 50% Hamming distance can render a very high obscureness to an attacker.
Furthermore, in another form of attack, end-users can collude by sharing their valid keys. To prevent this collusion attack, each IC preferably has its own unique key. (See, e.g., Reference 8).
Logic encryption techniques can be broadly classified into two types, sequential and combinational. In a sequential logic encryption, additional logic states (e.g., black) are typically introduced in the state transition graph. (See, e.g., References 5 and 6). The state transition graph can be modified in such a way that the design can reach a valid state only on applying a correct sequence of key bits. If the key can be withdrawn, the design, once again can end up in a black state. However, the effectiveness of these methods in producing a wrong output has not been demonstrated.
In a combinational logic encryption, XOR/XNOR gates can be introduced to conceal the functionality of a design. (See, e.g., Reference 3). Usually, one of the inputs in these inserted gates serves as a ‘control input’, which can be a newly added primary input. It possible to configure these gates as buffers or inverters using these control inputs. The values applied to these control inputs can be the keys. As described herein, when gates are randomly inserted into the design, a wrong key may not affect the output, as its effects may not propagate to the outputs. This can be similar to an IC testing scenario where the effect of a fault may not propagate to the output.
Apart from sequential and combinational elements, memory elements can also be inserted into the design. (See, e.g., Reference 7). The circuit preferably functions correctly only when these elements are configured/programmed correctly. However, the introduction of memory elements in the circuit can incur significant performance overhead.
Thus, it may be beneficial to address at least some of the above-described deficiencies.