Incremental SAT-based Reverse Engineering of

Camouflaged Logic Circuits

ECE Department, University of Massachusetts, Amherst

PI: Prof. Daniel Holcomb

Members(alphabetical order): Duo Liu, Cunxi Yu, Xiangyu Zhang(Souce code maintenance)


Layout-level gate camouflaging has attracted interest as a countermeasure against reverse engineering of combinational logic. In order to minimize area overhead, typically only a subset of gates in a circuit is camouflaged, and each camouflaged gate layout can implement a few different logic functions. The security of camouflaging relies on the difficulty of learning the overall combinational logic function without knowing which logic functions the camouflaged gates implement.

In this work, we present an incremental-SAT approach to reconstruct the logic function of a circuit with camouflaged gates. Our algorithm uses the standard attacker model in which an adversary knows only the non-camouflaged gate functions, and has the ability to query the circuit to learn the correct output vector for any input vector. Our results demonstrate a 5x speedup over the best known existing deobfuscation algorithm.
Beyond demonstrating speedup, we use our powerful approach to produce new insights about the strength of obfuscation. First we show that deobfuscation is feasible even in the more challenging setting where layout reveals nothing about the possible logic function of camouflaged gates. Additionally, selectively camouflaging gates to maximize output corruption under incorrect deobfuscation hypotheses typically reduces the number of vectors needed to deobfuscate the circuit.



Our tool is implemented using C/C++ (g++ 4.9 required). It has been tested on Ubuntu-64bit system.