 Hello, everyone. My name is Yang Xi, and today I will present our work, mitigating set attack on logic locking. So here is an outline of our presentation today. So firstly, I will introduce the security threats in more than IC supply chain, and then I will introduce a contra-measure called logic locking. Then I will talk about a new attack called set attack, which has broken the security of logic locking techniques. And then in this work, we propose anti-set block design that is provably secure against the set attack. So nowadays, the fabrication of integrated circuits has been increasingly outsourced to offshore foundries. And this is due to two reasons. Firstly, the development of semi-com.fab is very expensive. So it is estimated to be more than $15 billion in 2020. And secondly, the IC designs are becoming increasingly complex. So more and more design companies will rather concentrate their resources and efforts on design and outsource the fabrication to offshore foundries. These IC design companies are called fabulous IC design companies. However, the offshore foundry might not be trustworthy, and several attacks have been proposed. The offshore foundry can reverse engineering the layout files and obtain a gate-level net list, which is called IP piracy. And he can also utilize the already fabricated masks to fabricate extra copies of chips and sell them into the markets. Besides, hardware trojans can also be inserted into the Deering fabrication, and it will introduce a backdoor and temper the reliability of the design. So this will cause economic loss and unreliable products for most IC design companies. So various techniques, countermeasures have been proposed, and logic locking is one of the preventive techniques. So the basic idea is Deering design time. So there's a type of Deering design time. The designer will lock the circuit by adding additional logic gates called key gates and adding key inputs. And the locked circuit preserves the original functionality only when a correct key is loaded into the on-chip memory. So the left figure here shows an overview of the locked circuit, and the right figure shows an example of inserting key gates and key inputs. So without a correct key, the attacker in the foundry cannot understand the functionality of the circuit, so he cannot pirate the IP of the design. So various logic locking techniques have been proposed, and based on key gate types they can be classified into three main categories, XOR, SNOR-based, mass-based, and lookup table-based. Besides, many key gate insertion algorithms have been proposed. So the simplest way to insert key gates is to randomly distribute the key gates into the net list. And the second method is to increase output, the objective is to increase output corruptibility. So some people have proposed a fault analysis-based insertion algorithm, which tries to insert key gates at locations that can affect many primary outputs. And the third method is called interference analysis-based insertion algorithm. So its objective is to insert key gates at secure locations that cannot be easily sensitized to primary outputs. So the security of logic locking techniques is based on the assumption that the attacker cannot learn the correct key, and several attacks have been proposed to learn the key. So in their attack models, they assume that the attacker has access to two components. The first component is a lock net list, which is obtained by reverse engineering the layout. The second component is an activated chip, which is obtained from open market. And this chip can be used to observe correct input output pairs as a back boss. So based on these two components, an attacker will try to learn what is the key for logic locking and unlock the circuit. One type of attack algorithm is called key search-based attack. So the basic idea is to try to test the correctness of a gas key using a subset of correct input output pairs. So it will try to try the key, and then compare the output with a preselected set of correct input output pairs. However, this attack has two drawbacks. So the first drawback is the scalability. So it has been shown that when the key size is large and when the key gate types and location are carefully selected, this attack cannot terminate within a practical time limit. And the second drawback is correctness. So because this key is only tested using only a subset of input output pairs, so it cannot guarantee to be correct for the complete functionality. So in last year, a new type of attack called satisfiability-based attack was proposed. So this attack has two advantages compared to previous attacks. So the first advantage is it guarantees to obtain the correct key with respect to all input output pairs upon termination. And also the second advantage is it's very efficient, so it can break most logic locking techniques proposed in five previous works within a few hours, even for a reasonably large number of key gates. So here I will introduce the set attack algorithm. The basic idea is to iteratively find a set of special inputs and observe their outputs until they can identify all the wrong key combinations. So one key point here is like the set attack will try to use correct input output pairs to identify wrong key combination. So here is a simple example. For this log circuit, if we give an input x equals to 1,1, the correct output will be 0,1. And this correct input output pair will identify the wrong key combinations, 0,1, 1,0 and 1,1, because these three key combinations will result in incorrect outputs. So that's how set attack use the correct input output pairs to eliminate wrong key combinations. So notice that normally one correct input output pairs can only eliminate one subset of wrong key combinations. So the set attack will iteratively find this set of special input output pairs to distinguish an input output pair to identify wrong key combinations until all the wrong key combinations have been identified. So the right figure here demonstrates the process. So each distinguishing input output pair will identify one wrong key combination. And with iteration progress, the wrong key combination space will be reduced. And after a few iterations, all the wrong key combinations have been identified and the set attack can learn the correct key. So the overall flow of the set attack is shown as follows. So firstly, a set formula is constructed based on the log circuit. So basically this set formula tries to find a distinguishing input that can find wrong key combinations. So if this set formula is solvable, then the set solver will find a distinguishing input SID at IV iteration. And then if you put this input SID into an activated chip and obtain the correct output YID, so we have a new pair of distinguishing input and output. And this new pair of distinguishing input and output will be used to update the set formula. So the new set formula will ensure that future distinguishing input output pairs can find new wrong key combinations that cannot be found in previous iterations. So after a few iterations, the set formula will not be satisfiable. Then a correct key can be found. So this correct key should be the key that satisfies all the distinguishing input output pairs that are found in previous iterations. So one key point here is that this algorithm is very efficient because the number of iterations required to identify all the wrong key combinations is very small. So because this attack is an iterative process, the total execution time depends on the set solving time for one iterations and the total number of iterations. So the set solving time for one iteration depends on benchmark characteristics. So some half set circuits like multiplier will require longer time to be solved. And based on this idea, Yaxing and his colleague proposed to add an AES block to increase the set solving time. So they claim that the AES block with a fixed key behaves as a one-way function and the set solver will find it very challenging to solve a circuit that is comprised with an AES module. However, the drawback here is it will introduce a very significant overhead. So the total number of iterations depends on key size and key gate locations. However, as pointed in the original set attack paper, previous logic locking techniques cannot effectively counter the set attack. So in this paper, we propose an anti-set block such that the number iteration lambda is an exponential function of the key size of the anti-set blocks. So the set attack will fail within a practical limit when the number of key size is large. Here is an anti-set block. It consists of two N input logic blocks, G and G bar. So these two logic blocks have complementary functionality. So when G output 1, G bar will output 0. So two N key gates, either S or S0, are inserted at the input of G and G bar. And the output of two logic blocks are fed into an N gate to produce the final output Y. So one property of the anti-set block is that for the correct key, the output of the anti-set block is always 0. This is possible for some key combinations which ensures that the output of G and G bar are always complementary. So with this property, we can integrate the anti-set block with an original circuit to protect the circuit. So here is a simple example. So the original YF and the anti-set block output Y can be integrated together using an S or gate. So when given a correct key, the output Y will be 0 and the S or gate behaves as a buffer. So the original functionality F can be recovered. So here we try to prove the security of our proposed anti-set block. We define output 1 count to be the number of input vectors which make the function G output 1. So the theorem is as follows. Assuming the output 1 count P of the N input function G is sufficiently close to 1 or sufficiently close to 2 to the N minus 1, the number of iterations lambda needed by the set attack to decipher the correct key is low bounded by 2 to the N. So the sketch of the proof is as follows. So firstly, we have assumed that the output 1 count is P. So there is this P input vectors that make a G output 1 and 2 to the N minus P input vector that make G bar output 1. Then we show that each iteration, the set attack can only identify at most P times 2 to the N minus P unique wrong key combinations. Then we show that the total number of wrong key combinations equals 2 to the 2 N minus 2 to the N. With the bullet 2 and 3, we can obtain this relationship. We show that the set attack requires lambda larger or equal to 2 to the 2 N minus 2 to the N over P times 2 to the N minus P iterations to identify all the wrong key combinations. So following the results in bullet 4, we can show that when P is close to 1 or when P is close to 2 to the N minus 1, we can have the number of iterations lambda greater or equal to 2 to the N. And because the number of keys is K equals to 2 N, so we have shown that the number of iterations is an exponential function of the key size. So here is a configuration when P is equal to 1. So when P is equal to 1, the function block G is actually an N input N gate. So the configuration is shown as the right figure. So with this configuration, we can show that the number of iterations is exactly 2 to the N, where N is the input size. So when N is large, the number of iterations will be very large. And the set attack complexity will be unpractical to use set attack to learn the key. So in the paper, we also discussed another two questions. The first is how to integrate the anti-set block with the original circuit, such that the number of iterations is still an exponential function of the key size. And the second question is how to prevent removal attack. So because the anti-set block is an isolated module compared to the original circuit, so it is possible to use a mean-cut positioning base removal attack to isolate this anti-set block. So we have proposed some obfuscation techniques to increase the interconnectivity between two modules to prevent this type of attack. So due to the time limit, I will not discuss these two in this presentation. So here is the set attack results on our proposed anti-set block. So we have shown the relationship between the number of iterations lambda, the input size N, and the output 1 count P. And we have shown that when P is close to 1 or P is close to 2 to the N minus 1, we will have lambda approaching 2 to the N. So this is validated in the left figure. So in the left figure, the input size N is fixed at 16. And we can see that when the output 1 count P is very low or when the output 1 count P is very high, the number of iterations and the execution time are very large. So the right figure shows the results when P equals to 1 and changing the input size N. So we can see that when P equals to 1, the number of iterations is 2 to the N. So the set attack capacity goes exponentially in input size N. And in the second experiment, we tried to evaluate the security of our proposed anti-set block when it's integrated with a 6-bench mark ranging from 500 gates to 6,000 gates. So we compare three setups. So the first setup we call TOC-13. So it's a conventional logic locking techniques. It tries to insert SOR or SNOR gates at the original net list to increase output corruptibility. So in this setup, no anti-set block is inserted. So the second setup is called TOC-13 5%, which insert P gates at the original net list using TOC-13 algorithm with 5% overhead budget. And we also insert an input baseline anti-set block. This anti-set block is not obfuscated to prevent the removal attack. So the third setup is TOC-13 5% plus any input obfuscated anti-set block. So obfuscation is utilized in this setup. Here is the first part of the results. So the red line here is the TOC-13. The black line is TOC-13 5% plus obfuscated anti-set block. And the blue line is TOC-13 5% plus baseline anti-set block. So here is the second part of the results. So we can see that for TOC-13 only, the set attack can unlock all six circuits in about 48 iterations and using about nine seconds. So after inserting our proposed anti-set block, we can see there is an exponential chain between the number of iterations and the key size. So the reason why the obfuscated anti-set block, the growth rate of the obfuscated anti-set block is slower than the baseline anti-set block is that because in the obfuscated anti-set block, a portion of the keys are used to obfuscate the structure of the anti-set block to prevent the removal attack. So finally, this is the performance overhead estimation. So the blue line here is the extrapolated execution time for set attack. And the orange line here is the area overhead for our proposed technique. So we can see that a linear increase in area overhead can result in exponential increase in set attack computation complexity. And to ensure one-year set attack time, our approach will result in about 7% overhead. So in conclusion, in this work we propose an anti-set block to mitigate the set attack on logic locking. And we show that the number of iterations for set attack to reveal the correct key is exponential to the key size of the anti-set block. And we propose some obfuscation techniques to defend the removal attack. And finally, we validate that a linear increase in performance overhead can result in exponential increase in set attack computation complexity. Thank you.