Late Breaking Results: On the One-Key Premise of Logic Locking
Yinghua Hu, Hari Cherupalli, Mike Borza, Deepak Sherlekar
TL;DR
This work questions the one-key premise of logic locking by introducing a multi-key SAT-based attack that partitions the input space into $2^N$ terms and executes independent sub-tasks in parallel. Rather than seeking a single correct key, it aims to identify multiple incorrect keys whose combined effect unlocks the original function, enabling dramatic speedups in resource-rich environments. Empirical results on SARLock and LUT-based insertion benchmarks show runtime reductions up to $99.6\%$ (and substantial improvements on average) as $N$ increases, underscoring a critical vulnerability in existing locking schemes. The findings motivate new defenses and evaluation frameworks for logic locking that account for multi-key, parallelizable attack models.
Abstract
The evaluation of logic locking methods has long been predicated on an implicit assumption that only the correct key can unveil the true functionality of a protected circuit. Consequently, a locking technique is deemed secure if it resists a good array of attacks aimed at finding this correct key. This paper challenges this one-key premise by introducing a more efficient attack methodology, focused not on identifying that one correct key, but on finding multiple, potentially incorrect keys that can collectively produce correct functionality from the protected circuit. The tasks of finding these keys can be parallelized, which is well suited for multi-core computing environments. Empirical results show our attack achieves a runtime reduction of up to 99.6% compared to the conventional attack that tries to find a single correct key.