Fortifying RTL Locking Against Oracle-Less (Untrusted Foundry) and Oracle-Guided Attacks

Logic locking protects integrated circuits (IC) against intellectual property (IP) theft, IC overbuilding, and hardware Trojan insertion. Prior locking schemes operate after logic synthesis and cannot protect the semantic information embedded into the logic. Register-transfer level (RTL) locking can protect the sensitive IP semantics and are EDA tool-chain agnostic, allowing seamless integration into arbitrary design flows. State-of-the-art RTL locking protects against the untrusted foundry assuming no access to working chip (oracle). However, it does not protect against oracle-based attacks. In this work, we propose to fortify RTL locking to protect against all untrusted entities in the supply chain, including foundry for oracle-less attacks, and test facility and end users for oracle-guided attacks.