Breaking CAS-Lock and Its Variants by Exploiting Structural Traces

Logic locking is a prominent solution to protect against design intellectual property theft. However, there has been decade-long cat-and-mouse game between defenses and attacks. A turning point in logic was the development of miterbased Boolean satisfiability (SAT) attack that steered research direction developing SAT-resilient schemes. These schemes, however achieved SAT resilience at cost low output corruption. Recently, cascaded (CAS-Lock) [SXTF20a] proposed provides non-trivial corruption all-the-while maintaining attack. Regardless theoretical properties, we revisit some assumptions made about its implementation, especially security-unaware synthesis tools, subsequently expose set structural vulnerabilities can be exploited break these We propose our attacks on baseline CAS-Lock as well mirrored CAS (M-CAS), an improved version CAS-Lock. furnish extensive simulation results ISCAS’85 ITC’99 benchmarks, where show CAS-Lock/M-CAS broken with ?94% success rate. Further, open-source all implementation scripts, locked circuits, scripts for community. Finally, discuss pitfalls function-based techniques including Anti-SAT [XS18] Stripped Functionality Locking(SFLL-HD) [YSN+17], which suffer from similar issues.