Papers
Topics
Authors
Recent
Search
2000 character limit reached

Kratt: Indexing & Logic Locking

Updated 18 June 2026
  • Kratt is a dual-purpose system offering automated library subject indexing via extreme multi-label logistic regression and a QBF-based attack tool for logic locking.
  • The library indexing pipeline delivers a 10–15× speedup over manual cataloguing with an F1 score of about 0.30 through advanced OCR, HMM filtering, and k-NN retrieval.
  • The hardware security tool recovers secret keys in sub-second to under one minute by leveraging quantified Boolean formulae and synthesis-based strategies.

Kratt denotes two unrelated technical systems: (1) a fully automated subject indexing pipeline for library documents, developed at the National Library of Estonia and focused on efficient assignment of controlled-vocabulary terms to books (Asula et al., 2022); and (2) an advanced attack tool against logic locking schemes in integrated circuits, utilizing quantified Boolean formulae to extract secret keys from single- and double-flip locking techniques under different threat models (Aksoy et al., 2023). Both Kratt instances exemplify high automation and algorithmic sophistication in their respective domains: library science and hardware security.

1. Automated Subject Indexing Tool (Library Domain)

1.1 System Architecture and Workflow

Kratt, as deployed at the National Library of Estonia, consists of a modular microservices architecture, encapsulated by Docker containers and coordinated using Celery and Redis for orchestration, with RESTful JSON APIs served by a Django backend and an Angular single-page application providing an interactive user interface. The indexing pipeline incorporates the following core text-mining components:

  • Apache Tika for text extraction and OCR from diverse formats (PDF, Word, etc.).
  • Texta MLP (leveraging EstNLTK and spaCy) for language identification, lemmatization, and part-of-speech tagging.
  • Texta Toolkit’s Hybrid Tagger for extreme multi-label classification using EMS (Estonian Subject Thesaurus) terms.

Upon user submission, Kratt executes a workflow comprising random page sampling (default n = 10 plus five as a buffer), HMM-based quality control on extracted text, advanced linguistic preprocessing, retrieval of k-nearest-neighbour documents (m = 20) via Elasticsearch, candidate tag pooling (≤200 EMS terms per book), and binary classification decisions for each tag based on a trained logistic regression ensemble. Document frequency filtering is applied, returning tags where fk=tk/nθf_k = t_k/n \geq \theta (θ=0.4\theta=0.4 by default), with user-adjustable thresholds and manual curation at export (MARC21 format) (Asula et al., 2022).

1.2 Machine-Learning Models and Mathematical Formulation

At Kratt’s core is the Hybrid Tagger, employing a battery of 8,000\sim8,000 binary logistic regression classifiers to decide, for each EMS term, whether it is present for a given document:

P(yk=1x)=σ(wkTx+bk),σ(z)=11+ezP(y_k = 1|x) = \sigma(w_k^T x + b_k), \quad \sigma(z) = \frac{1}{1+e^{-z}}

The feature vector xx represents a bag of lemma plus POS indicators derived from sampled pages. Predictions are aggregated with document-frequency thresholding. An upstream HMM filters out nonsensical page samples at the character-sequence level, optimizing downstream linguistic analyses. Elasticsearch-based candidate retrieval dramatically reduces the effective label space for each inference call (Asula et al., 2022).

1.3 Training Corpus and Data Augmentation

The system is trained on 7,668 books from the DIGAR archive, each annotated with cataloguer-assigned EMS subject terms. The initial label set (10,098) is pruned to 8,928 after removing non-preferred and entity terms. To alleviate label sparsity (median 2 occurrences/term), Kratt’s pipeline splits each book into pages, linking the entire document label set to every page, boosting per-label training samples to median ≈393. Only labels with ≥50 positive page-instances are retained, yielding 8,003 classifiers. The training corpus is predominantly Estonian (86.5%), modern (93% post-1917), with English, Russian, and other language components. Preprocessing includes Tika-based OCR, HMM filtering, and lemmatization plus POS via Texta MLP (no stemming used) (Asula et al., 2022).

1.4 Performance Metrics, User Studies, and Comparative Evaluation

Kratt processes a book in approximately 1 minute, delivering a throughput 10–15× faster than manual cataloguing (typically 15 minutes/book). On 315 held-out books (with 1,474 unique EMS terms, 82.9% covered in the label universe), its performance at θ=0.4\theta=0.4 is:

Metric Value
Precision 0.33
Recall 0.28
F1 0.30

Lowering θ\theta to 0.2 raises recall (0.36) but reduces precision (0.27), F1 remains ~0.30. Professional cataloguers consistently ranked Kratt’s outputs as unreliable, citing spurious or extraneous tags. By contrast, end-user surveys (six participants, 10 books each) showed average relevance ratings: cataloguer labels (4.64/5), Kratt (10 pages, 4.14), Kratt (all pages, 4.32). Kratt outperformed cataloguers in “genre” tag assignment and provided comparable coverage for “time” labels (Asula et al., 2022).

Major challenges include:

  • Coverage: Only ~22% of EMS’s 40,000+ terms appear in the training set.
  • Label Sparsity: Many EMS terms derive from few source books, risking overfitting.
  • Label Noise: All book-level labels are propagated to every page, introducing mismatches.
  • Training Bias: Dominance of modern, public-domain vocabulary may diverge from closed-access materials.

Remedies proposed involve enlarging the training corpus (including copyrighted works), refining page-level label heuristics, adopting advanced neural encoders (e.g., BERT), and enhancing preprocessing (stop-word filtering, n-grams, improved language segmentation). These measures target F1 improvement and cataloguing-grade reliability in future Kratt versions (Asula et al., 2022).

2. Logic Locking Attack Tool (Hardware Security Domain)

2.1 Logic Locking: SFLT/DFLT Overview and Threat Models

Logic locking secures digital circuit designs by embedding gates controlled by a secret key vector KK, ensuring Flocked(X,K)=Forig(X)F_{\text{locked}}(X, K^*) = F_{\text{orig}}(X) only for the correct key KK^*. SAT-resilient single-flip locking techniques (SFLTs, e.g., SARLock, Anti-SAT, CAS-Lock, Gen-Anti-SAT) flip precisely one minterm for incorrect keys, making traditional SAT-based attacks exponentially slow. Double-flip techniques (DFLTs) introduce additional corruption/restoration units. Attacker threat models include oracle-less (OL, netlist only) and oracle-guided (OG, access to functional chip) scenarios (Aksoy et al., 2023).

2.2 QBF-Based Removal Attack and Mathematical Encoding

KRATT introduces quantified Boolean formulae (QBF) to identify secret keys in SFLT-locked circuits. If the critical locking unit θ=0.4\theta=0.40 can be abstracted, θ=0.4\theta=0.41 is recoverable by solving for:

θ=0.4\theta=0.42

θ=0.4\theta=0.43

where θ=0.4\theta=0.44 is the CNF representation of the locking unit. Any K satisfying θ=0.4\theta=0.45 or θ=0.4\theta=0.46 renders cs₁ constant, effectively extracting the secret key. The approach leverages DepQBF with a typical timeout of 60 s, with practical solve times ≪1 s up to 128-bit keys in standard benchmarks (Aksoy et al., 2023).

2.3 Oracle-Less Workflow and SCOPE Refinement

When QBF alone does not suffice (e.g., DFLTs or complex SFLTs), KRATT proceeds by stripping the locking unit (“unit-stripped circuit”), then applies SCOPE, a synthesis-based attack measuring combinational design metrics after hypothesized key assignments. High-confidence key bits from SCOPE are fixed, and a reduced QBF enumeration identifies the remainder. This combined approach achieves >98% correctness benchmark-wide, completing in <1 minute per instance. SCOPE-only approaches recover 10–30% of key bits, but KRATT’s hybrid method consistently achieves 100% in experiments (Aksoy et al., 2023).

2.4 Oracle-Guided Structural Analysis

For OG scenarios, KRATT identifies all cones of logic with protected primary input (PPI) leaves, then solves SAT problems to extract input patterns for each cone. Wildcard-augmented candidate patterns are completed and tried against the hardware oracle, with key recovery upon matching functional outputs. This method eschews QBF for SAT-only workflows. KRATT recovers DFLT and SFLT keys in 60–300 s on typical benchmarks, outperforming prior OG attacks (which may time out after days) (Aksoy et al., 2023).

2.5 Empirical Results and Technical Insights

In ISCAS’85, ITC’99, and HeLLO:CTF’22 benchmarks, KRATT achieves:

  • QBF instantly breaks all SFLTs (≪1 s, 100% up to 128 bits).
  • On DFLTs, combined SCOPE+QBF yields 100% recovery in <1 min. SCOPE alone is markedly less effective.
  • In OG mode, DFLT and SFLT keys are found in tens to hundreds of seconds, whereas SAT-based baseline attacks time out or require hours.
  • HeLLO:CTF’22: OL yields 73/87, 34/47, 25/29 bits in 60–200 s; OG finds full keys in 64–2186 s.

QBF-based approaches avoid enumerating discriminating input patterns (DIPs): the ∀ quantifier compactly encodes “for all PPI patterns, cs₁ is inert.” SFLTs routinely reduce to tractable QBF kernels (comparator or NOR/AND trees) (Aksoy et al., 2023).

2.6 Limitations and Possible Extensions

QBF attacks fail in “read-proof” hardware (e.g., SFLL-Flex, RCALUT) where cs₁ is part of an unextractable or hidden cone, or are slowed by non-complementary, very wide key circuits. Extensions include incremental/preprocessing enhancements for QBF, ML-guided cone ranking for OG exploration, and extension to sequential locking schemes where key bits cycle over time (Aksoy et al., 2023).

3. Comparative Table: Kratt (Library) and KRATT (Logic Locking)

Aspect Kratt (Library Indexing) KRATT (Logic Locking Attack)
Domain Library Science, NLP, Subject Indexing Hardware Security, Logic Locking
Core ML/Algorithmic Extreme multi-label LR, HMM, k-NN retrieval QBF, SAT, logic cone analysis, SCOPE
Primary Task Assign controlled-vocabulary subject terms Extract secret keys from locked circuits
Data/Benchmarks 7,668 DIGAR books (Estonian, English, Russian) ISCAS'85, ITC'99, HeLLO:CTF’22 circuits
Key Quantitative F1 ≈ 0.30, 10–15× speedup vs. cataloguer 100% SFLT recovery <1s; DFLT full key <1min
User Facing? Yes—interactive UI, cataloguer/end-user eval No—research/professional attack tool

4. Significance and Future Directions

Both Kratt systems demonstrate the application of advanced algorithmic strategies—logistic regression ensembles for large-scale controlled-vocabulary tagging, and QBF-based symbolic logic reasoning for hardware key extraction. In the library domain, Kratt exposes the tradeoffs of automated versus manual indexing and the need for richer data and more expressive models (e.g., large transformer-based encoders) to approach expert cataloguing standards. In hardware security, KRATT provides, for the first time, sub-second extraction of SFLT keys and robust DFLT breakage in both OL and OG models, repositioning the role of QBF in logic locking research.

For Kratt (library), directions include larger and more diverse corpora, improved page-label alignment, neural encoder adoption, and more granular preprocessing. For KRATT (logic locking), scalability to read-proof or highly obfuscated units, and synergy with ML-based circuit analysis, are highlighted as potential research thrusts (Asula et al., 2022, Aksoy et al., 2023).

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Kratt.