Logic Encryption: Techniques & Trade-Offs

• Logic Encryption is a hardware obfuscation technique that integrates key-controlled logic elements to secure integrated circuits from IP piracy and reverse engineering.
• It employs diverse methods such as gate-level XOR/XNOR insertion, sequential state-hiding, and cryptographic encoding to resist SAT and oracle-based attacks.
• Design trade-offs involve balancing minimal area, power, and delay overhead with robust security metrics, ensuring practical protection through formal evaluation and reproducible implementations.

Logic encryption (LE), also known as logic locking, is a hardware obfuscation technique designed to protect integrated circuits (ICs) against intellectual property (IP) piracy, reverse engineering, overproduction, and hardware Trojans. LE introduces key-controlled logic elements or encoding transformations within a design, such that correct functionality is only achievable when an authorized key (or key sequence) is applied. In the absence of the key or under incorrect key input, the circuit's output is deliberately corrupted, thus restricting unauthorized fabrication or analysis and providing a form of "password protection" at the hardware level. Methods for LE span gate-level key-controlled gates, state-machine encryption, cryptographic encoding of structural netlists, and system-level synthesis for obfuscation, addressing both combinational and sequential circuits (Karmakar et al., 2018, Karn et al., 30 Nov 2025, Kamali et al., 2020, Yue et al., 2021, Hu et al., 2020, Reimann et al., 3 Feb 2025).

1. Fundamental Models and Metrics for Logic Encryption

Logic encryption is rigorously modeled as a transformation on a given Boolean function $f: \{0,1\}^n \to \{0,1\}^m$ into a key-dependent function $f_{\text{lock}}(x, k)$, such that

$f_{\text{lock}}(x, k^*) = f(x), \qquad \forall\,x$

and

$$f_{\text{lock}}(x, k) \neq f(x): \exists x,\,k \neq k^*$$

where $k^*$ is the authorized key vector (Hu et al., 2019, Reimann et al., 3 Feb 2025).

Key primitives include:

• Gate-level XOR/XNOR or MUX-based key gates (as in EPIC, D-MUX).
• Structural or functional obfuscation (e.g., correction circuits, scrambling networks, pseudo-random state transitions, in-memory logic).
• State-machine augmentation or decryption-like transformations at the netlist level (Karn et al., 30 Nov 2025, Kamali et al., 2020, Karmakar et al., 2018).

LE security and cost are evaluated using formal, closed-form metrics (Hu et al., 2019):

• Functional Corruptibility $E_{FC}$: Fraction of $(x,k)$ pairs yielding wrong outputs.
• SAT-attack Resilience $t_{SAT}$: Minimum number of distinguishing input patterns (DIPs) needed for key extraction via Boolean satisfiability attacks.
• Approximate Attack Residual Error $E_{APP}$: Minimum fraction of erroneous outputs for any non-authorized key.
• Removal Attack Resilience $E_{REM}$: Fraction of input patterns still corrupted after excision of key-controlled wiring.
• Implementation Overhead $(\Delta A, \Delta P, \Delta D)$: Percentage increases in area, power, and delay.

These metrics permit efficient, worst-case prediction and trade-off analysis over key size, obfuscation parameters, and compositional strategies (Hu et al., 2019).

2. Key Logic Encryption and Locking Schemes

2.1 Gate-Level and Structural Approaches

Classic gate-level logic locking (EPIC, SFLL, DTL, FLL) inserts key-driven XOR/XNOR gates or MUXes at selected nodes. Unless the correct key is applied, the Boolean function is altered, disrupting output correctness (Yue et al., 2021, Hu et al., 2019).

Advanced schemes employ systematic node-selection, as in ProbLock (Yue et al., 2021) via longest-path, critical-path, low-dependency, and probability-biased filters. This sequence targets nodes whose gating most disrupts SAT and removal attacks while minimizing area/timing impact (≤10% area, no change to critical-path delay on ISCAS '85/’89 circuits).

2.2 Sequential and State-Hiding Schemes

Encryption of sequential circuits requires obfuscation of state and scan control. The Encrypt Flip-Flop scheme (Karmakar et al., 2018) inserts MUX-controlled Q/$\overline{Q}$ selection at flip-flop outputs:

$$y_i = \text{MUX}(k_i, Q, \overline{Q}) = k_i \cdot \overline{Q} + (1-k_i) \cdot Q$$

This disrupts scan-based attacks, as scan-out contents themselves become key-dependent, and output corruption (average 28% for wrong keys, nonlinear with key-weight) is empirically validated. Overheads are modest: 3–4% area, 1–2% power for $K=128$ in 20k-gate designs, with zero delay when timing-aware (Karmakar et al., 2018).

The SCRAMBLE model (Kamali et al., 2020) expands on this by embedding configurable routing blocks (CRLBs) that hide the state transition graph and scan-chain sequencing among exponentially many key-controlled permutations, leveraging near non-blocking switching networks or replacing logic with in-memory lookups (SRAM). SCRAMBLE-L achieves complete functional obfuscation in FSM-driven logic. Both variants scale overhead linearly ($O(N\log N)$ for CRLBs; up to 50% area for full SRAM-based obfuscation in small designs) and block all known 2-stage and unrolled SAT/BMC attacks for sizable $N$.

Latch-based logic locking (Sweeney et al., 2020) interleaves phase-programmable latches and decoy latches to obscure both temporal and logical data-flow, raising model-checker/SAT attack complexity while limiting delay, power, and area increases (≤2%, ≤2.5%, ≤24%, respectively for $k=256$).

2.3 Temporal and Authentication-Based Designs

SANSCrypt (Hu et al., 2020) introduces sporadic, PRNG-driven multi-step authentication for FSM-protected circuits. The design interlaces functional and encrypted FSM states, with pseudo-random periodic back-jumps to encrypted states requiring a fresh key-sequence for each re-authentication:

• Output corruptibility approaches 0.5 under incorrect/missing key sequences.
• Area and power penalty is substantial (∼141% and ∼161% for full node coverage), but delay is not significantly degraded.

Key recovery complexity under sequential SAT or brute-force attacks is exponential in the number of authentications, offering practical attack infeasibility as the number of authentications and key space size grow (Hu et al., 2020).

3. SAT-Based and Oracle-Less Attack Resistance

Classic SAT attacks set up a "miter" between the real and encrypted netlist to identify (via distinguishing input patterns) keys that produce differing outputs. For combinational circuits, attack complexity is exponential in key size ($O(2^k)$). With scan-chain access, sequential circuits can be unrolled, flattening to combinational circuits and thus exposing the design to SAT attacks (Karmakar et al., 2018).

Encrypt Flip-Flop and SCRAMBLE resist such reductions by denying full controllability/observability at internal nodes, blocking scan chain partitioning and state isolation (Karmakar et al., 2018, Kamali et al., 2020). SCRAMBLE demonstrates timeouts ($>10^6$ s) for state-of-the-art scan-based and BMC-based attacks at moderate key sizes.

Fun-SAT (Hu et al., 2021) formalizes the notion of functional corruptibility

$$\text{FC}_b = \frac{1}{2^{(b+t_k) |I|}} \sum_{i \in \mathbb{B}^{b|I|}} \sum_{k \in \mathbb{B}^{t_k|I|}} \mathbf{1}(f^b_k(i) \neq f'^b(i,k))$$

and shows that encryption schemes with rapidly increasing $\text{FC}_b$ with unroll depth are vulnerable, since the attack can terminate quickly. To maximize resilience, designers must flatten the $\text{FC}$ curve, utilize sporadic triggers, or deploy dynamic or state-deflecting mechanisms (Hu et al., 2021, Hu et al., 2020).

Oracle-less attacks, including structural machine learning (OMLA), interconnect prediction (MuxLink), and resynthesis-based reverse engineering (SCOPE) have recently been addressed by logic encryption methods based on cryptographic gate encoding (Karn et al., 30 Nov 2025). These methods reduce structure and link recovery to near random-guess accuracy ($\sim$50% for OMLA/MuxLink), outperforming previous logic locking by large margins.

4. Implementation and Overhead Trade-offs

Area (ΔA), power (ΔP), and delay (ΔD) overheads are critical for LE adoption. The following table summarizes performance measured on standard benchmarks for representative LE/LL schemes:

Method	ΔA	ΔP	ΔD
LE (Karn et al., 30 Nov 2025)	4.2%	5.1%	3.1%
TRLL	7.5%	10.3%	8.0%
gDMUX	12.7%	14.6%	88.4%
LUT-L	9.6%	9.7%	–2.1%
Encrypt FF (Karmakar et al., 2018)	3.2%	1.5%	~0%
SCRAMBLE-C, N=16 (Kamali et al., 2020)	5–10%	-	10–30%
SCRAMBLE-L, SRAM (Kamali et al., 2020)	20–50%	-	5–15%
Latch Lock (Sweeney et al., 2020)	≤24%	≤2.5%	≤1.8%
SANSCrypt (Hu et al., 2020)	∼141%	∼161%	<6%

LE (Karn et al., 30 Nov 2025) achieves the lowest total overhead (ΔA+ΔP+ΔD = 12.4%) while delivering highest resistance against oracle-less attacks under a fully automated, correct-by-construction flow.

ProbLock (Yue et al., 2021) restricts area overhead ≤10% by filtering non-critical, low dependency, highly biased nodes for key-gate placement.

SCRAMBLE variants provide scalable trade-offs for FSM/datapath/scan-chain-protected circuits, balancing exponential attack timeouts and sublinear (O(N log N) for CRLB) or modest area overhead depending on chosen N (Kamali et al., 2020).

5. Security Limitations and Data Confidentiality

Recent formal evaluations (Reimann et al., 3 Feb 2025) reveal a critical and less-explored vulnerability: logic locking schemes (including EPIC, D-MUX, ASSURE) can leak sensitive runtime data, not just key bits, when a malicious or incorrect key is supplied.

Path-sensitization frameworks demonstrate the leakage property:

$$\exists\, k' \neq k^*,\, \exists\, x \in \{0,1\}^n : P(s \to o; x, k') = \text{true}$$

where $s$ is a sensitive net (e.g., a secret key bit), $o$ a primary output, and $P$ predicates the existence of a sensitizable path. Experimental ATPG analysis on cryptographic cores (AES-128, DES, GOST, XTEA, KECCAK-32), with modest key sizes (≤1%), found average leakage rates over 70% (i.e., 94 of 128 AES key bits exposed) for some configurations, and instances of full-key compromise (100% leak) when the attacker controls logic locking keys and data inputs.

Average detection rates under various attacker models are summarized as follows (from (Reimann et al., 3 Feb 2025)):

Scheme	Key size	$\langle \delta \rangle_{\text{Set-LL}}$	Worst leak
EPIC	25%	0.728	73.8%
D-MUX	1%	0.829	82.8%
ASSURE	C+O	0.641	100%

This indicates that logic locking can, under wrong-key configurations, directly expose secret internal nets to outputs, stressing the necessity for full information-flow security analysis in LE design flows. Recommendations include post-locking validation to ensure $\forall k \neq k^*, \forall s:$ no sensitizable paths exist from secret $s$ to outputs for any inputs.

6. Formal and Theoretical Perspectives

Logic encryption also admits formal interpretations grounded in logic. Primal infon logic provides a Curry-Howard-style semantics where implication $\imp{\varphi}{\psi}$ corresponds to encryption of $\psi$ with key $\varphi$, and decryption is formalized as logical inference from key and ciphertext (Krupski, 2013). Group keys and universal decryption are similarly mapped to disjunctions and constants, supporting efficient (linear-time) decision algorithms and soundness/completeness results.

This logic-theoretic viewpoint abstracts LE as an information-hiding mechanism, clarifying the correspondence between cryptographic and logical obfuscation, and endowing the field with rigorous semantic foundations.

7. Open-Source Implementations and Reproducibility

Recent advances facilitate reproducibility and adoption of LE. The comprehensive encryption and synthesis flow in (Karn et al., 30 Nov 2025) is released open-source, enabling automated evaluation, reproducibility, and direct comparison across benchmarks and attack frameworks. The toolchain encapsulates all stages: netlist encoding, AES-based gate encryption, wrapper synthesis, correction circuit construction, CAD integration, and validation against current attack suites.

A typical end-to-end run on 13 ISCAS-85/ITC-99 benchmarks is completed within one hour on a standard workstation, with all experimental seeds and results logged.

---

References:

• (Karmakar et al., 2018) Encrypt Flip-Flop: A Novel Logic Encryption Technique For Sequential Circuits
• (Karn et al., 30 Nov 2025) Logic Encryption: This Time for Real
• (Kamali et al., 2020) SCRAMBLE: The State, Connectivity and Routing Augmentation Model for Building Logic Encryption
• (Yue et al., 2021) ProbLock: Probability-based Logic Locking
• (Hu et al., 2020) SANSCrypt: A Sporadic-Authentication-Based Sequential Logic Encryption Scheme
• (Hu et al., 2019) Toward Efficient Evaluation of Logic Encryption Schemes: Models and Metrics
• (Hu et al., 2021) Fun-SAT: Functional Corruptibility-Guided SAT-Based Attack on Sequential Logic Encryption
• (Krupski, 2013) Primal implication as encryption
• (Sweeney et al., 2020) Latch-Based Logic Locking
• (Reimann et al., 3 Feb 2025) The Impact of Logic Locking on Confidentiality: An Automated Evaluation