Logic locking and hardware Trojans (HWTs) share deep structural similarities, yet prior work has not systematically exploited this relationship to construct highly stealthy Trojans. Method: This paper introduces TroLL, a novel stealthy hardware Trojan derived from logic-locking circuits, whose trigger logic is inherently embedded within the encryption structure—enabling evasion of conventional ATPG-based detection. To address the resulting detection challenge, the authors customize and enhance both ATPG and SAT-based attacks, establishing the first adversarial evaluation framework specifically designed for TroLL. Contribution/Results: Experiments show that the proposed ATPG method achieves the highest detection rate; however, detection efficacy degrades significantly as the number of trigger bits increases, underscoring the urgent need for scalable detection techniques. This work pioneers the paradigm shift from logic locking to high-stealth HWTs and establishes a closed-loop research framework—“construction–detection–evaluation”—thereby advancing the co-evolution of defensive and offensive techniques in hardware security.

Logic locking and hardware Trojans are two fields in hardware security that have been mostly developed independently from each other. In this paper, we identify the relationship between these two fields. We find that a common structure that exists in many logic locking techniques has desirable properties of hardware Trojans (HWT). We then construct a novel type of HWT, called Trojans based on Logic Locking (TroLL), in a way that can evade state-of-the-art ATPG-based HWT detection techniques. In an effort to detect TroLL, we propose customization of existing state-of-the-art ATPG-based HWT detection approaches as well as adapting the SAT-based attacks on logic locking to HWT detection. In our experiments, we use random sampling as reference. It is shown that the customized ATPG-based approaches are the best performing but only offer limited improvement over random sampling. Moreover, their efficacy also diminishes as TroLL's triggers become longer, i.e., have more bits specified). We thereby highlight the need to find a scalable HWT detection approach for TroLL.