Existing design obfuscation schemes in the VLSI supply chain lack rigorous security evaluation under the “no working chip available” black-box scenario, leaving a critical security blind spot. Method: This work introduces, for the first time, a red-team adversarial paradigm to systematically assess obfuscation security. We propose a formal evaluation framework integrating reverse engineering, side-channel inference, and attack simulation to quantitatively measure structural information leakage from obfuscated netlists. Contribution/Results: Our analysis reveals that mainstream obfuscation tools (e.g., RIPPER) suffer from severely underestimated structural leakage—far exceeding prior expectations. The framework precisely identifies obfuscation vulnerabilities and provides empirical guidance for designing robust countermeasures. By establishing both theoretical foundations and practical methodologies for black-box security assessment, this work bridges a fundamental gap in obfuscation evaluation and advances design obfuscation from heuristic protection toward verifiable security.

The main goal of design obfuscation schemes is to protect sensitive design details from untrusted parties in the VLSI supply chain, including but not limited to off-shore foundries and untrusted end users. In this work, we provide a systematic red teaming approach to evaluate the security of design obfuscation approaches. Specifically, we propose security metrics and evaluation methodology for the scenarios where the adversary does not have access to a working chip. A case study on the RIPPER tool developed by the University of Florida indicates that more information is leaked about the structure of the original design than commonly considered.