🤖 AI Summary
This work systematically analyzes the security vulnerabilities of the SCONE logic locking scheme under both with-ES and without-ES implementations. For the with-ES variant, we present a polynomial-time white-box attack that precisely recovers the encoded relationships. For the without-ES variant, we formally demonstrate that its input space dimensionality is not meaningfully expanded and develop a black-box verification method to exploit this weakness. Through formal modeling, linear algebraic analysis, and RTL-level circuit evaluation on ISCAS-85, ITC-99, and ARM Cortex-M0 benchmarks, we achieve 100% recovery of the locking encoding, thereby uncovering for the first time the critical issue of dimensional collapse in both variants. We further propose a lightweight nonlinear mitigation strategy that effectively thwarts existing attacks.
📝 Abstract
SCONE [DAC'25] expands a logic locking interface with additional encoded inputs derived from the original primary inputs, and admits two realizations: a \textit{with-ES} variant, where the critical encoding stage is implemented in hardware, and a \textit{without-ES} variant, where the locked design directly exposes an encoded interface of width $n+m$. We show that both realizations are vulnerable, but for different reasons. For the without-ES variant, we prove that, when the added encoded inputs are deterministic linear functions of the original inputs, the valid encoded-input space remains $n$-dimensional despite the nominal expansion to $n+m$ inputs. Hence, the widened interface does not yield $m$ additional or independent brute-force dimensions. For the with-ES variant, we present a polynomial-time white-box attack that exactly recovers the added-input count and the implemented linear encoding relation from the locked netlist, achieving 100\% recovery over all evaluated instances. We also develop a black-box procedure that certifies the same dimensionality collapse from valid encoded-input samples without reconstructing the hidden encoder. Experiments on ISCAS-85 and ITC-99 benchmarks validate both results, and we further demonstrate exact white-box recovery on an ARM Cortex-M0 RTL benchmark. Finally, we propose a lightweight non-linear mitigation and show that it does not exhibit the vulnerabilities identified in this paper under all representative attack sets considered in SCONE.