Existing hardware IP protection mechanisms exhibit fundamental vulnerabilities against highly capable adversaries with supply-chain privileges. This paper introduces a novel reverse-engineering methodology: first constructing a candidate library based on known IP signatures, then leveraging commercial EDA tools—specifically Synopsys Design Compiler—for structural comparison and netlist similarity measurement to accurately identify and reconstruct target IPs. This work establishes the first updated threat model explicitly targeting privileged supply-chain adversaries and pioneers the “design knowledge base + structural matching” paradigm for IP recovery. It systematically exposes the failure mechanisms of mainstream protection techniques—including obfuscation and camouflaging—under realistic supply-chain conditions. Experimental validation on transformed ISCAS’89 benchmark circuits confirms the method’s efficacy. The approach provides a more pragmatic and quantifiable framework for hardware security evaluation.

Existing countermeasures for hardware IP protection, such as obfuscation, camouflaging, and redaction, aim to defend against confidentiality and integrity attacks. However, within the current threat model, these techniques overlook the potential risks posed by a highly skilled adversary with privileged access to the IC supply chain, who may be familiar with critical IP blocks and the countermeasures implemented in the design. To address this scenario, we introduce Library-Attack, a novel reverse engineering technique that leverages privileged design information and prior knowledge of security countermeasures to recover sensitive hardware IP. During Library-Attack, a privileged attacker uses known design features to curate a design library of candidate IPs and employs structural comparison metrics from commercial EDA tools to identify the closest match. We evaluate Library-Attack on transformed ISCAS89 benchmarks to demonstrate potential vulnerabilities in existing IP-level countermeasures and propose an updated threat model to incorporate them.