TY - GEN
T1 - A Formal Approach to Identifying Hardware Trojans in Cryptographic Hardware
AU - Ito, Akira
AU - Ueno, Rei
AU - Homma, Naofumi
N1 - Funding Information:
This work was supported in part by JSPS KAKENHI under Grant 17H00729; in part by the JSPS Research Fellow under Grant 20J128870; and in part by the Secom Science and Technology Foundation.
Publisher Copyright:
© 2021 IEEE.
PY - 2021/5
Y1 - 2021/5
N2 - This paper presents a new formal method for detecting and identifying hardware Trojans (HTs) inserted into the datapath of cryptographic hardware based on Galois-field arithmetic such as for the Advanced Encryption Standard and elliptic curve cryptography. To detect HTs, our method first performs equivalence checking between the specifications given as Galois-field polynomials (or the reference circuit of cryptographic hardware) and polynomials representing the input-output relations of a gate-level netlist. Our method exploits zero-suppressed binary decision diagrams for efficient verification. Once an HT is found, the proposed method then detects the trigger condition of the HT using the characteristics of zero-suppressed binary decision diagrams. It also identifies the HT localization using a novel computer algebra method. Our experimental results show that the proposed method can verify netlists and identify HT trigger conditions and locations on a 233-bit multiplier commonly used in elliptic curve cryptography within 1.8 seconds. In addition, we show that if the reference circuit is given, the proposed method can detect a realistic HT inserted into the entire Advanced Encryption Standard hardware, including control logic, in approximately three seconds.
AB - This paper presents a new formal method for detecting and identifying hardware Trojans (HTs) inserted into the datapath of cryptographic hardware based on Galois-field arithmetic such as for the Advanced Encryption Standard and elliptic curve cryptography. To detect HTs, our method first performs equivalence checking between the specifications given as Galois-field polynomials (or the reference circuit of cryptographic hardware) and polynomials representing the input-output relations of a gate-level netlist. Our method exploits zero-suppressed binary decision diagrams for efficient verification. Once an HT is found, the proposed method then detects the trigger condition of the HT using the characteristics of zero-suppressed binary decision diagrams. It also identifies the HT localization using a novel computer algebra method. Our experimental results show that the proposed method can verify netlists and identify HT trigger conditions and locations on a 233-bit multiplier commonly used in elliptic curve cryptography within 1.8 seconds. In addition, we show that if the reference circuit is given, the proposed method can detect a realistic HT inserted into the entire Advanced Encryption Standard hardware, including control logic, in approximately three seconds.
KW - cryptographic hardware
KW - decision diagrams
KW - formal methods
KW - Hardware Trojan detections
UR - http://www.scopus.com/inward/record.url?scp=85113247675&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85113247675&partnerID=8YFLogxK
U2 - 10.1109/ISMVL51352.2021.00034
DO - 10.1109/ISMVL51352.2021.00034
M3 - Conference contribution
AN - SCOPUS:85113247675
T3 - Proceedings of The International Symposium on Multiple-Valued Logic
SP - 154
EP - 159
BT - Proceedings - 2021 IEEE 51st International Symposium on Multiple-Valued Logic, ISMVL 2021
PB - IEEE Computer Society
T2 - 51st IEEE International Symposium on Multiple-Valued Logic, ISMVL 2021
Y2 - 25 May 2021 through 27 May 2021
ER -