eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2019/1163

On the Difficulty of FSM-based Hardware Obfuscation

Marc Fyrbiak, Sebastian Wallat, Jonathan Déchelotte, Nils Albartus, Sinan Böcker, Russell Tessier, and Christof Paar


In today’s Integrated Circuit (IC) production chains, a designer’s valuable Intellectual Property (IP) is transparent to diverse stakeholders and thus inevitably prone to piracy. To protect against this threat, numerous defenses based on the obfuscation of a circuit’s control path, i.e. Finite State Machine (FSM), have been proposed and are commonly believed to be secure. However, the security of these sequential obfuscation schemes is doubtful since realistic capabilities of reverse engineering and subsequent manipulation are commonly neglected in the security analysis. The contribution of our work is threefold: First, we demonstrate how high-level control path information can be automatically extracted from third-party, gate-level netlists. To this end, we extend state-of-the-art reverse engineering algorithms to deal with Field Programmable Gate Array (FPGA) gate-level netlists equipped with FSM obfuscation. Second, on the basis of realistic reverse engineering capabilities we carefully review the security of state-of-the-art FSM obfuscation schemes. We reveal several generic strategies that bypass allegedly secure FSM obfuscation schemes and we practically demonstrate our attacks for a several of hardware designs, including cryptographic IP cores. Third, we present the design and implementation of Hardware Nanomites, a novel obfuscation scheme based on partial dynamic reconfiguration that generically mitigates existing algorithmic reverse engineering.

Available format(s)
Publication info
Published by the IACR in TCHES 2018
Hardware Reverse EngineeringHardware ObfuscationHardware NanomitesFSM-based Hardware Obfuscation
Contact author(s)
marc fyrbiak @ rub de
2019-10-08: received
Short URL
Creative Commons Attribution


      author = {Marc Fyrbiak and Sebastian Wallat and Jonathan Déchelotte and Nils Albartus and Sinan Böcker and Russell Tessier and Christof Paar},
      title = {On the Difficulty of FSM-based Hardware Obfuscation},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1163},
      year = {2019},
      doi = {10.13154/tches.v2018.i3.293-330},
      note = {\url{https://eprint.iacr.org/2019/1163}},
      url = {https://eprint.iacr.org/2019/1163}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.