Paper 2022/516

zk-Sherlock: Exposing Hardware Trojans in Zero-Knowledge

Dimitris Mouris, Charles Gouert, and Nektarios Georgios Tsoutsos


As integrated circuit (IC) design and manufacturing have become highly globalized, hardware security risks become more prominent as malicious parties can exploit multiple stages of the supply chain for profit. Two potential targets in this chain are third-party intellectual property (3PIP) vendors and their customers. Untrusted parties can insert hardware Trojans into 3PIP circuit designs that can both alter device functionalities when triggered or create a side channel to leak sensitive information such as cryptographic keys. To mitigate this risk, the absence of Trojans in 3PIP designs should be verified before integration, imposing a major challenge for vendors who have to argue their IPs are safe to use, while also maintaining the privacy of their designs before ownership is transferred. To achieve this goal, in this work we employ modern cryptographic protocols for zero-knowledge proofs and enable 3PIP vendors prove an IP design is free of Trojan triggers without disclosing the corresponding netlist. Our approach uses a specialized circuit compiler that transforms arbitrary netlists into a zero-knowledge-friendly format, and introduces a versatile Trojan detection module that maintains the privacy of the actual netlist. We evaluate the effectiveness of our methodology using selected benchmarks.

Available format(s)
Publication info
Preprint. Minor revision.
Verifiable computationZero knowledgeTrustworthy hardwareHardware Trojans
Contact author(s)
tsoutsos @ udel edu
2022-05-02: received
Short URL
Creative Commons Attribution


      author = {Dimitris Mouris and Charles Gouert and Nektarios Georgios Tsoutsos},
      title = {zk-Sherlock: Exposing Hardware Trojans in Zero-Knowledge},
      howpublished = {Cryptology ePrint Archive, Paper 2022/516},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.