Paper 2023/1178

Towards Open Scan for the Open-source Hardware

Leonid Azriel, Technion – Israel Institute of Technology
Avi Mendelson, Technion – Israel Institute of Technology

The open-source hardware IP model has recently started gaining popularity in the developer community. This model offers the integrated circuit (IC) developers wider standardization, faster time-to-market and richer platform for research. In addition, open-source hardware conforms to the Kerckhoff’s principle of a publicly-known algorithm and thus helps to enhance security. However, when security comes into consideration, source transparency is only one part of the solution. A complex global IC supply chain stands between the source and the final product. Hence, even if the source is known, the finished product is not guaranteed to match it. In this article, we propose the Open Scan model, in which, in addition to the source code, the IC vendor contributes a library-independent information on scan insertion. With scan information available, the user or a certification lab can perform partial reverse engineering of the IC to verify conformance to the advertised source. Compliance lists of open-source programs, such as of the OpenTitan cryptographic IC, can be amended to include this requirement. The Open Scan model addresses accidental and dishonest deviations from the golden model and partially addresses malicious modifications, known as hardware Trojans. We verify the efficiency of the proposed method in simulation with the Trust-Hub Trojan benchmarks and with several open-source benchmarks, in which we randomly insert modifications.

Available format(s)
Publication info
Open-source hardware securityHardware reverse engineeringSupply chain security
Contact author(s)
leonida @ technion ac il
avi mendelson @ technion ac il
2023-08-02: approved
2023-08-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Leonid Azriel and Avi Mendelson},
      title = {Towards Open Scan for the Open-source Hardware},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1178},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.