LEDA: Locking Enabled Differential Analysis of Cryptographic Circuits

Hardware implementations of cryptographic primitives require protection against physical attacks and supplychain threats at the same time. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this paper, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce L.EDA (locking-enabled differential analysis), a new attack vector on logic locked cryptographic circuits In many cases, logic locking has made circuit implementations prone to classical algebraic attacks. We investigate in depth its success factors. In addition, we consider L.EDFA (locking-enabled differential fault analysis), a fault-assisted version of LEDA, and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure.