Cyclic Obfuscation in IC Design
Why Introducing Cycles Does Not Make Your Circuit Harder to Crack
Executive Summary
Cyclic obfuscation — the deliberate introduction of topological cycles into an integrated circuit (IC) netlist to impede reverse engineering — has been promoted in recent literature as a meaningful defense against known deobfuscation attacks, particularly the SAT-based attack. This white paper critically examines the foundational premise of cyclic obfuscation and presents two principal findings that challenge its claimed security advantages.
First, we demonstrate that for every cyclic obfuscation scheme, an acyclic obfuscation scheme of equivalent security can be constructed. This result, derived from Riedel’s upper bound, establishes that cycles add no fundamental security benefit. Second, we show that the attack strategy most commonly cited as being defeated by cyclic obfuscation is, in fact, no harder to execute against a cyclic circuit than against an acyclic one — provided the attacker adapts the model of computation accordingly.
We introduce CycAttack, an updated SAT-based attack that incorporates a fixed-point completion check, enabling successful deobfuscation of cyclically obfuscated netlists. We validate CycAttack against the current state-of-the-art cyclic obfuscation scheme and demonstrate its effectiveness. These findings have significant implications for semiconductor IP protection strategies.
Introduction and Background
The Reverse Engineering Threat
Integrated circuit (IC) reverse engineering is a significant and growing threat to semiconductor intellectual property (IP). Once an attacker obtains physical access to a chip, they can use imaging techniques — such as scanning electron microscopy — to recover a detailed netlist of the circuit’s logic. This netlist can reveal proprietary algorithms, enable device cloning, expose security vulnerabilities, or facilitate the production of counterfeit chips.
In response, the hardware security community has developed a range of design-for-trust methodologies. IC camouflaging obscures gate functionality through the use of look-alike cells that cannot be distinguished by chip imaging. Logic locking inserts key-controlled gates into the circuit, requiring a secret key to produce correct outputs. Both techniques aim to prevent a reverse engineer from recovering a functionally correct netlist from an imaged IC.
The SAT Attack
In 2015, El Massad et al. and Subramanyan et al. independently described the SAT-based attack, which fundamentally changed the threat landscape for obfuscated ICs. The attack assumes an oracle-guided model: the attacker holds the obfuscated netlist (recovered via circuit extraction) and has input/output query access to a live, functioning IC (obtainable from the commercial market).
The SAT attack models the obfuscated circuit as a Boolean function over inputs, a key space K, and outputs. It iteratively queries the oracle with Differentiating Input Patterns (DIPs) — inputs that distinguish between candidate keys — until only one key consistent with all observed input/output behavior remains. For many obfuscation schemes, this process converges rapidly and completely breaks the obfuscation.
The SAT attack’s first step is to represent the obfuscated circuit as a Directed Acyclic Graph (DAG). This requirement led researchers to explore whether introducing cycles into the circuit could prevent the attack from even beginning.
The Emergence of Cyclic Obfuscation
Cyclic obfuscation was proposed as a direct countermeasure to the SAT attack. The core intuition is straightforward: since the SAT attack requires a DAG representation, a circuit with intentional cycles cannot be represented as a DAG and therefore should be immune to the attack. Shamsi et al. were the first to formalize this approach, drawing inspiration from configurable cyclic interconnection networks found in modern FPGAs. Their scheme explicitly targets the DAG requirement in Subramanyan et al.’s SAT implementation.
This white paper examines whether this intuition holds up under formal analysis. We argue it does not.
Core Findings
Finding 1: Cycles Provide No Fundamental Security Advantage
Our first and most foundational result is as follows: for every cyclic obfuscation scheme, there exists an acyclic obfuscation scheme that is equally secure. This is a formal equivalence result — not a heuristic claim.
The proof proceeds by construction. Given an arbitrary cyclic obfuscation scheme CycO applied to a circuit C, we construct an acyclic scheme AcycO as follows. We run CycO to produce an obfuscated circuit Cobs with m gates. We then create m copies of Cobs, assign 0-values to all incoming edges of the first copy, and chain each copy to the next by redirecting edges. The output is taken from the final copy. The resulting circuit is acyclic and computes the same function as C under the correct key, since any cyclic combinational circuit can be unrolled into an equivalent acyclic form.
Critically, this construction preserves the attack probability: any attack A that succeeds against AcycO with probability p can be directly transformed into an attack against CycO that succeeds with the same probability p. The transformation is computationally efficient, running in polynomial time. This formalizes the intuition that cyclic obfuscation cannot be fundamentally stronger than its acyclic counterpart.
This result carries an important implication: circuit designers who use cyclic obfuscation, believing it provides an additional security layer beyond conventional obfuscation, are mistaken. The security of their scheme is bounded above by the security of an equivalent acyclic scheme — a scheme that could, in principle, be attacked by tools that already exist.
Finding 2: The SAT Attack Can Be Adapted for Cyclic Circuits
Our second finding addresses the specific attack scenario most directly enabled by cyclic obfuscation schemes: the claim that an attacker cannot execute the SAT attack because the circuit cannot be modeled as a DAG. We show that this obstacle is surmountable by changing the model of computation.
The key insight is that a cyclic combinational circuit need not be modeled as a DAG to be analyzed for satisfiability. Instead, one can use a fixed-point semantics: a cyclic circuit is evaluated by iteratively propagating values through the gates until all outputs stabilize. If the circuit is Boolean (i.e., well-defined for the applied input), it will reach a unique fixed point. If it does not stabilize, the input is not a valid discriminating input and can be discarded.
Using the reduction by Backes et al. from cyclic circuit evaluation to Boolean satisfiability, we implement this idea in our updated attack, CycAttack. The modification constrains the two key candidates in the DIP-finding step to produce outputs that are at a fixed point — ensuring any discriminating input found is valid. The resulting attack is no more computationally expensive than the original SAT attack on an acyclic circuit.
Implications for IC Security Practice
What This Means for Chip Designers
The consequences of these findings are significant for practitioners in hardware security. Any obfuscation strategy predicated on the assumption that cycles are inherently harder to attack should be reconsidered. In particular:
- Cyclic obfuscation schemes marketed as SAT-resistant on account of their cyclic topology should be re-evaluated using CycAttack or equivalent adapted attacks.
- The computational security of an obfuscation scheme must be justified by formal complexity arguments, not by the inability of existing tools to handle a particular circuit representation.
- Designers relying solely on cyclic obfuscation as their primary anti-reverse-engineering mechanism should augment their approach with schemes that have formal security guarantees.
- The broader principle applies: architectural novelty (such as introducing cycles) does not inherently confer security unless a formal argument can be made that it increases the computational complexity of the best known attack.
Recommendations
BlackBox Chip recommends that chip designers and security architects take the following steps in light of these findings:
- Conduct a threat model review: Assess whether your current IC obfuscation strategy relies on cyclic topology as a primary or exclusive security mechanism.
- Adopt layered defenses: Combine logic locking with camouflaging techniques that have independently validated security properties. No single technique should be treated as sufficient.
- Test with updated attack tools: Use CycAttack and similar adapted SAT solvers as part of your security validation workflow to ensure your obfuscation scheme withstands modern attacks.
- Demand formal security proofs: When evaluating third-party obfuscation IP, require formal complexity-theoretic justification for security claims, not just empirical benchmarking against legacy tools.
- Stay current with the literature: The hardware security field moves rapidly. Security guarantees that held in 2020 may not hold in 2026. Maintain an ongoing engagement with published research.
About BlackBox Chip
BlackBox Chip is a hardware security company focused on delivering robust, formally validated IC protection solutions for semiconductor designers, IP vendors, and system integrators. Our research team continuously evaluates emerging threats and defenses across the IC security landscape, and we are committed to transparent, peer-reviewed disclosure of both vulnerabilities and mitigations.
For more information about our obfuscation analysis services, security consulting, or to access the CycAttack tool, visit www.blackboxchip.com or contact our research team directly.
Stay Ahead with Black Box Chip Insights
Subscribe to our updates and gain exclusive access to the latest hardware security research, in-depth whitepapers, expert blog posts, and critical technical publications. Never miss a breakthrough.