Lorax: Machine Learning-Based Oracle Reconstruction With Minimal I/O Patterns

This paper proposes a new attack model where the attacker tries to reconstruct a combinational logic circuit without having full oracles access. This means due to limited access time to the product, the attacker has access to only a limited number of input-output (I/O) pairs and does not have any information about the design. The goal of the attacker is to reconstruct a circuit to be deployed with simulation or emulation, in order to act as an efficient surrogate to perform fast attacks. We propose Lorax, the first automated framework to reconstruct circuits from limited access, using tree-based machine learning (ML) models of different configurations. It features early estimation of accuracy of the reconstructed oracle using cross-validation, as well as approximation techniques for efficient synthesis of the learned logic. For cases that are difficult to learn, Lorax applies a special function matching phase utilizing an explanatory analysis of a tree-based ML model to identify bit importance. Our experiments show that with a training set of 6400 I/O pairs, Lorax can successfully approximate commonly-used functions from a range of sources, including arithmetic circuits, industrial designs, and computer vision problems, with an accuracy of 79-84% on average and near 100% for some arithmetic functions.