Soft IP Protection: Watermarking HDL Codes
Lin Yuan, Pushkin R. Pari, and Gang Qu
Department of Electrical and Computer Engineering
and Institute for Advanced Computer Studies
University of Maryland, College Park, MD 20742
Abstract. Intellectual property (IP) reuse based design is one of the
most promising techniques to close the so-called design productivity gap.
To facilitate better IP reuse, it is desirable to have IPs exchanged in the
soft form such as hardware description language (HDL) source codes.
However, soft IPs have higher protection requirements than hard IPs
and most existing IP protection techniques are not applicable to soft
IPs. In this paper, we describe the basic requirements, make the neces-
sary assumptions, and propose several practical schemes for HDL code
We protect the HDL codes by hiding author’s signature also called as
watermarking, similar to the idea for hard IP and multimedia data pro-
tection. But the new challenge is how to embed watermark into HDL
source codes, which must be properly documented and synthesizable for
reuse. We leverage the unique feature of Verilog HDL design to develop
several watermarking techniques. These techniques can protect both new
and existing Verilog designs. We watermark SCU-RTL & ISCAS bench-
mark Verilog circuits, as well as a MP3 decoder. Both original and water-
marked designs are implemented on ASICs & FPGAs. The results show
that the proposed techniques survive the commercial synthesis tools and
cause little design overhead in terms of area/resources, delay and power.
Design reuse and reuse-based design have become increasingly important and
are widely considered as the most efficient way to close the design productivity
gap between silicon capacity and designer’s ability to integrate circuits onto
silicon . For reuse to be successful, the reusable building blocks, also known
as macros, cores, intellectual properties (IPs), or virtual components, must be
easily accessible and integrable. Several industry organizations such as the San
Jose-based ”Virtual Socket Interface Alliance”, the ”design and reuse” in Europe,
and ”IP highway” in Japan have already started building libraries and tools
that can be shared by designers all over the world. More importantly, they are
working on the specification of various IP design standards for IP integration.
But how to guarantee IP provider’s IP rights and royalties remains one of the
major obstacles for design reuse.
J. Fridrich (Ed.): IH 2004, LNCS 3200, pp. 224–238, 2004.
c ? Springer-Verlag Berlin Heidelberg 2004
Soft IP Protection: Watermarking HDL Codes 225
IP exchange and reuse normally takes the forms of hard, firm, or soft. Hard
IPs, delivered as GDSII files, are optimized for power, size, or performance. Soft
IPs are delivered in the form of synthesizable HDL codes. Firm IPs, such as place-
ment of RTL blocks or fully placed netlist, are a compromise between hard and
soft IPs . From security point of view, hard IPs are the safest because they are
hard to be reverse engineered or modified. But this one-fits-all solution does not
give IP users any flexibility other than the built-in configuration options. Soft
IPs, on the other hand, are preferred by IP users due to their flexibility of being
integrated with other IPs without much physical constraints. On some occasions,
IP provider may also prefer releasing soft IPs to leave customer-dependent opti-
mization process to the users. Not surprisingly, it has been recognized that the
IP market will be dominated by soft IPs . However, the flexibility makes soft
IPs hard to trace and therefore difficult to prevent IP infringements from hap-
pening. IP providers are taking a high risk in releasing their IPs in the soft form
without protecting their HDL codes with techniques that are effective, robust,
low-complexity, and low-cost. Unfortunately, such techniques or tools are not
available and their development is challenging.
Most existing VLSI design IP protection mechanisms, such as physical tag-
ging, digital watermarking and fingerprinting, target the protection of hard/firm
IPs. Traditional software obfuscating and watermarking methods are not appli-
cable to HDL code either. In this paper, we 1) analyze the challenges in HDL code
protection; 2) describe the basic requirements and necessary assumptions; 3) de-
velop the first set of Verilog source code protection methods. Our approaches can
be easily integrated with the design process to protect a new design. They can
also be applied to protect existing designs, which give IP providers the option
of releasing the (protected) source code for their hard/firm IPs that are already
in the IP market to make them more competitive.
We propose three watermarking techniques to protect Verilog source code.
The first method takes advantage of the don’t-care conditions inherently exist-
ing in the modules by enforcing them to have specific values corresponding to
designer’s signature. A separate test module can be easily constructed to re-
trieve such information. The second one utilizes the fact that many logic units
can be implemented in different ways. Instead of using one fixed structure, we
build multiple functionally identical modules with different implementations in
the same Verilog code. We then selectively instantiate these duplicated modules
for information hiding. The third technique splits the implementation of one
module into two phases in such a way that designer’s signature will be mixed
with the module’s input and output information. We implement and test the
proposed protection schemes on SCU-RTL and ISCAS benchmark circuits using
Synopsys’ design analyzer and Xilinx FPGA CAD tool. The results show that
our watermark survives the synthesis and optimization tools. We measure the
area/resources, delay, and power of the designs before and after watermarking,
and find that our methods introduce little overhead in these three key aspects.
226 Lin Yuan, Pushkin R. Pari, and Gang Qu
2 Previous Work
HDL codes describe VLSI design IPs in the style and structure similar to general
C/C++ programs. Hence, it is natural to investigate whether the existing design
IP protection techniques and software watermarking and obfuscating methods
can be extended for HDL code protection.
2.1 VLSI Design IP Protections
According to the IP protection white paper released by VSIA, there are three
approaches to secure an IP: deterrent approach like patents, copyrights, and
trade secrets; protection via licensing agreements or encryption; detection
mechanism such as physical tagging, digital watermarking and fingerprinting
. Legal enforcement (copyright, licensing agreement, etc.) can be used to pro-
tect HDL codes. But it is always hard to enforce such protection, particularly
for the flexible soft IPs. Encryption can be used for soft IP protection [21,22].
But it makes IP reuse inconvenient and there are security holes from which
the un-encrypted IP information may leak. Recently, Kahng et al.  estab-
lished principles for constraint-based watermarking techniques in the protection
of VLSI design IPs [16,17].
The protection is achieved by tracing unauthorized reuse and making un-
traceable unauthorized reuse as difficult as re-designing the IP from scratch.
The essence of their approach is to introduce watermark-related additional con-
straints into the input of a black-box design tool such that the design will be
rather unique and the embedded watermark can be revealed as proof of author-
ship. This approach is generic and has been applied to various stages of the VLSI
design process, from behavioral and logic synthesis to standard cell place and
route algorithms, to FPGA designs [7,8,9,10,11,14].
It is possible, but never easy, to extend the idea of constraint-based water-
marking directly into the context of HDL code protection. RT-level HDL source
codes normally describe a design in a program-like manner. The constraints
are the abstract description of the system’s functionality. One can introduce
new constraints as watermark. However, any additional constraint at the top
abstract level description usually can be easily identified and thus removed or
modified. Another concern is the design overhead incurred by adding constraints
at this level. If we add constraints at such early stage, it may have large impact
to the design quality.
2.2 Software Watermarking and Obfuscating
Watermarking, tamper proofing, and obfuscating are the typical source code
protection methods to prevent software piracy [3,2,6,15,19,20]. Watermarking
is a technique that embeds a secret message into the program to discourage
IP theft by enabling the establishment of IP ownership [5,12]. Tamper-proofing
technique protects software from being tampered by making the software with
Soft IP Protection: Watermarking HDL Codes237
IIR (27572 gates,
15 bits embedded Max. Path Delay (ns)
C432 (420 gates,
56 bits embedded Max. Path Delay (ns) 29.791
C499 (696 gates,
56 bits embedded Max. Path Delay (ns) 16.326
74181 (132 gates,
56 bits embedded Max. Path Delay (ns)
Original Watermarked Overhead
? Slices18.71 %
Table 3. Benchmarks targeted to Xilinx Virtex-II FPGA.
We propose the first set of non-traditional protection mechanisms for soft IPs
(HDL codes). These codes describe circuits at the software level and there-
fore their protection has different requirements and challenges, from those for
hard/firm VLSI IP or software protection. We use Verilog as the framework and
leverage Verilog’s unique role between hardware and software to embed the wa-
termark message into the source code for protection. We evaluate the strength,
resilience, and design overhead of these watermarking techniques both analyti-
cally and by simulation over benchmark Verilog circuits available in the public
domain. We demonstrate the applicability of these techniques for FPGA and
ASIC designs and evaluate the overhead. The proposed techniques can be used
to protect both new and existing Verilog designs as well as VHDL designs. We
are currently collecting and building more Verilog and VHDL circuits to test our
approach. We are also planning to develop CAD tools for HDL protection.
1. G. Arboit, ”A Method for Watermarking Java Programs via Opaque Predicates
(Extended Abstract)”, The Fifth International Conference on Electronic Commerce
Research (ICECR-5), 2002.
2. C. Collberg and G. Myles and A. Huntwork, ”SandMark — A Tool for Software
Protection Research”, IEEE Magazine of Security and Privacy, vol. 1, aug, 2003.
3. C.S. Collberg and C. Thomborson, ”Watermarking, tamper-proofing, and obfusca-
tion – tools for software protection”, IEEE Transactions on Software Engineering,
Vol. 8, 8, 2002.
4. C.S. Collberg, C. Thomborson, ”Software Watermarking Models and Dynamic Em-
beddings,” ACM Symposium on Principles of Programming Languages, Jan 1999.
5. P. Cousot and R. Cousot, ”An Abstract Interpretation-Based Framework for Soft-
ware Watermarking”, ACM Principles of Programming Languages, 2004.
6. R.L. Davidson and N. Myhrvold, ”Method and System for Generating and Auditing
a Signature for a Computer Program”, US Patent 5,559,884, Assignee: Microsoft
238Lin Yuan, Pushkin R. Pari, and Gang Qu
7. I. Hong and M. Potkonjak. ”Behavioral Synthesis Techniques for Intellectual Prop-
erty Protection”, 36th ACM/IEEE Design Automation Conference Proceedings, pp.
849-854, June 1999.
8. A.B. Kahng, et al.. ”Watermarking Techniques for Intellectual Property Protec-
tion”, 35th ACM/IEEE Design Automation Conference Proceedings, pp. 776-781,
9. D. Kirovski, Y. Hwang, M. Potkonjak, and J. Cong. ”Intellectual Property Pro-
tection by Watermarking Combinational Logic Synthesis Solutions,” IEEE/ACM
International Conference on Computer Aided Design, pp. 194-198, November 1998.
10. M. Keating and P. Bricaud. ”Reuse Methodology Manual, For System-On-A-Chip
Designs,” Second Edition, 1999.
11. J. Lach, W.H. Mangione-Smith, and M. Potkonjak. ”FPGA Fingerprinting Tech-
niques for Protecting Intellectual Property,” Proceedings of the IEEE 1998 Custom
Integrated Circuits Conference, pp. 299-302, May 1998.
12. G. Myles and C. Collberg, ”Software Watermarking Through Register Allocation:
Implementation, Analysis, and Attacks”, International Conference on Information
Security and Cryptology, 2003.
13. A. Monden and H. Iida and K. Matsumoto and K. Inoue and K. Torii, ”A practical
method for watermarking Java programs”, 24th Computer Software and Applica-
tions Conference, 2000.
14. A.L. Oliveira. ”Robust Techniques for Watermarking Sequential Circuit Designs,”
36th ACM/IEEE Design Automation Conference Proceedings, pp. 837-842, June
15. J. Palsberg and S. Krishnaswamy and M. Kwon and D. Ma and Q. Shao and Y.
Zhang, ” Experience with Software Watermarking”, Proceedings of ACSAC’00, 16th
Annual Computer Security Applications Conference, pp. 308-316, 2000.
16. G. Qu and M. Potkonjak, “Analysis of watermarking techniques for graph col-
oring problem”, Proceedings of the 1998 IEEE/ACM international conference on
Computer-aided design, pp. 190–193, 1998.
17. G. Qu and M. Potkonjak, ”Fingerprinting intellectual property using constraint-
addition”, Design Automation Conference, pp. 587-592, 2000.
18. J. P. Stern and G. Hachez and F. Koeune and Jean-Jacques Quisquater, “Robust
Object watermarking: Application to code”, Information Hiding, pp. 368-378, 1999.
19. R. Venkatesan and V. Vazirani and S. Sinha, “A Graph Theoretic Approach to
Software Watermarking”, 4th International Information Hiding Workshop, Pitts-
burgh, PA, april, 2001.
20. R. Venkatesan and V. Vazirani, “A Technique For Producing, Through Water-
marking, Highly Tamper-Resistant Executable Code And Resulting ”Watermarked”
Code So Formed”, International Patent WO 01/69355 A1, 2001.
21. Altera Corporation. San Jose, California. http://www.altera.com/
22. Xilinx Inc. San Jose, California. http://www.xilinx.com
23. Virtual Socket Interface Alliance. ”Intellectual Property Protection White Paper:
Schemes, Alternatives and Discussion Version 1.0,” September 2000.
24. Virtual Socket Interface Alliance. ”Architecture Document Version 1.0,” March
25. http://www.ece.cmu.edu/∼ee545/s02/10/fpga 1813.txt
27. International Technology Roadmap for Semiconductors.