Design of VGSOT-MTJ-Based Logic Locking for High-Speed Digital Circuits

: Emerging spintronics devices in recent research have received much interest in various ﬁelds. Their unique physical aspects are being explored to keep Moore’s law alive. Therefore, the hardware security aspects of system-on-a-chip (SoC) designs using spintronics devices becomes important. Magnetic tunnel junctions (MTJ) are a potential candidate in spintronics-based devices for beyond-CMOS applications. This work uses voltage-gated spin-orbit torque-assisted magnetic tunnel junction (VGSOT-MTJ) based on the Verilog-A behavioral model to design a possible logic-locking system for hardware security. Compared with the SOT MTJ, which uses a heavy metal strip below the MTJ stack, VGSOT-MTJ has an antiferromagnetic (AFM) strip that utilizes the voltage-controlled magnetic anisotropy (VCMA) effect to signiﬁcantly reduce the J SOT , critical . To design the logic-locking block, we performed a Monte Carlo analysis to account for the effect of process variation (PV) on critical MTJ parameters. Eye diagram tests and mask designing were performed, which included the effect of thermal noise and PV for high-speed digital circuit operations. Finally, transient performance was analyzed to demonstrate the VGSOT-MTJ’s ability to design logic-locking blocks from the circuit operation perspective.


Introduction
In the last two decades, unprecedented growth in embedded systems has globalized custom integrated circuit (ICs) design. The cost of creating and maintaining the cutting-edge facilities required to manufacture these devices has increased dramatically as technology has advanced. As a result, many design companies have gone fabless, heavily relying on untrusted and unaffiliated foundries to fabricate their ICs. This results in hardware security concerns and financial losses, as an unreliable foundry can lead to counterfeiting, reverse engineering, IC overbuilding, hardware Trojan insertion, or IP piracy [1,2]. Recently, advancement in various emerging technologies (spintronic devices, memristors, carbon nanotubes (CNTs), nanowire FETs (NWFETs), etc.) has played a vital role in improving the notion of beyond-CMOS applications. For instance, using spin as a state variable instead of charge for logic operations [3] and several other emerging spintronics phenomenon-based applications [4] have shown great potential in recent research. The general prospect of utilizing various spintronics phenomena for security is discussed in [5]. In the context of hardware security, logic locking is one of the promising obfuscation methodologies for next-generation hardware security [6]. Logic locking protects ICs from overbuilding and IP piracy by inserting a key along with the primary inputs to drive the design. A correct key ensures the functionality of the design, while the wrong key corrupts the functionality.
The key is stored on the chip's tamper-proof memory for life and remains there even if the power is removed [7]. Figure 1 shows the basic overall flow of IC design in systemon-a-chip (SoC) design. The idea is to use a specialized foundry to insert a logic-locking block during manufacturing to create a locked netlist. More details about key storage and protection are discussed in Section 3.1. MTJs have been utilized in implementing many aspects of hardware security such as true random number generators (TRNG) [8], physically unclonable functions (PUF) [9], logic locking [10], hardware Trojans [11], etc. Spin torque effects, such as spin transfer torque (STT) and spin orbit torque (SOT), have significantly boosted the development of spintronics. Two terminal MTJs are electrically driven by STTs resulting from spinpolarized current pulses, where free layer (FL) magnetization is nearly collinear with the spin polarization [12]. Therefore, such torques are weak, and FL magnetization only absorbs the required switching energy. Consequently, two terminal STT-MTJ is slow due to its incubation time and energetically inefficient due to the large write current across the MTJ stack [13]. Recently, current-induced SOTs operating at low energy levels have been exploited for high-performance spintronic applications [14]. A three-terminal MTJ-SOT is fast and energy efficient with perpendicular-to-the-plane magnetization, where read and write paths are separated. This isolation significantly improves the device's reliability, since the write current flows through the heavy metal (HM) rather than the tunneling barriers, which are sensitive to electrical breakdown. Recent experiments have revealed that by replacing the HM with an antiferromagnetic (AFM) metal, field-free SOT switching can be achieved, since the AFM metal creates not only an SOT, but also provides an in-plane exchange bias (H EX ) [15]. Another emerging write mechanism is the voltage-controlled magnetic anisotropy (VCMA) effect, which, during switching, temporarily modulates the energy barrier when voltage is applied across the MTJ [16]. Recently, a new write mechanism, called voltage-gated SOT (VGSOT), has been introduced using the VCMA effect with AFM/FM/oxide structure to modulate the SOT current [17]. Reference [18] provides a comprehensive overview with all levels of hardware infrastructure for hardware security. The authors of [19] discuss the modeling of the VCMA-MTJ for high speed MRAM applications. By solving a modified Landau-Lifshitz-Gilbert (LLG) equation, the magnetic dynamics of the VCMA-MTJ's free layer are first investigated. A VCMA-MTJ electrical model is then built by integrating the Brinkman resistance model, Slonczewski STT model, VCMA effect, and tunnel magnetoresistance model. Finally, three MTJ switching strategies including STT-assisted thermally-activated VCMA, STT-assisted precessional VCMA, and precessional VCMA are investigated for MRAM applications.

Designer (RTL
This work explores a voltage-gated spin-orbit torque-assisted magnetic tunnel junction (VGSOT-MTJ) based on the Verilog-A behavioral model [20] to design a possible logic locking [6] system for hardware security. References [21][22][23][24][25][26][27][28][29] evaluate the performance and reliability of CNT bundles for on-chip interconnect applications due to their large conductivity and current carrying capabilities. References [30][31][32][33][34] report modeling and minimizing on-chip inductive effects. Authors in [35] discuss a comprehensive model for the resistance in graphene nanoribbon (GNR) interconnects. One of our future goals is to explore spintronics devices for interconnects due to their low-power consumption, non-volatility, and competitive bit area cell. The rest of the paper is organized as follows. Section 2 demonstrates the proposed work based on VGSOT-MTJ. The experimental results are presented in Section 3. The paper is finally concluded in Section 4.

Background of VGSOT-MTJ
The MTJ circuit can be utilized to perform logic operations and to implement polymorphic gates [16]. The ability to obtain polymorphic gate behavior allows the IC chip to have an extra layer of security. It becomes difficult to obtain exact an logic implementation by reverse-engineering the layout. The magnetic dynamics of the free layer are governed by the modified Landau-Lifshitz-Gilbert (LLG) equation [20]: Here, − → m is the magnetization of the free layer, γ is the gyromagnetic ratio, µ 0 is the vacuum permeability, and − → H e f f is the effective magnetic field with different contributing terms such as perpendicular magnetic anisotropy (PMA), voltage-controlled magnetic anisotropy (VCMA), demagnetization field, exchange bias, and thermal noise, as shown in Equation (5). α is the Gilbert damping coefficient, P is the polarization factor, J STT and J SHE are the STT and SOT current densities applied to the MTJ device, − → m p is the polarization direction of the spin current injected in the free layer by the STT, and H FL SOT and H DL SOT are the current-dependent proportionality constants for the FL torque and DL torque, respectively, of the SOT. − → m σ is the pure spin current induced by the spin-orbit coupling, θ SH is the spin Hall angle, T SL is the free layer thickness, TMR is the tunnel magnetoresistance ratio of the MTJ when there is V MT J applied across the MTJ, and V h is the applied voltage across the MTJ. θ is the angle between magnetization of the free layer and the fixed layer, and the other symbols have their usual meanings. Figure 2 shows a logical implementation of the AND/NAND gate based on a hybrid CMOS-MTJ approach. The gate can be used in the logic-locking mechanism for hardware security applications. The MOS logic consists of NMOS transistors MN11-MN13. Two complimentary three-terminal MTJs are present in both branches of the PCSA. A reset signal is used to reset the MTJs to their default states. The write enable signal should be HIGH to write the MTJs with the key values. The write enable signal should be high when: (1) the clock pulse is LOW and (2) the reset signal is not HIGH. The reset path, read path, and write path of MTJs are highlighted in the circuit diagram. Figure 3 shows the logical AND operation obtained for the schematic of Figure 2 for both the VGSOTand SOT-based MTJs for comparison. The fall time is more for VGSOT-MTJ, which is highlighted in the figure. The dotted region indicates the read interval for the logic state. Table 1 contains key parameters set during electrical simulation. Parameters such as Gilbert damping coefficient, saturation magnetization, etc. are MTJ technology parameters that depend on the material composition and the device parameters such as oxide-layer and free-layer thickness. AFM dimensions are masked and process design parameters can be adjusted. During process-variation simulation, the reference-point data must be selected so that the introduced deviation lies between the allowed range of operation in the compact model. The testing of parameters is thus limited by the degree of sophisticated modeling of the compact model. A more realistic and scaled compact model will therefore allow a better logic-locking system using MTJ devices.

Logic-Locking Mechanism and Monte Carlo Simulations
We performed electrical simulations in a TSMC 40 nm CMOS generic process design kit using the Cadence spectre simulator with W/L ratio = 3, the temperature of 300 K, and simulation steps of 1 ps. In Figure 4a, the designed logic-locking block is used to lock the netlist of the desired operation with Y = AB + BC + CA. The key is stored in tamperproof memory and the correct logic is produced only when the correct key combination is inserted, as shown in Figure 4b. To account for the effect of process variation (PV) that may arise during fabrication and the robustness of the design, we performed 250 Monte Carlo (MC) simulations. Table 2 contains the variation data for both the MTJ of Figure 2 under the different values of PV and the obtained success ratio for the correct operation. The critical parameters such as TMR and free-and oxide-layer thickness were varied following a Gaussian distribution. With increasing process variations, the amount of standard deviation (SD) observed in MTJ resistance was increased, resulting in incorrect output. The low-discrepancy sequence (LDS) method was used during MC simulation, in which a deterministic sequence is used to obtain uniform coverage of the sampling space, and the convergence accuracy ≈ 1/pow(N, 2/3) is faster than the random sampling method, which has convergence accuracy = 1/sqrt(N). Figure 5 shows the transient variation of MT J 1 and MT J 2 of the logic-locking block under the different PV values. A more significant deviation in the resistance value of MTJs due to PV can cause incorrect operation; thus, the tolerance to device imperfection needs to be considered. Table 3's data is taken from [20], which compares critical parameters for traditional SOT MTJ and VGSOT-MTJ. Thus, VGSOT switching requires less current and energy, but has more delay than traditional SOT MTJ. This delay in switching characteristics may cause a significant challenge in designing logic-locking blocks when operated in high-speed digital circuit operation. Thus, in this work, we focus more on analyzing the VGSOT-MTJ for high-speed circuits by using some standard circuit tests mentioned in Sections 3.2 and 3.3.

Eye Diagram: Mask Design and Optimization
In this work, we perform an eye-diagram analysis to check the quality of the signal in high-speed digital transmission. The logic-locking block must perform satisfactorily in high-speed transmission to ensure proper operation. In the eye diagram test, the signal is split into sections, which are overlaid on top of each other, giving information about the distribution of the timing of the transitions between the Low and High levels. Eye Diagram analysis helps keep track of some crucial parameters such as signal duration, synchronization with the system clock pulse, noise effect, undershoot and overshoot, etc. If any of the parameters are degraded, the eye-opening is affected and, thus, eye-mask tests become difficult to perform. In Figure 6a, the one-cycle operation of the logic-locking block is split into several sections with a unit interval (UI) of 5 ns to capture the transitions properly. V1 (at 2 ns) represents the start of the interval and V9 (at 42 ns) represents the end. A centered eye-diagram was created as shown in Figure 6b, highlighted in red. The eye period is set to 2 * U I = 10 ns and the threshold is at 520 mV. To evaluate the performance, the eye diagram is tested across the following eye masks: HDMI compliance, HDMI 2.0 TP2EQ (data rate 3.4G to 3.712G and 5.94G to 6G), MIPI M-phy R x and T x compliance, PCI express Gen 3 compliance, and SFP + PCB compliance. The logic-locking block did not pass any of the masks mentioned. Thus, a personalized diamond-shaped mask was created as shown in Figure 6b. The vertices are marked from A to D.
When the effect of thermal noise (NON = 1) on eye parameters is included, the mask designed fails due to the shifting of the eye diagram, as shown in Figure 7a. A detailed eye diagram analysis was performed to account for the effect of process variation (uniform distribution and Gaussian distribution) and the effect of thermal noise, and an optimized eye mask was created with vertices A (2.72 ns, 520 mV), B (5 ns, 985 mV), C (7.4 ns, 520 mV), and D (5 ns, 10 mV), as shown in Figure 7b. The eye performance metrics were calculated; the data are tabulated in Table 4 using the NRZ (non-return to zero) modulation scheme. The eye performance was measured in five different cases, which included different PV with different types of random variation (RV)( RV = 0 is for constant device parameters, RV = 1 is for a uniform distribution of parameters, and RV = 2 is for a Gaussian distribution) in the MTJ parameters such as TMR ratio, free-and oxide-layer thickness, and effect of thermal noise (NON). All simulations were performed considering the effect of VCMA and the exchange bias field, as described in Equations (1)-(4). Equations (7)-(9) represents some of the equations used for calculating the metrics of Table 4. More details on parameter evaluation are available in the Cadence manual.
Eye S/N : (Level 1 Mean − Level 0 Mean) / (Level 1 SD + Level 0 SD) Eye Height = (Level 1 Mean − 3* Level 1 SD) − (Level 0 Mean + 3* Level 0 SD) (9) where µ is the mean of the histogram distribution of the crossing point at the threshold value (here 20% threshold), x is the value on the x-axis from the tail of the distribution, and p is the value of the corresponding height of the histogram. SD stands for standard deviation.

Transient Measurements
Transient measurements are critical in evaluating circuit designs. In Table 5, the transient measurement data are tabulated where 20% and 80% thresholds with respect to the baseline and top line are used. Electrical simulations are performed for the five cases, and important transient parameters are calculated to evaluate the performance of the logic-locking block. Due to the parameter variation, we observe a slight variation in some of the transient behavior, indicating that the selected MTJ can show tolerance to a certain extent for any practical applications. Figure 8 shows the transient capture of the data for Case 2.

Conclusions
As SoC design flow depends on multiple untrusted entities to reduce the time to produce ICs, securing hardware becomes a challenge. The challenge increases if the attacker intelligently utilizes emerging devices in the SoC design flow. With the development of fabrication abilities beyond CMOS devices, one cannot simply ignore the importance of such devices for defense, attack mechanisms, and hardware security. In this work, we used VGSOT-MTJ because it is a three-terminal structure offering certain advantages such as high endurance, separate read and write paths, etc. Additionally, it has better switching characteristics in terms of energy and error rate compared to the traditional SOT-MTJ. However, it has poor switching delay, which could be a potential challenge for designing a better logic-locking block using MTJ, especially in high-speed digital circuits. In this paper, we investigated how PV can affect simulations by using standard MC simulations. Furthermore, thermal noise can be tolerated and the optimized eye-mask diagram is designed to ascertain the proper range of operation for the block. Transient simulations are performed considering some critical points in the VGSOT-MTJ model. This work addresses the challenges in designing the logic-locking block from the circuit-design perspective of high-speed digital circuits. However, the current work does not address how secure this structure is to intelligent attacks based on algorithms, side-channel attacks, etc. The performance of the proposed design for such attacks can be analyzed in future work.