pith. machine review for the scientific record. sign in

arxiv: 2605.10355 · v1 · submitted 2026-05-11 · 💻 cs.AR · cs.CR

Recognition: 2 theorem links

· Lean Theorem

ObfAx: Obfuscation and IP Piracy Detection in Approximate Circuits

Lukas Sekanina , Vojtech Mrazek
Authors on Pith no claims yet

Pith reviewed 2026-05-12 05:11 UTC · model grok-4.3

classification 💻 cs.AR cs.CR
keywords approximate circuitsIP protectionobfuscationpiracy detectionerror profilesapproximate multipliershardware securityapproximate computing
0
0 comments X

The pith

Statistical error profile comparison detects IP theft in approximate circuits even after functional mimicry by attackers.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper defines a new threat called approximate obfuscation, where an attacker hides circuit structure and then alters function so the copy matches the original's error rates and hardware costs almost exactly. It counters this with an automated method that pulls statistical error profiles from a protected core and any suspicious circuit, then compares them to flag likely theft. This matters for approximate circuits because they deliver big efficiency gains but require protection before designers will release them as reusable IP. Experiments on many approximate multipliers show that some designs resist such mimicry better than others, revealing trade-offs between approximation quality and detectability.

Core claim

We introduce a novel adversarial threat model, approximate obfuscation, in which an attacker not only conceals the design through structural obfuscation but also introduces functional modifications to ensure that the resulting circuit exhibits nearly identical error characteristics and hardware metrics as the original IP. To counter this threat, we propose an automated framework that extracts and compares statistical error profiles of protected IP cores and suspicious circuits, enabling systematic detection of potential IP theft. Through extensive experiments on a diverse set of approximate multipliers, we analyze the resilience of different approximate multipliers against approximate obfusc

What carries the argument

The automated framework that extracts and compares statistical error profiles to distinguish protected approximate IP from obfuscated copies.

If this is right

  • Approximate multipliers vary in how well their error profiles resist functional mimicry, so some designs are inherently harder to steal undetected.
  • The detection method works without needing the original netlist or source code, only access to input-output error behavior.
  • Interplay between structural obfuscation and approximation quality directly affects how easy it is to create a convincing fake.
  • Commercial release of approximate IP cores becomes more feasible once systematic piracy checks exist.
  • Hardware metrics such as area, delay, and power must be matched alongside error profiles for an attack to succeed.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same profile comparison could be applied to other approximate arithmetic blocks such as adders or dividers to broaden protection.
  • If error profiles prove unique across many designs, they might serve as a lightweight fingerprint for approximate hardware in supply-chain verification.
  • Attackers may need to solve a joint optimization problem over both error distribution and hardware cost, which could limit practical mimicry.
  • Detection success rates could guide the choice of approximation level during design, favoring profiles that remain distinctive.

Load-bearing premise

Statistical error profiles extracted from approximate circuits remain distinctive and stable enough for reliable detection even after an attacker applies functional changes meant to copy the original error behavior and hardware metrics.

What would settle it

Two unrelated approximate multiplier designs whose error statistics become indistinguishable after one is functionally modified to match the other's profile and metrics would show the framework cannot separate originals from mimics.

Figures

Figures reproduced from arXiv: 2605.10355 by Lukas Sekanina, Vojtech Mrazek.

Figure 1
Figure 1. Figure 1: Family-specific error profiles of selected approxi [PITH_FULL_IMAGE:figures/full_fig_p001_1.png] view at source ↗
Figure 3
Figure 3. Figure 3: In any case, the space of approximate circuits which can be [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗
Figure 2
Figure 2. Figure 2: Threat model. The Designer creates an approximate [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 5
Figure 5. Figure 5: Progress of error metrics and PDP (averaged for 5 [PITH_FULL_IMAGE:figures/full_fig_p004_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Development of changes in the CGP nodes of the [PITH_FULL_IMAGE:figures/full_fig_p005_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Error heatmaps of two approximate multipliers [PITH_FULL_IMAGE:figures/full_fig_p005_7.png] view at source ↗
Figure 9
Figure 9. Figure 9: Properties of generated obfuscated multipliers cre [PITH_FULL_IMAGE:figures/full_fig_p006_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Distribution of SSIM scores during the obfusca [PITH_FULL_IMAGE:figures/full_fig_p006_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Detection accuracy when only a subset of vectors [PITH_FULL_IMAGE:figures/full_fig_p007_11.png] view at source ↗
read the original abstract

Approximate circuits often achieve exceptional trade-offs between computational accuracy and hardware efficiency, making them attractive for deployment as reusable Intellectual Property (IP) cores. However, safeguarding such circuits against piracy is critical for enabling sustainable commercialization of approximate computing. This work addresses the emerging challenge of IP protection and piracy detection in the context of approximate hardware. We introduce a novel adversarial threat model, approximate obfuscation, in which an attacker not only conceals the design through structural obfuscation but also introduces functional modifications to ensure that the resulting circuit exhibits nearly identical error characteristics and hardware metrics as the original IP. To counter this threat, we propose an automated framework that extracts and compares statistical error profiles of protected IP cores and suspicious circuits, enabling systematic detection of potential IP theft. Through extensive experiments on a diverse set of approximate multipliers, we analyze the resilience of different approximate multipliers against approximate obfuscation. Our results provide new insights into the interplay between obfuscation, approximation, and IP protection.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript introduces a threat model called approximate obfuscation, in which an attacker combines structural obfuscation with functional modifications to an approximate circuit so that the result matches the original IP's error characteristics and hardware metrics. It proposes an automated detection framework that extracts statistical error profiles (e.g., error distribution, mean, variance) from protected approximate IP cores and compares them to suspicious circuits. The work reports experiments on a diverse set of approximate multipliers that analyze resilience to this threat and claims to yield new insights into the interplay of obfuscation, approximation, and IP protection.

Significance. If the error-profile comparison can be shown to be robust against mimicry, the framework would address a practical gap in protecting reusable approximate-computing IP cores, whose commercial viability depends on piracy resistance. The explicit adversarial model is a useful conceptual contribution even if the detection method requires further validation.

major comments (2)
  1. [Abstract and Experiments section] The abstract states that 'extensive experiments on a diverse set of approximate multipliers' analyze resilience and provide 'new insights,' yet the manuscript supplies no quantitative results, baselines, error metrics (e.g., mean absolute error, variance values), or methodological details such as how profiles are extracted or compared. This absence leaves the central empirical claim without verifiable support.
  2. [Detection framework and Experiments section] The detection claim rests on the assumption that statistical error profiles remain sufficiently distinctive after an attacker applies functional modifications that also preserve hardware metrics. The experiments examine resilience of existing multipliers but do not test whether an unrelated base approximate multiplier can be tuned (via parameter changes or small logic alterations) to produce a statistically indistinguishable profile, which would produce false positives and undermine attribution to the original IP.
minor comments (2)
  1. [Introduction] The term 'approximate obfuscation' is introduced without a formal definition or comparison to prior obfuscation techniques in approximate hardware; a short related-work paragraph would clarify novelty.
  2. [Framework description] Notation for the statistical error profile (e.g., which moments or distribution features are used) is not specified, hindering reproducibility.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and insightful comments on our manuscript. The feedback highlights important aspects of clarity and validation that will help strengthen the presentation of the ObfAx framework and its evaluation. We address each major comment below and describe the revisions planned for the next version of the manuscript.

read point-by-point responses

  1. Referee: [Abstract and Experiments section] The abstract states that 'extensive experiments on a diverse set of approximate multipliers' analyze resilience and provide 'new insights,' yet the manuscript supplies no quantitative results, baselines, error metrics (e.g., mean absolute error, variance values), or methodological details such as how profiles are extracted or compared. This absence leaves the central empirical claim without verifiable support.

    Authors: We agree that the manuscript would be strengthened by including explicit quantitative results, baselines, and methodological details to support the claims in the abstract. In the revised version, we will expand the Experiments section with tables reporting specific error metrics (including mean absolute error and variance values for each multiplier), comparison baselines, and a detailed description of the statistical profile extraction process and similarity comparison method (including any distance metrics or thresholds employed). This will make the empirical support fully verifiable. revision: yes

  2. Referee: [Detection framework and Experiments section] The detection claim rests on the assumption that statistical error profiles remain sufficiently distinctive after an attacker applies functional modifications that also preserve hardware metrics. The experiments examine resilience of existing multipliers but do not test whether an unrelated base approximate multiplier can be tuned (via parameter changes or small logic alterations) to produce a statistically indistinguishable profile, which would produce false positives and undermine attribution to the original IP.

    Authors: The current experiments evaluate resilience across a diverse set of approximate multipliers under the approximate obfuscation model and show that their error profiles remain distinguishable while hardware metrics are preserved. We acknowledge that an explicit test of whether an unrelated base multiplier could be tuned to produce an indistinguishable profile would provide stronger evidence against false positives. In the revision, we will add targeted experiments that apply parameter changes and small logic alterations to unrelated base multipliers while attempting to match both error profiles and hardware metrics, and we will report the resulting distinguishability outcomes. revision: yes

Circularity Check

0 steps flagged

No circularity: framework is an independent proposal with no self-referential derivations

full rationale

The paper proposes a new adversarial threat model (approximate obfuscation) and an automated detection framework based on extracting and comparing statistical error profiles from approximate circuits. No equations, predictions, or first-principles derivations are presented that reduce the detection outcome to fitted parameters, self-definitions, or self-citation chains. The central claim rests on experimental analysis of profile distinctiveness across multipliers rather than any construction that equates outputs to inputs by definition. No load-bearing self-citations or ansatzes are invoked to justify uniqueness or force results. The framework is self-contained as a methodological contribution.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central claim depends on the assumption that error profiles are extractable and distinctive enough for detection, which is treated as a domain property of approximate circuits rather than derived from first principles.

axioms (1)
  • domain assumption Approximate circuits possess extractable statistical error profiles that can serve as identifying signatures even after limited functional modifications.
    Invoked as the basis for the automated comparison framework described in the abstract.
invented entities (1)
  • approximate obfuscation no independent evidence
    purpose: Adversarial threat model in which structural obfuscation is combined with functional changes that preserve error characteristics and hardware metrics.
    Newly defined in the abstract as the core threat the detection framework addresses.

pith-pipeline@v0.9.0 · 5465 in / 1350 out tokens · 56733 ms · 2026-05-12T05:11:27.565351+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

27 extracted references · 27 canonical work pages

  1. [1]

    Qazi Arbab Ahmed, Muhammad Awais, and Marco Platzner. 2023. MAAS: Hiding Trojans in Approximate Circuits. In2023 24th Int. Symp. Quality Electronic Design (ISQED). 1–6. doi:10.1109/ISQED57927.2023.10129286

    work page doi:10.1109/isqed57927.2023.10129286 2023

  2. [2]

    Giorgos Armeniakos, Georgios Zervakis, Dimitrios Soudris, and Jörg Henkel

    work page

  3. [3]

    Surv.55, 4 (2023), 83:1–83:36

    Hardware Approximate Techniques for Deep Neural Network Accelerators: A Survey.ACM Comput. Surv.55, 4 (2023), 83:1–83:36. doi:10.1145/3527156

    work page doi:10.1145/3527156 2023

  4. [4]

    Milan Ceska, Jiri Matyas, et al. 2017. Approximating Complex Arithmetic Circuits with Formal Error Guarantees: 32-bit Multipliers Accomplished. InProc. 36th IEEE/ACM Int. Conf. On Computer Aided Design. IEEE, 416–423

    work page 2017

  5. [5]

    Rongliang Fu, Robert Wille, and Tsung-Yi Ho. 2024. RCGP: An Automatic Syn- thesis Framework for Reversible Quantum-Flux-Parametron Logic Circuits based on Efficient Cartesian Genetic Programming. InProc. 61st ACM/IEEE Design Automation Conf. (DAC ’24). ACM. doi:10.1145/3649329.3655950

    work page doi:10.1145/3649329.3655950 2024

  6. [6]

    Honglan Jiang, Leibo Liu, Fabrizio Lombardi, and Jie Han. 2019. Approximate Arithmetic Circuits: Design and Evaluation. InApproximate Circuits, Methodolo- gies and CAD. Springer, 67–98

    work page 2019

  7. [7]

    Honglan Jiang, Francisco Javier Hernandez Santiago, Hai Mo, Leibo Liu, and Jie Han. 2020. Approximate Arithmetic Circuits: A Survey, Characterization, and Recent Applications.Proc. IEEE108, 12 (2020), 2108–2135

    work page 2020

  8. [8]

    Weiqiang Liu, Chongyan Gu, Máire O’Neill, Gang Qu, Paolo Montuschi, and Fabrizio Lombardi. 2020. Security in Approximate Computing and Approximate Computing for Security: Challenges and Opportunities.Proc. IEEE108, 12 (2020), 2214–2231. doi:10.1109/JPROC.2020.3030121

    work page doi:10.1109/jproc.2020.3030121 2020

  9. [9]

    Weiqiang Liu, Jiahua Xu, et al. 2017. Design of Approximate Logarithmic Mul- tipliers. InProc. Great Lakes Symposium on VLSI (GLSVLSI ’17). ACM, 47–52. doi:10.1145/3060403.3060409

    work page doi:10.1145/3060403.3060409 2017

  10. [10]

    H. R. Mahdiani, A. Ahmadi, et al. 2010. Bio-Inspired Imprecise Computational Blocks for Efficient VLSI Implementation of Soft-Computing Applications.IEEE Trans. Circ. Systems I: Regular Papers57, 4 (2010), 850–862

    work page 2010

  11. [11]

    Julian F. Miller. 2011.Cartesian Genetic Programming. Springer-Verlag

    work page 2011

  12. [12]

    Vojtech Mrazek, Radek Hrbacek, et al. 2017. EvoApprox8b: Library of Approxi- mate Adders and Multipliers for Circuit Design and Benchmarking of Approxi- mation Methods. InDesign, Aut. & Test in Europe Conf. (DATE)

    work page 2017

  13. [13]

    Francesco Regazzoni, Cesare Alippi, and Ilia Polian. 2018. Security: The Dark Side of Approximate Computing?. In2018 IEEE/ACM Int. Conf. Computer-Aided Design (ICCAD). 1–6. doi:10.1145/3240765.3243497

    work page doi:10.1145/3240765.3243497 2018

  14. [14]

    Masoud Rostami, Farinaz Koushanfar, and Ramesh Karri. 2014. A Primer on Hardware Security: Models, Methods, and Metrics.Proc. IEEE102, 8 (2014), 1283–1295. doi:10.1109/JPROC.2014.2335155

    work page doi:10.1109/jproc.2014.2335155 2014

  15. [15]

    Ilaria Scarabottolo, Giovanni Ansaloni, et al. 2020. Approximate Logic Synthesis: A Survey.Proc. IEEE108, 12 (2020), 2195–2213. doi:10.1109/JPROC.2020.3014430

    work page doi:10.1109/jproc.2020.3014430 2020

  16. [16]

    Shafique, R

    M. Shafique, R. Hafiz, et al. 2016. Invited: Cross-layer approximate computing: From logic to architectures. InProc. of DAC’16. 1–6

    work page 2016

  17. [17]

    Phillip Stanley-Marbell, Armin Alaghi, et al. 2020. Exploiting Errors for Efficiency: A Survey from Circuits to Applications.ACM Comput. Surv.53, 3 (2020), 39 pages

    work page 2020

  18. [18]

    Yaniv Taigman, Ming Yang, Marc’Aurelio Ranzato, and Lior Wolf. 2014. DeepFace: Closing the Gap to Human-Level Performance in Face Verification. In2014 IEEE Conf. Comp. Vision and Pattern Recognition. 1701–1708

    work page 2014

  19. [19]

    Salim Ullah, Sanjeev Sripadraj Murthy, and Akash Kumar. 2018. SMApproxlib: Library of FPGA-Based Approximate Multipliers. InProc. 55th Annual Design Automation Conference. ACM, New York, NY, USA, Article 157, 6 pages

    work page 2018

  20. [20]

    Zdenek Vasicek. 2019. Formal Methods for Exact Analysis of Approximate Circuits.IEEE Access7, 1 (2019), 177309–177331

    work page 2019

  21. [21]

    Patil, et al

    Arunkumar Vijayakumar, Vinay C. Patil, et al. 2017. Physical Design Obfusca- tion of Hardware: A Comprehensive Investigation of Device and Logic-Level Techniques.IEEE Trans. Inf. Forensics Security12, 1 (2017), 64–77

    work page 2017

  22. [22]

    Mohammadi, et al

    Linus Witschen, Hassan G. Mohammadi, et al. 2019. Jump Search: A Fast Tech- nique for the Synthesis of Approximate Circuits. InProc. 2019 Great Lakes Sym- posium on VLSI, GLSVLSI. ACM, 153–158

    work page 2019

  23. [23]

    Ying Wu, Chuangtao Chen, et al . 2024. A Survey on Approximate Multiplier Designs for Energy Efficiency: From Algorithms to Circuits.ACM Trans. Des. Autom. Electron. Syst.29, 1 (Jan. 2024), 37 pages. doi:10.1145/3610291

    work page doi:10.1145/3610291 2024

  24. [24]

    Yang Xie and Ankur Srivastava. 2019. Anti-SAT: Mitigating SAT Attack on Logic Locking.IEEE Trans. Comput.-Aided Design Integr. Circuits Syst.38, 2 (2019), 199–207. doi:10.1109/TCAD.2018.2801220

    work page doi:10.1109/tcad.2018.2801220 2019

  25. [25]

    Rozhin Yasaei, Shih-Yuan Yu, et al. 2021. GNN4IP: Graph Neural Network for Hardware Intellectual Property Piracy Detection. In58th ACM/IEEE Design Au- tomation Conference (DAC). 217–222. doi:10.1109/DAC18074.2021.9586150

    work page doi:10.1109/dac18074.2021.9586150 2021

  26. [26]

    Pruthvy Yellu and Qiaoyan Yu. 2023. Securing Approximate Computing Systems via Obfuscating Approximate-Precise Boundary.IEEE Trans. Comput.-Aided Design Integr. Circuits Syst.42, 1 (2023), 27–40. doi:10.1109/TCAD.2022.3168261

    work page doi:10.1109/tcad.2022.3168261 2023

  27. [27]

    Sipei Yi, Weichuan Zuo, et al. 2025. GPTAC: Domain-Specific Generative Pre- Trained Model for Approximate Circuit Design Exploration.IEEE J. Emerging Selected Topics in Circ. and Systems15, 2 (2025), 349–360. 7

    work page 2025