The implementation of hardware protection circuits in CMOS technology is often hampered by cost-inefficiency, primarily due to excessive power dissipation and large silicon area requirements.  Re-configurable Field-Effect Transistors (RFETs) can be reversibly reconfigured into p-type and n-type operating modes, offering the functionality of two different devices into one. With advantages such as run-time reconfiguration, symmetric I-V characteristics, multi-Vt designs, low-standby power, multi-independent gate support, inherently polymorphic functionality, RFETs make a promising solution for mitigating hardware attacks.  In SecuReFET - phase I, the use of the runtime reconfigurability of these nano electronic components for polymorphic logic gates for circuit obfuscation was demonstrated in the laboratory. The potential of RFETs with respect to side-channel resistance and the provision of targeted security functions, as well as potential new security vulnerabilities of RFETs, was investigated. An RFET-compatible automated design synthesis (EDA) environment for logical and physical design has been developed. Phase II is dedicated to exploring all these topics in greater depth. First, laboratory demonstrators consisting of multiple logic gates connected through an additional metal layer will be fabricated and electrically characterized. Next, a ferroelectric layer will be integrated into the RFETs to enable non-volatile storage of the key directly within the device. This approach eliminates the vulnerable interface between memory and logic, preventing potential attacks. Ideally, the transistor’s function can be programmed immediately after custom manufacturing and remains inaccessible from the outside. Such a concept could address one of the fundamental challenges in hardware security by making the connection between memory and locking circuitry unassailable. Furthermore, the unique characteristics of RFETs with respect to side-channel attacks will be systematically explored, opening new opportunities for more effective protection against diverse attack scenarios while reducing both area and power consumption. Unlike existing countermeasures that focus primarily on safeguarding data, RFET-based polymorphic cells also provide a means to protect intellectual property (IP) from side-channel vulnerabilities. We therefore investigate how RFET features (both in volatile and non-volatile configurations) can be leveraged to secure IP and data against threats such as propagation delay analysis or power leakage. Finally, the proposed security solutions, combining ferroelectric memory with enhanced side-channel resilience, will be integrated into the EDA synthesis flow established in SecuReFET-I.

• Armin Darjani
• Rupa Panduga

1. Kavand, Nima, et al. "RAT: RFET-based Analog Hardware Trojan." 2025 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). Vol. 1. IEEE, 2025
2. Darjani, Armin, Nima Kavand, and Akash Kumar. "Flip-UnLock: An Anomaly Detection Attack on Flip-Flop-Based Logic Locking." 2025 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). Vol. 1. IEEE, 2025
3. Darjani, Armin, Nima Kavand, and Akash Kumar. "Flip-Break: Breaking Flip-flop-based Logic Locking in Sequential Circuits." Proceedings of the Great Lakes Symposium on VLSI 2025