Security Implications of Approximation: A Study of Trojan Attacks on Approximate Adders and Multipliers

Approximate computing offers significant gains in efficiency at the cost of minor errors. In this paper, we show that since approximate computing legitimizes controlled imprecision, this very relaxation can be exploited by an adversary to insert Trojans into approximate circuits. Since the minor errors introduced by the Trojan may be indistinguishable from those introduced by approximate computing, these Trojans can easily evade detection, yet they can severely degrade the end application's "quality of result" (QoR). By contrast, the conventional exact computing paradigm does not tolerate errors; hence, any inserted Trojan can be easily detected. Thus, we show that approximate circuits are more vulnerable to attacks, and this may nullify their efficiency advantages. We demonstrate our ideas through the two most foundational circuits, approximate adders and multipliers. We categorize the existing approximate adders and multipliers into broad families from the perspective of Trojan insertion strategies that an adversary might employ. We present a generalized framework to identify the suitable hardware Trojan insertion and masking sites within each family of approximate adders and multipliers. We also discuss the implications of these threats for a real-life application. Our work strongly emphasizes the need for better security measures and provides insights that will guide the development of robust digital systems capable of balancing the intricacies of approximation and security.