1
Abstract—Finite state machines (FSMs) are the backbone of
sequential circuit design. In this paper, a new FSM watermarking
scheme is proposed by making the authorship information a
non-redundant property of the FSM. To overcome the
vulnerability to state removal attack and minimize the design
overhead, the watermark bits are seamlessly interwoven into the
outputs of the existing and free transitions of state transition graph
(STG). Unlike other transition-based STG watermarking, pseudo
input variables have been reduced and made functionally
indiscernible by the notion of reserved free literal. The assignment
of reserved literals is exploited to minimize the overhead of
watermarking and make the watermarked FSM fallible upon
removal of any pseudo input variable. A direct and convenient
detection scheme is also proposed to allow the watermark on the
FSM to be publicly detectable. Experimental results on the
watermarked circuits from the ISCAS’89 and IWLS’93
benchmark sets show lower or acceptably low overheads with
higher tamper resilience and stronger authorship proof in
comparison with related watermarking schemes for sequential
functions.
Index Terms— IP Protection, IP Watermarking, Sequential
Design, Finite State Machine, State Transition Graph.
I. INTRODUCTION
A
s reuse-based design methodology has taken hold, the
VLSI design industry is confronted with the increasing threat of
intellectual property (IP) infringement. IP providers are in
pressing need of a convenient means to track the illegal
redistribution of the sold IPs. An active approach to protect a
VLSI design against IP infringement is by embedding a
signature that can only be uniquely generated by the IP author
into the design during the process of its creation. When a forgery
is suspected, the signature can be recovered from the
Copyright (c) 2010 IEEE. Personal use of this material is permitted. However,
permission to use this material for any other purposes must be obtained from the
IEEE by sending an email to pubs-permissions@ieee.org.
Manuscript received Dec. 28, 2009; Revised July 12, 2010; Accepted Nov. 11,
2010.
A. Cui is with the Department of Electronic and Information Engineering,
Harbin Institute of Technology Shenzhen Graduate School, GuangDong
Province, P. R. China 518055 (e-mail: cuiaj@hitsz.edu.cn).
C. H. Chang is with the School of Electrical and Electronic Engineering,
Nanyang Technological University, Singapore 639798 (e-mail:
echchang@ntu.edu.sg).
Sofiène Tahar is with the Department of Electrical and Computer Engineering,
Concordia University, Montreal, Quebec, Canada (e-mail:
tahar@encs.concordia.ca).
A. T. Abdel-Hamid is with the German University in Cairo, Egypt (e-mail:
amtalaat@gmail.com).
misappropriated IP to serve as undeniable authorship proof in
front of a court. Such a copyright protection method is widely
known as watermarking. It is cheaper and more effective than
patenting or copyrighting by law to deter IP piracy [1].
Unlike the digital content in the media industry, a VLSI IP is
developed in several levels of design abstraction with the help of
many sophisticated electronic design automation tools. Each
level of design abstraction involves solving some NP-complete
optimization problems to satisfy a set of design constraints. In
the regime of constraint-based watermarking, the signature to be
imprinted is converted into a set of extra constraints to be
extraneously satisfied by the watermarked design [2]. The
watermark embedded at a higher level of design abstraction must
survive the posterior optimizations so that the same IP
distributed at all lower abstraction levels are protected. From the
authorship verification perspective, IP watermarking can be
classified into static watermarking and dynamic watermarking
[3]. In the watermark detection phase, static watermarking [4]-[8]
requires the downstream design to be reverse engineered to the
level where the watermark is embedded to show the additional
constraints generated by the author’s signature are satisfied.
Reverse engineering is expensive and intrusive as some critical
design data used to produce the watermarked IP may be exposed
in this process. On the other hand, dynamic watermarking
[9]-[17] enables the embedded information to be detected from
the output without reverse engineering by running the protected
design with a specific code sequence. Dynamic watermarking is
typically performed in the state transition graph (STG) of finite
state machine (FSM) [11]-[14], in the architectural level of
digital signal processors (DSP) [9], [10] or at the
design-for-testability (DfT) stage [15]-[17]. FSM watermarking
embeds the signature at a higher (behavioral/RT) level of design
abstraction whereas the latter normally embeds the signature
after logic synthesis. Embedding the watermark at the behavioral
level has the advantage that it is harder for the attacker to erase
the watermark in the downstream design by simple redundancy
removal or logic manipulation, but it is also challenging to keep
the overhead of watermarked design low.
In this paper, a new dynamic watermarking scheme is
proposed. The watermark is embedded in the state transitions of
FSM at the behavioral level. As an FSM design is usually
specified by an STG or other behavioral descriptions that can be
easily translated into STG, the watermark is embedded into the
STG of any size and remains a property of FSM after the
watermarked design is synthesized and optimized into circuit
netlist. The authorship can be directly verified even after the
downstream integrated circuit design processes by running the
watermarked FSM with a specific code sequence. Unlike [12],
our watermark verification is simple and efficient even for large
A Robust FSM Watermarking Scheme for IP
Protection of Sequential Circuit Design
Aijiao Cui, Member, IEEE, Chip-Hong Chang, Senior Member, IEEE, Sofiène Tahar, Senior Member, IEEE, and
Amr T. Abdel-Hamid, Member, IEEE
2
designs. On the other hand, as extracting the STG from a gate
level netlist is computationally impractical for large circuits [11],
there are limited options for an attacker to remove or hide the
watermark from the watermarked design netlist or netlist
obtained by reverse engineering its downstream design [13]. The
proposed watermarking scheme is robust against state reduction
attacks. It is different from other transition-based embedding
methods [13], [14] in that it has lower embedding overhead and
has overcome the vulnerability of auxiliary inputs which are
inevitably introduced if the embedding capacity is limited,
especially for completely specified FSM. The weaknesses of
existing FSM watermarking scheme to be overcome in this paper
are discussed in the next section. Currently there is no easy way
to publicly detect the existence of watermark, once the FSM is
integrated into a chip and packaged [11]-[14]. Since the test
signals can be traced after the chip is packaged and the scan path
provides controlled accesses to all internal states and
combinational circuits of the watermarked IP, this paper also
proposes an alternative approach to allow the authorship proof of
watermarked FSM to be verified off chip by making it a part of
the test kernel. The proposed watermarking scheme thus makes
the authorship proof harder to erase and the IP authorship easier
to verify.
The rest of the paper is organized as follows. In Section II,
we discuss related works. Our new FSM watermarking scheme
is presented in Section III. In Section IV, we analyze the
resilience of the proposed watermarking method. Section V
presents experimental results on benchmark designs. Finally,
Section VI concludes the paper.
II.
RELATED WORKS
The notion of constraint-based watermarking, first proposed
by Hong and Potkonjak, [2] has now been widely applied to
embed authorship signature into VLSI designs developed at
different design abstraction levels, such as architectural level [9],
[10], combinational logic synthesis level [4]-[7] and physical
placement and routing [8]. At behavior level, STG
representation makes watermarking FSMs in industrial designs
promising as efficient sequential logic synthesis tools and
optimization methods are available to lower the cost of
embedding and detection of watermark. FSM watermarking has
the advantage that the IP author signature can be lucidly
recovered by applying a verification code sequence. As the STG
is in general exponentially larger than the circuit description
itself [12], it is computationally impractical to analyze the circuit
to extract the STG. Such scheme therefore has high resilience
against tampering at lower abstraction levels.
An FSM is characterized by a set of internal states and
transitions between them. Approaches to FSM watermarking
can be classified based on whether the authorship information is
embedded in the states [11], [12] or on the transitions [13], [14].
In [12], the FSM is watermarked by introducing redundancy in
the STG so that some exclusively generated circuit properties are
exhibited to uniquely identify the IP author. According to the
watermark, a specific sequence of states is generated and will
only be traversed with the excitation of a specific sequence of
inputs. The watermark verification relies on the presence of such
extraneous states in the STG. However, the watermark will not
survive upon removal of all redundant states by the application
of a state minimization program [18]-[20]. Watermarking on the
states of FSM is thus vulnerable to state optimization attacks.
Two possible ways to verify the presence of a watermark are
provided in [12]. The implicit BDD-based enumeration method
is too slow for large circuits. The ATPG-based method requires
the solution of an NP-complete problem and is not evident that
the verification can be carried out efficiently on large circuits.
The properties of the transitions in FSM can also be explored
for watermark embedding. An FSM watermarking scheme was
proposed in [13] by inserting redundant transitions into the
original STG after the unspecified transitions in the STG are
searched and associated with the user-defined input/output
sequence. The weakness of this scheme is the monotonous use of
only the unspecified transitions with the specified outputs of
STG for watermark insertion. The embedding capacity is limited
by the number of free input combinations. For FSMs with
limited unspecified transitions, the probability of coincidence is
high. If the watermark length is increased beyond the available
number of unspecified transitions to boost the authorship proof,
the overhead aggravates rapidly.
To increase the robustness of FSM watermarking, besides
the unspecified transitions, existing transitions are also utilized
in an output mapping algorithm to watermark the FSM [14]. This
method takes advantage of the original transitions in the STG to
lower the overhead of watermarking. The embedding process is
fast as no special effort is made to search the states of STG. The
watermark bits are embedded at large by a random walk of the
STG. When all output bits of an existing transition of a visited
node coincide with a substring of the watermark, that transition
is automatically watermarked. Otherwise, extra watermarked
transition will be added to the STG. When the number of outputs
of FSM increases or when the FSM is completely specified,
output coincidence of existing transition with the watermark bits
becomes rare. The watermarked FSM is susceptible to removal
attack if the ratio of augmented transitions to coinciding
transitions is high. When only unspecified transitions are
watermarked, the scheme becomes as vulnerable as [13]. If no
unspecified transitions are available for watermarking, a pseudo
input variable is added. This input variable is assigned a fixed
logic value of “0” for all existing transitions, and a fixed “1” for
the added transitions. This discrimination between the existing
transitions and added transitions is conspicuous. Moreover, the
addition of new input variables with fixed assignments on all
transitions increases the decoder logics and hence the overhead
of watermarked FSM significantly. Removal of the pseudo
inputs can easily eliminate or corrupt the watermark without
affecting the FSM functionality.
In what follow, a more robust technique of transition-based
FSM watermarking is proposed to overcome the shortcomings
of the above methods. Provision is also made to facilitate the
FSM watermark to be readily verified off-chip through the scan
chain.
III. F
INITE STATE MACHINE WATERMARKING
A. Preliminaries
A formal definition of an FSM is given in [19] as follows:
Definition 1: An FSM is a tuple M = (Σ, Δ, Q, s
0
,
δ
,
λ
), where
Σ and Δ are finite, non-empty sets of the input and output
3
alphabets, respectively. Q is a finite, non-empty set of states and
s
0
∈ Q represents a unique reset state.
δ
(s, X): Q × Σ → Q ∪{∅}
is the state transition function and
λ
(s, X): Q × Σ = Δ ∪{τ} is the
output function, where ∅ denotes an unspecified state and τ
denotes an unspecified output.
For s
i
, s
j
∈ Q, s
j
is said to be the next state of s
i
if ∃X ∈ Σ s.t.
s
j
=
δ
(s
i
, X). The application of X on s
i
also produces an output, Y
=
λ
(s
i
, X) ∈ Δ. For an FSM with n input and k output variables,
each input alphabet, X
= x
1
x
2
… x
n
, is a string of n bits and each
output alphabet, Y = y
1
y
2
… y
k
, is a string of k bits. Each bit of X
and Y, x
i
, y
i
∈ {0, 1, −}, where “0” and “1” are the binary
constants, and “−” denotes a “don’t care” value. To avoid
unnecessary notational complexity, we use an upper case letter
to denote an input or output alphabet in Σ and Δ, a lower case
letter to denote an input or output variable in {0, 1, −}, and y
i,j
to
address the j-th bit of the i-th alphabet, Y
i
.
FSMs are usually designed with their state transition graph
(STG). An STG, STG(M) = G(V, E), is a labeled directed graph
of a machine M of V nodes and E edges. Each symbolic state, s ∈
Q, is represented by a node in V. A state transition t from a
source node S(t) to a destination node D(t) is represented by a
directed edge, e
ij
∈ E, connecting S(t) to D(t). Each edge is
tagged with an input/output label, I(t)/O(t), to encapsulate the
relations, D(t)
=
δ
(S(t), I(t)) and O(t) =
λ
(S(t), I(t)). Thus, a state
transition t can be represented by a quadruple (S(t), D(t), I(t),
O(t)). The input combinations that are absent from all transitions
of a source state in an STG are called the free (or unspecified)
input combinations of that state, and a transition that can be
created from the free input combinations is called an unspecified
transition. Unlike [12], as the number of states in an FSM is a
dominant factor of the implementation complexity, we modify
only the properties of the edge set to synthesize the watermarked
design in order to preserve the nodes in STG(M).
In light of dynamic watermarking, the watermark detection
process involves the abstraction of an output sequence,
ˆ
Y
=
12
ˆˆ
ˆ
{
,,,
}
N
Y
YY
,
ˆ
i
Y ∈Δ , from the watermarked design
ˆ
M
by
applying a specific input sequence,
ˆ
X
=
12
ˆˆ
ˆ
{
,,,
}
N
X
XX
,
ˆ
i
X
∈ Σ, on a state,
ŝ
∈ Q, such that
()
ˆ
ˆ
ˆ
,
s
λ
=
YX
=
()
()
(
)
()
11
ˆˆ
ˆ
ˆ
,,,
NN
s
XXX
λδδ δ
−
. The watermark synthesis
process requires that the outputs of
ˆ
M
be compatible with the
outputs of M for every input symbol, X
∈ Σ, and output
mappings of
ˆ
M
for every input symbol,
ˆ
i
X
∈ Σ ∀i = [1, N], be
dictated by a signature that identifies the ownership of a design.
The signature is cryptographically generated with a secret key so
that
()
ˆ
ˆ
ˆ
,
s
λ
=
YX
becomes a unique property of
ˆ
M
.
In [13], [14], the length N of
ˆ
X
and
ˆ
Y
is equal to m/k,
where m is the watermark length and k is the number of output
variables of an FSM. Fig. 1(a) shows an example of a STG with
three states, S
1
, S
2
and S
3
. The state transitions are determined by
a 1-bit input variable and a 3-bit output variable, i.e., n = 1 and k
= 3. When the scheme in [14] is applied to embed an 8-bit
watermark sequence “10101000”, three (m/k = 3) consecutive
transitions will be searched to match the watermark bits with the
output bits. If the search starts from S
1
, as all transitions from S
1
have no output coinciding with the first three watermark bits of
“101”, a new transition will be inserted. Since S
1
has no free
input combination, a new input variable is introduced. This input
variable is assigned to “0” for all existing transitions and “1” for
all added transitions, and the bits are underlined in Fig. 1(b). A
new transition (S
1
, S
2
, 11, 101) from S
1
is added with an
arbitrarily chosen next state S
2
as indicated by the bold dashed
arc in Fig. 1(b). As S
2
has no edge with output bits coinciding
with “010”, another new transition (S
2
, S
3
, 01, 010) is added with
the randomly selected next state S
3
. The existing transition (S
3
,
S
1
, 10, 001), printed bold in Fig. 1(b), has an output matching
with the watermark bits “00”. So it is reused for watermarking.
The watermarked design synthesized by SIS [23] has 640 units
of area, 7.2 units of delay and 201.8 units of power. Comparing
with the original design with 448, 6 and 178 units of area, delay
and power, respectively, the FSM watermarked by [14] incurs
42.9%, 20% and 13.4% overheads in area, delay and power,
respectively.
In this example, the output is a 3-bit (k = 3) alphabet. The
probability of the output of a transition coinciding with the
watermark bits is as low as 1/8, which results in only one out of
three existing transitions being used for watermarking. When k
is larger, it becomes more difficult to make use of existing
transitions to reduce the overhead of watermarking due to the
low probability of output coincidence. The fixed assignment of
the added input variable also increases the design complexity.
Moreover, as all output bits are watermarked in consecutive
transitions after the starting state on which
ˆ
X
is applied, as
shown in Fig. 1(c), the watermarked transitions are not well
obfuscated, causing the watermarked FSM to be vulnerable.
To overcome these problems, we make N > m/k so that not all
bits in
ˆ
Y
are watermarked. The locality of the watermark is
randomized by a cryptographic one-way function such that any
number (from 1 to k) of bits at any output bit from any transition
of STG is probable to be watermarked. The general idea can be
illustrated using the same STG example in Fig. 1(a). Since N >
8/3, it is set to 8. The localities of these 8 watermark bits are
randomly generated between [1, k×N = 24] without replication.
Suppose these numbers are {9, 13, 2, 10, 20, 23, 17, 4}. So, eight
transitions will be sought to produce an output sequence that
contains the watermark sequence “10101000” at these bit
positions in the output. As the 8 watermark bits are dispersed
into 8 transitions, the probability of the output of an existing
transition coinciding with the watermark bit is as high as 1/2,
which results in five existing transitions being reused for
watermarking and only one new transition is added, as shown in
Fig. 1(d). As the newly added transition is well blent with the
existing transitions, when
ˆ
X
is applied on the FSM to detect the
watermark, it is hard for an attacker to differentiate it from others,
as indicated by the bold arrow in Fig. 1(e). To increase the
watermark strength and minimize the next state decoder logic of
watermarked design, we also capitalize on the extra headroom
created by the pseudo input variables and free input
combinations of the FSM. In Fig. 1(d), when a new input
variable is introduced, it does not need to be fixed and it can
remain as don’t care in the final watermarked design if it is not
used for the generation of any new transitions. The synthesized
design from Fig. 1(d) has 520, 6.4 and 190.2 units of area, delay
and power, respectively. The overheads due to watermarking are
4
only 16.1% on area, 6.7% on timing and 6.9% on power. The
advantage over [14] is discernible.
With these preliminaries, our proposed FSM watermarking
algorithm will be elaborated next.
B. Generation of Watermark and Random Sequence.
A meaningful text string, MSG is first encoded into a binary
string and then encrypted by a provable cryptographic algorithm
with the secret key K
e
of the IP owner. If the length of the
encrypted message is too long, a message digest (MD) algorithm
can be used to reduce its length. The resultant binary bit vector
of length m is the watermark,
{}
1
m
i
i
Ww
=
=
and w
i
∈ {0,1}.
(a) (b)
(c) (d)
(e)
Fig. 1. Watermark embedding on transitions of STG: (a) original STG, (b)
watermarked STG by the scheme in [14], (c) excitation of watermarked
transitions of STG in (b), (d) watermarked STG by proposed scheme, (e)
excitation of watermarked transitions of STG in (d).
A keyed one-way pseudorandom number generator (PNG) is
used to generate a sequence,
{}
1
m
i
i
Bb
=
=
, of m unique integers
between 1 and
Ν
×k, i.e., b
i
∈[1,
Ν
×k
]
∀i = 1, 2, … , m and b
i
≠
b
j
∀i
≠
j. The length N of sequence
ˆ
X
is determined empirically.
The purpose of B is to randomly disperse the m watermark bits
into
ˆ
Y
. If ∃(i, j) ∀i ∈ [1, N] and j ∈ [1, k] such that (i−1)k + j =
b
l
, then
,
ˆ
ij l
y
w=
, where
,
ˆ
ij
y
is the j-th bit of
ˆ
ˆ
i
Y ∈
Y
. The
secure hash algorithm SHA-1 [21] can be used as an MD as well
as in a keyed one-way PNG for the generation of these two
random sequences, W and B. As it is computationally infeasible
to find a collision of this hash function, the possibility that the
same group of numbers is generated by coincidence is extremely
low without the knowledge of the secret key.
C. Watermarking Insertion
The watermark W is inserted into STG(M) by modifying
some of its edges without changing the operational behavior of
M to find a sequence of N consecutive transitions,
()
1
ˆ
ˆ
ˆ
ˆˆ
,,,
iiiii
t
ss XY
+
= , i = 1, 2, … , N, such that each watermark bit, w
l
∈ W, l ∈ [1, m], will be randomly mapped to one bit in the
sequence,
ˆ
Y
=
12
ˆˆ
ˆ
N
Y
YY
=
1,1 1, 2,1 2, ,1 ,
ˆˆˆˆ ˆ
ˆ
kkNNk
y
yy y y y
.
The mapping from W to
ˆ
Y
is injective but not surjective.
The
value of each bit
,
ˆ
ij
y
in
ˆ
Y
can be determined as follows: if
(i–1)k + j = b
l
, then
,
ˆ
ij l
y
w= , else
,
ˆ
ij
y
= “−” , as shown in Fig. 2.
Given an output
ˆ
i
Y
and a source state
ˆ
i
s
, the destination
state
1
ˆ
i
s
+
of watermarked transition
ˆ
i
t
will be determined by an
output compatibility check. Two bits, x, y ∈{0, 1, −}, are
compatible if they are of equal value or one of them has a don’t
care value, i.e., x
∩
y
≠
∅. This intersection of two ternary
variables is defined in Table I. Likewise, two alphabets, X and Y
are compatible, denoted by X
≡ Y, if none of the elements in X
∩
Y = {x
i
∩
y
i
} has a null value.
Generate
ˆ
Y
(W, B) {
{}
,
ˆ
ˆ
ij
y
=Y
,
i∈[1, N], j∈[1, k];
for (
i = 1 to N) {
for (
j = 1 to k) {
,
ˆ
ij
y
= −;
for (
l = 1 to m) {
if ((
i–1)k + j = b
l
) {
,
ˆ
ij l
y
w=
;
break; }
} } }
return
ˆ
Y
;
}
Fig. 2. Generation of watermarked output sequence.
TABLE I Intersection of two ternary variables
∩
0
1
−
0
0
∅
0
1
∅
1
1
−
0
1
−
Starting with i = 1, an arbitrary state,
1
ˆ
s
∈ Q, is selected. Let
T(
ˆ
i
s
) be the set of transitions emanating from a state,
ˆ
i
s
. A set
of transitions C(
ˆ
i
s
) that is output compatible with
ˆ
i
Y
is sought,
i.e., C(
ˆ
i
s
) = {t
i
∈ T(
ˆ
i
s
)| O(t
i
) ≡
1
ˆ
Y
}. To avoid entering into a
deadlock, transitions terminated at a deadlock state (i.e., state
with no fanout) are excluded from C(
ˆ
i
s
). Four distinct scenarios
are considered for the determination of
ˆ
i
t
.
Cases 1: There is only one output compatible transition,
|C(
ˆ
i
s
)| = 1, then
ˆ
i
t
= C(
ˆ
i
s
) and
1
ˆ
i
s
+
= D(
ˆ
i
t
).
Case 2: If more than one output compatible transition are
found, i.e., |C(
ˆ
i
s
)| > 1, then a transition from C(
ˆ
i
s
), with the
next state having the highest number of free input combinations,
will be selected as
ˆ
i
t
. Its output will be modified to O(
ˆ
i
t
) = O(
ˆ
i
t
)
∩
ˆ
i
Y
and
1
ˆ
i
s
+
= D(
ˆ
i
t
).
Case 3: If |C(
ˆ
i
s
)| = 0, then the free input combinations of
ˆ
i
s
will be considered. Let F(
ˆ
i
s
) = {X ∈ Σ |
δ
(
ˆ
i
s
, X) = ∅} be the
5
set of free input combinations of
ˆ
i
s
. For ˆ
()
i
Fs ≠∅
, let D(
ˆ
i
s
) =
{
ˆ
j
s
∈ Q |
ˆ
j
s
= D(
ˆ
i
t
) ∀
ˆ
i
t
∈ T(
ˆ
i
s
)} be the set of all destination
states of
ˆ
i
s
.
1
ˆ
i
s
+
is set to the state with the highest number of
free input combinations in D(
ˆ
i
s
) (excluding the deadlock states)
unless D(
ˆ
i
s
) = ∅. When D(
ˆ
i
s
) = ∅,
1
ˆ
i
s
+
is set to the state with
the highest number of free input combinations in STG(M). If
there exists an edge connecting
ˆ
i
s
to
1
ˆ
i
s
+
in STG(M), a new
input/output pair, I(
ˆ
i
t
)/O(
ˆ
i
t
), is added for the transition
ˆ
i
t
.
Otherwise, a new edge directed from
ˆ
i
s
to
1
ˆ
i
s
+
labeled with
I(
ˆ
i
t
)/O(
ˆ
i
t
) will be created in STG(M) for
ˆ
i
t
, and O(
ˆ
i
t
) =
ˆ
i
Y
. The
determination of I(
ˆ
i
t
) will be explained later.
Case 4: If |C(
ˆ
i
s
)| = 0 and F(
ˆ
i
s
) = ∅, then a pseudo input
variable x
n+1
needs to be introduced in M and the number of
input variables n is incremented by 1. x
n+1
is set to an unspecified
logic value “
∗” for all existing transitions. A new edge directed
from
ˆ
i
s
to
1
ˆ
i
s
+
labeled with I(
ˆ
i
t
)/O(
ˆ
i
t
) will be created for
ˆ
i
t
.
1
ˆ
i
s
+
is set to the state with the highest number of free inputs in
D(
ˆ
i
s
) or in STG(M) if D(
ˆ
i
s
) = ∅, and O(
ˆ
i
t
) =
ˆ
i
Y
. Both symbols
“*” and “
−” can assume either a logic “0” or a logic “1” value but
there is a subtle difference. “−” is meant for the currently used
input combinations whereas “*” can be associated with either the
used or free input combinations. A “*” can be construed as a
reserved free input literal as its logic state (“0” or “1”) will only
be defined at the time when some input combinations subsumed
by it are freed to become I(
ˆ
i
t
).
Find
ˆ
i
t
(Q, i,
ˆ
M
,
ˆ
Y
,
ˆ
i
s
) {
if (|
C(
ˆ
i
s
)| = 1) { // case 1
ˆ
i
t
= C(
ˆ
i
s
);
1
ˆ
i
s
+
= D(
ˆ
i
t
);
} else if |
C(
ˆ
i
s
)|>1 { // case 2
ˆ
i
t
= T(arg{max(F(s
j
))}) ∀ s
j
∈D(
ˆ
i
s
) and T(s
j
) ∈ C(
ˆ
i
s
);
O(
ˆ
i
t
) = O(
ˆ
i
t
)
∩
ˆ
i
Y
;
1
ˆ
i
s
+
= D(
ˆ
i
t
);
} else {
if (
ˆ
()
i
Fs ≠∅
) { // case 3
if (
D(
ˆ
i
s
)
≠
∅ )
1
ˆ
i
s
+
= arg{max(F(s
j
))} ∀ s
j
∈D(
ˆ
i
s
);
else
1
ˆ
i
s
+
= arg{max(F(s
j
))} ∀ s
j
∈ Q;
} else { // case 4
Add a pseudo input variable,
x
n+1
;
for (each
ˆ
t
∈
ˆ
M
) I (
ˆ
t
)
n+1
= *; // set x
n+1
to *
n = n +1;
if (
D(
ˆ
i
s
)
≠
∅ )
1
ˆ
i
s
+
= arg{max(F(s
j
))} ∀ s
j
∈D(
ˆ
i
s
);
else
1
ˆ
i
s
+
= arg{max(F(s
j
))} ∀ s
j
∈ Q;
}
O(
ˆ
i
t
) =
ˆ
i
Y
;
I(
ˆ
i
t
) = Find
ˆ
()
i
I
t
(n,
ˆ
M
,
ˆ
i
s
);
}
return
ˆ
i
t
;
}
Fig. 3. Determination of watermarked transition.
The pseudo codes for the determination of watermarked
transitions are shown in Fig. 3. The input alphabets for the
watermarked transitions found in Cases 3 and 4 are determined
by the subroutine
Find shown in Fig. 4.
When there is no existing transition with compatible output,
as in Cases 3 and 4, the input alphabet I(
ˆ
i
t
) for O(
ˆ
i
t
) =
λ
(
ˆ
i
s
,
I(
ˆ
i
t
)) =
ˆ
i
Y
needs to be determined. I(
ˆ
i
t
) is set to one of the free
input combinations of
ˆ
i
s
if no “*” appears in all the used input
combinations of
ˆ
i
s
. Otherwise, an alphabet, X ∈ I(t
u
), t
u
∈ T(
ˆ
i
s
),
that contains at least one “*” from the set of used input
combinations of
ˆ
i
s
will be split into two. Initially, I(
ˆ
i
t
) = X. A
“*” bit in X is selected and assigned a fixed but randomly
generated binary constant, a
∈ {0, 1}, while the corresponding
“*” bit in I(
ˆ
i
t
) is assigned its complement
a
. Meantime, all the
“
−” bits in I(
ˆ
i
t
) are replaced by the “*” bits. For example, if X =
“1
−*” and a = 0, then it will be split into X = “1−0” and I(
ˆ
i
t
) =
“1*1”. As the number of transitions with “*” bits in the pseudo
input variable space enormously outnumbers those in the
original input variable space, to simplify the next state and
output decoder design, it is lucrative to preserve “*” in the
pseudo input variable space whenever free input combinations
from the original variable space can be used to produce I(
ˆ
i
t
). In
the search for the next state
1
ˆ
i
s
+
an input alphabet with j
exclusive “*” bits is considered as a cover of 2
j−1
free input
combinations. When two states possess the same highest number
of free input combinations, preference will be given to the state
that covers the highest number of output combinations in its fan
out transitions.
Find
ˆ
()
i
I
t
(n,
ˆ
M
,
ˆ
i
s
) {
if (* is absent in all
X ∈ F(
ˆ
i
s
))
ˆ
()
i
I
t
= any X ∈ F(
ˆ
i
s
);
else {
Select
X ∈ I(t
u
) with t
u
∈ T(
ˆ
i
s
) and ∃X
k
= * for 1 ≤ k ≤ n;
Set
ˆ
()
i
I
t
= X;
a = random(0,1);
X
k
= a;
ˆ
()
ik
I
t
=
a
;
for (
j = 1 to n)
if (
ˆ
()
ij
I
t
= − )
ˆ
()
ij
I
t
= *; }
return
ˆ
()
i
I
t
;
}
Fig. 4. Finding input alphabet for the watermarked transition.
The above watermarking process is repeated for i = 2 to N
until
ˆ
N
t
is determined. The residual “*” in the input alphabets of
all edges will be replaced with “
−” and the resultant STG(M) is
the watermarked STG(
ˆ
M
) and
()() ( )
12
ˆ
ˆˆ
ˆ
N
I
tIt It=X
. If the
overhead of watermarked design is not satisfactory, the entire
process can be repeated with an adjusted value of N. The overall
watermark insertion process is shown in Fig. 5.
For each pseudo input variable added, at least 2
n−1
potential
free input combinations are created in every state transition,
where n here refers to the total number of input variables
including the pseudo variables. These free input combinations
have been consumed in [14] by fixing the value of each pseudo
input variable to be “0” consistently for all existing transitions
and “1” consistently for the watermarked transition immediately
upon its creation. This has not only increased the complexity of
![TABLE V COMPARISON WITH FSM WATERMARKING METHOD IN [13]](/figures/table-v-comparison-with-fsm-watermarking-method-in-13-1brnvudy.webp)
![TABLE IV COMPARISON WITH FSM WATERMARKING METHOD IN [12]](/figures/table-iv-comparison-with-fsm-watermarking-method-in-12-127j6496.webp)
