LeakyHDL: Investigating Security Vulnerabilities in LLM-Generated HDL Conference

Awal, MS, Di Campli, L, Bakchy, SC et al. (2026). LeakyHDL: Investigating Security Vulnerabilities in LLM-Generated HDL . 17TH IEEE DALLAS CIRCUITS AND SYSTEMS CONFERENCE, DCAS 2024, (2026), 10.1109/DCAS69364.2026.11544362

cited authors

  • Awal, MS; Di Campli, L; Bakchy, SC; Rahman, S; Rahman, MT

abstract

  • Large Language Models (LLMs) are increasingly used to generate hardware code for design and verification workflows, including security-sensitive cryptographic modules. However, the security properties of such code remain insufficiently examined. This paper presents a systematic empirical study of hardware description language (HDL) generated by three widely used LLMs (ChatGPT, Gemini, Claude) for three cryptographic primitives: AES, RSA modular exponentiation, and equality comparator circuits. For each primitive and prompting regime, we assess functional correctness and side-channel security using a pattern-based vulnerability analysis with cross-model code verification. Across LLMs and prompts, the generated HDL codes are generally functionally correct but frequently contain implementation patterns known to enable timing and power sidechannel leakage, including secret-dependent branching, earlytermination logic, and lookup-table based substitutions. The results highlight a persistent gap between functional correctness and security in current LLM-generated HDL, as well as the risks of deploying such code in security-critical hardware without additional analysis and verification.

publication date

  • January 1, 2026

Digital Object Identifier (DOI)

issue

  • 2026