The Steady Tell

Hardware Trojans that activate only under trigger conditions — a specific input, a timer, an external signal — betray themselves by the transition between dormant and active states. Detection methods exploit this: compare the device’s behavior with and without the trigger, and the difference reveals the parasite.

Always-on Trojans have no trigger. They operate continuously, producing no behavioral transition. Every measurement of the compromised chip looks the same as every other. There is no before-and-after to compare. These are considered the hardest Trojans to detect.

Tahghigh and Salmani (arXiv:2603.16058) show that permanence itself is the tell. Using cross-scale persistence analysis of electromagnetic side-channel emissions, they find that legitimate circuits exhibit natural statistical variation across time-frequency scales — fluctuations that reflect the circuit’s interaction with its environment. Always-on Trojans suppress this variation. Their signatures are too stable.

The detection method looks not for the presence of an anomaly but for the absence of variation. A genuine system fluctuates because it responds to changing inputs, temperature drift, power supply noise. A parasitic circuit that is always on produces a signature that is artificially steady across scales where genuine circuits would waver.

Consistency is the fingerprint of deception. The Trojan’s strength — perpetual, untriggered operation — is precisely what makes it detectable, once you know to look for the wrong kind of steadiness. The detection method does not compare the compromised chip to a known-good reference. It compares the chip’s own statistical texture to what real complexity looks like. Real circuits are messy. Trojans are clean. The cleanliness gives them away.