Nice! Please do share your work.
This line of thinking is pretty cool. How do the guarantees differ from what you get from masking circuits on the same IC (e.g.)? I recently read this which contains the related idea of masking data before an operation so that those circuits can’t reliably contain a trigger (since any trigger would be masked).
There’s also a telegram group where a lot of ideas are being thrown around (although lately there’s been more attention given to side channels than trojans): Telegram: Join Group Chat