# Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations

@article{Coron2017FormalVO,
title={Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations},
author={Jean-S{\'e}bastien Coron},
journal={IACR Cryptol. ePrint Arch.},
year={2017},
volume={2017},
pages={879}
}
• J. Coron
• Published 2 July 2018
• Computer Science, Mathematics
• IACR Cryptol. ePrint Arch.
We describe a technique to formally verify the security of masked implementations against side-channel attacks, based on elementary circuit transforms. We describe two complementary approaches: a generic approach for the formal verification of any circuit, but for small attack orders only, and a specialized approach for the verification of specific circuits, but at any order. We also show how to generate security proofs automatically, for simple circuits. We describe the implementation of…

### VerMI: Verification Tool for Masked Implementations

• Computer Science
2018 25th IEEE International Conference on Electronics, Circuits and Systems (ICECS)
• 2018
VerMI, a verification tool in the form of a logic simulator that checks the properties defined in Threshold Implementations to address the security of a hardware implementation for meaningful orders of security is presented.

### A Hybrid Approach to Formal Verification of Higher-Order Masked Arithmetic Programs

• Computer Science, Mathematics
ACM Trans. Softw. Eng. Methodol.
• 2021
A sound type system, equipped with an efficient type inference algorithm, is proposed for verifying masked arithmetic programs against higher-order attacks and novel model-counting- based and pattern-matching-based methods are given that are able to precisely determine whether the potential leaky observable sets detected by the type system are genuine or simply spurious.

### Quantitative Verification of Masked Arithmetic Programs against Side-Channel Attacks

• Computer Science, Mathematics
TACAS
• 2019
A hybrid approach combing type inference and model-counting to verify masked arithmetic programs against side-channel attacks and provides a method to quantify the security level of the program.

### Masking in Fine-Grained Leakage Models: Construction, Implementation and Verification

• Computer Science
IACR Cryptol. ePrint Arch.
• 2020
The approach significantly narrows the gap between formal verification of masking and practical security, allowing for the first time formal guarantees for a broad range of device-specific leakage effects not addressed by prior work.

### SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks

• Computer Science
CAV
• 2018
A refinement-based method for verifying masking countermeasures that is more accurate than prior syntactic type inference based approaches and more scalable than prior model-counting based approaches using SAT or SMT solvers.

### Verifying and Quantifying Side-channel Resistance of Masked Software Implementations

• Computer Science
ACM Trans. Softw. Eng. Methodol.
• 2019
This work proposes a refinement-based method for verifying masking countermeasures and proposes algorithms for quantifying the amount of side-channel information leakage from a software implementation using the notion of quantitative masking strength.

### maskVerif: a formal tool for analyzing software and hardware masked implementations

• Computer Science
IACR Cryptol. ePrint Arch.
• 2018
This paper extends maskVerif tool with a unified framework to efficiently and formally verify both software and hardware implementations with a simple but expressive intermediate language that covers a broad range of models from the literature.

### Formal Verification of Masking Countermeasures for Arithmetic Programs*

• Pengfei Gao
• Computer Science
2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)
• 2020
This work proposes an approach for formally verifying masking countermeasures of arithmetic programs that is more accurate for arithmetic programs and more scalable for Boolean programs comparing to the existing approaches.

### Improved High-Order Conversion From Boolean to Arithmetic Masking

• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2018
A simplified variant with fewer mask refreshing, and still with a proof of security in the ISW probing model is described, which in practical implementations is roughly 25% faster.

### SCI nfer : Refinement-based Verification of Software Countermeasures against Side-Channel Attacks ?

• Computer Science
• 2018
A refinement-based method for verifying masking countermeasures that is more accurate than prior syntactic type inference based approaches and more scalable than prior model-counting based approaches using SAT or SMT solvers.

## References

SHOWING 1-10 OF 14 REFERENCES

### Faster Evaluation of SBoxes via Common Shares

• Computer Science, Mathematics
CHES
• 2016
A new technique for improving the efficiency of the masking countermeasure against side-channel attacks is described, based on using common shares between secret variables, in order to reduce the number of finite field multiplications.

### High-Order Conversion from Boolean to Arithmetic Masking

• J. Coron
• Computer Science, Mathematics
CHES
• 2017
This work describes a high-order Boolean to arithmetic conversion algorithm whose complexity is independent of the register size k, which is proven secure in the Ishai, Sahai and Wagner (ISW) framework for private circuits.

### Secure Conversion between Boolean and Arithmetic Masking of Any Order

• Computer Science, Mathematics
CHES
• 2014
To convert masks of a size of ki¾?bits securely against attacks of order n, the proposed algorithms have a time complexity of $\mathcal{O}n^2 k$ in both directions and are proven to be secure in the Ishai, Sahai, and Wagner ISW framework for private circuits.

### Strong Non-Interference and Type-Directed Higher-Order Masking

• Computer Science
CCS
• 2016
This work develops a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm.

### Private Circuits: Securing Hardware against Probing Attacks

• Computer Science, Mathematics
CRYPTO
• 2003
This paper proposes several efficient techniques for building private circuits resisting side channel attacks, and provides a formal threat model and proofs of security for their constructions.

### Verified Proofs of Higher-Order Masking

• Computer Science, Mathematics
EUROCRYPT
• 2015
The problem of automatically verifying higher-order masking countermeasures is studied, since weaknesses have been discovered in schemes that were thought secure, but is inherently exponential.

### A Sound Method for Switching between Boolean and Arithmetic Masking

• L. Goubin
• Computer Science, Mathematics
CHES
• 2001
Two new practical algorithms for the conversion between boolean masking and arithmetic masking are presented, that are proven secure against DPA.

### Provably Secure Higher-Order Masking of AES

• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2010
This paper presents the first generic dth-order masking scheme for AES with a provable security and a reasonable software implementation overhead and can be efficiently implemented in software on any general-purpose processor.

### Unifying Leakage Models: From Probing Attacks to Noisy Leakage

• Computer Science, Mathematics
EUROCRYPT
• 2014
A new reduction from noisy leakage to the important model of probing adversaries is achieved by a new reduction that significantly simplifies the formal security analysis of masking schemes against realistic side-channel leakages.

### Higher-Order Side Channel Security and Mask Refreshing

• Computer Science, Mathematics
FSE
• 2013
This paper shows that the method proposed at CHES 2010 to do mask refreshing introduces a security flaw in the overall masking scheme, and proposes a new solution which avoids the use of mask refreshing, and proves its security.