Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations

@article{Coron2017FormalVO,
  title={Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations},
  author={Jean-S{\'e}bastien Coron},
  journal={IACR Cryptol. ePrint Arch.},
  year={2017},
  volume={2017},
  pages={879}
}
  • J. Coron
  • Published 2 July 2018
  • Computer Science, Mathematics
  • IACR Cryptol. ePrint Arch.
We describe a technique to formally verify the security of masked implementations against side-channel attacks, based on elementary circuit transforms. We describe two complementary approaches: a generic approach for the formal verification of any circuit, but for small attack orders only, and a specialized approach for the verification of specific circuits, but at any order. We also show how to generate security proofs automatically, for simple circuits. We describe the implementation of… 
VerMI: Verification Tool for Masked Implementations
TLDR
VerMI, a verification tool in the form of a logic simulator that checks the properties defined in Threshold Implementations to address the security of a hardware implementation for meaningful orders of security is presented.
A Hybrid Approach to Formal Verification of Higher-Order Masked Arithmetic Programs
TLDR
A sound type system, equipped with an efficient type inference algorithm, is proposed for verifying masked arithmetic programs against higher-order attacks and novel model-counting- based and pattern-matching-based methods are given that are able to precisely determine whether the potential leaky observable sets detected by the type system are genuine or simply spurious.
Quantitative Verification of Masked Arithmetic Programs against Side-Channel Attacks
TLDR
A hybrid approach combing type inference and model-counting to verify masked arithmetic programs against side-channel attacks and provides a method to quantify the security level of the program.
Masking in Fine-Grained Leakage Models: Construction, Implementation and Verification
TLDR
The approach significantly narrows the gap between formal verification of masking and practical security, allowing for the first time formal guarantees for a broad range of device-specific leakage effects not addressed by prior work.
SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks
TLDR
A refinement-based method for verifying masking countermeasures that is more accurate than prior syntactic type inference based approaches and more scalable than prior model-counting based approaches using SAT or SMT solvers.
Verifying and Quantifying Side-channel Resistance of Masked Software Implementations
TLDR
This work proposes a refinement-based method for verifying masking countermeasures and proposes algorithms for quantifying the amount of side-channel information leakage from a software implementation using the notion of quantitative masking strength.
maskVerif: a formal tool for analyzing software and hardware masked implementations
TLDR
This paper extends maskVerif tool with a unified framework to efficiently and formally verify both software and hardware implementations with a simple but expressive intermediate language that covers a broad range of models from the literature.
Formal Verification of Masking Countermeasures for Arithmetic Programs*
  • Pengfei Gao
  • Computer Science
    2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2020
TLDR
This work proposes an approach for formally verifying masking countermeasures of arithmetic programs that is more accurate for arithmetic programs and more scalable for Boolean programs comparing to the existing approaches.
Improved High-Order Conversion From Boolean to Arithmetic Masking
TLDR
A simplified variant with fewer mask refreshing, and still with a proof of security in the ISW probing model is described, which in practical implementations is roughly 25% faster.
SCI nfer : Refinement-based Verification of Software Countermeasures against Side-Channel Attacks ?
TLDR
A refinement-based method for verifying masking countermeasures that is more accurate than prior syntactic type inference based approaches and more scalable than prior model-counting based approaches using SAT or SMT solvers.
...
...

References

SHOWING 1-10 OF 14 REFERENCES
Faster Evaluation of SBoxes via Common Shares
TLDR
A new technique for improving the efficiency of the masking countermeasure against side-channel attacks is described, based on using common shares between secret variables, in order to reduce the number of finite field multiplications.
High-Order Conversion from Boolean to Arithmetic Masking
  • J. Coron
  • Computer Science, Mathematics
    CHES
  • 2017
TLDR
This work describes a high-order Boolean to arithmetic conversion algorithm whose complexity is independent of the register size k, which is proven secure in the Ishai, Sahai and Wagner (ISW) framework for private circuits.
Secure Conversion between Boolean and Arithmetic Masking of Any Order
TLDR
To convert masks of a size of ki¾?bits securely against attacks of order n, the proposed algorithms have a time complexity of $\mathcal{O}n^2 k$ in both directions and are proven to be secure in the Ishai, Sahai, and Wagner ISW framework for private circuits.
Strong Non-Interference and Type-Directed Higher-Order Masking
TLDR
This work develops a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm.
Private Circuits: Securing Hardware against Probing Attacks
TLDR
This paper proposes several efficient techniques for building private circuits resisting side channel attacks, and provides a formal threat model and proofs of security for their constructions.
Verified Proofs of Higher-Order Masking
TLDR
The problem of automatically verifying higher-order masking countermeasures is studied, since weaknesses have been discovered in schemes that were thought secure, but is inherently exponential.
Provably Secure Higher-Order Masking of AES
TLDR
This paper presents the first generic dth-order masking scheme for AES with a provable security and a reasonable software implementation overhead and can be efficiently implemented in software on any general-purpose processor.
Unifying Leakage Models: From Probing Attacks to Noisy Leakage
TLDR
A new reduction from noisy leakage to the important model of probing adversaries is achieved by a new reduction that significantly simplifies the formal security analysis of masking schemes against realistic side-channel leakages.
Higher-Order Side Channel Security and Mask Refreshing
TLDR
This paper shows that the method proposed at CHES 2010 to do mask refreshing introduces a security flaw in the overall masking scheme, and proposes a new solution which avoids the use of mask refreshing, and proves its security.
EasyCrypt: A Tutorial
TLDR
Machine-checked frameworks that support the construction and automated verification of cryptographic systems are developed to reason directly in the computational model commonly used by cryptographers to deliver rigorous and detailed mathematical proofs.
...
...