Formal Verification of Masked Hardware Implementations in the Presence of Glitches

Masking provides a high level of resistance against side-channel analysis. However, in practice there are many possible pitfalls when masking schemes are applied, and implementation flaws are easily overlooked. Over the recent years, the formal verification of masked software implementations has made substantial progress. In contrast to software implementations, hardware implementations are inherently susceptible to glitches. Therefore, the same methods tailored for software implementations are not readily applicable.

[1]  Adrian Thillard,et al.  Private Multiplication over Finite Fields , 2017, CRYPTO.

[3]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[4]  Stefan Mangard,et al.  An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order , 2017, CT-RSA.

[5]  François-Xavier Standaert,et al.  Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model , 2018, IACR Cryptol. ePrint Arch..

[6]  Stefan Mangard,et al.  Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations , 2006, CHES.

[7]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[8]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[9]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[10]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[11]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[12]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[13]  Patrick Schaumont,et al.  SMT-Based Verification of Software Countermeasures against Side-Channel Attacks , 2014, TACAS.

[14]  Benjamin Grégoire,et al.  Compositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler , 2015, IACR Cryptol. ePrint Arch..

[15]  Benjamin Grégoire,et al.  Verified Proofs of Higher-Order Masking , 2015, EUROCRYPT.

[16]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[17]  Adrian Thillard,et al.  Randomness Complexity of Private Circuits for Multiplication , 2016, EUROCRYPT.

[18]  Andrey Bogdanov,et al.  Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware , 2013, CHES.

[19]  Oscar Reparaz,et al.  Detecting Flawed Masking Schemes with Leakage Detection Tests , 2016, FSE.

[20]  David Novo,et al.  Sleuth: Automated Verification of Software Power Analysis Countermeasures , 2013, CHES.

[21]  Patrick Schaumont,et al.  QMS: Evaluating the side-channel resistance of masked software from source code , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[22]  Stefan Mangard,et al.  Reconciling d+1 Masking in Hardware and Software , 2017, CHES.

[23]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[24]  Chao Wang,et al.  Synthesis of Masking Countermeasures against Side Channel Attacks , 2014, CAV.

[25]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[26]  Ryan O'Donnell,et al.  Analysis of Boolean Functions , 2014, ArXiv.

[27]  Michael Tunstall,et al.  Compiler Assisted Masking , 2012, CHES.

[28]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[29]  James L. Massey,et al.  A spectral characterization of correlation-immune combining functions , 1988, IEEE Trans. Inf. Theory.

[30]  Jean-Sébastien Coron,et al.  Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations , 2018, IACR Cryptol. ePrint Arch..

[31]  Stefan Mangard,et al.  Higher-Order Side-Channel Protected Implementations of KECCAK , 2017, 2017 Euromicro Conference on Digital System Design (DSD).

[32]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[33]  Johann Glaser,et al.  Yosys-A Free Verilog Synthesis Suite , 2013 .

[34]  Guido Bertoni,et al.  A Methodology for the Characterisation of Leakages in Combinatorial Logic , 2016, SPACE.

[35]  Benjamin Grégoire,et al.  Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model , 2017, EUROCRYPT.

[36]  Claude Carlet,et al.  Theory of masking with codewords in hardware: low-weight dth-order correlation-immune Boolean functions , 2013, IACR Cryptol. ePrint Arch..

[37]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.