SILVER - Statistical Independence and Leakage Verification

Implementing cryptographic functions securely in the presence of physical adversaries is still a challenge although a lion’s share of research in the physical security domain has been put in development of countermeasures. Among several protection schemes, masking has absorbed the most attention of research in both academic and industrial communities, due to its theoretical foundation allowing to provide proofs or model the achieved security level. In return, masking schemes are difficult to implement as the implementation process often is manual, complex, and error-prone. This motivated the need for formal verification tools that allow the designers and engineers to analyze and verify the designs before manufacturing. In this work, we present a new framework to analyze and verify masked implementations against various security notions using different security models as reference. In particular, our framework – which directly processes the resulting gate-level netlist of a hardware synthesis – particularly relies on Reduced Ordered Binary Decision Diagrams (ROBDDs) and the concept of statistical independence of probability distributions. Compared to existing tools, our framework captivates due to its simplicity, accuracy, and functionality while still having a reasonable efficiency for many applications and common use-cases.

[1]  Stefan Mangard,et al.  Formal Verification of Masked Hardware Implementations in the Presence of Glitches , 2018, IACR Cryptol. ePrint Arch..

[2]  Stefan Mangard,et al.  A unified masking approach , 2018, Journal of Cryptographic Engineering.

[3]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[4]  François-Xavier Standaert,et al.  Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference , 2020, IEEE Transactions on Information Forensics and Security.

[5]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[6]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[7]  Benjamin Grégoire,et al.  Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model , 2017, EUROCRYPT.

[8]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[9]  Michael Tunstall,et al.  Compiler Assisted Masking , 2012, CHES.

[10]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[11]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[12]  Patrick Schaumont,et al.  Formal Verification of Software Countermeasures against Side-Channel Attacks , 2014, ACM Trans. Softw. Eng. Methodol..

[13]  Ali Assi,et al.  An efficient estimation of the ROBDD's complexity , 2006, Integr..

[14]  Begül Bilgin,et al.  Consolidating Security Notions in Hardware Masking , 2019, IACR Cryptol. ePrint Arch..

[15]  Amir Moradi,et al.  Side-Channel Analysis Protection and Low-Latency in Action - - Case Study of PRINCE and Midori - , 2016, ASIACRYPT.

[16]  Ventzislav Nikov,et al.  Optimized Threshold Implementations: Minimizing the Latency of Secure Cryptographic Accelerators , 2019, CARDIS.

[17]  Amir Moradi,et al.  Glitch-Resistant Masking Revisited - or Why Proofs in the Robust Probing Model are Needed , 2019, IACR Cryptol. ePrint Arch..

[18]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[19]  D. Michael Miller An improved method for computing a generalized spectral coefficient , 1998, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[20]  Chao Wang,et al.  SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks , 2018, CAV.

[21]  Jean-Sébastien Coron,et al.  Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations , 2018, IACR Cryptol. ePrint Arch..

[22]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[23]  Elena Trichina,et al.  Combinational Logic Design for AES SubByte Transformation on Masked Data , 2003, IACR Cryptol. ePrint Arch..

[24]  David Novo,et al.  Sleuth: Automated Verification of Software Power Analysis Countermeasures , 2013, CHES.

[25]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[26]  François-Xavier Standaert,et al.  Hardware Private Circuits: From Trivial Composition to Full Verification , 2020, IEEE Transactions on Computers.

[27]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[28]  Sihem Mesnager,et al.  Bent Functions: Fundamentals and Results , 2016 .

[29]  Vincent Rijmen,et al.  Threshold implementations of small S-boxes , 2014, Cryptography and Communications.

[30]  Sonia Belaïd,et al.  Tight Private Circuits: Achieving Probing Security with the Least Refreshing , 2018, IACR Cryptol. ePrint Arch..

[31]  Benjamin Grégoire,et al.  Verified Proofs of Higher-Order Masking , 2015, EUROCRYPT.

[32]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[33]  Vincent Rijmen,et al.  Masking AES With d+1 Shares in Hardware , 2016, CHES.

[34]  Stefan Mangard,et al.  Sharing Independence & Relabeling: Efficient Formal Verification of Higher-Order Masking , 2018, IACR Cryptol. ePrint Arch..

[35]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[36]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[37]  Christof Paar,et al.  The First Thorough Side-Channel Hardware Trojan , 2017, ASIACRYPT.

[38]  Benjamin Grégoire,et al.  maskVerif: Automated Verification of Higher-Order Masking in Presence of Physical Defaults , 2019, ESORICS.

[39]  Tom van Dijk,et al.  Sylvan: multi-core decision diagrams , 2015, TACAS.

[40]  Saburo Muroga,et al.  Binary Decision Diagrams , 2000, The VLSI Handbook.

[41]  Thomas Peyrin,et al.  SKINNY-AEAD and SKINNY-Hash , 2020, IACR Trans. Symmetric Cryptol..

[42]  Stefan Mangard,et al.  An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order , 2017, CT-RSA.

[43]  François-Xavier Standaert,et al.  Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model , 2018, IACR Cryptol. ePrint Arch..