Formal Verification of Side-Channel Countermeasures via Elementary Circuit Transformations
We describe a technique to formally verify the security of masked implementations against side-channel attacks, based on elementary circuit transforms. We describe two complementary approaches: a generic approach for the formal verification of any circuit, but for small attack orders only, and a specialized approach for the verification of specific circuits, but at any order. We also show how to generate security proofs automatically, for simple circuits. We describe the implementation of CheckMasks, a formal verification tool for side-channel countermeasures. Using this tool, we formally verify the security of the Rivain-Prouff countermeasure for AES, and also the recent Boolean to arithmetic conversion algorithms from CHES 2017.
KeywordsSide-channel attacks and countermeasures High-order masking Security proof Automated security analysis
- [BBD+15]Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y.: Verified proofs of higher-order masking. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 457–485. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_18. https://eprint.iacr.org/2015/060CrossRefGoogle Scholar
- [BBD+16]Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 116–129 (2016). Publicly available at https://eprint.iacr.org/2015/506.pdf. See also a preliminary version, under the title “Compositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler”, publicly available at https://eprint.iacr.org/2015/506/20150527:192221
- [Cor17a]Coron, J.-S.: CheckMasks: formal verification of side-channel countermeasures (2017). Publicly available at https://github.com/coron/checkmasks
- [Cor17b]Coron, J.-S.: Formal verification of side-channel countermeasures via elementary circuit transformations. Cryptology ePrint Archive, Report 2017/879 (2017). https://eprint.iacr.org/2017/879