Cryptology ePrint Archive: Report 2013/554

Formally Proved Security of Assembly Code Against Leakage

Pablo Rauzy and Sylvain Guilley and Zakaria Najm

Abstract: In his keynote speech at CHES 2004, Kocher advocated that side-channel attacks were an illustration that formal cryptography was not as secure as it was believed because some assumptions (e.g., no auxiliary information is available during the computation) were not modeled. This failure is due to the fact that formal methods work with models rather than implementations. Of course, we can use formal methods to prove non-functional security properties such as the absence of side-channel leakages. But a common obstacle is that those properties are very low-level and appear incompatible with formalization. To avoid the discrepancy between the model and the implementation, we apply formal methods directly on the implementation. Doing so, we can formally prove that an assembly code is leak-free, provided that the hardware it runs on satisfies a finite (and limited) set of properties that we show are realistic. We apply this technique to prove that a PRESENT implementation in 8~bit AVR assembly code is leak-free.

Category / Keywords: implementation / side-channels, balancing countermeasure, formal methods, symbolic evaluation

Date: received 3 Sep 2013

Contact author: rauzy at enst fr

Available format(s): PDF | BibTeX Citation

Note: This paper is an early draft version of a work presented during the poster session at CHES 2013.

Version: 20130904:142054 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]