Paper 2021/1671

IronMask: Versatile Verification of Masking Security

Sonia Belaïd, Darius Mercadier, Matthieu Rivain, and Abdul Rahman Taleb


This paper introduces IronMask, a new versatile verification tool for masking security. IronMask is the first to offer the verification of standard simulation-based security notions in the probing model as well as recent composition and expandability notions in the random probing model. It supports any masking gadgets with linear randomness (e.g. addition, copy and refresh gadgets) as well as quadratic gadgets (e.g. multiplication gadgets) that might include non-linear randomness (e.g. by refreshing their inputs), while providing complete verification results for both types of gadgets. We achieve this complete verifiability by introducing a new algebraic characterization for such quadratic gadgets and exhibiting a complete method to determine the sets of input shares which are necessary and sufficient to perform a perfect simulation of any set of probes. We report various benchmarks which show that IronMask is competitive with state-of-the-art verification tools in the probing model (maskVerif, scVerif, SILVER, matverif). IronMask is also several orders of magnitude faster than VRAPS --the only previous tool verifying random probing composability and expandability-- as well as SILVER --the only previous tool providing complete verification for quadratic gadgets with non-linear randomness. Thanks to this completeness and increased performance, we obtain better bounds for the tolerated leakage probability of state-of-the-art random probing secure compilers.

Available format(s)
Publication info
Published elsewhere. Minor revision. 43rd IEEE Symposium on Security and Privacy 2022
Side-channel securitymaskingphysical defaultsautomatic verificationcomplete verificationcompositionprobing modelrandom probing modelIronMask
Contact author(s)
abdul taleb @ cryptoexperts com
2021-12-21: received
Short URL
Creative Commons Attribution


      author = {Sonia Belaïd and Darius Mercadier and Matthieu Rivain and Abdul Rahman Taleb},
      title = {{IronMask}: Versatile Verification of Masking Security},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1671},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.