Cryptology ePrint Archive: Report 2022/023

Transitional Leakage in Theory and Practice - Unveiling Security Flaws in Masked Circuits

Nicolai Müller and David Knichel and Pascal Sasdrich and Amir Moradi

Abstract: Accelerated by the increased interconnection of highly accessible devices, the demand for effective and efficient protection of hardware designs against SCA is ever rising, causing its topical relevance to remain immense in both, academia and industry. Among a wide range of proposed countermeasures against SCA, masking is a highly promising candidate due to its sound foundations and well-understood security requirements. In addition, formal adversary models have been introduced, aiming to accurately capture real-world attack scenarios while remaining sufficiently simple to efficiently reason about the SCA resilience of designs. Here, the $d$-probing model is the most prominent and well-studied adversary model. Its extension, introduced as the robust $d$-probing model, covers physical defaults occurring in hardware implementations, particularly focusing on combinational recombinations (glitches), memory recombinations (transitions), and routing recombinations (coupling). With increasing complexity of modern cryptographic designs and logic circuits, formal security verification becomes ever more cumbersome. This started to spark innovative research on automated verification frameworks. Unfortunately, these verification frameworks mostly focus on security verification of hardware circuits in the presence of glitches, but remain limited in identification and verification of transitional leakage. To this end, we extend SILVER, a recently proposed tool for formal security verification of masked logic circuits, to also detect and verify information leakage resulting from combinations of glitches and transitions. Based on extensive case studies, we further confirm the accuracy and practical relevance of our methodology when assessing and verifying information leakage in hardware implementations.

Category / Keywords: applications / Side-Channel Analysis, Transitional Leakage, Masking, Hardware

Original Publication (in the same form): IACR-CHES-2022

Date: received 7 Jan 2022

Contact author: nicolai mueller at rub de, david knichel at rub de, pascal sasdrich at rub de, amir moradi at rub de

Available format(s): PDF | BibTeX Citation

Note: SILVER ist publicity available at https://github.com/Chair-for-Security-Engineering/SILVER/tree/transitional-leakage

Version: 20220108:153014 (All versions of this report)

Short URL: ia.cr/2022/023


[ Cryptology ePrint archive ]