Paper 2022/023

Transitional Leakage in Theory and Practice - Unveiling Security Flaws in Masked Circuits

Nicolai Müller, David Knichel, Pascal Sasdrich, and Amir Moradi


Accelerated by the increased interconnection of highly accessible devices, the demand for effective and efficient protection of hardware designs against SCA is ever rising, causing its topical relevance to remain immense in both, academia and industry. Among a wide range of proposed countermeasures against SCA, masking is a highly promising candidate due to its sound foundations and well-understood security requirements. In addition, formal adversary models have been introduced, aiming to accurately capture real-world attack scenarios while remaining sufficiently simple to efficiently reason about the SCA resilience of designs. Here, the $d$-probing model is the most prominent and well-studied adversary model. Its extension, introduced as the robust $d$-probing model, covers physical defaults occurring in hardware implementations, particularly focusing on combinational recombinations (glitches), memory recombinations (transitions), and routing recombinations (coupling). With increasing complexity of modern cryptographic designs and logic circuits, formal security verification becomes ever more cumbersome. This started to spark innovative research on automated verification frameworks. Unfortunately, these verification frameworks mostly focus on security verification of hardware circuits in the presence of glitches, but remain limited in identification and verification of transitional leakage. To this end, we extend SILVER, a recently proposed tool for formal security verification of masked logic circuits, to also detect and verify information leakage resulting from combinations of glitches and transitions. Based on extensive case studies, we further confirm the accuracy and practical relevance of our methodology when assessing and verifying information leakage in hardware implementations.

Note: SILVER ist publicity available at

Available format(s)
Publication info
Published by the IACR in TCHES 2022
Side-Channel AnalysisTransitional LeakageMaskingHardware
Contact author(s)
nicolai mueller @ rub de
david knichel @ rub de
pascal sasdrich @ rub de
amir moradi @ rub de
2022-01-08: received
Short URL
Creative Commons Attribution


      author = {Nicolai Müller and David Knichel and Pascal Sasdrich and Amir Moradi},
      title = {Transitional Leakage in Theory and Practice - Unveiling Security Flaws in Masked Circuits},
      howpublished = {Cryptology ePrint Archive, Paper 2022/023},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.