Paper 2024/1202

Prover - Toward More Efficient Formal Verification of Masking in Probing Model

Feng Zhou, University of Chinese Academy of Sciences, Institute of Software, Chinese Academy of Sciences, Zhongguancun Laboratory
Hua Chen, Institute of Software, Chinese Academy of Sciences
Limin Fan, Institute of Software, Chinese Academy of Sciences
Abstract

In recent years, formal verification has emerged as a crucial method for assessing security against Side-Channel attacks of masked implementations, owing to its remarkable versatility and high degree of automation. However, formal verification still faces technical bottlenecks in balancing accuracy and efficiency, thereby limiting its scalability. Former tools like maskVerif and CocoAlma are very efficient but they face accuracy issues when verifying schemes that utilize properties of Boolean functions. Later, SILVER addressed the accuracy issue, albeit at the cost of significantly reduced speed and scalability compared to maskVerif. Consequently, there is a pressing need to develop formal verification tools that are both efficient and accurate for designing secure schemes and evaluating implementations. This paper’s primary contribution lies in proposing several approaches to develop a more efficient and scalable formal verification tool called Prover, which is built upon SILVER. Firstly, inspired by the auxiliary data structures proposed by Eldib et al. and optimistic sampling rule of maskVerif, we introduce two reduction rules aimed at diminishing the size of observable sets and secret sets in statistical independence checks. These rules substantially decrease, or even eliminate, the need for repeated computation of probability distributions using Reduced Ordered Binary Decision Diagrams (ROBDDs), a time-intensive procedure in verification. Subsequently, we integrate one of these reduction rules into the uniformity check to mitigate its complexity. Secondly, we identify that variable ordering significantly impacts efficiency and optimize it for constructing ROBDDs, resulting in much smaller representations of investigated functions. Lastly, we present the algorithm of Prover, which efficiently verifies the security and uniformity of masked implementations in probing model with or without the presence of glitches. Experimental results demonstrate that our proposed tool Prover offers a better balance between efficiency and accuracy compared to other state-of-the-art tools (IronMask, CocoAlma, maskVerif, and SILVER). In our experiments, we also found an S-box that can only be verified by Prover, as IronMask cannot verify S-boxes, and both CocoAlma and maskVerif suffer from false positive issues. Additionally, SILVER runs out of time during verification.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2025
Keywords
Side-Channel AttacksMaskingFormal VerificationGlitch-Extended Probing SecurityROBDDs
Contact author(s)
zhoufeng2021 @ iscas ac cn
chenhua @ iscas ac cn
fanlimin @ iscas ac cn
History
2024-10-14: last of 2 revisions
2024-07-25: received
See all versions
Short URL
https://ia.cr/2024/1202
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1202,
      author = {Feng Zhou and Hua Chen and Limin Fan},
      title = {Prover - Toward More Efficient Formal Verification of Masking in Probing Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1202},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1202}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.