Paper 2024/833

INDIANA - Verifying (Random) Probing Security through Indistinguishability Analysis

Abstract

While masking is a widely used defense against passive side-channel attacks, its secure implementation in hardware continues to be a manual, complex, and error-prone process. This paper introduces INDIANA, a comprehensive security verification methodology for hardware masking. Our results include a hardware verification tool, enabling a complete analysis of simulation-based security in the glitch-extended probing model and intra-cycle estimations for leakage probabilities in the random probing model. Notably, INDIANA is the first framework to analyze arbitrary masked circuits in both models, even at the scale of full SPN cipher rounds (e.g., AES), while delivering exact verification results. To achieve accurate and comprehensive verification, we propose a partitionable probing distinguisher that allows for fast validation of probe tuples, surpassing current methods that rely on statistical independence. Furthermore, our approach naturally supports extensions to the random probing model by utilizing Fast Fourier-Hadamard Transformations (FHTs). Benchmark results show that INDIANA competes effectively with leading probing model verification tools, such as ironMask, maskVerif, and VERICA. INDIANA is also the first tool that is capable to provide intra-cycle estimations of random probing leakage probabilities for large-scalemasked circuits.