International Association for Cryptologic Research (IACR)
Abstract
Masking countermeasure is implemented to thwart side-channel attacks.
The maturity of high-order masking schemes has reached the level where the concepts are sound and proven.
For instance, Rivain and Prouff proposed a full-fledged AES at CHES 2010.
Some non-trivial fixes regarding refresh functions were needed though.
Now, industry is adopting such solutions, and for the sake of both quality and certification requirements,
masked cryptographic code shall be checked for correctness using the same model as that of the the theoretical protection rationale (for instance the probing leakage model).
Seminal work has been initiated by Barthe et al. at EUROCRYPT 2015 for automated verification at higher orders on concrete implementations.
In this paper, we build on this work to actually perform verification from within a compiler,
so as to enable timely feedback to the developer.
Precisely, our methodology enables to provide the actual security order of the code at the intermediate representation (IR) level,
thereby identifying possible flaws (owing either to source code errors or to compiler optimizations).
Second, our methodology allows for an exploitability analysis of the analysed IR code.
In this respect, we formally handle all the symbolic expressions in the static single assignment (SSA) representation to build the optimal distinguisher function.
This enables to evaluate the most powerful attack,
which is not only function of the masking order d, but also on the number of leaking samples and of the expressions
(e.g., linear vs non-linear leakages).
This scheme allows to evaluate the correctness of a masked cryptographic code,
and also its actual security in terms of number of traces in a given deployment context (characterized by a leakage model of the target CPU and the signal-to-noise ratio of the platform)
