MaskVer: A Tool Helping Designers Detect Flawed Masking Implementations

摘要

Hardening cryptographic algorithms against side-channel attacks is a complex but crucial task in today's hardware implementations. One of the most promising counter measures is Boolean Masking. Designers spend much effort to optimise and customise their masking schemes, but many proposed masked implementations were eventually broken, because they are somehow flawed - not necessarily restricted to a specific error, but to an overall leakage problem. As today's EDA tools hardly support masking, the masking process is still a manual task for the designer. Even worse, due to the lack of capable EDA tools, after synthesis there is no guarantee that the masking still applies and is not optimised. Checking each and every gate of a netlist for masking flaws after synthesis is a time consuming, expensive, and infeasible task. In this paper, we propose a graph based method to reduce the number of gates to be checked. We also present a prototype implementation of our tool to help designers detecting flawed masking in their designs.