Visible to the public IronMask: Versatile Verification of Masking Security

TitleIronMask: Versatile Verification of Masking Security
Publication TypeConference Paper
Year of Publication2022
AuthorsBelaïd, Sonia, Mercadier, Darius, Rivain, Matthieu, Taleb, Abdul Rahman
Conference Name2022 IEEE Symposium on Security and Privacy (SP)
Keywordsautomatic verification, Benchmark testing, complete verification, composability, composition, data structures, expandability, lronMask, masking, physical defaults, privacy, Probes, probing model, pubcrawl, random probing model, resilience, Resiliency, Scalability, security, Security by Default, Side-channel security, Silver, Standards
Abstract

This paper introduces lronMask, a new versatile verification tool for masking security. lronMask is the first to offer the verification of standard simulation-based security notions in the probing model as well as recent composition and expandability notions in the random probing model. It supports any masking gadgets with linear randomness (e.g. addition, copy and refresh gadgets) as well as quadratic gadgets (e.g. multiplication gadgets) that might include non-linear randomness (e.g. by refreshing their inputs), while providing complete verification results for both types of gadgets. We achieve this complete verifiability by introducing a new algebraic characterization for such quadratic gadgets and exhibiting a complete method to determine the sets of input shares which are necessary and sufficient to perform a perfect simulation of any set of probes. We report various benchmarks which show that lronMask is competitive with state-of-the-art verification tools in the probing model (maskVerif, scVerif, SILVEH, matverif). lronMask is also several orders of magnitude faster than VHAPS -the only previous tool verifying random probing composability and expandability- as well as SILVEH -the only previous tool providing complete verification for quadratic gadgets with nonlinear randomness. Thanks to this completeness and increased performance, we obtain better bounds for the tolerated leakage probability of state-of-the-art random probing secure compilers.

DOI10.1109/SP46214.2022.9833600
Citation Keybelaid_ironmask_2022