Solver-Aided Constant-Time Circuit Verification

TL;DR

Xenon is a solver-aided verification tool that efficiently proves hardware circuits run in constant-time by synthesizing minimal secrecy assumptions and exploiting modularity, enabling scalable verification of complex designs.

Contribution

The paper introduces Xenon, a novel solver-aided approach that automates assumption synthesis and leverages modularity to verify large, complex hardware designs efficiently.

Findings

Verified AES-256 implementation in under 3 seconds

Scaled verification of a large RISC-V micro-controller

Reduced verification effort from hours to seconds

Abstract

We present Xenon, a solver-aided method for formally verifying that Verilog hardware executes in constant-time. Xenon scales to realistic hardware designs by drastically reducing the effort needed to localize the root cause of verification failures via a new notion of constant-time counterexamples, which Xenon uses to automatically synthesize a minimal set of secrecy assumptions. Xenon further exploits modularity in Verilog code via a notion of module summaries, thereby avoiding duplicate work across multiple module instantiations. We show how Xenon's assumption synthesis and summaries enable the verification of a variety of circuits including AES, a highly modular AES-256 implementation where modularity cuts verification from six hours to under three seconds, and ScarV, a timing channel hardened RISC-V micro-controller whose size exceeds previously verified designs by an order of magnitude.