Proving SIFA Protection of Masked Redundant Circuits

TL;DR

This paper introduces a new verification method and tool for assessing whether masked cryptographic implementations are resistant to statistically ineffective fault attacks (SIFA), enhancing security assurance for hardware and software devices.

Contribution

The paper presents a novel Boolean dependency analysis approach and a practical tool, Danira, for efficiently verifying SIFA protection in masked cryptographic implementations.

Findings

Danira can verify SIFA resistance within minutes.

The method effectively identifies potential leakage points in masked circuits.

It applies to both hardware and software cryptographic implementations.

Abstract

Implementation attacks like side-channel and fault attacks pose a considerable threat to cryptographic devices that are physically accessible by an attacker. As a consequence, devices like smart cards implement corresponding countermeasures like redundant computation and masking. Recently, statistically ineffective fault attacks (SIFA) were shown to be able to circumvent these classical countermeasure techniques. We present a new approach for verifying the SIFA protection of arbitrary masked implementations in both hardware and software. The proposed method uses Boolean dependency analysis, factorization, and known properties of masked computations to show whether the fault detection mechanism of redundant masked circuits can leak information about the processed secret values. We implemented this new method in a tool called Danira, which can show the SIFA resistance of cryptographic implementations like AES S-Boxes within minutes.