Skip to Main content Skip to Navigation
Book sections

Security Evaluation Against Side-Channel Analysis at Compilation Time

Abstract : Masking countermeasure is implemented to thwart side-channel attacks. The maturity of high-order masking schemes has reached the level where the concepts are sound and proven. For instance, Rivain and Prouff proposed a full-fledged AES at CHES 2010. Some non-trivial fixes regarding refresh functions were needed though. Now, industry is adopting such solutions, and for the sake of both quality and certification requirements , masked cryptographic code shall be checked for correctness using the same model as that of the the theoretical protection rationale (for instance the probing leakage model). Seminal work has been initiated by Barthe et al. at EUROCRYPT 2015 for automated verification at higher orders on concrete implementations. In this paper, we build on this work to actually perform verification from within a compiler, so as to enable timely feedback to the developer. Precisely , our methodology enables to provide the actual security order of the code at the intermediate representation (IR) level, thereby identifying possible flaws (owing either to source code errors or to compiler optimizations). Second, our methodology allows for an exploitability analysis of the analysed IR code. In this respect, we formally handle all the symbolic expressions in the static single assignment (SSA) representation to build the optimal distinguisher function. This enables to evaluate the most powerful attack, which is not only function of the masking order d, but also on the number of leaking samples and of the expressions (e.g., linear vs non-linear leakages). This scheme allows to evaluate the correctness of a masked cryptographic code, and also its actual security in terms of number of traces in a given deployment context.
Document type :
Book sections
Complete list of metadatas

Cited literature [34 references]  Display  Hide  Download
Contributor : Sylvain Guilley <>
Submitted on : Friday, August 14, 2020 - 8:19:02 PM
Last modification on : Wednesday, December 23, 2020 - 7:04:03 PM
Long-term archiving on: : Monday, November 30, 2020 - 8:03:53 PM


Files produced by the author(s)




Nicolas Bruneau, Charles Christen, Jean-Luc Danger, Adrien Facon, Sylvain Guilley. Security Evaluation Against Side-Channel Analysis at Compilation Time. Springer. Algebra, Codes and Cryptology (A2C), pp.129-148, 2019, ⟨10.1007/978-3-030-36237-9_8⟩. ⟨hal-02915643⟩



Record views


Files downloads


Données de recherche

doi: web.