Side-channel attacks, which are capable of breaking secrecy via side-channel information, pose a growing threat to the implementation of cryptographic algorithms. Masking is an effective countermeasure against side-channel attacks by removing the statistical dependence between secrecy and power consumption via randomization. However, designing efficient and effective masked implementations turns out to be an error-prone task. Current techniques for verifying whether masked programs are secure are limited in their applicability and accuracy, especially when they are applied. To bridge this gap, in this article, we first propose a sound type system, equipped with an efficient type inference algorithm, for verifying masked arithmetic programs against higher-order attacks. We then give novel model-counting-based and pattern-matching-based methods that are able to precisely determine whether the potential leaky observable sets detected by the type system are genuine or simply spurious. We evaluate our approach on various implementations of arithmetic cryptographic programs. The experiments confirm that our approach outperforms the state-of-the-art baselines in terms of applicability, accuracy, and efficiency.

中文翻译：

---

一种高阶掩码算术程序形式验证的混合方法

能够通过侧信道信息破解机密的侧信道攻击对密码算法的实施构成了越来越大的威胁。通过随机化消除保密性和功耗之间的统计依赖性，掩蔽是一种有效的对抗侧信道攻击的对策。然而，设计高效和有效的掩码实现被证明是一项容易出错的任务。当前用于验证屏蔽程序是否安全的技术在适用性和准确性方面受到限制，尤其是在应用时。为了弥补这一差距，在本文中，我们首先提出了一个健全的类型系统，配备了高效的类型推理算法，用于验证掩码算术程序免受高阶攻击。然后，我们给出了新颖的基于模型计数和基于模式匹配的方法，这些方法能够精确地确定类型系统检测到的潜在泄漏可观察集是真实的还是仅仅是虚假的。我们在算术密码程序的各种实现上评估我们的方法。实验证实，我们的方法在适用性、准确性和效率方面优于最先进的基线。