VALIANT: An EDA Flow for Side-Channel Leakage Evaluation and Tailored Protection

Abstract

Power side-channels give rise to several potent attack vectors for leaking information in digital circuits. While a plethora of (mathematically robust) solutions exist to tackle such side-channels, their deployment through existing VLSI design-flows remains an important engineering issue. Besides, most existing solutions result in significant hardware overhead hindering their practical usage for resource-constrained settings, such as Internet-of-Things (IoT) or embedded devices. In this paper, we address both of these issues through an integrated electronic design automation (EDA) tool-flow operating on gate-level designs. Based on an interesting observation that not every net in a design is equally susceptible to side-channel leakage, we devise a generic testing mechanism and lightweight albeit customizable protection strategy for a given trace count. We first analytically establish the observation based on certain physical properties of VLSI circuits and also validate it on ISCAS benchmark circuits. Next, we present a tool called VALIANT, which can identify the leaking nets for a given number of traces from the gate-level netlist of a cipher. VALIANT works alongside state-of-the-art design automation tools and, therefore, can be directly incorporated in existing design flows. After identifying the leaky subset of nets in a design, we propose a lightweight variant of an existing masking scheme to eliminate the leakage concerning a given trace count. The main feature of our protection scheme is that it takes into account subset of nets are not “leaky” and optimizes the usage of randomness and extra gates according to this information to minimize the overhead. Experimental evaluation over state-of-the-art lightweight S-Boxes and the GIFT block cipher establishes the efficacy of the proposed idea for generating lightweight protected solutions in an automated manner.