(2026-02) eVer; Universal and Automated Verification of Side-Channel Security for Additive, Inner Product, Polynomial and General Code-Based Masking
2026-02-09
Automated verification of side-channel security is essential as countermeasures and protected schemes grow in complexity, and as developers increasingly rely on LLMs to generate security-critical code. In these settings, independent verification serves as a dependable security check, assuring the absence of security vulnerabilities. However, existing verification tools support only a narrow class of masking countermeasures due to fundamental technical limitations. For example, current tools fail to verify many instances of masking countermeasures, as well as entire classes of polynomial, inner-product, or code-based masking schemes in general. These practical countermeasures and schemes are particularly interesting as many of them offer stronger resistance to practical side-channel attacks, yet they remain out of reach of formal verification. We close this gap with a sound, field-agnostic verification approach that, for the first time, automatically checks standard side-channel security notions for all common masking schemes, including polynomial, inner-product, and all variants of code-based masking. In addition to addressing the inherently distinct algebraic structure of these schemes, our method relies on a new proof rule within a general proof system for establishing the joint probabilistic independence of expressions. We implement our approach in the tool eVer and evaluate it on masked algorithms previously beyond the reach of automated verification, including BGW, LaOla, inner-product, and general code-based-masked multiplication algorithms.