On the Unpredictability of SPICE Simulations for Side-Channel Leakage Verification of Masked Cryptographic Circuits

Circuits for cryptography are vulnerable to side-channel (SC) attacks. Masking is a countermeasure which splits secrets into random shares. It is provable secure under the assumption that physical leakage of each share is independent of each other. For a secure implementation of masked circuits, this independency assumption must be satisfied after layout. A transistor-level simulator such as SPICE produces analog waveforms that are sufficiently trustworthy to verify timing accuracy. Due to this accuracy, SPICE is expected to be useful for SC leakage verification after layout. However, we demonstrate that the statistical variation of the power noise amplitude in SPICE simulation is not always correct and varies a lot for SC evaluation. We believe it results from the internal time-step creation optimized for efficiency. It causes false-positives in the verification of security order. A small nonlinear function with a domain-oriented masking scheme is used to demonstrate these SPICE-simulation anomalies.