Transparent Transformations for Timing Side-Channel Analysis (2501.04183v2)

Abstract: Side-channel analysis frameworks often lift programs into an intermediate representation (IR) before analyzing them. IRs are subject to transformations, which we call ex ante (XA) transformations, that improve the efficiency and accuracy of the analysis, thereby directly impacting the validity of analysis results. This paper explores the impact of XA transformations in the setting of timing-based side-channel analysis frameworks, focusing on the constant-time policy that many cryptographic libraries adopt. We identify two properties of XA transformations that directly impact the soundness and precision of side-channel analysis. The first property, preservation, requires that the transformation does not introduce leakage and is required to avoid false positives, i.e., for precision. The second one, reflection, requires that the transformation does not remove leakage and is required to avoid false negatives, i.e., for soundness. The combination of preservation and reflection, which we call transparency, is essential for sound and precise transformations. While preservation has been studied in the context of secure compilation, there is little work on reflection. This paper initiates the study of reflection and transparency. We formalize their definitions, propose a general method for proving that a transformation is transparent, and apply our method to different standard transformations. Subsequently, we present a transparent decompiler that combines seven XA transformations and prove that it is sound and precise. Additionally, we review the transparency of five existing tools and unveil violations in popular side-channel analysis frameworks and decompilers. Finally, we extend our approach to the setting of speculative side-channels. We redefine transparency of transformations with respect to Spectre attacks, and reevaluate the XA transformations for transparency w.r.t. Spectre.