From theory to practice of private circuit: A cautionary note

Private circuits, from their publication, have been really popular among the researchers. They also form the basis for provable masking schemes. There are several works which try to improve the results of bit-level private circuits based on 2-input gates for the combinational logic. However, strangely, no practical side-channel analysis of private circuits has been presented so far, which is the focus of the present paper. In this paper, we have tried to identify the `ambush´ or hidden dangers in the implementation of private circuits, which can compromise its security in practical scenarios. We have implemented block cipher SIMON with private circuit and have performed side-channel analysis on it. The result shows that, in practice, there is significant amount of information leakage which can be exploited by adversaries. Some leakage comes from practical optimization applied by standard CAD tools, if they restructure the netlists. But even with immutable netlists, we identify leakage caused by a kind of glitch known as early evaluation. Lastly, we demonstrate how to translate theoretically secure private circuit to practically secure private circuit with added overhead, by clocking every combinational gate. Leakage detection tests are applied to attest the security of considered variants of private circuits.