output_shares - ChairImpSec/PROLEAD GitHub Wiki
Type
String Array
Default
none - Can be specified if desired.
Description
Specifies all primary output shares of the circuit. After simulating, PROLEAD decodes the provided sharing in order to check the correctness of the unshared output value.
Impact
This setting ensures that the simulation operates as intended by providing a mechanism to verify correct behavior. We recommend specifying output_shares
for every evaluation.
Examples
"simulation": {
"groups": [
/* First group corresponds to a random plaintext and key */
"256'h$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"
/* Second group corresponds to a fixed plaintext and key */
"256'h328831E0435A3137F6309807A88DA2342B28AB097EAEF7CF15D2154F16A6883C",
],
"output_shares": [
/* We specify two 128 bit output shares */
"first_output_share[127:0]",
"second_output_share[127:0]"
],
"expected_output": [
/* We expect a random output for the first group */
"128'h$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$",
/* We expect a fixed output for the second group */
"128'h3902DC1925DC116A8409850B1DFB9732"
]
}
In this example, we consider an AES implementation with two 128-bit output shares, first_output_share
and second_output_share
. We configure PROLEAD to evaluate a fixed-vs-random setting. Specifically, for the first group, both the plaintext and the key are set to random values, while for the second group, they are set to standard AES test vectors. For the unshared output, we assume that in the random group, the output is also random, meaning we cannot assign a specific output value. For the second group, the unshared input is fixed, and we can assume the fixed unshared output is simulated.