“…In addition to power side-channel attacks, there are other types of side-channel attacks against cryptographic programs, where the side channels can be in the form of, e.g., CPU time, faults, and cache behaviors. Techniques for verification and mitigation of these Formal Verification of Higher-Order Masked Arithmetic Programs 26:37 types of side-channel attacks have been studied in the literature, such as [3,4,7,30,37,81,104,105,125,126] for timing side-channel attacks, [13,14,34,35,38,51,66,71,83,116,121,125] for cache side-channel attacks, and [12,22,28,29,56,73] for fault attacks. Each type of side-channel has unique characteristics, which usually requires specific verification techniques, so these results are orthogonal to our work.…”