This work addresses the inefficiency of existing hardware security verification methods in analyzing information-flow properties—such as confidentiality and integrity—due to their failure to exploit the structural characteristics of self-compositional designs. To overcome this limitation, the paper introduces SecIC3, a customized IC3-based model checker tailored for non-interference properties. SecIC3 is the first to systematically integrate self-composition into the IC3 framework to accelerate verification, leveraging two key techniques: symmetric state exploration and equivalence-aware predicate inference. Experimental evaluation on ten benchmark circuits demonstrates that the proposed approach achieves up to a 49.3× speedup in verification time, confirming its effectiveness and scalability.

Recent years have seen significant advances in using formal verification to check hardware security properties. Of particular practical interest are checking confidentiality and integrity of secrets, by checking that there is no information flow between the secrets and observable outputs. A standard method for checking information flow is to translate the corresponding non-interference hyperproperty into a safety property on a self-composition of the design, which has two copies of the design composed together. Although prior efforts have aimed to reduce the size of the self-composed design, there are no state-of-the-art model checkers that exploit their special structure for hardware security verification. In this paper, we propose SecIC3, a hardware model checking algorithm based on IC3 that is customized to exploit this self-composition structure. SecIC3 utilizes this structure in two complementary techniques: symmetric state exploration and adding equivalence predicates. We implement SecIC3 on top of two open-source IC3 implementations and evaluate it on a non-interference checking benchmark consisting of 10 designs. The experiment results show that SecIC3 significantly reduces the time for finding security proofs, with up to 49.3x proof speedup compared to baseline implementations.