This work addresses the challenge of verifying masked hardware generated by high-level synthesis (HLS), where resource sharing commonly induces false positives in existing verification tools and no security verification methodology specifically targets the controller–datapath architecture. To this end, we propose MaskedHLSVerif—the first state-level formal verification framework tailored for HLS-generated masked circuits. By explicitly separating the controller and datapath in the model and performing state-level analysis, our approach effectively eliminates spurious leakage reports caused by resource reuse while accurately detecting genuine masking flaws introduced by HLS optimizations. Experimental evaluation on standard cryptographic benchmarks, including the PRESENT S-box and cascaded masking schemes, demonstrates that MaskedHLSVerif correctly identifies real security vulnerabilities, whereas prior tools such as REBECCA produce false alarms.

Masking is a countermeasure against Power Side Channel Attacks (PSCAs) in both software and hardware implementations of cryptographic algorithms. Compared to software masking, implementing masked hardware is time consuming and error prone. Recent approaches, therefore, rely on High Level Synthesis (HLS) tools to automatically generate masked Register Transfer Level (RTL) hardware from verified masked software, significantly reducing design effort. Since HLS was never developed for security, HLS optimizations may impact PSCA security of the generated RTL. As a result, verifying the PSCA security of HLS generated masked RTL is crucial. Existing hardware masking verification tools can verify masked hardware, but may produce false positives when applied to HLS generated designs with controller datapath architectures obtained due to resource-shared datapath obtained via HLS. This work proposes a hardware masking verification strategy for HLS generated masked hardware. Our toolflow MaskedHLSVerif, performs state-wise formal verification of controller datapath RTL obtained via HLS, thereby avoiding false positives caused by resource-shared datapaths. Our tool flow correctly verifies standard cryptographic benchmarks, consisting of cascaded masked gadgets and the PRESENT S-box masked with gadgets, where existing tools like REBECCA reports false positives. The proposed tool-flow is able to detect masking flaws induced by HLS-optimizations as well.