An Instruction Set Extension to Support Software-Based Masking
In both hardware and software, masking can represent an effective means of hardening an implementation against side-channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires s...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2021-08-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/9067 |
| _version_ | 1819225597880041472 |
|---|---|
| author | Si Gao Johann Großschädl Ben Marshall Dan Page Thinh Pham Francesco Regazzoni |
| author_facet | Si Gao Johann Großschädl Ben Marshall Dan Page Thinh Pham Francesco Regazzoni |
| author_sort | Si Gao |
| collection | DOAJ |
| description | In both hardware and software, masking can represent an effective means of hardening an implementation against side-channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires significant effort to translate any theoretical security properties into practice, and, even then, 2) imposes a significant overhead in terms of efficiency. To address both challenges, this paper explores the use of an Instruction Set Extension (ISE) to support masking in software-based implementations of a range of (symmetric) cryptographic kernels including AES: we design, implement, and evaluate such an ISE, using RISC-V as the base ISA. Our ISE-supported first-order masked implementation of AES, for example, is an order of magnitude more efficient than a software-only alternative with respect to both execution latency and memory footprint; this renders it comparable to an unmasked implementation using the same metrics, but also first-order secure. |
| first_indexed | 2024-12-23T10:12:08Z |
| format | Article |
| id | doaj.art-a72c4f6b2fdc41048b1721ff02d3d061 |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-12-23T10:12:08Z |
| publishDate | 2021-08-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-a72c4f6b2fdc41048b1721ff02d3d0612022-12-21T17:50:56ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252021-08-012021410.46586/tches.v2021.i4.283-325An Instruction Set Extension to Support Software-Based MaskingSi Gao0Johann Großschädl1Ben Marshall2Dan Page3Thinh Pham4Francesco Regazzoni5Alpen-Adria Universität Klagenfurt, Klagenfurt, AustriaDepartment of Computer Science, University of Luxembourg, Luxembourg, LuxembourgDepartment of Computer Science, University of Bristol, Bristol, UK; PQShield Ltd, Oxford, UKDepartment of Computer Science, University of Bristol, Bristol, UKDepartment of Computer Science, University of Bristol, Bristol, UKUniversitÃa della Svizzera italiana, Lugano, SwitzerlandIn both hardware and software, masking can represent an effective means of hardening an implementation against side-channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires significant effort to translate any theoretical security properties into practice, and, even then, 2) imposes a significant overhead in terms of efficiency. To address both challenges, this paper explores the use of an Instruction Set Extension (ISE) to support masking in software-based implementations of a range of (symmetric) cryptographic kernels including AES: we design, implement, and evaluate such an ISE, using RISC-V as the base ISA. Our ISE-supported first-order masked implementation of AES, for example, is an order of magnitude more efficient than a software-only alternative with respect to both execution latency and memory footprint; this renders it comparable to an unmasked implementation using the same metrics, but also first-order secure.https://tches.iacr.org/index.php/TCHES/article/view/9067side-channel attackmaskingRISC-VISE |
| spellingShingle | Si Gao Johann Großschädl Ben Marshall Dan Page Thinh Pham Francesco Regazzoni An Instruction Set Extension to Support Software-Based Masking Transactions on Cryptographic Hardware and Embedded Systems side-channel attack masking RISC-V ISE |
| title | An Instruction Set Extension to Support Software-Based Masking |
| title_full | An Instruction Set Extension to Support Software-Based Masking |
| title_fullStr | An Instruction Set Extension to Support Software-Based Masking |
| title_full_unstemmed | An Instruction Set Extension to Support Software-Based Masking |
| title_short | An Instruction Set Extension to Support Software-Based Masking |
| title_sort | instruction set extension to support software based masking |
| topic | side-channel attack masking RISC-V ISE |
| url | https://tches.iacr.org/index.php/TCHES/article/view/9067 |
| work_keys_str_mv | AT sigao aninstructionsetextensiontosupportsoftwarebasedmasking AT johanngroßschadl aninstructionsetextensiontosupportsoftwarebasedmasking AT benmarshall aninstructionsetextensiontosupportsoftwarebasedmasking AT danpage aninstructionsetextensiontosupportsoftwarebasedmasking AT thinhpham aninstructionsetextensiontosupportsoftwarebasedmasking AT francescoregazzoni aninstructionsetextensiontosupportsoftwarebasedmasking AT sigao instructionsetextensiontosupportsoftwarebasedmasking AT johanngroßschadl instructionsetextensiontosupportsoftwarebasedmasking AT benmarshall instructionsetextensiontosupportsoftwarebasedmasking AT danpage instructionsetextensiontosupportsoftwarebasedmasking AT thinhpham instructionsetextensiontosupportsoftwarebasedmasking AT francescoregazzoni instructionsetextensiontosupportsoftwarebasedmasking |