Cryptology ePrint Archive: Report 2016/935

Concealing Secrets in Embedded Processors Designs

Hannes Gross and Manuel Jelinek and Stefan Mangard and Thomas Unterluggauer and Mario Werner

Abstract: Side-channel analysis (SCA) attacks pose a serious threat to embedded systems. So far, the research on masking as a countermeasure against SCA focuses merely on cryptographic algorithms, and has either been implemented for particular hardware or software implementations. However, the drawbacks of protecting specific implementations are the lack of flexibility in terms of used algorithms, the impossibility to update protected hardware implementations, and long development cycles for protecting new algorithms. Furthermore, cryptographic algorithms are usually just one part of an embedded system that operates on informational assets. Protecting only this part of a system is thus not sufficient for most security critical embedded applications. In this work, we introduce a flexible, SCA-protected processor design based on the open-source V-scale RISC-V processor. The introduced processor design can be synthesized to defeat SCA attacks of arbitrary attack order. Once synthesized, the processor protects the computation on security-sensitive data against side-channel leakage. The benefits of our approach are (1) flexibility and updatability, (2) faster development of SCA-protected systems, (3) transparency for software developers, (4) arbitrary SCA protection level, (5) protection not only for cryptographic algorithms, but against leakage in general caused by processing sensitive data.

Category / Keywords: implementation / protected CPU, domain-orientend masking, masking, side-channel protection, threshold implementations, RISC-V, V-scale

Original Publication (in the same form): Smart Card Research and Advanced Applications - 15th International Conference (CARDIS 2016)

Date: received 28 Sep 2016

Contact author: hannes gross at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20160929:103355 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]