Paper 2019/1445

Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers

Madura A Shelton, Niels Samwel, Lejla Batina, Francesco Regazzoni, Markus Wagner, and Yuval Yarom


Since their introduction over two decades ago, side-channel attacks have presented a serious security threat. While many ciphers' implementations employ masking techniques to protect against such attacks, they often leak secret information due to unintended interactions in the hardware. We present Rosita, a code rewrite engine that uses a leakage emulator which we amend to correctly emulate the micro-architecture of a target system. We use Rosita to automatically protect masked implementations of AES, ChaCha, and Xoodoo. For AES and Xoodoo, we show the absence of observable leakage at 1,000,000 traces with less than 21% penalty to the performance. For ChaCha, which has significantly more leakage, Rosita eliminates over 99% of the leakage, at a performance cost of 64%.

Available format(s)
Publication info
Published elsewhere. Network and Distributed Systems Security (NDSS) Symposium 2021
side channelspower analysisautomatic leakage mitigation
Contact author(s)
madura shelton @ adelaide edu au
nsamwel @ cs ru nl
lejla @ cs ru nl
regazzoni @ alari ch
markus wagner @ adelaide edu au
yval @ cs adelaide edu au
2020-11-19: last of 3 revisions
2019-12-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Madura A Shelton and Niels Samwel and Lejla Batina and Francesco Regazzoni and Markus Wagner and Yuval Yarom},
      title = {Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1445},
      year = {2019},
      doi = {10.14722/ndss.2021.23137},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.