Cryptology ePrint Archive: Report 2019/756

SKIVA: Flexible and Modular Side-channel and Fault Countermeasures

Pantea Kiaei and Darius Mercadier and Pierre-Evariste Dagand and Karine Heydemann and Patrick Schaumont

Abstract: We describe SKIVA, a customized 32-bit processor enabling the design of software countermeasures for a broad range of implementation attacks covering fault injection and side-channel analysis of timing-based and power-based leakage. We design the countermeasures as variants of bitslice programming. Our protection scheme is flexible and modular, allowing us to combine higher-order masking -- fending off side-channel analysis -- with complementary spatial and temporal redundancy -- protecting against fault injection. Multiple configurations of side-channel and fault protection enable the programmer to select the desired number of shares and the desired redundancy level for each slice. Recurring and security-sensitive operations are supported in hardware through a custom instruction set extension. The new instructions support bitslicing, secret-share generation, redundant logic computation, and fault detection. We demonstrate and analyze multiple versions of AES from a side-channel analysis and a fault-injection perspective, in addition to providing a detailed performance evaluation of the protected designs.

Category / Keywords: implementation / Bitslicing, Side-channel attacks, Fault attacks, Custom-instruction extensions, Software Countermeasures

Date: received 26 Jun 2019, last revised 26 Jun 2019

Contact author: pantea95 at vt edu,darius mercadier@gmail com,pierre-evariste dagand@lip6 fr,karine heydemann@lip6 fr,schaum@vt edu

Available format(s): PDF | BibTeX Citation

Version: 20190702:141841 (All versions of this report)

Short URL: ia.cr/2019/756


[ Cryptology ePrint archive ]