In this paper, we overcome the current situation and present the first approach for co-design and co-verification of masked software implementations on CPUs. First, we present Coco, a tool that allows us to provide security proofs at the gate-level for the execution of a masked software implementation on a concrete CPU. Using Coco , we analyze the popular 32-bit RISC-V Ibex core, identify all design aspects that violate the security of our tested masked software implementations and perform corrections, mostly in hardware. The resulting secured Ibex core has an area overhead around 10%, the runtime of software on this core is largely unaffected, and the formal verification with Coco of an, e.g., first-order masked Keccak S-box running on the secured Ibex core takes around 156 seconds. To demonstrate the effectiveness of our suggested design modifications, we perform practical leakage assessments using an FPGA evaluation board.
Category / Keywords: implementation / verification, masking, block ciphers, implementation, side-channel analysis, glitches, power analysis Date: received 16 Oct 2020, last revised 1 Mar 2021 Contact author: barbara gigerl at iaik tugraz at, vedad hadzic@iaik tugraz at, robert primas@iaik tugraz at, stefan mangard@iaik tugraz at, roderick bloem@iaik tugraz at Available format(s): PDF | BibTeX Citation Version: 20210301:093917 (All versions of this report) Short URL: ia.cr/2020/1294