Paper 2020/773

An Instruction Set Extension to Support Software-Based Masking

Si Gao, Johann Großschädl, Ben Marshall, Dan Page, Thinh Pham, and Francesco Regazzoni

Abstract

In both hardware and software, masking can represent an effective means of hardening an implementation against side channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires significant effort to translate any theoretical security properties into practice, and, even then, 2) imposes a significant overhead in terms of efficiency. To address both challenges, this paper explores use of an Instruction Set Extension (ISE) to support masking in software-based implementations of a range of (symmetric) cryptographic kernels including AES: we design, implement, and evaluate such an ISE, using RISC-V as the base ISA. Our ISE-supported first-order masked implementation of AES, for example, is an order of magnitude more efficient than a software-only alternative wrt. both execution latency and memory footprint; this renders it comparable to an unmasked implementation using the same metrics, but also first-order secure.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in TCHES 2021
Keywords
Symmetric CryptosystemsDifferential Power AnalysisMaskingInstruction Set ExtensionRISC-V Architecture
Contact author(s)
johann groszschaedl @ uni lu
History
2021-07-14: last of 2 revisions
2020-06-24: received
See all versions
Short URL
https://ia.cr/2020/773
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/773,
      author = {Si Gao and Johann Großschädl and Ben Marshall and Dan Page and Thinh Pham and Francesco Regazzoni},
      title = {An Instruction Set Extension to Support Software-Based Masking},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/773},
      year = {2020},
      url = {https://eprint.iacr.org/2020/773}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.