Paper 2020/773

An Instruction Set Extension to Support Software-Based Masking

Si Gao, Johann Großschädl, Ben Marshall, Dan Page, Thinh Pham, and Francesco Regazzoni


In both hardware and software, masking can represent an effective means of hardening an implementation against side channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires significant effort to translate any theoretical security properties into practice, and, even then, 2) imposes a significant overhead in terms of efficiency. To address both challenges, this paper explores use of an Instruction Set Extension (ISE) to support masking in software-based implementations of a range of (symmetric) cryptographic kernels including AES: we design, implement, and evaluate such an ISE, using RISC-V as the base ISA. Our ISE-supported first-order masked implementation of AES, for example, is an order of magnitude more efficient than a software-only alternative wrt. both execution latency and memory footprint; this renders it comparable to an unmasked implementation using the same metrics, but also first-order secure.

Available format(s)
Publication info
A minor revision of an IACR publication in TCHES 2021
Symmetric CryptosystemsDifferential Power AnalysisMaskingInstruction Set ExtensionRISC-V Architecture
Contact author(s)
johann groszschaedl @ uni lu
2021-07-14: last of 2 revisions
2020-06-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Si Gao and Johann Großschädl and Ben Marshall and Dan Page and Thinh Pham and Francesco Regazzoni},
      title = {An Instruction Set Extension to Support Software-Based Masking},
      howpublished = {Cryptology ePrint Archive, Paper 2020/773},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.