Paper 2021/1416
SME: Scalable Masking Extensions
Ben Marshall and Dan Page
Abstract
Supporting masking countermeasures for non-invasive side-channel security in instructions set architectures is a hard problem. Masked operations often have a large number of inputs and outputs, and enabling portable higher order masking has remained a difficult. However, there are clear benefits to enabling this in terms of performance, code density and security guarantees. We present SME, an instruction set extension for enabling secure and efficient software masking of cryptographic code at higher security orders. Our design improves on past work by enabling the same software to run at higher masking orders, depending on the level of security the CPU/SoC implementer has deemed appropriate for their product or device at design time. Our approach relies on similarities between implementations of higher order masking schemes and traditional vector programming. It greatly simplifies the task of writing masked software, and restores the basic promise of ISAs: that the same software will run correctly and securely on any correctly implemented CPU with the necessary security guarantees. We describe our concept as a custom extension to the RISC-V ISA, and its soon to be ratified scalar cryptography extension. An example implementation is also described, with performance and area tradeoffs detailed for several masking security orders. To our knowledge, ours is the first example of enabling flexible side-channel secure implementations of the official RISC-V lightweight cryptography instructions.
Note: Work In Progress.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- side-channel attackmicro-architectural leakageinstruction set extensionmaskingRISC-V
- Contact author(s)
- ben marshall @ bristol ac uk
- History
- 2021-10-24: received
- Short URL
- https://ia.cr/2021/1416
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1416, author = {Ben Marshall and Dan Page}, title = {{SME}: Scalable Masking Extensions}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/1416}, year = {2021}, url = {https://eprint.iacr.org/2021/1416} }