To extend or not to extend: Agile Masking Instructions for PQC

Markus Krausz; Georg Land; Florian Stolz; Dennis Naujoks; Jan Richter-Brockmann; Tim Güneysu; Lucie Kogelheide

Paper 2023/1287

To extend or not to extend: Agile Masking Instructions for PQC

Markus Krausz

, Ruhr University Bochum

Georg Land

, Ruhr University Bochum

Florian Stolz

, Ruhr University Bochum

Dennis Naujoks, ETAS GmbH

Jan Richter-Brockmann

, Ruhr University Bochum

Tim Güneysu

, Ruhr University Bochum, German Research Centre for Artificial Intelligence

Lucie Kogelheide

, BWI GmbH

Abstract

Splitting up sensitive data into multiple shares – termed masking – has proven an effective countermeasure against various types of Side-Channel Analysis (SCA) on cryptographic implementations. However, in software this approach not only leads to dramatic performance overheads for non-linear operations, but also suffers from microarchitectural leakage, which is hard to avoid. Both problems can be addressed with one solution: masked hardware accelerators. In this context, Gao et al. [GGM+ 21] presented a RISC-V Instruction Set Extension (ISE) with masked Boolean and arithmetic instructions to accelerate masked software implementations of block ciphers. In this work, we demonstrate how this ISE can be applied to and extended for Post-Quantum Cryptography (PQC) components, forming a crypto-agile solution. We provide masked implementations based on three different ISE constellations for multiple highly relevant components, including Cumulative Distribution Table (CDT) sampling and polynomial rotation, which, to the best of our knowledge, have not been masked before. With the masked instructions, we measure speedups of more than one order of magnitude compared to sophisticated bitsliced implementations and even up to two orders of magnitude for non-bitsliced implementations. We assert the first-order security of our implementation with a practical evaluation.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint.
Keywords: PQC Fixed-Weight Polynomial Sampling SCA Masking RISC-V BIKE Frodo HQC
Contact author(s): markus krausz @ rub de
mail @ georg land
florian stolz @ rub de
dennis naujoks @ etas com
jan richter-brockmann @ rub de
tim gueneysu @ rub de
lucie kogelheise @ bwi com
History: 2024-02-29: revised; 2023-08-28: received; See all versions
Short URL: https://ia.cr/2023/1287
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1287,
      author = {Markus Krausz and Georg Land and Florian Stolz and Dennis Naujoks and Jan Richter-Brockmann and Tim Güneysu and Lucie Kogelheide},
      title = {To extend or not to extend: Agile Masking Instructions for PQC},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1287},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1287}},
      url = {https://eprint.iacr.org/2023/1287}
}