Paper 2023/1287

To extend or not to extend: Agile Masking Instructions for PQC

Markus Krausz, Ruhr University Bochum
Georg Land, Ruhr University Bochum
Florian Stolz, Ruhr University Bochum
Dennis Naujoks, ETAS GmbH
Jan Richter-Brockmann, Ruhr University Bochum
Tim Güneysu, Ruhr University Bochum, German Research Centre for Artificial Intelligence
Lucie Kogelheide, BWI GmbH

Splitting up sensitive data into multiple shares – termed masking – has proven an effective countermeasure against various types of Side-Channel Analysis (SCA) on cryptographic implementations. However, in software this approach not only leads to dramatic performance overheads for non-linear operations, but also suffers from microarchitectural leakage, which is hard to avoid. Both problems can be addressed with one solution: masked hardware accelerators. In this context, Gao et al. [GGM+ 21] presented a RISC-V Instruction Set Extension (ISE) with masked Boolean and arithmetic instructions to accelerate masked software implementations of block ciphers. In this work, we demonstrate how this ISE can be applied to and extended for Post-Quantum Cryptography (PQC) components, forming a crypto-agile solution. We provide masked implementations based on three different ISE constellations for multiple highly relevant components, including Cumulative Distribution Table (CDT) sampling and polynomial rotation, which, to the best of our knowledge, have not been masked before. With the masked instructions, we measure speedups of more than one order of magnitude compared to sophisticated bitsliced implementations and even up to two orders of magnitude for non-bitsliced implementations. We assert the first-order security of our implementation with a practical evaluation.

Available format(s)
Publication info
PQCFixed-Weight Polynomial SamplingSCAMaskingRISC-VBIKEFrodoHQC
Contact author(s)
markus krausz @ rub de
mail @ georg land
florian stolz @ rub de
dennis naujoks @ etas com
jan richter-brockmann @ rub de
tim gueneysu @ rub de
lucie kogelheise @ bwi com
2024-02-29: revised
2023-08-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Markus Krausz and Georg Land and Florian Stolz and Dennis Naujoks and Jan Richter-Brockmann and Tim Güneysu and Lucie Kogelheide},
      title = {To extend or not to extend: Agile Masking Instructions for {PQC}},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1287},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.