Paper 2023/1287
To extend or not to extend: Agile Masking Instructions for PQC
Abstract
Splitting up sensitive data into multiple shares – termed masking – has proven an effective countermeasure against various types of Side-Channel Analysis (SCA) on cryptographic implementations. However, in software this approach not only leads to dramatic performance overheads for non-linear operations, but also suffers from microarchitectural leakage, which is hard to avoid. Both problems can be addressed with one solution: masked hardware accelerators. In this context, Gao et al. [GGM+ 21] presented a RISC-V Instruction Set Extension (ISE) with masked Boolean and arithmetic instructions to accelerate masked software implementations of block ciphers. In this work, we demonstrate how this ISE can be applied to and extended for Post-Quantum Cryptography (PQC) components, forming a crypto-agile solution. We provide masked implementations based on three different ISE constellations for multiple highly relevant components, including Cumulative Distribution Table (CDT) sampling and polynomial rotation, which, to the best of our knowledge, have not been masked before. With the masked instructions, we measure speedups of more than one order of magnitude compared to sophisticated bitsliced implementations and even up to two orders of magnitude for non-bitsliced implementations. We assert the first-order security of our implementation with a practical evaluation.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- PQCFixed-Weight Polynomial SamplingSCAMaskingRISC-VBIKEFrodoHQC
- Contact author(s)
-
markus krausz @ rub de
mail @ georg land
florian stolz @ rub de
dennis naujoks @ etas com
jan richter-brockmann @ rub de
tim gueneysu @ rub de
lucie kogelheise @ bwi com - History
- 2024-02-29: revised
- 2023-08-28: received
- See all versions
- Short URL
- https://ia.cr/2023/1287
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1287, author = {Markus Krausz and Georg Land and Florian Stolz and Dennis Naujoks and Jan Richter-Brockmann and Tim Güneysu and Lucie Kogelheide}, title = {To extend or not to extend: Agile Masking Instructions for {PQC}}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1287}, year = {2023}, url = {https://eprint.iacr.org/2023/1287} }