Open AccessAn Instruction Set Extension to Support Software-Based Masking
Author(s) -
Si Gao,
Johann Großschädl,
Ben Marshall,
Daniel Page,
Thinh Hung Pham,
Francesco Regazzoni
Publication year - 2021
Publication title -
iacr transactions on cryptographic hardware and embedded systems
Language(s) - English
Resource type - Journals
ISSN - 2569-2925
DOI - 10.46586/tches.v2021.i4.283-325
Subject(s) - computer science , aes implementations , masking (illustration) , software , power analysis , memory footprint , software implementation , instruction set , side channel attack , cryptography , embedded system , set (abstract data type) , reduced instruction set computing , computer engineering , computer architecture , parallel computing , operating system , algorithm , programming language , advanced encryption standard , art , visual arts
In both hardware and software, masking can represent an effective means of hardening an implementation against side-channel attack vectors such as Differential Power Analysis (DPA). Focusing on software, however, the use of masking can present various challenges: specifically, it often 1) requires significant effort to translate any theoretical security properties into practice, and, even then, 2) imposes a significant overhead in terms of efficiency. To address both challenges, this paper explores the use of an Instruction Set Extension (ISE) to support masking in software-based implementations of a range of (symmetric) cryptographic kernels including AES: we design, implement, and evaluate such an ISE, using RISC-V as the base ISA. Our ISE-supported first-order masked implementation of AES, for example, is an order of magnitude more efficient than a software-only alternative with respect to both execution latency and memory footprint; this renders it comparable to an unmasked implementation using the same metrics, but also first-order secure.