Abstract
In both hardware and software, masking can represent an effective means ofhardening an implementation against side-channel attack vectors such as DifferentialPower Analysis (DPA). Focusing on software, however, the use of masking can presentvarious challenges: specifically, it often 1) requires significant effort to translate anytheoretical security properties into practice, and, even then, 2) imposes a significantoverhead in terms of efficiency. To address both challenges, this paper explores theuse of an Instruction Set Extension (ISE) to support masking in software-basedimplementations of a range of (symmetric) cryptographic kernels including AES: wedesign, implement, and evaluate such an ISE, using RISC-V as the base ISA. OurISE-supported first-order masked implementation of AES, for example, is an orderof magnitude more efficient than a software-only alternative with respect to bothexecution latency and memory footprint; this renders it comparable to an unmaskedimplementation using the same metrics, but also first-order secure.
| Original language | English |
|---|---|
| Pages (from-to) | 283-325 |
| Number of pages | 43 |
| Journal | IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) |
| Volume | 2021 |
| Issue number | 4 |
| DOIs | |
| Publication status | Published - 11 Aug 2021 |
Bibliographical note
Publisher Copyright:© 2021, Ruhr-University of Bochum. All rights reserved.