An Instruction Set Extension to Support Software-Based Masking

Si Gao, Johann Großschädl, Ben Marshall, Daniel Page, Thinh H Pham, Francesco Regazzoni

Research output: Contribution to journalArticle (Academic Journal)peer-review

8 Citations (Scopus)
162 Downloads (Pure)


In both hardware and software, masking can represent an effective means ofhardening an implementation against side-channel attack vectors such as DifferentialPower Analysis (DPA). Focusing on software, however, the use of masking can presentvarious challenges: specifically, it often 1) requires significant effort to translate anytheoretical security properties into practice, and, even then, 2) imposes a significantoverhead in terms of efficiency. To address both challenges, this paper explores theuse of an Instruction Set Extension (ISE) to support masking in software-basedimplementations of a range of (symmetric) cryptographic kernels including AES: wedesign, implement, and evaluate such an ISE, using RISC-V as the base ISA. OurISE-supported first-order masked implementation of AES, for example, is an orderof magnitude more efficient than a software-only alternative with respect to bothexecution latency and memory footprint; this renders it comparable to an unmaskedimplementation using the same metrics, but also first-order secure.
Original languageEnglish
Pages (from-to)283-325
Number of pages43
JournalIACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
Issue number4
Publication statusPublished - 11 Aug 2021

Bibliographical note

Publisher Copyright:
© 2021, Ruhr-University of Bochum. All rights reserved.


Dive into the research topics of 'An Instruction Set Extension to Support Software-Based Masking'. Together they form a unique fingerprint.

Cite this