{"title":"eLIMInate: a Leakage-focused ISE for Masked Implementation","authors":"Hao Cheng, D. Page","doi":"10.46586/tches.v2024.i2.329-358","DOIUrl":null,"url":null,"abstract":"Even given a state-of-the-art masking scheme, masked software implementation of some cryptography functionality can pose significant challenges stemming, e.g., from simultaneous requirements for efficiency and security. In this paper we design an Instruction Set Extension (ISE) to address a specific element of said challenge, namely the elimination of leakage stemming from architectural and microarchitectural overwriting. Conceptually, the ISE allows a leakage-focused behavioural hint to be communicated from software to the micro-architecture: using it informs how computation is realised when applied to masking-specific data, which then offers an opportunity to eliminate associated leakage. We develop prototype, latencyand area-optimised implementations of the ISE design based on the RISC-V Ibex core. Using them, we demonstrate that use of the ISE can close the gap between assumptions about and actual behaviour of a device and thereby deliver an improved security guarantee.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"57 3","pages":"966"},"PeriodicalIF":0.0000,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Cryptol. ePrint Arch.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tches.v2024.i2.329-358","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Even given a state-of-the-art masking scheme, masked software implementation of some cryptography functionality can pose significant challenges stemming, e.g., from simultaneous requirements for efficiency and security. In this paper we design an Instruction Set Extension (ISE) to address a specific element of said challenge, namely the elimination of leakage stemming from architectural and microarchitectural overwriting. Conceptually, the ISE allows a leakage-focused behavioural hint to be communicated from software to the micro-architecture: using it informs how computation is realised when applied to masking-specific data, which then offers an opportunity to eliminate associated leakage. We develop prototype, latencyand area-optimised implementations of the ISE design based on the RISC-V Ibex core. Using them, we demonstrate that use of the ISE can close the gap between assumptions about and actual behaviour of a device and thereby deliver an improved security guarantee.
即使采用最先进的掩码方案,某些加密功能的掩码软件实现也会面临巨大挑战,例如,同时满足效率和安全性要求。在本文中,我们设计了一种指令集扩展(ISE)来应对上述挑战中的一个特定因素,即消除因架构和微架构覆盖而产生的泄漏。从概念上讲,ISE 允许从软件向微体系结构传递以泄密为重点的行为提示:使用它可以了解在应用于特定掩码数据时如何实现计算,从而提供消除相关泄密的机会。我们开发了基于 RISC-V Ibex 内核的 ISE 设计原型、延迟和区域优化实现。通过使用它们,我们证明了 ISE 的使用可以缩小设备假设与实际行为之间的差距,从而提供更好的安全保证。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
