Custom Instruction Support for Modular Defense Against Side-Channel and Fault Attacks

Kiaei, Pantea; Mercadier, Darius; Dagand, Pierre-Évariste; Heydemann, Karine; Schaumont, Patrick

doi:10.1007/978-3-030-68773-1_11

Cited by 12 publications

(17 citation statements)

References 42 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(1) We propose a software countermeasure based on dual data-redundancy obtained through our novel bit-sliced design for NTT in order to detect computation faults. While the use of bit-slicing with Intra-Instruction Redundancy (IIR) in context of fault attacks is not new [24], it's application in the context of lattice-based post-quantum algorithms is still unexplored. (2) The proposed countermeasure is generic and can easily be ported to other lattice-based post-quantum schemes having polynomial multiplications in abundance.…”

Section: Our Contributionmentioning

confidence: 99%

“…Clearly, there is a need for comprehensive and fine-grained countermeasures to simultaneously protect lattice-based schemes against fault-injection and side-channel attacks while incurring tolerable performance costs. Bit-slicing has been proposed as a concrete software countermeasure against combined fault attacks and side-channel attacks using Intra-Instruction Redundancy (IIR) [9,24,30] and higher-order masking [24] respectively.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations

Singh¹,

Islam²,

Sunar³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Bit-slicing is a software implementation technique that treats an N-bit processor datapath as N parallel single-bit datapaths. The natural spatial redundancy of bit-sliced software can be used to build countermeasures against implementation attacks. While the merits of bit-slicing for side-channel countermeasures have been studied before, their application for protection of post-quantum algorithms against fault injection is still unexplored. We present an end-to-end analysis of the efficacy of bit-slicing to detect and thwart electromagnetic fault injection (EMFI) attacks on post-quantum cryptography (PQC). We study Dilithium, a digital signature finalist of the NIST PQC competition. We present a bit-slice-redundant design for the Number-Theoretic Transform (NTT), the most complex and compute-intensive component in Dilithium. We show a data-redundant countermeasure for NTT which offers two concurrent bits for every single bit in the original implementation. We then implement a full Dilithium signature sequence on a 667 MHz ARM Cortex-A9 processor integrated in a Xilinx Zynq SoC. We perform a detailed EM fault-injection parameter search to optimize the location, intensity and timing of injected EM pulses. We demonstrate that, under optimized fault injection parameters, about 10% of the injected faults become potentially exploitable. However, the bit-sliced NTT design is able to catch the majority of these potentially exploitable faults, even when the remainder of the Dilithium algorithm as well as the control flow is left unprotected. To our knowledge, this is the first demonstration of a bitslice-redundant design of Dilithium that offers distributed fault detection throughout the execution of the algorithm.

show abstract

Section: Our Contributionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations

Singh¹,

Islam²,

Sunar³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…In order to evaluate our Threshold Implementation of LED, we add it to Skiva 2 [23] as a coprocessor. Skiva is an extension of the 32bit SPARC V8 ISA.…”

Section: A Experimental Setupmentioning

confidence: 99%

Dimming Down LED: An Open-source Threshold Implementation on Light Encryption Device (LED) Block Cipher

Yuan¹,

Yang²,

Kiaei³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Lightweight block ciphers have been widely used in applications such as RFID tags, IoTs and network sensors. Among them, with comparable parameters, the Light Encryption Device (LED) block cipher achieves the smallest area. However, implementation of encryption algorithms manifest side-channel leakage, therefore, it is crucial to protect their design against side-channel analysis. In this paper, we present a threshold implementation of the LED cipher which has 64-bit data input and 128-bit key. The presented design splits secret information among multiple shares to achieve a higher security level. We demonstrate that our implementation can protect against firstorder power side-channel attack. As a cost, the design area is almost doubled and the maximum operating frequency is degraded by 30%. To make our design verifiable, we have also open-sourced our design online. 1

show abstract

“…A DOM ISA is proposed in [31] where a protected and unprotected datapath coexist in the same processor and depending on the sensitivity of the operations one or the other can be chosen by the developer. To eliminate leakage the two datapaths are kept completely separate.…”

Section: B Solutions In Literaturementioning

confidence: 99%

“…To eliminate leakage the two datapaths are kept completely separate. Earlier work [31] provided custom instructions that support masking as well as bitslicing and fault detection, all of which could be layered. However, to use it, the software developer was burdened with bitslicing the code and had to pay special attention in allocating registers for their variables.…”

Section: B Solutions In Literaturementioning

confidence: 99%

Security, Reliability and Test Aspects of the RISC-V Ecosystem

Abella

Alcaide

Anders

et al. 2021

2021 IEEE European Test Symposium (ETS)

View full text Add to dashboard Cite

RISC-V has emerged as a viable solution on academia and industry. However, to use open source hardware for safety-critical applications, we need a deep understanding of the way in which well established mechanisms for testing and reliability could be integrated and deployed on the RISC-V ecosystem, and we need a clear knowledge on how such an ecosystem can be leveraged to improve security. This paper includes four contributions presenting the potential of RISC-V in security research, the way in which RISC-V can be hardened against power analysis attacks, how to implement, using RISC-V, software and hardware/software solutions for dual core lock step, and how to perform system-level testing in the RISC-V ecosystem.

show abstract

Custom Instruction Support for Modular Defense Against Side-Channel and Fault Attacks

Cited by 12 publications

References 42 publications

An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations

An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations

Dimming Down LED: An Open-source Threshold Implementation on Light Encryption Device (LED) Block Cipher

Security, Reliability and Test Aspects of the RISC-V Ecosystem

Contact Info

Product

Resources

About