2021
DOI: 10.1007/978-3-030-68773-1_11
|View full text |Cite
|
Sign up to set email alerts
|

Custom Instruction Support for Modular Defense Against Side-Channel and Fault Attacks

Abstract: The design of software countermeasures against active and passive adversaries is a challenging problem that has been addressed by many authors in recent years. The proposed solutions adopt a theoretical foundation (such as a leakage model) but often do not offer concrete reference implementations to validate the foundation. Contributing to the experimental dimension of this body of work, we propose a customized processor called SKIVA that supports experiments with the design of countermeasures against a broad … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
14
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
6
1

Relationship

2
5

Authors

Journals

citations
Cited by 13 publications
(17 citation statements)
references
References 42 publications
0
14
0
Order By: Relevance
“…(1) We propose a software countermeasure based on dual data-redundancy obtained through our novel bit-sliced design for NTT in order to detect computation faults. While the use of bit-slicing with Intra-Instruction Redundancy (IIR) in context of fault attacks is not new [24], it's application in the context of lattice-based post-quantum algorithms is still unexplored. (2) The proposed countermeasure is generic and can easily be ported to other lattice-based post-quantum schemes having polynomial multiplications in abundance.…”
Section: Our Contributionmentioning
confidence: 99%
See 1 more Smart Citation
“…(1) We propose a software countermeasure based on dual data-redundancy obtained through our novel bit-sliced design for NTT in order to detect computation faults. While the use of bit-slicing with Intra-Instruction Redundancy (IIR) in context of fault attacks is not new [24], it's application in the context of lattice-based post-quantum algorithms is still unexplored. (2) The proposed countermeasure is generic and can easily be ported to other lattice-based post-quantum schemes having polynomial multiplications in abundance.…”
Section: Our Contributionmentioning
confidence: 99%
“…Clearly, there is a need for comprehensive and fine-grained countermeasures to simultaneously protect lattice-based schemes against fault-injection and side-channel attacks while incurring tolerable performance costs. Bit-slicing has been proposed as a concrete software countermeasure against combined fault attacks and side-channel attacks using Intra-Instruction Redundancy (IIR) [9,24,30] and higher-order masking [24] respectively.…”
Section: Introductionmentioning
confidence: 99%
“…In order to evaluate our Threshold Implementation of LED, we add it to Skiva 2 [23] as a coprocessor. Skiva is an extension of the 32bit SPARC V8 ISA.…”
Section: A Experimental Setupmentioning
confidence: 99%
“…A DOM ISA is proposed in [31] where a protected and unprotected datapath coexist in the same processor and depending on the sensitivity of the operations one or the other can be chosen by the developer. To eliminate leakage the two datapaths are kept completely separate.…”
Section: B Solutions In Literaturementioning
confidence: 99%
“…To eliminate leakage the two datapaths are kept completely separate. Earlier work [31] provided custom instructions that support masking as well as bitslicing and fault detection, all of which could be layered. However, to use it, the software developer was burdened with bitslicing the code and had to pay special attention in allocating registers for their variables.…”
Section: B Solutions In Literaturementioning
confidence: 99%