Secure and Efficient Software Masking on Superscalar Pipelined Processors

Physical side-channel attacks like power analysis pose a serious threat to cryptographic devices in real-world applications. Consequently, devices implement algorithmic countermeasures like masking.
In the past, works on the design and verification of masked software im-
plementations have mostly focused on simple microprocessors that find
usage on smart cards. However, many other applications such as in the
automotive industry require side-channel protected cryptographic com-
putations on much more powerful CPUs. In such situations, the security
loss due to complex architectural side-effects, the corresponding perfor-
mance degradation, as well as discussions of suitable probing models and
verification techniques are still vastly unexplored research questions.
We answer these questions and perform a comprehensive analysis of more
complex processor architectures in the context of masking-related side
effects. First, we analyze the RISC-V SweRV core — featuring a 9-stage
pipeline, two execution units, and load/store buffers — and point out
a significant gap between security in a simple software probing model
and practical security on such CPUs. More concretely, we show that ar-
chitectural side effects of complex CPU architectures can significantly
reduce the protection order of masked software, both via formal analy-
sis in the hardware probing model, as well as empirically via gate-level
timing simulations. We then discuss the options of fixing these problems
in hardware or leaving them as constraints to software. Based on these
software constraints, we formulate general rules for the design of masked
software on more complex CPUs. Finally, we compare several implemen-
tation strategies for masking schemes and present in a case study that
designing secure masked software for complex CPUs is still possible with
overhead as low as 13%.