Design And Implementation Of Extended Instruction Set Against Side-Channel Attack Based On Switching Network

The operation of cryptographic algorithms on physical devices produces side-channel information such as time and power consumption related to the inherent properties of the circuit.Cryptographic algorithms that are proven safe by mathematical theory seldom consider the leakage of side-channel information generated by actual operation in physical devices in their design.At the same time,it is difficult to completely eliminate the leakage of such side-channel information.Side-channel attack is an analysis method to attack cryptographic equipment by using the leakage of side-channel information.With the development of side-channel attack technology,the protection countermeasures of side channel attack have gradually become the research hotspot of more and more cryptographic engineering related personnel.Shuffling is a time-randomized protection countermeasure against side-channel attacks.In order to protect against side-channel attacks more effectively,shuffling is usually combined with other protection countermeasures such as the masking to resist side-channel attacks together.Compared with a single protection countermeasure,this combined protection scheme can provide better side-channel protection.However,because shuffling in software must access the memory address of the element to be exchanged multiple times and check the value of the exchange bit,the software implementation of the shuffling has low operating efficiency.This thesis designs and implements an extended instruction set of switching network composed of multiple rounds of shuffling to generate random permutations instead of using software method to implement shuffling technology.The extended instruction set designed in this thesis can significantly improve the low efficiency and high cost of shuffling technology software implementation.This extended instruction set focus on generating random permutations using switching networks,which is the most difficult part of deploying shuffling protection in microprocessors.This thesis implements a switching network in hardware.which consists of different rounds of shuffling specified by an instruction in the extended instruction set,and then random permutations can be generated by instructions in the extended instruction set.The extended instruction set based on the switching network designed in this thesis is compatible with the RISC-V standard instruction set architecture.The ISW AND masking protection scheme mentioned by Ishai et al.in CRYPTO is a very famous and effective protection countermeasure.In this thesis,three side-channel protection schemes are designed through the combination of switching network and ISW AND masking protection countermeasures:Shuffled ISW AND 1 algorithm.protected AES algorithm and Shuffled ISW AND 2 algorithm.This thesis uses them to display the application of the extended instruction set based on the switching network in this thesis.These three side-channel protection schemes combine the advantages of shuffling protection technology and ISW AND masking protection technology,and they are all protection schemes to resist side-channel attacks through software and hardware co-design.This thesis embeds the extended instruction set based on the switching network into two RISC-V CPUs,E203 and TINYRISCV.Then this thesis evaluates the resource consumption and the ability to resist side-channel attacks of the three schemes combining the extended instruction set of the switching network and the ISW AND masking protection countermeasure in different CPUs.From the results of t-test analysis,signal-to-noise ratio analysis,correlation power analysis and template attack,it can be seen that the extended instruction set based on the switching network designed and implemented in this thesis can significantly improve the side-channel security of a single ISW AND masking protection countermeasure and the unprotected AES algorithm.