Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers
This addresses security threats for cryptographic systems by automating leakage elimination, though it is incremental as it builds on existing masking techniques.
They tackled the problem of side-channel power-analysis leakage in cipher implementations by developing Rosita, a code rewrite engine that automatically protects masked implementations, showing no observable leakage for AES and Xoodoo at 1,000,000 traces with less than 21% performance penalty and eliminating over 99% of leakage for ChaCha at a 64% performance cost.
Since their introduction over two decades ago, side-channel attacks have presented a serious security threat. While many ciphers' implementations employ masking techniques to protect against such attacks, they often leak secret information due to unintended interactions in the hardware. We present Rosita, a code rewrite engine that uses a leakage emulator which we amend to correctly emulate the micro-architecture of a target system. We use Rosita to automatically protect masked implementations of AES, ChaCha, and Xoodoo. For AES and Xoodoo, we show the absence of observable leakage at 1,000,000 traces with less than 21% penalty to the performance. For ChaCha, which has significantly more leakage, Rosita eliminates over 99% of the leakage, at a performance cost of 64%.