Zebrafix: Mitigating Memory-Centric Side-Channel Leakage via Interleaving
For cryptographic software developers, this work provides a new mitigation technique for memory-centric side-channels, though it is incremental and has high practical complexity.
The paper introduces Zebrafix, a compiler-based tool that uses interleaving to mitigate memory-centric side-channel leakages, including ciphertext side-channels and silent stores. It shows that interleaving outperforms prior mitigations but at the cost of high practical complexity.
Constant-time code has become the de-facto standard for secure cryptographic implementations. However, some memory-based leakage classes such as ciphertext side-channels and silent stores remain unaddressed. Prior work proposed three different methods for ciphertext side-channel mitigation, for which one, the practicality of interleaving data with counter values, remains to be explored. To close this gap, we define design choices and requirements to leverage interleaving for a generic ciphertext side-channel mitigation. Based on these results, we implement Zebrafix, a compiler-based tool to ensure freshness of memory stores. We evaluate Zebrafix and find that interleaving can perform much better than other ciphertext side-channel mitigations, at the cost of a high practical complexity. We further observe that ciphertext side-channels and silent stores belong to a broader attack category: memory-centric side-channels. Under this unified view, we show that interleaving-based ciphertext side-channel mitigations can be used to prevent silent stores as well.