Automated power-analysis leakage evaluation and elimination: from Elmo to Rosita
Masked implementations often fail to protect against 1st order side-channel attacks and leak secret information due to unanticipated interactions in the hardware. A number of power-leakage simulators were proposed to improve the process of repeated evaluation and leakage elimination. With this same goal in mind, we created a code rewrite tool called ROSITA that uses a leakage emulator to not just identify “leaky” samples and instructions but to “fix” those as well, resulting in implementations without observable leakage in the 1st order. We demonstrate the usage of ROSITA to automatically protect masked implementations of AES, ChaCha, and Xoodoo with modest performance penalties.
Professor, Institute for Computing and Information Sciences (iCIS),
Lejla Batina is a Full Professor in the Institute for Computing and Information Sciences (iCIS) at Radboud University and the Director of Education of the Institute. She got her professional doctorate in engineering (PDEng) from Eindhoven University of technology (2001) in The Netherlands and her PhD degree in Cryptography from KU Leuven, Belgium (2005). Prior to joining Radboud University in 2009 she was a postdoctoral researcher with the COSIC group at KU Leuven (2006-2009). She spent 3 years working in industry as a cryptographer at Pijnenburg Securealink (later SafeNet B.V.) in The Netherlands (2001-2003). Her research interests are in implementations of cryptography and physical attacks and countermeasures.
Host: Professor Patrick Schaumont