ISA Extensions of Shuffling Against Side-Channel Attacks

Shuffling is a time-randomized countermeasure against side-channel attacks. To achieve effective protections, shuffling is usually combined with other countermeasures, such as the masking. It requires the shuffling to be as efficient as possible. In this work, we describe an instruction set extensions (ISEs) for shuffling countermeasure. Our ISEs focuses on the generation of random permutations, which is the most difficult part to deploy the shuffling in microprocessors. The Thorp shuffling is implemented in hardware, enabling the instruction to generate random permutations. We design new ISEs compatible to the RISC-V standard instruction set format. Then, we present applications of our ISEs by giving two combinations of shuffling and masking, which can be regarded as promising software-hardware co-designs of side-channel countermeasures. At last, we embed the ISEs to the RISC-V core called tinyriscv, and evaluate the silicon overhead and the side-channel security of the shuffled masked AND operation. The evaluation shows that the new instruction can significantly improve the security of masking countermeasures.