Protecting RISC-V against Side-Channel Attacks.

Software (SW) implementations of cryptographic algorithms are vulnerable to Side-channel Analysis (SCA) attacks, basically relinquishing the key to the outside world through measurable physical properties of the processor like power consumption and electromagnetic radiation. Protected SW implementations typically have a significant timing and code size overhead as well as a substantially long development time because hands-on testing the result is crucial. Plenty of scientific publications offer solutions for this problem for all kinds of algorithms but they are not straightforward to implement as they rely on device assumptions which are rarely met, nor do these solutions take micro-architecture related leakages into account. We present a solution to this problem by integrating side-channel analysis countermeasures into a RISC-V implementation. Our solution protects against first-order power or electromagnetic attacks while keeping the implementation costs as low as possible. We made use of state of the art masking techniques and present a novel solution to protect memory access against SCA. Practical results are provided that demonstrate the leakage results of various cryptographic primitives running on our protected hardware platform.