Can Code Polymorphism Limit Information Leakage?

  • Antoine Amarilli
  • Sascha Müller
  • David Naccache
  • Daniel Page
  • Pablo Rauzy
  • Michael Tunstall
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6633)


In addition to its usual complexity assumptions, cryptography silently assumes that information can be physically protected in a single location. As one can easily imagine, real-life devices are not ideal and information may leak through different physical side-channels. It is a known fact that information leakage is a function of both the executed code F and its input x.

In this work we explore the use of polymorphic code as a way of resisting side channel attacks. We present experimental results with procedural and functional languages. In each case we rewrite the protected code code F i before its execution. The outcome is a genealogy of programs F 0,F 1,… such that for all inputs x and for all indexes \(i \neq j \Rightarrow F_i(x)=F_j(x)\mbox{~and~}F_i\neq F_j\). This is shown to increase resistance to side channel attacks.


Program Graph Source Program Code Size Machine Code Round Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., Marchesin, S.: Efficient Software Implementation of AES on 32-Bit Platforms. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 159–171. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Clavier, C., Coron, J.-S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Collberg, C., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Transactions on Software Engineering 28(8), 735–746 (2002)CrossRefGoogle Scholar
  5. 5.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  6. 6.
    Gentry, C., Halevi, S., Vaikuntanathan, V.: i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 155–172. Springer, Heidelberg (2010)Google Scholar
  7. 7.
    Herbst, C., Oswald, E., Mangard, S.: An AES Smart Card Implementation Resistant to Power Analysis Attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Hofstadter, D.: Gödel, Escher, Bach: An Eternal Golden Braid. Basic Books, New York (1999) (1979)Google Scholar
  9. 9.
    Knuth, D.: The Art of Computer Programming, Seminumerical Algorithms, 3rd edn., vol. 2. Addison Wesley, Reading (1998)Google Scholar
  10. 10.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Leadbitter, P., Page, D., Smart, N.: Non-deterministic Multi-threading. IEEE Transactions on Computers 56(7), 992–998 (2007)MathSciNetCrossRefGoogle Scholar
  12. 12.
    May, D., Muller, H.L., Smart, N.P.: Non-deterministic Processors. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Merrill, J.: Generic and Gimple: A new tree representation for entire functions, Technical report, Red Hat, Inc., gcc Developer’s Summit (2003)Google Scholar
  14. 14.
  15. 15.
  16. 16.
    Tunstall, M., Benoit, O.: Efficient Use of Random Delays in Embedded Software. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 27–38. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Xin, Z., Chen, H., Han, H., Mao, B., Xie, L.: Misleading Malware Similarities Analysis by Automatic Data Structure Obfuscation. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 181–195. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Antoine Amarilli
    • 1
  • Sascha Müller
    • 2
  • David Naccache
    • 1
  • Daniel Page
    • 3
  • Pablo Rauzy
    • 1
  • Michael Tunstall
    • 3
  1. 1.Département d’informatiqueÉcole normale supérieureParis Cedex 05France
  2. 2.Security EngineeringTechnische Universität DarmstadtDarmstadtGermany
  3. 3.University of BristolBristolUK

Personalised recommendations