Compiler Assisted Masking

  • Andrew Moss
  • Elisabeth Oswald
  • Dan Page
  • Michael Tunstall
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7428)


Differential Power Analysis (DPA) attacks find a statistical correlation between the power consumption of a cryptographic device and intermediate values within the computation. Randomization via (Boolean) masking of intermediate values breaks this statistical dependence and thus prevents such attacks (at least up to a certain order). Especially for software implementations, (first-order) masking schemes are popular in academia and industry, albeit typically not as the sole countermeasure. The current practice then is to manually ‘insert’ Boolean masks: essentially software developers need to manipulate low-level assembly language to implement masking. In this paper we make a first step to automate this process, at least for first-order Boolean masking, allowing the development of compilers capable of protecting programs against DPA.


Compiler assisted cryptography masking DPA 


  1. 1.
    Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX Security Symposium, pp. 63–78 (1998)Google Scholar
  2. 2.
    Agat, J.: Type based techniques for covert channel elimination and register allocation. PhD thesis, Chalmers University of Technology (2001)Google Scholar
  3. 3.
    Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 156–168. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Lux, A., Starostin, A.: A tool for static detection of timing channels in Java. In: Constructive Side-Channel Analysis and Secure Design (COSADE), pp. 126–140. CASED (2011)Google Scholar
  5. 5.
    Regazzoni, F., Cevrero, A., Standaert, F.-X., Badel, S., Kluter, T., Brisk, P., Leblebici, Y., Ienne, P.: A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 205–219. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Tiri, K., Verbauwhede, I.: A digital design flow for secure integrated circuits. IEEE Trans. on CAD of Integrated Circuits and Systems 25(7), 1197–1208 (2006)CrossRefGoogle Scholar
  7. 7.
    Zdancewic, S.A.: Programming Languages for Information Security. PhD thesis, Cornell University (August 2002)Google Scholar
  8. 8.
    Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-Box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Barbosa, M., Moss, A., Page, D., Rodrigues, N., Silva, P.F.: A domain-specific type system for cryptographic components. In: Fundamentals of Software Engineering, FSEN (2011)Google Scholar
  11. 11.
    Moss, A., Page, D.: Bridging the gap between symbolic and efficient AES implementations. In: Gallagher, J.P., Voigtländer, J. (eds.) Partial Evaluation and Program Manipulation (PEPM), pp. 101–110. ACM (2010)Google Scholar
  12. 12.
    Crossworks for ARM,
  13. 13.
    Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M.: Affine Masking against Higher-Order Side Channel Analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 262–280. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Genelle, L., Prouff, E., Quisquater, M.: Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Bain, A., Mitchell, J., Sharma, R., Stefan, D., Zimmerman, J.: A domain-specific language for computing on encrypted data. Cryptology ePrint Archive, Report 2011/561 (2011),
  16. 16.

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Andrew Moss
    • 1
  • Elisabeth Oswald
    • 2
  • Dan Page
    • 2
  • Michael Tunstall
    • 2
  1. 1.School of ComputingBlekinge Institute of TechnologyKarlskronaSweden
  2. 2.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations