ASCENT: Amplifying Power Side-Channel Resilience via Learning & Monte-Carlo Tree Search

TL;DR

This paper tackles the problem that traditional PPA-optimized logic synthesis can undermine power side-channel resilience in ASICs. It introduces ASCENT, a security-first framework that combines a zero-shot $PT_{score}$ predictor with Monte-Carlo Tree Search and online fine-tuning to efficiently explore the synthesis space and optimize PSC resilience after applying countermeasures such as QuadSeal or ELB. The key contributions are the fast pre-countermeasure resilience predictor, the MCTS-driven search strategy for synthesis recipes, and an end-to-end validation pipeline that demonstrates up to 3.11x PSC resilience improvement with modest PPA overhead and up to 120x speedups over baseline search methods. The approach enables scalable, reproducible exploration of security-vs-PPA tradeoffs in ASIC design flows, with practical impact for deploying stronger PSC defenses in real hardware while keeping design costs in check.

Abstract

Power side-channel (PSC) analysis is pivotal for securing cryptographic hardware. Prior art focused on securing gate-level netlists obtained as-is from chip design automation, neglecting all the complexities and potential side-effects for security arising from the design automation process. That is, automation traditionally prioritizes power, performance, and area (PPA), sidelining security. We propose a "security-first" approach, refining the logic synthesis stage to enhance the overall resilience of PSC countermeasures. We introduce ASCENT, a learning-and-search-based framework that (i) drastically reduces the time for post-design PSC evaluation and (ii) explores the security-vs-PPA design space. Thus, ASCENT enables an efficient exploration of a large number of candidate netlists, leading to an improvement in PSC resilience compared to regular PPA-optimized netlists. ASCENT is up to 120x faster than traditional PSC analysis and yields a 3.11x improvement for PSC resilience of state-of-the-art PSC countermeasures

Figures (7)

• Figure 1: PSCA resilience post-integration of the QuadSeal countermeasure 7324539 vs. area-delay of various AES netlists.
• Figure 2: High-level view on ASCENT framework for optimized PSC resilience of countermeasures.
• Figure 3: An exemplary PSC-aware logic synthesis framework. Despite the focus on security, conventional flows utilize PPA-optimized netlists as starting point to integrate PSC countermeasures right-away on top (red arrows), without further feedback loops. The latter omission is due to the significant runtime taken by PSC evaluation (light-red, dotted box). Naturally, this can result in sub-optimal countermeasure integration. In contrast, our work utilizes such essential feedback (green arrows) and achieves this by an efficient learning-and-search approach (detailed in \ref{['fig:ascent-framework']}).
• Figure 4: The ASCENT framework. ➊ Train a $PT_{score}$ predictor for ultra-fast PSC evaluation of synthesized netlists. ➋ MCTS-based search-space exploration to obtain a synthesis recipe that maximizes $PT_{score}$. ➌ use the obtained recipe for security-first synthesis, apply the countermeasure of choice on top, and validate $PT_{score}$ of the final netlist.
• Figure 5: $PT_{score}$ on AES before and after applying QuadSeal.