Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

MaskedHLS: Domain-Specific High-Level Synthesis of Masked Cryptographic Designs

Nilotpola Sarma, Anuj Singh Thakur, Chandan Karfa

TL;DR

This work tackles the challenge of secure hardware design against power side-channel attacks (PSCAs) in the presence of glitches by showing that conventional high-level synthesis (HLS) can undermine masking guarantees. It introduces MaskedHLS, a domain-specific HLS flow that translates masked software into PSCA-secure hardware while automatically inserting and balancing registers at gadget-defined locations using retiming-based techniques. The approach yields RTL designs with substantially fewer registers (average ~73.9% reduction) and lower latency (average ~45.7% reduction) across PRESENT and AES S-box gadgets, and PSCA security is validated via TVLA analyses. These results demonstrate that gadget-aware register placement and path balancing are practical and effective for scalable, PSCA-secure hardware synthesis, with potential for further optimization in randomness handling.

Abstract

The design and synthesis of masked cryptographic hardware implementations that are secure against power side-channel attacks (PSCAs) in the presence of glitches is a challenging task. High-Level Synthesis (HLS) is a promising technique for generating masked hardware directly from masked software, offering opportunities for design space exploration. However, conventional HLS tools make modifications that alter the guarantee against PSCA security via masking, resulting in an insecure RTL. Moreover, existing HLS tools can't place registers at designated places and balance parallel paths in a cryptographic design which is needed to stop glitch propagation. This paper introduces a domain-specific HLS approach tailored to obtain a PSCA secure masked hardware implementation directly from a masked software implementation. It places the registers at specific locations required by the glitch-robust masking gadgets, resulting in a secure RTL. Moreover, our tool automatically balances parallel paths and facilitates a reduction in latency while preserving the PSCA security guaranteed by masking. Experimental results with the PRESENT Cipher's S-box and AES Canright's S-box masked with four state-of-the-art gadgets, show that MaskedHLS produces RTLs with 73.9% decrease in registers and 45.7% decrease in latency on an average} compared to manual register insertions. The PSCA security of the MaskedHLS generated RTLs is also shown with TVLA test.

MaskedHLS: Domain-Specific High-Level Synthesis of Masked Cryptographic Designs

TL;DR

This work tackles the challenge of secure hardware design against power side-channel attacks (PSCAs) in the presence of glitches by showing that conventional high-level synthesis (HLS) can undermine masking guarantees. It introduces MaskedHLS, a domain-specific HLS flow that translates masked software into PSCA-secure hardware while automatically inserting and balancing registers at gadget-defined locations using retiming-based techniques. The approach yields RTL designs with substantially fewer registers (average ~73.9% reduction) and lower latency (average ~45.7% reduction) across PRESENT and AES S-box gadgets, and PSCA security is validated via TVLA analyses. These results demonstrate that gadget-aware register placement and path balancing are practical and effective for scalable, PSCA-secure hardware synthesis, with potential for further optimization in randomness handling.

Abstract

The design and synthesis of masked cryptographic hardware implementations that are secure against power side-channel attacks (PSCAs) in the presence of glitches is a challenging task. High-Level Synthesis (HLS) is a promising technique for generating masked hardware directly from masked software, offering opportunities for design space exploration. However, conventional HLS tools make modifications that alter the guarantee against PSCA security via masking, resulting in an insecure RTL. Moreover, existing HLS tools can't place registers at designated places and balance parallel paths in a cryptographic design which is needed to stop glitch propagation. This paper introduces a domain-specific HLS approach tailored to obtain a PSCA secure masked hardware implementation directly from a masked software implementation. It places the registers at specific locations required by the glitch-robust masking gadgets, resulting in a secure RTL. Moreover, our tool automatically balances parallel paths and facilitates a reduction in latency while preserving the PSCA security guaranteed by masking. Experimental results with the PRESENT Cipher's S-box and AES Canright's S-box masked with four state-of-the-art gadgets, show that MaskedHLS produces RTLs with 73.9% decrease in registers and 45.7% decrease in latency on an average} compared to manual register insertions. The PSCA security of the MaskedHLS generated RTLs is also shown with TVLA test.
Paper Structure (28 sections, 4 theorems, 4 equations, 11 figures, 5 tables)

This paper contains 28 sections, 4 theorems, 4 equations, 11 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Background
  4. Glitch-Resistant masking
  5. Multiplication Gadgets
  6. Retiming Basics
  7. Analysis of the impact of HLS on PSCA security
  8. Impact of HLS on Power Side-Channel Security
  9. HLS front-end
  10. HLS Backend - Scheduling and Resource Allocation
  11. Discussion
  12. Motivation of our Work
  13. The Proposed MaskedHLS Flow
  14. Register Balancing at Behavioural Level
  15. Creating the HLS Model from the AST
  16. ...and 13 more sections

Key Result

Lemma 6.1

The shortest path from $N+1$ to $v^\prime$ in the constraint graph will give the retiming label satisfying the constraints.

Figures (11)

  • Figure 1: Masked Multiplication Gadgets (a) DOMAND (b) HPC1 (c) HPC2 (d) COMAR.
  • Figure 2: Example: (a) CDFG of the behavior in Listing. \ref{['lst:domand1']}, (b) Schedule for 10ns, (c) Schedule for 1ns , (d) Pipelined Design, (e) Resource-Shared Design (f) Controller for Resource-Shared Design
  • Figure 3: (a) Software-masked DOMAND hardware realization. (b) Hardware-masked DOMAND circuit with masking and balancing registers.
  • Figure 4: An example to illustrate the need for optimal register balancing in masked circuits.
  • Figure 5: (a) AST before retiming, (b) HLS-model with back edge, (c) HLS-model after retiming (retiming labels shown in parenthesis), (d) Final circuit after removing dummy nodes and back edge
  • ...and 6 more figures

Theorems & Definitions (7)

  • Lemma 6.1
  • proof
  • Lemma 6.2
  • Lemma 6.3
  • proof
  • Lemma 6.4
  • proof