Power Side-Channel Analysis of the CVA6 RISC-V Core at the RTL Level Using VeriSide
Behnam Farnaghinejad, Antonio Porsia, Annachiara Ruospo, Alessandro Savino, Stefano Di Carlo, Ernesto Sanchez
TL;DR
This work addresses the risk of power side-channel leakage in a contemporary CVA6 RISC-V core during software AES execution. It introduces VeriSide, a scalable RTL-level power-profiling framework that derives Hamming distance/weight traces directly from RTL simulations, avoiding large waveform files. Using Pearson correlation-based CPA, the authors demonstrate leakage sufficient to recover several key bytes and show that plaintext distribution heavily influences attack success, highlighting practical risks in RTL pre-silicon stages. The results advocate integrating early RTL security assessments into RISC-V design flows and motivate future work on countermeasures and extension to the RISC-V scalar cryptography extension. Overall, the paper provides a concrete RTL-level methodology for assessing side-channel resilience and underscores the importance of pre-fabrication security analysis.
Abstract
Security in modern RISC-V processors demands more than functional correctness: It requires resilience to side-channel attacks. This paper evaluates the vulnerability of the side channel of the CVA6 RISC-V core by analyzing software-based AES encryption uses an RTL-level power profiling framework called VeriSide. This work represents that this design's Correlation Power Analysis (CPA) reveals significant leakage, enabling key recovery. These findings underscore the importance of early-stage RTL assessments in shaping future secure RISC-V designs.
