Maskara: Compilation of a Masking Countermeasure With Optimized Polynomial Interpolation

Abstract

Side-channel attacks are amongst the major threats for embedded systems and IoT devices. Masking is one of the most used countermeasure against such attacks, but its application remains a difficult process. We propose a target-independent approach for applying a first-order Boolean masking countermeasure during compilation, on the static single assignment (SSA) form. Contrary to the state-of-the art automated approaches that require to simplify the control flow of the input program, our approach supports regular control-flow program structures. Moreover, our compiler is the first to automatically mask table lookups using a polynomial interpolation approach. We also present new optimizations to speedup the evaluation of polynomials: we reduce the number of terms of the polynomial, and we accelerate finite-field multiplication. We show that our approach is faster than the standard masked table approach with mask refresh after each access, with speedups up to ×2.4 in our experiments. Finally, using a formal verification approach, we show that the compiled machine code is secure, i.e., that all intermediate computations are statistically independent of the secrets.