SlideShare a Scribd company logo

Coco co-desing and co-verification of masked software implementations on cp us

Download as PPTX, PDF
RISC-V International
RISC-V International

The document discusses co-verification and co-design of masked software implementations on CPUs to close the hardware/software gap in security. It presents Coco, a tool that verifies the execution of masked assembly directly on a processor's netlist to check for leaks. Coco was used to verify software on the Ibex RISC-V processor and identify problems that were then addressed through hardware fixes like register gating and computation unit gating to improve the processor's security. The approach aims to formally prove the security of software implementations by considering both the software and underlying hardware.

1 of 23
Download to read offline
Information Classification: General CONTRIBUTE. COLLABORATE. COMMERCIALIZE. December 8-10 | Virtual Event
Information Classification: General December 8-10 | Virtual Event Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs Barbara Gigerl PhD Student Technical University of Graz #RISCVSUMMIT
Information Classification: General About this presentation Introduction Co-Verification Co-Design Barbara Gigerl¹ and Vedad Hadzic¹ and Robert Primas¹ and Stefan Mangard¹ and Roderick Bloem¹: Co-Design and Co-Verification of Masked Software Implementations on CPUs ¹Graz University of Technology https://eprint.iacr.org/2020/1294
Information Classification: General Introduction to Power Analysis
Information Classification: General Side-channel attacks • Exploit side-channel information • Information leaked by a device unintentionally Execution time Power consumption Electromagnetic radiation Temperature Sound Photon emission
Information Classification: General Power Analysis Attacks Oscilloscope Cryptographic device Power traces Attacker [Kocher, 1999]
Information Classification: General The Masking countermeasure • Power consumption depends on: • What is done? • Which data is involved? • Masking [Chari, 1999]: Conceal secret 𝑠 by a random mask 𝑚: 𝑣𝑚 = 𝑠 ⊕ 𝑚 ⇔ 𝑠 = 𝑣𝑚 ⊕ 𝑚 • Cryptographic algorithm 𝑓 processes 𝑣𝑚 and 𝑚 individually Break the dependency!
Information Classification: General Co-Verification
Information Classification: General • Formal security proofs are only done for SW • Assumption: underlying HW is secure • Goal: Co-Verification of Software and Hardware The HW/SW Gap CPU Masking Scheme SW HW RISC-V Assembly Ibex Core  
Information Classification: General Co-Verification with Coco • Coco • Verify the execution of masked assembly implementations directly on a processor’s netlist • Check separation between shares • Execution-aware verification: SW as a sequence of control signals • SW must have constant control flow
Information Classification: General Verification Flow Masking Scheme SW RISC-V Assembly CPU (Netlist) HW Ibex Core Simulation Execution Trace Annotation x21: share 1 x4: share 1 mem[0x16]: share 2 mem[0x24]: mask x17: unimportant Verification Yes, secure. No, not secure. Leak in cycle 8, gate “mux_regread”.
Information Classification: General Cycle 𝒏 Cycle 𝒏 + 𝟏 Cycle 𝒏 + 𝟐 Execution trace 𝑏 1 0 0 𝑥 𝑎 0 0 Stable correlation sets 𝑆𝑥 𝑡 𝑆𝑎 𝑛 {1} {1} Transient correlation sets 𝑇𝑥 𝑡 𝑇𝑎 𝑛 𝑇𝑎 𝑛+1 {1} Verification Flow • Propagate labels through processor • For each gate/register: construct correlation set (stable/transient) Register Comb. logic AND a b x
Information Classification: General Co-Design
Information Classification: General Target processor: Ibex • RISC-V Ibex core • 32-bit CPU with two-stage in-order single-issue pipeline • Simple microarchitecture but still contains most important components of every processor • Part of the PULP Platform and the OpenTitan project [ETH, 2017]
Information Classification: General Co-Design of Ibex using Coco • Securing Ibex with Coco: 1. Construct set of masked SW 2. Execute them with Ibex to get execution trace 3. Run verification with Coco 4. Fix problems, goto 1 • First: Coco confirms known problems¹  Software Constraints • Second: Further problems, (almost) impossible to fix in software  Hardware Fixes ¹[Balasch, 2014], [Barthe, 2015], [Kostas, 2017], [Shelton, 2019]
Information Classification: General AND Register File • Problems: 1. Switching wires in the multiplexer tree 2. Glitchy address signals 3. Unintended Reads x1 x2 x3 MUX L0 MUX L0 Read Addr [5] Read Addr [5] ….. Write x1 MUX Data MUX L0 Read Addr [4] Read Port A x1 x2 x3 AND AND OR Read Port A MUX AND Reg Write Addr Read Addr One-Hot 5 32 Data 1 5 One-Hot 32 Reg 1 • Solution: Register Gating
Information Classification: General Computation Units • Problem: Computation units (ALU, MD, CSR) are always-active • Instruction mul x5, x1, x2: Ibex will also compute 𝑥1 ⊕ 𝑥2 in ALU, … • Problematic when using parallel implementations of masking schemes [Barthe, 2017] • Solution: Computation unit gating • AND gates at the input of each unit connected to enable bit
Information Classification: General Load/Store Operations • Problem: Hidden LSU State • Internal register for misaligned memory access • Overwrite with counterpart causes leak • Solution: Clear hidden LSU State • Clear hidden register after memory access
Information Classification: General Evaluation • Area overhead: 9.9% (20.2 kGE vs 22.2 kGE) Name Runtim e (cycles) Leaking Cycle Input Shares Fresh Randomnes s Verification Runtime Stable Transient Trichina AND reg. [Trichina, 2003] 19 - 4 x 32 bit 32 bit 5 s 19 s DOM AND reg.  13 12 4 x 32 bit 32 bit 2 s 12 s DOM AES S-box [Boyar, 2012] 1900 - 16 x 16 bit 34 x 16 bit 18 m 4.75 h DOM Keccak S-box 2nd order [Groß, 2017] 474 - 15 x 32 bit 15 x 32 bit 3 m 1.3 h DOM AND reg 3rd order [Groß, 2016] 65 - 8 x 32 bit 6 x 32 bit 44 s 2.5 m
Information Classification: General Evaluation T-test scores during the execution of a first-order DOM Keccak S-box using 100 000 power traces. Original register file Secured register file
Information Classification: General References [Chari, 1999] Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards sound approaches to counteract power-analysis attacks. In Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 398–412. Springer, 1999. [Kocher, 1999] Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In CRYPTO, volume 1666 of Lecture Notes in Computer Science, pages 388–397.Springer, 1999. [Barthe, 2017] Gilles Barthe, François Dupressoir, Sebastian Faust, Benjamin Grégoire, François-Xavier Standaert, and Pierre-Yves Strub. Parallel implementations of masking schemes and the bounded moment leakage model. In Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part I, volume 10210 of Lecture Notes in Computer Science, pages 535–566, 2017. [Balasch, 2014] Josep Balasch, Benedikt Gierlichs, Vincent Grosso, Oscar Reparaz, and François-Xavier Standaert. On the cost of lazy engineering for masked software implementations. In Smart Card Research and Advanced Applications - 13th International Conference, CARDIS 2014, Paris, France, November 5-7, 2014. Revised Selected Papers, volume 8968 of Lecture Notes in Computer Science, pages 64–81. Springer, 2014. [Barthe, 2015] Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, and Pierre-Yves Strub. Verified proofs of higher-order masking. In Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science, pages 457–485. Springer, 2015. [Kostas, 2017] Kostas Papagiannopoulos and Nikita Veshchikov. Mind the gap: Towards secure 1st-order masking in software. In Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Paris, France, April 13-14, 2017, Revised Selected Papers, volume 10348 of Lecture Notes in Computer Science, pages 282–297. Springer, 2017. [Shelton, 2019] Madura A. Shelton, Niels Samwel, Lejla Batina, Francesco Regazzoni, Markus Wagner, and Yuval Yarom. Rosita: Towards automatic elimination of power-analysis leakage in ciphers., abs/1912.05183,2019.
Information Classification: General References [ETH, 2017] ETH Zurich and University of Bologna. Ibex Documentation. https://ibex-core.readthedocs.io/en/latest/index.html, accessed on Nov 11, 2020. [Groß, 2016] Hannes Groß, Stefan Mangard, and Thomas Korak. Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. In Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016 Vienna, Austria, October, 2016, page 3. ACM, 2016. [Boyar, 2012] Joan Boyar and René Peralta. A small depth-16 circuit for the AES s-box. In Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings, volume 376 of IFIP Advances in Information and Communication Technology, pages 287–298. Springer, 2012. [Groß, 2017] Hannes Groß, David Schaffenrath, and Stefan Mangard. Higher-order side-channel protected implementations of KECCAK. In Euromicro Conference on Digital System Design, DSD 2017, Vienna, Austria, August 30 - Sept. 1,2017, pages 205–212. IEEE Computer Society, 2017. [Trichina, 2003] Elena Trichina. Combinational logic design for AES subbyte transformation on masked data. IACR Cryptol. ePrint Arch., 2003:236, 2003.
Information Classification: General December 8-10 | Virtual Event Thank you for joining us. Contribute to the RISC-V conversation on social! #RISCVSUMMIT @risc_v
Ad

Recommended

Educating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-VEducating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-V
RISC-V International
 
Andes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorialAndes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorial
RISC-V International
 
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V International
 
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
RISC-V International
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunity
RISC-V International
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
RISC-V International
 
Gernot heiser unsw sydney and se l4 foundation
Gernot heiser unsw sydney and se l4 foundationGernot heiser unsw sydney and se l4 foundation
Gernot heiser unsw sydney and se l4 foundation
RISC-V International
 
Building an open control stack for quantum computers using RISC-V ecosystems
Building an open control stack for quantum computers using RISC-V ecosystemsBuilding an open control stack for quantum computers using RISC-V ecosystems
Building an open control stack for quantum computers using RISC-V ecosystems
RISC-V International
 
Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystem
RISC-V International
 
Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...
RISC-V International
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V International
 
RISC-V: The Open Era of Computing
RISC-V: The Open Era of ComputingRISC-V: The Open Era of Computing
RISC-V: The Open Era of Computing
RISC-V International
 
Andes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmpAndes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmp
RISC-V International
 
SemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresSemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable Cores
RISC-V International
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg as
RISC-V International
 
RISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V Foundation Overview
RISC-V Foundation Overview
RISC-V International
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
RISC-V International
 
Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...
RISC-V International
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
RISC-V International
 
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
RISC-V International
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
RISC-V International
 
Data trustworthiness at the edge
Data trustworthiness at the edgeData trustworthiness at the edge
Data trustworthiness at the edge
RISC-V International
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overview
RISC-V International
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutions
RISC-V International
 
Developing for polar fire soc
Developing for polar fire socDeveloping for polar fire soc
Developing for polar fire soc
RISC-V International
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten Years
RISC-V International
 
Andes RISC-V processor solutions
Andes RISC-V processor solutionsAndes RISC-V processor solutions
Andes RISC-V processor solutions
RISC-V International
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
RISC-V International
 
Quantum Cryptography Approach for Resolving Cyber Threats
Quantum Cryptography Approach for Resolving Cyber ThreatsQuantum Cryptography Approach for Resolving Cyber Threats
Quantum Cryptography Approach for Resolving Cyber Threats
ijtsrd
 
Cloud, Fog, or Edge: Where and When to Compute?
Cloud, Fog, or Edge: Where and When to Compute?Cloud, Fog, or Edge: Where and When to Compute?
Cloud, Fog, or Edge: Where and When to Compute?
Förderverein Technische Fakultät
 
Ad

More Related Content

What's hot (20)

Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystem
RISC-V International
 
Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...
RISC-V International
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V International
 
RISC-V: The Open Era of Computing
RISC-V: The Open Era of ComputingRISC-V: The Open Era of Computing
RISC-V: The Open Era of Computing
RISC-V International
 
Andes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmpAndes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmp
RISC-V International
 
SemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresSemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable Cores
RISC-V International
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg as
RISC-V International
 
RISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V Foundation Overview
RISC-V Foundation Overview
RISC-V International
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
RISC-V International
 
Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...
RISC-V International
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
RISC-V International
 
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
RISC-V International
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
RISC-V International
 
Data trustworthiness at the edge
Data trustworthiness at the edgeData trustworthiness at the edge
Data trustworthiness at the edge
RISC-V International
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overview
RISC-V International
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutions
RISC-V International
 
Developing for polar fire soc
Developing for polar fire socDeveloping for polar fire soc
Developing for polar fire soc
RISC-V International
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten Years
RISC-V International
 
Andes RISC-V processor solutions
Andes RISC-V processor solutionsAndes RISC-V processor solutions
Andes RISC-V processor solutions
RISC-V International
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
RISC-V International
 
Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystem
RISC-V International
 
Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...
RISC-V International
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V International
 
RISC-V: The Open Era of Computing
RISC-V: The Open Era of ComputingRISC-V: The Open Era of Computing
RISC-V: The Open Era of Computing
RISC-V International
 
Andes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmpAndes building a secure platform with the enhanced iopmp
Andes building a secure platform with the enhanced iopmp
RISC-V International
 
SemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresSemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable Cores
RISC-V International
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg as
RISC-V International
 
RISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V Foundation Overview
RISC-V Foundation Overview
RISC-V International
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
RISC-V International
 
Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...
RISC-V International
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
RISC-V International
 
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
Klessydra-T: Designing Configurable Vector Co-Processors for Multi-Threaded E...
RISC-V International
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
RISC-V International
 
Data trustworthiness at the edge
Data trustworthiness at the edgeData trustworthiness at the edge
Data trustworthiness at the edge
RISC-V International
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overview
RISC-V International
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutions
RISC-V International
 
Developing for polar fire soc
Developing for polar fire socDeveloping for polar fire soc
Developing for polar fire soc
RISC-V International
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten Years
RISC-V International
 
Andes RISC-V processor solutions
Andes RISC-V processor solutionsAndes RISC-V processor solutions
Andes RISC-V processor solutions
RISC-V International
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
RISC-V International
 

Similar to Coco co-desing and co-verification of masked software implementations on cp us (20)

Quantum Cryptography Approach for Resolving Cyber Threats
Quantum Cryptography Approach for Resolving Cyber ThreatsQuantum Cryptography Approach for Resolving Cyber Threats
Quantum Cryptography Approach for Resolving Cyber Threats
ijtsrd
 
Cloud, Fog, or Edge: Where and When to Compute?
Cloud, Fog, or Edge: Where and When to Compute?Cloud, Fog, or Edge: Where and When to Compute?
Cloud, Fog, or Edge: Where and When to Compute?
Förderverein Technische Fakultät
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
Jian-Hong Pan
 
Data compression, data security, and machine learning
Data compression, data security, and machine learningData compression, data security, and machine learning
Data compression, data security, and machine learning
Chris Huang
 
A dynamic data encryption method based on addressing the data importance on ...
A dynamic data encryption method based on addressing the data importance on ...A dynamic data encryption method based on addressing the data importance on ...
A dynamic data encryption method based on addressing the data importance on ...
IJECEIAES
 
Edge AI Miramond technical seminCERN.pdf
Edge AI Miramond technical seminCERN.pdfEdge AI Miramond technical seminCERN.pdf
Edge AI Miramond technical seminCERN.pdf
yagab5011
 
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentationHiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
VEDLIoT Project
 
Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...
Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...
Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...
eSAT Journals
 
The Computing Continuum.pdf
The Computing Continuum.pdfThe Computing Continuum.pdf
The Computing Continuum.pdf
Förderverein Technische Fakultät
 
Technical Seminar ppt.pptx
Technical Seminar ppt.pptxTechnical Seminar ppt.pptx
Technical Seminar ppt.pptx
KarunGowda3
 
Lightweight digital imaging and communications in medicine image encryption f...
Lightweight digital imaging and communications in medicine image encryption f...Lightweight digital imaging and communications in medicine image encryption f...
Lightweight digital imaging and communications in medicine image encryption f...
TELKOMNIKA JOURNAL
 
Industrial Pioneers Days - Machine Learning
Industrial Pioneers Days - Machine LearningIndustrial Pioneers Days - Machine Learning
Industrial Pioneers Days - Machine Learning
VEDLIoT Project
 
Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2
sandeep1721
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-complete
sandeep1721
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
IJECEIAES
 
IRJET- Enhanced Image Encryption System using Blowfish and Randomization Methods
IRJET- Enhanced Image Encryption System using Blowfish and Randomization MethodsIRJET- Enhanced Image Encryption System using Blowfish and Randomization Methods
IRJET- Enhanced Image Encryption System using Blowfish and Randomization Methods
IRJET Journal
 
Internet of Things (IoT)
Internet of Things (IoT)Internet of Things (IoT)
Internet of Things (IoT)
Akanksha Prasad
 
The grid aprimer
The grid aprimerThe grid aprimer
The grid aprimer
Nuno Ferreira
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
RFID Security Module
RFID Security ModuleRFID Security Module
RFID Security Module
cgvwzq
 
Quantum Cryptography Approach for Resolving Cyber Threats
Quantum Cryptography Approach for Resolving Cyber ThreatsQuantum Cryptography Approach for Resolving Cyber Threats
Quantum Cryptography Approach for Resolving Cyber Threats
ijtsrd
 
Cloud, Fog, or Edge: Where and When to Compute?
Cloud, Fog, or Edge: Where and When to Compute?Cloud, Fog, or Edge: Where and When to Compute?
Cloud, Fog, or Edge: Where and When to Compute?
Förderverein Technische Fakultät
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
Jian-Hong Pan
 
Data compression, data security, and machine learning
Data compression, data security, and machine learningData compression, data security, and machine learning
Data compression, data security, and machine learning
Chris Huang
 
A dynamic data encryption method based on addressing the data importance on ...
A dynamic data encryption method based on addressing the data importance on ...A dynamic data encryption method based on addressing the data importance on ...
A dynamic data encryption method based on addressing the data importance on ...
IJECEIAES
 
Edge AI Miramond technical seminCERN.pdf
Edge AI Miramond technical seminCERN.pdfEdge AI Miramond technical seminCERN.pdf
Edge AI Miramond technical seminCERN.pdf
yagab5011
 
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentationHiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
HiPEAC2023-DL4IoT Workshop_Jean Hagemeyer presentation
VEDLIoT Project
 
Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...
Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...
Implementation of hummingbird cryptographic algorithm for low cost rfid tags ...
eSAT Journals
 
The Computing Continuum.pdf
The Computing Continuum.pdfThe Computing Continuum.pdf
The Computing Continuum.pdf
Förderverein Technische Fakultät
 
Technical Seminar ppt.pptx
Technical Seminar ppt.pptxTechnical Seminar ppt.pptx
Technical Seminar ppt.pptx
KarunGowda3
 
Lightweight digital imaging and communications in medicine image encryption f...
Lightweight digital imaging and communications in medicine image encryption f...Lightweight digital imaging and communications in medicine image encryption f...
Lightweight digital imaging and communications in medicine image encryption f...
TELKOMNIKA JOURNAL
 
Industrial Pioneers Days - Machine Learning
Industrial Pioneers Days - Machine LearningIndustrial Pioneers Days - Machine Learning
Industrial Pioneers Days - Machine Learning
VEDLIoT Project
 
Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2Dagrep v006-i009-complete 2
Dagrep v006-i009-complete 2
sandeep1721
 
Dagrep v006-i009-complete
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-complete
sandeep1721
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
IJECEIAES
 
IRJET- Enhanced Image Encryption System using Blowfish and Randomization Methods
IRJET- Enhanced Image Encryption System using Blowfish and Randomization MethodsIRJET- Enhanced Image Encryption System using Blowfish and Randomization Methods
IRJET- Enhanced Image Encryption System using Blowfish and Randomization Methods
IRJET Journal
 
Internet of Things (IoT)
Internet of Things (IoT)Internet of Things (IoT)
Internet of Things (IoT)
Akanksha Prasad
 
The grid aprimer
The grid aprimerThe grid aprimer
The grid aprimer
Nuno Ferreira
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
RFID Security Module
RFID Security ModuleRFID Security Module
RFID Security Module
cgvwzq
 
Ad

More from RISC-V International (19)

WD RISC-V inliner work effort
WD RISC-V inliner work effortWD RISC-V inliner work effort
WD RISC-V inliner work effort
RISC-V International
 
RISC-V Zce Extension
RISC-V Zce ExtensionRISC-V Zce Extension
RISC-V Zce Extension
RISC-V International
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online Tutor
RISC-V International
 
London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-V
RISC-V International
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
RISC-V International
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
RISC-V International
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
RISC-V International
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket Chip
RISC-V International
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V International
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V International
 
RISC-V 30908 patra
RISC-V 30908 patraRISC-V 30908 patra
RISC-V 30908 patra
RISC-V International
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V International
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
RISC-V International
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...
RISC-V International
 
Porting tock to open titan
Porting tock to open titanPorting tock to open titan
Porting tock to open titan
RISC-V International
 
Open source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeOpen source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process node
RISC-V International
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processors
RISC-V International
 
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
RISC-V International
 
WD RISC-V inliner work effort
WD RISC-V inliner work effortWD RISC-V inliner work effort
WD RISC-V inliner work effort
RISC-V International
 
RISC-V Zce Extension
RISC-V Zce ExtensionRISC-V Zce Extension
RISC-V Zce Extension
RISC-V International
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online Tutor
RISC-V International
 
London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-V
RISC-V International
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
RISC-V International
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
RISC-V International
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
RISC-V International
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket Chip
RISC-V International
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V International
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V International
 
RISC-V 30908 patra
RISC-V 30908 patraRISC-V 30908 patra
RISC-V 30908 patra
RISC-V International
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V International
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
RISC-V International
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...
RISC-V International
 
Porting tock to open titan
Porting tock to open titanPorting tock to open titan
Porting tock to open titan
RISC-V International
 
Open source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeOpen source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process node
RISC-V International
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processors
RISC-V International
 
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
RISC-V International
 
Ad

Recently uploaded (20)

Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Are Cloud PBX Providers in India Reliable for Small Businesses (1).pdf
Are Cloud PBX Providers in India Reliable for Small Businesses (1).pdfAre Cloud PBX Providers in India Reliable for Small Businesses (1).pdf
Are Cloud PBX Providers in India Reliable for Small Businesses (1).pdf
Telecoms Supermarket
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
MINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PRMINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PR
MIND CTI
 
Social Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTechSocial Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTech
Steve Jonas
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Are Cloud PBX Providers in India Reliable for Small Businesses (1).pdf
Are Cloud PBX Providers in India Reliable for Small Businesses (1).pdfAre Cloud PBX Providers in India Reliable for Small Businesses (1).pdf
Are Cloud PBX Providers in India Reliable for Small Businesses (1).pdf
Telecoms Supermarket
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
MINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PRMINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PR
MIND CTI
 
Social Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTechSocial Media App Development Company-EmizenTech
Social Media App Development Company-EmizenTech
Steve Jonas
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 

Coco co-desing and co-verification of masked software implementations on cp us

  • 2. Information Classification: General December 8-10 | Virtual Event Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs Barbara Gigerl PhD Student Technical University of Graz #RISCVSUMMIT
  • 3. Information Classification: General About this presentation Introduction Co-Verification Co-Design Barbara Gigerl¹ and Vedad Hadzic¹ and Robert Primas¹ and Stefan Mangard¹ and Roderick Bloem¹: Co-Design and Co-Verification of Masked Software Implementations on CPUs ¹Graz University of Technology https://eprint.iacr.org/2020/1294
  • 5. Information Classification: General Side-channel attacks • Exploit side-channel information • Information leaked by a device unintentionally Execution time Power consumption Electromagnetic radiation Temperature Sound Photon emission
  • 6. Information Classification: General Power Analysis Attacks Oscilloscope Cryptographic device Power traces Attacker [Kocher, 1999]
  • 7. Information Classification: General The Masking countermeasure • Power consumption depends on: • What is done? • Which data is involved? • Masking [Chari, 1999]: Conceal secret 𝑠 by a random mask 𝑚: 𝑣𝑚 = 𝑠 ⊕ 𝑚 ⇔ 𝑠 = 𝑣𝑚 ⊕ 𝑚 • Cryptographic algorithm 𝑓 processes 𝑣𝑚 and 𝑚 individually Break the dependency!
  • 9. Information Classification: General • Formal security proofs are only done for SW • Assumption: underlying HW is secure • Goal: Co-Verification of Software and Hardware The HW/SW Gap CPU Masking Scheme SW HW RISC-V Assembly Ibex Core  
  • 10. Information Classification: General Co-Verification with Coco • Coco • Verify the execution of masked assembly implementations directly on a processor’s netlist • Check separation between shares • Execution-aware verification: SW as a sequence of control signals • SW must have constant control flow
  • 11. Information Classification: General Verification Flow Masking Scheme SW RISC-V Assembly CPU (Netlist) HW Ibex Core Simulation Execution Trace Annotation x21: share 1 x4: share 1 mem[0x16]: share 2 mem[0x24]: mask x17: unimportant Verification Yes, secure. No, not secure. Leak in cycle 8, gate “mux_regread”.
  • 12. Information Classification: General Cycle 𝒏 Cycle 𝒏 + 𝟏 Cycle 𝒏 + 𝟐 Execution trace 𝑏 1 0 0 𝑥 𝑎 0 0 Stable correlation sets 𝑆𝑥 𝑡 𝑆𝑎 𝑛 {1} {1} Transient correlation sets 𝑇𝑥 𝑡 𝑇𝑎 𝑛 𝑇𝑎 𝑛+1 {1} Verification Flow • Propagate labels through processor • For each gate/register: construct correlation set (stable/transient) Register Comb. logic AND a b x
  • 14. Information Classification: General Target processor: Ibex • RISC-V Ibex core • 32-bit CPU with two-stage in-order single-issue pipeline • Simple microarchitecture but still contains most important components of every processor • Part of the PULP Platform and the OpenTitan project [ETH, 2017]
  • 15. Information Classification: General Co-Design of Ibex using Coco • Securing Ibex with Coco: 1. Construct set of masked SW 2. Execute them with Ibex to get execution trace 3. Run verification with Coco 4. Fix problems, goto 1 • First: Coco confirms known problems¹  Software Constraints • Second: Further problems, (almost) impossible to fix in software  Hardware Fixes ¹[Balasch, 2014], [Barthe, 2015], [Kostas, 2017], [Shelton, 2019]
  • 16. Information Classification: General AND Register File • Problems: 1. Switching wires in the multiplexer tree 2. Glitchy address signals 3. Unintended Reads x1 x2 x3 MUX L0 MUX L0 Read Addr [5] Read Addr [5] ….. Write x1 MUX Data MUX L0 Read Addr [4] Read Port A x1 x2 x3 AND AND OR Read Port A MUX AND Reg Write Addr Read Addr One-Hot 5 32 Data 1 5 One-Hot 32 Reg 1 • Solution: Register Gating
  • 17. Information Classification: General Computation Units • Problem: Computation units (ALU, MD, CSR) are always-active • Instruction mul x5, x1, x2: Ibex will also compute 𝑥1 ⊕ 𝑥2 in ALU, … • Problematic when using parallel implementations of masking schemes [Barthe, 2017] • Solution: Computation unit gating • AND gates at the input of each unit connected to enable bit
  • 18. Information Classification: General Load/Store Operations • Problem: Hidden LSU State • Internal register for misaligned memory access • Overwrite with counterpart causes leak • Solution: Clear hidden LSU State • Clear hidden register after memory access
  • 19. Information Classification: General Evaluation • Area overhead: 9.9% (20.2 kGE vs 22.2 kGE) Name Runtim e (cycles) Leaking Cycle Input Shares Fresh Randomnes s Verification Runtime Stable Transient Trichina AND reg. [Trichina, 2003] 19 - 4 x 32 bit 32 bit 5 s 19 s DOM AND reg.  13 12 4 x 32 bit 32 bit 2 s 12 s DOM AES S-box [Boyar, 2012] 1900 - 16 x 16 bit 34 x 16 bit 18 m 4.75 h DOM Keccak S-box 2nd order [Groß, 2017] 474 - 15 x 32 bit 15 x 32 bit 3 m 1.3 h DOM AND reg 3rd order [Groß, 2016] 65 - 8 x 32 bit 6 x 32 bit 44 s 2.5 m
  • 20. Information Classification: General Evaluation T-test scores during the execution of a first-order DOM Keccak S-box using 100 000 power traces. Original register file Secured register file
  • 21. Information Classification: General References [Chari, 1999] Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards sound approaches to counteract power-analysis attacks. In Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 398–412. Springer, 1999. [Kocher, 1999] Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In CRYPTO, volume 1666 of Lecture Notes in Computer Science, pages 388–397.Springer, 1999. [Barthe, 2017] Gilles Barthe, François Dupressoir, Sebastian Faust, Benjamin Grégoire, François-Xavier Standaert, and Pierre-Yves Strub. Parallel implementations of masking schemes and the bounded moment leakage model. In Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part I, volume 10210 of Lecture Notes in Computer Science, pages 535–566, 2017. [Balasch, 2014] Josep Balasch, Benedikt Gierlichs, Vincent Grosso, Oscar Reparaz, and François-Xavier Standaert. On the cost of lazy engineering for masked software implementations. In Smart Card Research and Advanced Applications - 13th International Conference, CARDIS 2014, Paris, France, November 5-7, 2014. Revised Selected Papers, volume 8968 of Lecture Notes in Computer Science, pages 64–81. Springer, 2014. [Barthe, 2015] Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, and Pierre-Yves Strub. Verified proofs of higher-order masking. In Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science, pages 457–485. Springer, 2015. [Kostas, 2017] Kostas Papagiannopoulos and Nikita Veshchikov. Mind the gap: Towards secure 1st-order masking in software. In Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Paris, France, April 13-14, 2017, Revised Selected Papers, volume 10348 of Lecture Notes in Computer Science, pages 282–297. Springer, 2017. [Shelton, 2019] Madura A. Shelton, Niels Samwel, Lejla Batina, Francesco Regazzoni, Markus Wagner, and Yuval Yarom. Rosita: Towards automatic elimination of power-analysis leakage in ciphers., abs/1912.05183,2019.
  • 22. Information Classification: General References [ETH, 2017] ETH Zurich and University of Bologna. Ibex Documentation. https://ibex-core.readthedocs.io/en/latest/index.html, accessed on Nov 11, 2020. [Groß, 2016] Hannes Groß, Stefan Mangard, and Thomas Korak. Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. In Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016 Vienna, Austria, October, 2016, page 3. ACM, 2016. [Boyar, 2012] Joan Boyar and René Peralta. A small depth-16 circuit for the AES s-box. In Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings, volume 376 of IFIP Advances in Information and Communication Technology, pages 287–298. Springer, 2012. [Groß, 2017] Hannes Groß, David Schaffenrath, and Stefan Mangard. Higher-order side-channel protected implementations of KECCAK. In Euromicro Conference on Digital System Design, DSD 2017, Vienna, Austria, August 30 - Sept. 1,2017, pages 205–212. IEEE Computer Society, 2017. [Trichina, 2003] Elena Trichina. Combinational logic design for AES subbyte transformation on masked data. IACR Cryptol. ePrint Arch., 2003:236, 2003.
  • 23. Information Classification: General December 8-10 | Virtual Event Thank you for joining us. Contribute to the RISC-V conversation on social! #RISCVSUMMIT @risc_v

Editor's Notes

  • #13: Stable correlations refer to the final values of the signals, whereas transient correlations refer to all intermediate signal values before the circuit stabilizes.