HLS-based HW/SW co-design of the post-quantum classic McEliece cryptosystem

While quantum computers are rapidly becoming more powerful, the current cryptographic infrastructure is imminently threatened. In a preventive manner, the U.S. National Institute of Standards and Technology (NIST) has initiated a process to evaluate quantum-resistant cryptosystems, to form the first post-quantum (PQ) cryptographic standard. Classic McEliece (CM) is one of the most prominent cryptosystems considered for standardization in NIST’s PQ cryptography contest. However, its computational cost poses notable challenges to a big fraction of existing computing devices. This work presents an HLS-based, HW/SW co-design acceleration of the CM Key Encapsulation Mechanism (CM KEM). We demonstrate significant maximum speedups of up to 55.2 ×, 3.3 ×, and 8.7 × in the CM KEM algorithms of key generation, encapsulation, and decapsulation respectively, comparing to a SW-only scalar implementation.This research was supported by the European Union Regional Development Fund within the framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of 50% of the total cost eligible, under the DRAC project [001- P-001723]. It was also supported by the Spanish goverment (grant RTI2018-095094-B-C21 “CONSENT”), by the Spanish Ministry of Science and Innovation (contracts PID2019- 107255GB-C21, PID2019-107255GB-C21) and by the Catalan Government (contracts 2017-SGR-1414, 2017-SGR-705). This work has also received funding from the European Union Horizon 2020 research and innovation programme under grant agreement No. 871467. V. Kostalabros has been partially supported by the Agency for Management of University and Research Grants (AGAUR) of the Government of Catalonia under "Ajuts per a la contractació de personal investigador novell" fellowship No. 2019FI B01274. M. Moreto was also partially supported by the Spanish Ministry of Economy, Industry and Competitiveness under "Ramón y Cajal" fellowship No. RYC-2016-21104.Peer ReviewedPostprint (author's final draft

A security model for randomization-based protected caches

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention. This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question. In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache sidechannel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.This research was supported by the European Union Regional Development Fund withinthe framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of50% of the total cost eligible, under the DRAC project [001-P-001723], and by the SpanishGovernment, under the CONSENT project [RTI2018-095094-B-C21]. Carles Hernándezis partially supported by Spanish Ministry of Science, Innovation and Universities under“Ramón y Cajal”, fellowship No. RYC2020-030685-I. Vatistas Kostalabros is partiallysupported by the Agency for Management of University and Research Grants (AGAUR) ofthe Government of Catalonia, under “Ajuts per a la contractació de personal investigadornovell”, fellowship No. 2019FI B01274. Miquel Moretó is partially supported by theSpanish Ministry of Economy, Industry and Competitiveness under “Ramón y Cajal”,fellowship No. RYC-2016-21104.Peer ReviewedPostprint (published version

A security model for randomization-based protected caches

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention. This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question. In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache sidechannel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.This research was supported by the European Union Regional Development Fund withinthe framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of50% of the total cost eligible, under the DRAC project [001-P-001723], and by the SpanishGovernment, under the CONSENT project [RTI2018-095094-B-C21]. Carles Hernándezis partially supported by Spanish Ministry of Science, Innovation and Universities under“Ramón y Cajal”, fellowship No. RYC2020-030685-I. Vatistas Kostalabros is partiallysupported by the Agency for Management of University and Research Grants (AGAUR) ofthe Government of Catalonia, under “Ajuts per a la contractació de personal investigadornovell”, fellowship No. 2019FI B01274. Miquel Moretó is partially supported by theSpanish Ministry of Economy, Industry and Competitiveness under “Ramón y Cajal”,fellowship No. RYC-2016-21104.Peer ReviewedPostprint (published version

Enabling hardware randomization across the cache hierarchy in Linux-Class processors

The most promising secure-cache design approaches use cache-set randomization to index cache contents thus thwarting cache side-channel attacks. Unfortunately, existing randomization proposals cannot be sucessfully applied to processors’ cache hierarchies due to the overhead added when dealing with coherency and virtual memory. In this paper, we solve existing limitations of hardware randomization approaches and propose a cost-effective randomization implementation to the whole cache hierarchy of a Linux-capable RISC-V processor.This work has been supported by the European HiPEAC Network of Excellence, by the Spanish Ministry of Economy and Competitiveness (contract TIN2015-65316-P), and by Generalitat de Catalunya (contracts 2017-SGR-1414 and 2017- SGR-1328). The DRAC project is co-financed by the European Union Regional Development Fund within the framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of 50% of total cost eligible. We also thank Red-RISCV for the efforts to promote activities around open hardware. This work has received funding from the EU Horizon2020 programme under grant agreement no. 871467 (SELENE). M. Doblas has been partially supported by the Agency for Management of University and Research Grants (AGAUR) of the Government of Catalonia under Beques de Col·laboració d’estudiants en departaments universitaris per al curs 2019- 2020. V. Kostalabros has been partially supported by the Agency for Management of University and Research Grants (AGAUR) of the Government of Catalonia under Ajuts per a la contractació de personal investigador novell fellowship number 2019FI_ B01274. M. Moreto has been partially supported by the Spanish Ministry of Economy, Industry and Competitiveness under Ramón y Cajal fellowship number RYC- 2016-21104.Peer Reviewe