Section: New Results

Secure Compilation of Side-Channel Countermeasures: The Case of Cryptographic "Constant-Time"

Participants : Benjamin Grégoire, Gilles Barthe [IMDEA] , Vincent Laporte [IMDEA] .

Software-based countermeasures provide effective mitigation against side-channel attacks, often with minimal efficiency and deployment overheads. Their effectiveness is often amenable to rigorous analysis: specifically, several popular countermeasures can be formalized as information flow policies, and correct implementation of the countermeasures can be verified with state-of-the-art analysis and verification techniques. However, in absence of further justification, the guarantees only hold for the language (source, target, or intermediate representation) on which the analysis is performed. We consider the problem of preserving side-channel counter-measures by compilation for cryptographic “constant-time”, a popular countermeasure against cache-based timing attacks. We have presented a general method, based on the notion of constant-time-simulation, for proving that a compilation pass preserves the constant-time countermeasure. This work was described in [16]. At the conference, this work received the “distinguished paper” award.