Side-channel leakage models for RISC instruction set architectures from empirical data

Side-channel attacks are currently among the most serious threats for embedded systems. Popular countermeasures to mitigate the impact of such attacks are masking schemes, where secret intermediate values are split in two or more values by virtue of secret sharing. In case of unwanted correlations between different registers inside the CPU, the shared secret may leak through a side-channel. This problem is particularly evident on low cost embedded systems, such as nodes for the Internet of Things (IoT), where cryptographic algorithms are often implemented in pure software on a reduced instruction set computer. On such an architecture, all data manipulation operations are carried out on the contents of the CPU's register file. This means that all intermediate values of the cryptographic algorithm pass through the register file. Towards avoiding unwanted leakages, special care has to be taken in the mapping of the registers to intermediate values of the algorithm. In this work, we describe an empirical study that reveals effects of unintended unmasking of masked intermediate values and thus leaking secret values. The effects are abstracted to the level of the instruction set architecture on a RISC CPU. Furthermore, we discuss the possibility to have the compiler thwart such leakages.