Source code of secure multiplications for bitslice higher-order masking (in ARMv7 assembly)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
1_isw.s
1_isw_unrolled.s
2_bdfgss.s
2_bdfgss_unrolled.s
3_bbpptv.s
3_bbpptv_original.s
3_bbpptv_unrolled.s
4_bcpz_function.s
4_bcpz_macro.s
5_bdfgss_refresh.s
5_isw_refresh.s
LICENSE
README.md
main.c
parameters.h
random.s
wrapper.s

README.md

Secure Multiplication for Bitslice Higher-Order Masking

This repository provides some material related to the article Secure Multiplication for Bitslice Higher-Order Masking published at COSADE 2018. The repository includes the source codes of the multiplication schemes optimised in ARMv7 assembly as depicted in the paper.

Authors

Copyright and License

Copyright © 2018, CryptoExperts and Université Catholique de Louvain

License GNU General Public License v3 (GPLv3)

Content

ARMv7 assembly source files:

  • 1_isw.s: generic ISW multiplication.
  • 1_isw_unrolled.s: unrolled ISW multiplication.
  • 2_bdgfss.s: generic BDGFSS multiplication (can not be used for a masking order of 2 and 32).
  • 2_bdgfss_unrolled.s: unrolled BDGFSS multiplication.
  • 3_bbpptv.s: generic BBPPTV multiplication.
  • 3_bbpptv_unrolled.s: unrolled BBPPTV multiplication.
  • 3_bbpptv_original.s: BBPPTV multiplication from the original paper.
  • 4_bcpz_macro.s: BCPZ multiplication with macros.
  • 4_bcpz_function.s: BCPZ multiplication with macros and functions.
  • 5_isw_refresh.s: ISW refresh.
  • 5_bdfgss_refresh.s: BDFGSS refresh.
  • random.s: random generation.
  • wrapper.s: ARMv7 assembly source code that call the multiplication according to the parameters in parameter.h.

Header file:

  • parameter.h: Header files containing different sets of parameters or constant definition.

Main:

  • main.c: Main file containing function to set up shares/unmasked shares according to mode chosen and testing the correctness.

Parameters

  • MASKING_ORDER: sets the masking order. Possible values lies in ${2,4,8,16,32}$
  • NB_ELM_PBM: sets the number of elements per register in the BDFGSS type multiplications. More precisely, since we manipulate all the shares of a sensitive bit at once and in order to make full use of the register, we store NB_ELM_PBM sensitive bits (with their shares) in a 32-bit register. Hence it is defined as $\frac{32}{MASKING_ORDER}$ (needs no modification).
  • MODE: sets the mode of multiplication or refresh to be tested by the main. The possible values are the different multiplications/refreshes defined in the above files. In other words, it can be equal to:
    • ISW
    • ISW_UNROLLED
    • BDFGSS
    • BDFGSS_UNROLLED
    • BBPPTV
    • BBPPTV_UNROLLED
    • BBPPTV_ORIGINAL
    • BCPZ_MACRO
    • BCPZ_FUNCTION
    • BDFGSS_REFRESH
  • RAND_MODE: sets the TRNG settings to be used. For test purposes, a table with pre computed random bytes (labelled RNGTab) is used. The two possible values are:
    • TRNG1: TRNG with 3 clock cycles
    • TRNG2: TRNG with 80 clock cycles

/!\ WARNING /!\

  • As opposed to what is written in the paper, the TRNG1 mode is 3 clock cycles (instead of 10). This is not affecting the trend highlighted in the paper.
  • The random generation code is dedicated for benchmarking only. For a practical use the get_random function should be defined according to the specific use case.

/!\ WARNING /!\

How to use

To test the code:

  • install Keil µVision (version 5 or higher),
  • create a project for a ARMv7 target (little endian)
  • add the source files (wrapper.s, parameter.h and main.c) to the project and run.