Source code of secure multiplications for bitslice higher-order masking (in ARMv7 assembly)
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
1_isw.s
1_isw_unrolled.s
2_bdfgss.s
2_bdfgss_unrolled.s
3_bbpptv.s
3_bbpptv_original.s
3_bbpptv_unrolled.s
4_bcpz_function.s
4_bcpz_macro.s
5_bdfgss_refresh.s
5_isw_refresh.s
main.c
parameters.h
random.s
wrapper.s

Secure Multiplication for Bitslice Higher-Order Masking

This repository provides some material related to the article Secure Multiplication for Bitslice Higher-Order Masking published at COSADE 2018. The repository includes the source codes of the multiplication schemes optimised in ARMv7 assembly as depicted in the paper.

Content

ARMv7 assembly source files:

• 1_isw.s: generic ISW multiplication.
• 1_isw_unrolled.s: unrolled ISW multiplication.
• 2_bdgfss.s: generic BDGFSS multiplication (can not be used for a masking order of 2 and 32).
• 2_bdgfss_unrolled.s: unrolled BDGFSS multiplication.
• 3_bbpptv.s: generic BBPPTV multiplication.
• 3_bbpptv_unrolled.s: unrolled BBPPTV multiplication.
• 3_bbpptv_original.s: BBPPTV multiplication from the original paper.
• 4_bcpz_macro.s: BCPZ multiplication with macros.
• 4_bcpz_function.s: BCPZ multiplication with macros and functions.
• 5_isw_refresh.s: ISW refresh.
• 5_bdfgss_refresh.s: BDFGSS refresh.
• random.s: random generation.
• wrapper.s: ARMv7 assembly source code that call the multiplication according to the parameters in parameter.h.

• parameter.h: Header files containing different sets of parameters or constant definition.

Main:

• main.c: Main file containing function to set up shares/unmasked shares according to mode chosen and testing the correctness.

Parameters

• MASKING_ORDER: sets the masking order. Possible values lies in ${2,4,8,16,32}$
• NB_ELM_PBM: sets the number of elements per register in the BDFGSS type multiplications. More precisely, since we manipulate all the shares of a sensitive bit at once and in order to make full use of the register, we store NB_ELM_PBM sensitive bits (with their shares) in a 32-bit register. Hence it is defined as $\frac{32}{MASKING_ORDER}$ (needs no modification).
• MODE: sets the mode of multiplication or refresh to be tested by the main. The possible values are the different multiplications/refreshes defined in the above files. In other words, it can be equal to:
• ISW
• ISW_UNROLLED
• BDFGSS
• BDFGSS_UNROLLED
• BBPPTV
• BBPPTV_UNROLLED
• BBPPTV_ORIGINAL
• BCPZ_MACRO
• BCPZ_FUNCTION
• BDFGSS_REFRESH
• RAND_MODE: sets the TRNG settings to be used. For test purposes, a table with pre computed random bytes (labelled RNGTab) is used. The two possible values are:
• TRNG1: TRNG with 3 clock cycles
• TRNG2: TRNG with 80 clock cycles

/!\ WARNING /!\

• As opposed to what is written in the paper, the TRNG1 mode is 3 clock cycles (instead of 10). This is not affecting the trend highlighted in the paper.
• The random generation code is dedicated for benchmarking only. For a practical use the get_random function should be defined according to the specific use case.

/!\ WARNING /!\

How to use

To test the code:

• install Keil µVision (version 5 or higher),
• create a project for a ARMv7 target (little endian)
• add the source files (wrapper.s, parameter.h and main.c) to the project and run.