Ask Less, Get More: Side-Channel Signal Hiding, Revisited

Signal hiding countermeasures have been extensively investigated in the early side-channel attacks' literature. Due to design and physical imperfections, their stand-alone use only leads to a limited reduction of the attacks' complexity. As a result, more algorithmic countermeasures providing a more formal cost vs. security tradeoff (e.g., shuffling and masking) have gained more attention. Yet, since the cost associated with these is high, designers aim at combining countermeasures, leveraging the strength of each. In this manuscript, we demonstrate that by asking less to both signal hiding and algorithmic countermeasures (as stand-alone), we can develop combined countermeasures that indeed provide higher security at lower cost. For this purpose, we show how we can stack signal reduction and amplitude randomization techniques with ultra low cost automatic design flows and standard tools, and reach attractive security levels in combination with masking. Concretely, we examine two natural strategies for signal hiding and their combination: namely WDDL and a simple, local, scalable and easy-to-implement noise generation engine. A 65nm technology ASIC is evaluated with multiple isolated AES cores, leveraging recent information theoretic bounds which are connected to masking security proofs, significantly reducing the side-channel information leakage. We further quantify performance gains for masked designs.