Cleo is a Test Vector Leakage Assessment (TVLA) project that evaluates hardware implementations of cryptographic instruction set extensions for physical side-channel leakage. The current framework supports evaluating ongoing RISC-V cryptography extension standardization work. This is a complete power side-channel evaluation framework parallel to the existing test-based functional validation suite and formal verification suite.
The RISC-V instruction set architecture is known for its open-source and customizable design. One of the notable features of RISC-V is its modular and extensible nature, allowing developers to add custom instructions and extensions tailored to specific applications. There are several ongoing works on developing cryptographic instruction set extensions of RISC-V architecture.
- riscv-crypto: RISC-V cryptography extensions standardisation work.
- xcrypto: a cryptographic ISE for RISC-V
Test vector leakage assessment tries to quantify potential power side-channel leakage of a hardware implementation at an early stage design life cycle. The device's power consumption fluctuates as it executes computations, responding to changing logic states and data processing. These current variations generate distinct patterns that enable the analysis of the ongoing operations. By observing these power consumption fluctuations and correlating them with specific computations, an adversary can deduce sensitive data, such as cryptographic keys or plaintext, without needing direct access to the internal memory or processes of the target device.
Here is the project structure. All the extensions under testing (eut
) are initialized as submodules. Currenlty, riscv-crypto, xcrypto and scarv-soc are elvaluated.
.
├── docker
│ └── dockerfile # Environement
├── eut # extensions under test
│ ├── riscv-crypto
│ ├── scarv-soc
│ └── xcrypto
├── evaluator # evaluator core
│ ├── generator
│ ├── Makefile # make to run all
│ ├── power_libs # common utility files
│ ├── results.txt # Summary
│ ├── riscv_crypto_fu_saes32
│ ├── riscv_crypto_fu_saes64
│ ├── riscv_crypto_fu_ssha256
│ ├── riscv_crypto_fu_ssha512
│ ├── xc_sha256
│ ├── xc_sha512
│ ├── xc_aessub
│ ├── xc_aesmix
│ └── scarv_soc # SoC for the xcrypto
└── readme.md # You are looking at it
Following are the steps to run the framework. Docker is a pre-requisite for Cleo since the complete environment for building everything is provided in archfx/cleo container.
- Clone the project repository
git clone https://github.com/Archfx/Cleo cleo
- Use the following commands to initiate submodules
cd cleo
git submodule update --init
git submodule update --init --recursive eut/scarv-soc
- Pull the docker container and mount the project (You should be inside the project directory)
docker pull archfx/cleo
docker run -t -p 6080:6080 -v "${PWD}/:/cleo" -w /cleo --name cleo archfx/cleo
- Access the docker container
docker exec -it cleo /bin/bash
- Finally run Cleo
cd evaluator && make
Original implementations of the hardware functional units of RISCV-CRYPTO have a strong correlation with the input values. As an example following is the power side channel signature of the ssha512 functional unit and the visual relationship between the input values. Evaluation results of other components are available in evaluator
folder.
riscv_crypto_fu_ssha512 power signature compared with the inputs
Original implementations of the hardware functional units of XCRYPTO have a strong correlation with the input values.
As an example following is the power side channel signature of the xc_sha256 functional unit and the visual relationship between the input values. Evaluation results of other components are available in evaluator
folder.
xc_sha256 power signature compared with the inputs
XCYPTO ISE is implemented in the SOC implementation of scarv-soc. Therefore all the supporting functional units that are implemented on the scarv-soc are evaluated with the Cleo. Note that system evaluation takes a considerable amount of run time. However, there is a clearly visible statistical significance in the correlation between the input and the observed power values of the system.
Power signature of xc_aesmix on the system evaluation compared with the inputs
Copyright (c) 2023 original authors
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.