Which precautions to protect against side-channel attacks on ARX ciphers?

Question

In recent crypto there has been a trend to design ciphers using only the ARX set of instructions - i.e. additions (modulo $2^{32}$ or $2^{64}$), rotations (by a fixed constant) and XORs, examples include Threefish, Salsa20 and ChaCha20.

One of the nicer, claimed properties of such ciphers is that they are supposedly easier to implement in a side-channel resistant fashion.

Assuming one would want to implement Threefish (on a multitude of architectures such as ARM, x86 and x64), which precautions does one need to take to avoid side-channel attacks for such implementations? And are there any precautions which would be applicable to ARX designs specifically? If, which precautions against side-channel attacks can/should be taken?

What I don't count here: attacks that would work by exploiting unproperly erased/freed memory. I'm looking for the standard cryptographical side channels: cache-timing, "normal" timing and maybe (differential) power (/EM) analysis.

What I would consider "pre-cautions": any code solely intended to defeat side channel attacks while not being documented in the original specification (which usually gives only a mathematical approach).

Answer 1

Side channels

Essentially, side channels tell something about the secret data by using properties (e.g. timing, power consumption) of the algorithm itself. If an algorithm executes in a different way for different messages/keys, the attacker can deduce information about the message/key from the properties of the execution.

Even if the attacker only gains a little information about the key in one execution, they can do statistical analysis on arbitrary many measurements and thus still get a lot of information.

Where I come from I have learnt that you must assume that the attacker:

1. Can query the device an arbitrary amount of times with their own chosen messages/ciphertexts.
2. Knows every instruction (and branch) as they are executed (by using timing attacks/power traces).
3. Knows the execution time of every instruction (by using timing attacks/power traces).
4. Knows every address that is looked up during the execution of the algorithm (by using cache timing attacks).

Solution: All crypto algorithms must run deterministically. In other words:

• Do not branch on secret data.
• Do not do any memory lookups dependent on secret data. I.e. you can do memory lookups, but only if the algorithm does exactly the same lookups each time it executes.
• Only use instructions that execute in constant time. (For example, div-instructions often do not execute in a constant amount of cycles.)

ARX ciphers

ARX ciphers limit themselves to only three basic operations which all run in constant time on pretty much all platforms. Because of their design, there are not really that many precautions to be taken, as long as you adhere to the rules above.

But know that, while you will be ok most of the time, it just really depends on the implementation and on the platform. As Squeamish notes: hardware implementations of ARX ciphers can just as easily be vulnerable against DPA/EM attacks, even if you follow all the rules above.