RISC-V Summit 2022 has ended
December 13-14, 2022 | San Jose, CA + Virtual
Learn More & Register Now
Virtual Event Access
Back To Schedule
Wednesday, December 14 • 12:05pm - 12:25pm
RISC-V Zkt: Portable Timing Attack Resistance (via Dynamic Taint Analysis) - Markku-Juhani O. Saarinen, PQShield Ltd.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
One recently ratified RISC-V security-related extension is Zkt, the "Data Independent Execution Latency Subset." It extends the hardware-software ISA contract by defining a subset of instructions whose latency is asserted to be independent of input data. Hence these instructions can be trusted to process sensitive data without timing leakage. In the talk, I'll describe a method for verifying the constant-time behavior of RISC-V code. To accomplish the tracing of information flows, we have created a full-system RISC-V emulator that implements Dynamic Taint Analysis (DTA). Testing compiled binary executables rather than source code (or other abstract representation) is essential, as compilers are known to modify security-critical code. The simulated system has instrumentation functions for tainting sensitive variables. In the simulator, a shadow state is attached to registers and memory locations; symbolic execution and simple inference and propagation rules allow the simulator to determine which output variables are affected and where constant-time / Zkt violations can occur. We show that production-scale cryptography codebases can be analyzed for timing leakage.

avatar for Markku-Juhani O. Saarinen

Markku-Juhani O. Saarinen

Staff Cryptography Architect, PQShield Ltd.
I started as a cryptographer and a security engineer in 1997 as one of the early employees of SSH Communications Security in Helsinki. There I helped to design the now-ubiquitous SSH2 protocol. In my late 20s, I drifted into the world of exploits and security consulting (mainly in... Read More →

Wednesday December 14, 2022 12:05pm - 12:25pm PST
Grand Ballroom 220 B
  Technical, Security