Design and Implementation of a Secure RISC-V Microprocessor

TL;DR

This paper presents a fully automated design of a secure RISC-V microprocessor that employs Boolean masking to protect against side-channel attacks, with implementations in 65 nm CMOS technology demonstrating strong security and performance benefits.

Contribution

It introduces a novel, automated methodology for designing secure microprocessors with Boolean masking applicable to complex designs, reducing security risks and overheads.

Findings

Microprocessor implemented in 65 nm CMOS technology.

RNG passes all NIST tests for randomness.

Secure microprocessor withstands side-channel attacks with 20 million traces.

Abstract

Secret keys can be extracted from the power consumption or electromagnetic emanations of unprotected devices. Traditional counter-measures have limited scope of protection, and impose several restrictions on how sensitive data must be manipulated. We demonstrate a bit-serial RISC-V microprocessor implementation with no plain-text data. All values are protected using Boolean masking. Software can run with little to no counter-measures, reducing code size and performance overheads. Unlike previous literature, our methodology is fully automated and can be applied to designs of arbitrary size or complexity. We also provide details on other key components such as clock randomizer, memory protection, and random number generator. The microprocessor was implemented in 65 nm CMOS technology. Its implementation was evaluated using NIST tests as well as side channel attacks. Random numbers generated with our RNG pass on all NIST tests. Side-channel analysis on the baseline implementation extracted the AES key using only 375 traces, while our secure microprocessor was able to withstand attacks using 20 M traces.