Zebrafix: Mitigating Memory-Centric Side-Channel Leakage via Interleaving

TL;DR

Zebrafix is a compiler-based tool that uses interleaving to mitigate memory-centric side-channel leaks in cryptographic code, offering better performance than previous methods despite increased complexity.

Contribution

This work introduces a novel interleaving-based approach for ciphertext side-channel mitigation and demonstrates its effectiveness in preventing silent stores within a unified memory-centric side-channel framework.

Findings

Interleaving outperforms other ciphertext side-channel mitigations in efficiency.

Zebrafix effectively prevents silent stores and memory-centric side-channel leaks.

Interleaving incurs high practical complexity but offers significant security benefits.

Abstract

Constant-time code has become the de-facto standard for secure cryptographic implementations. However, some memory-based leakage classes such as ciphertext side-channels and silent stores remain unaddressed. Prior work proposed three different methods for ciphertext side-channel mitigation, for which one, the practicality of interleaving data with counter values, remains to be explored. To close this gap, we define design choices and requirements to leverage interleaving for a generic ciphertext side-channel mitigation. Based on these results, we implement Zebrafix, a compiler-based tool to ensure freshness of memory stores. We evaluate Zebrafix and find that interleaving can perform much better than other ciphertext side-channel mitigations, at the cost of a high practical complexity. We further observe that ciphertext side-channels and silent stores belong to a broader attack category: memory-centric side-channels. Under this unified view, we show that interleaving-based ciphertext side-channel mitigations can be used to prevent silent stores as well.