Side-channel attacks impose a serious threat to cryptographic algorithms, including widely employed ones, such as AES and RSA, taking advantage of the algorithm implementation in hardware or software to extract secret information via timing and/or power side-channels. Software masking is a software mitigation approach against power side-channel attacks, aiming at hiding the secret-revealing dependencies from the power footprint of a vulnerable implementation. However, this type of software mitigation often depends on general-purpose compilers, which do not preserve non-functional properties. Moreover, microarchitectural features, such as the memory bus and register reuse, may also reveal secret information. These abstractions are not visible at the high-level implementation of the program. Instead, they are decided at compile time. To remedy these problems, security engineers often sacrifice code efficiency by turning off compiler optimization and/or performing local, post-compilation transformations. This paper proposes SecConCG, a constraint-based compiler approach that generates optimized yet secure code. SecConCG controls the quality of the mitigated program by efficiently searching the best possible low-level implementation according to a processor cost model. In our experiments with ten masked implementations on MIPS32 and ARM Cortex M0, SecConCG speeds up the generated code from 10% to 10x compared to non-optimized secure code at a small overhead of up to 7% compared to non-secure optimized code. For security and compiler researchers, this paper proposes a formal model to generate secure low-level code. For software engineers, SecConCG provides a practical approach to optimize code that preserves security properties.

翻译：侧通道攻击对加密算法构成严重威胁,包括广泛使用的加密算法,如AES和RSA等。利用硬件或软件的算法实施,利用硬件或软件的算法实施,通过定时和/或电源侧通道提取秘密信息。软件遮盖是针对电源侧通道攻击的一种软件减缓方法,目的是将秘密清除的依赖性从脆弱的执行的电源足迹中隐藏起来。然而,这种软件减缓往往取决于一般用途的编译器,它们并不保存不起作用的特性。此外,缩微结构构造功能,例如存储总线和登记册再利用,也可能暴露秘密信息。这些抽象信息在程序的高级别执行中看不到。相反,它们是在编译时决定的。为了解决这些问题,安全工程师往往会牺牲代码效率,关闭编译器的优化和/或进行本地的、编译后变换。本文建议SecconCG为基于制约的编译器,用于生成最佳但安全的编码。SeconCG控制程序的质量,通过高效搜索最低的编码,在SBS-C级上,在10级的SMMC进行最有可能的加密的编码,在10号上提供最安全的编码。