Transactions on Cryptographic Hardware and Embedded Systems, Volume 2021
Side-Channel Protections for Picnic Signatures
README
Implementations
We provide two variants of Picnic3-L1 implementations:
opt: a port of the optimized C implementation which is compatible with the
Picnic specification, modified to use less memory, so as to fit in the
available RAM of the STM32F4 (128KB)masked: This is the masked implementation designed and analyzed in the paper
Side-Channel Protections for Picnic Signatures.
It aims to provide first order protection against probing side-channel attacks. See
the paper for description and analysis of the countermeasures. Modify fileconfig.h
for selecting the masking approach (default is selective half-masking).
There are two possibilities to execute the implementations, both requiring the pqm4 framework. Copy the crypto_sign/picnic3l1 folder inside pqm4/crypto_sign, and after that:
- For x64 platforms, use the
Makefileinsideopt/ormasked/to build the corresponding version.
Tests can be built and executed withmake katsand by running the produced binary. Benchmarks can be executed aftermake benchby running the binary with instance number7. - For ARM Cortex-M4, the whole
pqm4functionality will be available (test, benchmarks, testvectors, etc). We refer topqm4for additional usage documentation.
Our formal verification scripts can be validated with maskVerif. Check the README inside crypto_sign/picnic3l1/masked/formal_verification for instructions.