Skip to main content

Can Code Polymorphism Limit Information Leakage?

Antoine Amarilli, Sascha Muller, David Naccache, Dan Page, Pablo Rauzy, Michael Tunstall, Can Code Polymorphism Limit Information Leakage?. Workshop in Information Security Theory and Practice - WISTP 2011, pp. 1–21. June 2011. No electronic version available.


In addition to its usual complexity assumptions, cryptography silently assumes that information can be physically protected in a single location. As one can easily imagine, real-life devices are not ideal and information may leak through different physical side-channels. It is a known fact that information leakage is a function of both the executed code F and its input x.

In this work we explore the use of polymorphic code as a way of resisting side-channel attacks. We present experimental results with procedural and functional languages. In each case, we rewrite the protected code F_i before its execution. The outcome is a genealogy of programs, F_0, F_1, ... such that for all inputs x and for all indexes i not equal to j => F_i(x) = F_j(x) and F_i not equal to F_j. This is shown to increase resistance to side-channel attacks.

Bibtex entry.

Publication Admin