Combining Loop Shuffling and Code PolyMorphism for Enhanced AES Side-Channel Security.

Combining countermeasures against side-channel attacks represents a promising approach to defend against powerful attackers. Existing works on this topic show that the hope for a significant increase of security is sometimes fulfilled, although not always. In this paper, we consider the combination of two hiding countermeasures, namely loop shuffling and code polymorphism. We study the combination on a custom implementation of AES, tailored to ease shuffling while providing a balance between performance and RAM usage. Our experimental study exploits real-world traces and simulated noiseless traces. On real-world traces, we show that code polymorphism effectively mitigates leakage stemming from the permutation variable employed for loop shuffling, and that both countermeasures resist surprisingly well to a deep learning attack that showed great success against code polymorphism in a former work. On simulated traces, we show that combining the countermeasures complicates both a simple CPA and a deep learning attack. As is, the combination of these countermeasures seems beneficial and should be particularly relevant in any context where loop shuffling benefits vanish due to the leakage of its permutation variables.