Reconvergence-Informed Information Flow Tracking in the Rocket Core

Abstract

Emerging threats in modern processor design underscore the need for robust hardware security measures, particularly in scenarios where unintended information leakage can compromise sensitive data (Kocher et al.; Lipp et al., 2020). Information Flow Tracking (IFT) has become a critical technique to enforce confidentiality and integrity requirements by identifying unintended data propagation paths (Hu et al., 2022). However, existing IFT approaches often introduce considerable overhead, limiting their applicability in performance- and cost-sensitive domains. In this work, we propose a custom IFT solution integrated into a constant-time multiplier for the Rocket Core. By engineering the taint propagation logic to address data correlations and reconvergence conditions, our approach reduces unnecessary complexity while preserving security guarantees. We compare our implementation to both CellIFT (Solt et al.) and a self-composition method (SPV, JasperGold) to assess relative trade-offs in precision, performance, and resource utilization. Formal verification results demonstrate a remarkable improvement in tracking precision, reducing false positives compared to prior approaches. Furthermore, our module design yields approximately 24% as many gates as CellIFT, offering tangible cost and area benefits. Compared to SPV, we observe 21% fewer overall flip-flops, making our solution attractive for resource-constrained hardware applications. This work presents an approach for reconvergence-informed IFT within an open source RISC-V processor, providing new insights into efficient hardware taint tracking and reinforcing the viability of IFT for secure processor architectures.