Spectre v1 poses severe speculative-execution leakage risks to cryptographic software—particularly side-channel-sensitive algorithms like RSA—yet existing global instruction-hardening schemes incur prohibitive overhead. Method: This paper proposes *precision instruction hardening*: a two-stage static analysis framework built upon abstract interpretation, introducing the first modeling technique that jointly incorporates bit-level taint domains and structure-sensitive value domains. It delivers the first formal security proof of secret independence for RSA’s scatter-gather patterns at cache-line granularity. Hardening is applied exclusively at instructions exhibiting genuine speculative vulnerability, avoiding indiscriminate protection. Contribution/Results: Evaluated on OpenSSL, the approach achieves zero performance overhead for 4 out of 7 core cryptographic algorithms; overall overhead is substantially lower than state-of-the-art solutions. It is the first method to simultaneously achieve *provably secure* Spectre v1 mitigation and practical efficiency.

Several software mitigations have been proposed to defend against Spectre vulnerabilities. However, these countermeasures often suffer from high performance overhead, largely due to unnecessary protections. We propose LightSLH, designed to mitigate this overhead by hardening instructions only when they are under threat from Spectre vulnerabilities. LightSLH leverages program analysis techniques based on abstract interpretation to identify all instructions that could potentially lead to Spectre vulnerabilities and provides provable protection. To enhance analysis efficiency and precision, LightSLH employs novel taint and value domains. The taint domain enables bit-level taint tracking, while the value domain allows LightSLH to analyze complex program structures such as pointers and structures. Furthermore, LightSLH uses a two-stage abstract interpretation approach to circumvent potential analysis paralysis issues. We demonstrate the security guarantees of LightSLH and evaluate its performance on cryptographic algorithm implementations from OpenSSL. LightSLH significantly reduces the overhead associated with speculative-load-hardening techniques. Our results show that LightSLH introduces no protection and thus no overhead on 4 out of the 7 studied algorithms, which contrasts with existing countermeasures that introduce additional overhead due to unnecessary hardening. Additionally, LightSLH performs, for the first time, a rigorous analysis of the security guarantees of RSA against Spectre v1, highlighting that the memory access patterns generated by the scatter-gather algorithm depend on secrets, even for observers at the cache line granularity, necessitating protection for such accesses.