公开(公告)号：EP1889398A2

公开(公告)日：2008-02-20

申请号：EP06749987.1

申请日：2006-04-12

申请人： ATMEL CORPORATION

发明人： DUPAQUIS, Vincent ,  DOUGUET, Michel

IPC分类号： H04L9/00

CPC分类号： G06F7/726 ,  G06F2207/7233

摘要： A cryptographically secure, computer hardware-implemented binary finite-field polynomial modular reduction method estimates (32) and randomizes (36) a polynomial quotient q' (x) used for computation of a polynomial remainder. The randomizing error E (x) injected into the approximate polynomial quotient q (x) is limited to a few bits, e.g. less than half a word. The computed (38) polynomial remainder r' (x) is congruent with but a small random multiple of the residue r (x), which can be found by a final strict binary field reduction by the modulus M (x). In addition to a computational unit (10) and operations sequencer (16), the computing hardware also includes a random or pseudo-random number generator (20) for producing the random polynomial error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.

公开(公告)号：EP1955465A2

公开(公告)日：2008-08-13

申请号：EP06850185.7

申请日：2006-11-21

申请人： ATMEL CORPORATION

发明人： DUPAQUIS, Vincent ,  DOUGUET, Michel

IPC分类号： H04K1/00

CPC分类号： H04L9/0625 ,  H04L9/002 ,  H04L9/003 ,  H04L2209/043 ,  H04L2209/08 ,  H04L2209/24

摘要： A deterministic blinding method for cipher algorithms that employ key -mixing and substitution (S -box) operations uses a masking table (MASK[0] to MASK [63] ) constructed with a true mask (MASK[0] ) and a plurality of dummy masks corresponding to every possible S-box input. Each mask is applied in the key -mixing operation (e.g., bitwise XOR) to the cipher key (K) or to round subkeys (K1 to K16) to generate true and dummy keys or subkeys that are applied to the data blocks (DATA) within the overall cipher algorithm or within individual cipher rounds. The mask values prevent side-channel statistical analyses from determining the true from the dummy keys or subkeys. The true mask is identifiable to the cipher but not by external observers.

公开(公告)号：EP1687930A1

公开(公告)日：2006-08-09

申请号：EP04800660.5

申请日：2004-11-05

申请人： ATMEL CORPORATION

发明人： DUPAQUIS, Vincent ,  DOUGUET, Michel

IPC分类号： H04L9/00 ,  G06F3/00 ,  G06F1/02

CPC分类号： G06F7/72 ,  G06F2207/7223 ,  H04L9/002 ,  H04L9/0662 ,  H04L9/302 ,  H04L2209/12

摘要： A cryptographically secure, computer hardware­implemented modular reduction method systematically underestimates (q) and randomizes an approximate quotient (q') used for computation of a remainder (R'). The randomizing error (E) injected into the approximate quotient is limited to a few bits, e.g. less than half a word. The computed remainder (R') is congruent with but a small random multiple of the residue (R), which can be found by a final set of subtractions by the modulus (M). In addition to a computational unit (10) and operations sequencer (16), the computing hardware also includes a random or pseudo-random number generator (20) for producing the random error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.