-
1.发明公开
-
公开(公告)号:EP4449663A1
公开(公告)日:2024-10-23
申请号:EP22835803.2
申请日:2022-12-15
-
公开(公告)号:EP4327216A1
公开(公告)日:2024-02-28
申请号:EP22723138.8
申请日:2022-04-15
-
4.发明公开
公开(公告)号:EP4243334A1
公开(公告)日:2023-09-13
申请号:EP22305274.7
申请日:2022-03-11
发明人: TEGLIA, Yannick , VIGILANT, David
摘要: A method (220) for countering a profiling of deep-learning (100) side channel (SCA) algorithm to disrupt a training phase of a deep-learning model is provided. It alters and interleaves an execution sequence (163) of modular exponentiations or point additions in a counter SCA algorithm. The mixing, loops (206-210) through bits of a private key, D, along a sliding window, wherein for each loop, an N-bit tuple from the private key (102) is compared (207) to the random number plus a linear increment, and, if the value is a match, it indexes (208) into said precomputed vector according to said random number, r, thereby extracting and interleaving values into an execution path of said counter SCA algorithm from said precomputed vector according to an index represented by said random number; otherwise. Other embodiments are provided.
-
5.发明公开
公开(公告)号:EP4199410A1
公开(公告)日:2023-06-21
申请号:EP21306829.9
申请日:2021-12-17
摘要: The present invention relates to a method secured against side channel attacks performing a cryptographic operation of a cryptographic algorithm, said cryptographic operation comprising at least one polynomial operation on at least one input polynomial A[X] in a first polynomial ring R q = F q [X]/(X n +1), with n an integer and q a first integer being a prime number, wherein said method is performed by a cryptographic device and comprises :
- selecting a multiplier integer t and determining a second integer q' by multiplying said first integer q by said selected multiplier integer t (S1),
- for each input polynomial A[X] with coefficients Ai in F q with i in [0,...,n-1],
∘ determining (S2) an invertible random polynomial R[X] in said first polynomial ring R q ,
∘ randomizing (S3) the coefficients Ai of said input polynomial A[X] based on said determined second integer q' and said determined random polynomial R[X] by:
✔ transforming the input polynomial A[X] into a lifted input polynomial A'[X] with coefficients Ai' such that Ai' = Ai + q mod q', with i in [0,...,n-1], the lifted input polynomial A'[X] being a polynomial in a second polynomial ring R q' = F q' [X]/(X n +1),
✔ randomizing the lifted input polynomial A'[X] by multiplying it by the random polynomial R[X] modulo said second integer q' to obtain a randomized input polynomial A"[X] in said second polynomial ring R q' ,
- performing (S4) the at least one polynomial operation of the cryptographic operation on said randomized input polynomials A"[X] instead of said input polynomials A[X] to obtain a result polynomial Res"[X] with coefficients Resi in F q' ,
- unmasking (S5) the result polynomial Res"(X) by applying to its coefficients a modulo said first integer q operation and/or by multiplying it by inverses of said random polynomials R[X] determined for the input polynomials to provide a result of the cryptographic operation.-
6.发明公开
公开(公告)号:EP3973659A1
公开(公告)日:2022-03-30
申请号:EP20715420.4
申请日:2020-04-07
发明人: VIGILANT, David , LI, Xun , HOKUNI, Sami , RANTALA, Janne
IPC分类号: H04L9/00
-
公开(公告)号:EP4372548A1
公开(公告)日:2024-05-22
申请号:EP22306680.4
申请日:2022-11-15
CPC分类号: G06F2207/72920130101 , G06F2207/72820130101 , G06F2207/721920130101 , G06F2207/724220130101 , G06F2207/722320130101 , G06F7/723 , H04L9/003
摘要: Enhancement of security of a computerized digital security device against horizontal side-channel analysis attacks randomizes sequences of actual operations and dummy operations. Depending on a value of a random value, the performing a first sequence in which a dummy operation precedes an actual operation or a second sequence in which a dummy operation follows an actual operation thereby obfuscating a value of a secret being manipulated by the computerized digital security device.
-
公开(公告)号:EP4340293A1
公开(公告)日:2024-03-20
申请号:EP22306367.8
申请日:2022-09-16
发明人: LI, Xun , VIGILANT, David
IPC分类号: H04L9/30
摘要: The present invention relates to a method for performing a cryptographic algorithm, performed by a cryptographic device comprising a cryptographic coprocessor comprising an integer multiplier, said cryptographic algorithm comprising a polynomial multiplication between a first input polynomial A[X] and a second input polynomial B[X], wherein the first input polynomial A[X] comprises N cm coefficients and the second input polynomial B[X] comprises N cn coefficients and said coefficients of the first and second input polynomials are of size N b bits, with Ncm, N cn and N b non-zero integers, said method comprising :
a) computing a polynomial result C[X] of a polynomial multiplication between said first input polynomial A[X] and said second input polynomial B[X] by :
- for the first input polynomial A[X], generating a concatenated integer A x as a concatenation of the coefficients of said first input polynomial, each coefficient being extended to a size N e with N e ≥ ⌈ log 2 Nc m ⌉ + 2 ∗ N b by inserting zeros as Most Significant Bits of said concatenated coefficients,
- obtaining each coefficient ci of the polynomial result by :
o for i an integer from 0 to N cn -1, wherein bi is the i-order coefficient of the second input polynomial B[X]:
▪ computing an intermediate value R i using said integer multiplier by multiplying said generated concatenated integer with said coefficient bi of the second input polynomial B[X] such that : Ri = R i -1 + A x ∗ bi where R -1 is equal to the value 0,
▪ storing the N e least significant bits of the intermediate value R i as the i th coefficient c i of the polynomial result C[X],
▪ applying a N e -bits right shift operation to the intermediate value Ri ,
o when i = N cn -1, for j an integer from N cn to Ncn+Ncm-2 :
▪ storing the N e least significant bits of the intermediate value R i as the j th coefficient cj of the polynomial result C[X],
▪ applying a N e -bits right shift operation to the intermediate value Ri,
b) performing said cryptographic algorithm using said determined polynomial result.-
9.发明公开
公开(公告)号:EP4275322A1
公开(公告)日:2023-11-15
申请号:EP22701172.3
申请日:2022-01-11
-
公开(公告)号:EP4258594A1
公开(公告)日:2023-10-11
申请号:EP22305467.7
申请日:2022-04-06
发明人: LI, Xun , VIGILANT, David
IPC分类号: H04L9/30
摘要: The present invention relates to a method for performing a cryptographic algorithm, performed by a cryptographic device comprising a cryptographic coprocessor comprising an integer multiplier,
said cryptographic algorithm comprising a polynomial multiplication between a first input polynomial A[X] and a second input polynomial B[X], wherein the first input polynomial A[X] and the second input polynomial B[X] comprise Nc coefficients and said coefficients of the first and second input polynomials are of size Nb bits, with Nc and Nb non-zero integers, said method comprising :
a) computing (P1) a polynomial result of a polynomial multiplication between said first input polynomial A[X] and said second input polynomial B[X] by :
- for each input polynomial, generating (S11) a concatenated integer as a concatenation of the coefficients of said input polynomial, each coefficient being extended to a size Ne with N e ≥ ┌log 2 Nc ┐ + 2 * N b by inserting zeros as Most Significant Bits of said concatenated coefficients,
- computing (S12) using said integer multiplier a multiplication of said generated concatenated integers to obtain a multiplication result,
- determining (S13) from said multiplication result said polynomial result of a polynomial multiplication between said first input polynomial A[X] and said second input polynomial B[X],
b) performing (S21) said cryptographic algorithm using said determined polynomial result.
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.013 秒)
