利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

2 条记录 (耗时 0.008 秒)

    METHOD SECURED AGAINST SIDE-CHANNEL ATTACKS PERFORMING A CRYPTOGRAPHIC ALGORITHM COMPRISING A POLYNOMIAL OPERATION
    1.
    发明公开
    METHOD SECURED AGAINST SIDE-CHANNEL ATTACKS PERFORMING A CRYPTOGRAPHIC ALGORITHM COMPRISING A POLYNOMIAL OPERATION 审中-公开

    公开(公告)号:EP4199410A1

    公开(公告)日:2023-06-21

    申请号:EP21306829.9

    申请日:2021-12-17

    申请人: Thales Dis France SAS

    发明人: VIGILANT, David ROUSSELLET, Mylène PERION, Fabrice

    IPC分类号: H04L9/00 H04L9/30

    摘要: The present invention relates to a method secured against side channel attacks performing a cryptographic operation of a cryptographic algorithm, said cryptographic operation comprising at least one polynomial operation on at least one input polynomial A[X] in a first polynomial ring R q = F q [X]/(X n +1), with n an integer and q a first integer being a prime number, wherein said method is performed by a cryptographic device and comprises :
    - selecting a multiplier integer t and determining a second integer q' by multiplying said first integer q by said selected multiplier integer t (S1),
    - for each input polynomial A[X] with coefficients Ai in F q with i in [0,...,n-1],
    ∘ determining (S2) an invertible random polynomial R[X] in said first polynomial ring R q ,
    ∘ randomizing (S3) the coefficients Ai of said input polynomial A[X] based on said determined second integer q' and said determined random polynomial R[X] by:
    ✔ transforming the input polynomial A[X] into a lifted input polynomial A'[X] with coefficients Ai' such that Ai' = Ai + q mod q', with i in [0,...,n-1], the lifted input polynomial A'[X] being a polynomial in a second polynomial ring R q' = F q' [X]/(X n +1),
    ✔ randomizing the lifted input polynomial A'[X] by multiplying it by the random polynomial R[X] modulo said second integer q' to obtain a randomized input polynomial A"[X] in said second polynomial ring R q' ,

    - performing (S4) the at least one polynomial operation of the cryptographic operation on said randomized input polynomials A"[X] instead of said input polynomials A[X] to obtain a result polynomial Res"[X] with coefficients Resi in F q' ,
    - unmasking (S5) the result polynomial Res"(X) by applying to its coefficients a modulo said first integer q operation and/or by multiplying it by inverses of said random polynomials R[X] determined for the input polynomials to provide a result of the cryptographic operation.