-
-
2.发明授权COMBINING INTERLEAVING WITH FIXED-SEQUENCE WINDOWING IN AN ELLIPTIC CURVE SCALAR MULTIPLICATION 有权WITH FIXSEQUENZFENSTERUNG嵌套在标量乘法运算的椭圆曲线上组合
公开(公告)号:EP2119099B1
公开(公告)日:2011-10-05
申请号:EP08733547.7
申请日:2008-03-06
CPC分类号: H04L9/3066 , G06F7/535 , G06F7/721 , G06F7/725 , G06F7/726 , G06F2207/7238 , G06F2207/7242 , G06F2207/7261 , H04L9/003 , H04L9/0844 , H04L9/3252 , H04L63/1441 , H04L2209/04 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: An Elliptic Curve scalar multiplication product involving a scalar and a base point is determined in a manner that acts as a countermeasure to side channel attacks. A key splitting strategy called Additive Splitting Using Division involves selecting a random integer and determining an integer quotient and a remainder by dividing the scalar by the random integer. The product may then be expressed as a sum of scalar multiplications, which may be evaluated using a combination of a fixed-sequence window method with the known Interleaving method. When the integer quotient and remainder are odd, major collisions may be avoided when determining the product. Accordingly, the random integer that determines whether the integer quotient and remainder are odd may be subject to some control.
-
公开(公告)号:EP2119103A4
公开(公告)日:2010-10-13
申请号:EP08733549
申请日:2008-03-06
CPC分类号: H04L9/3066 , G06F7/535 , G06F7/721 , G06F7/725 , G06F7/726 , G06F2207/7238 , G06F2207/7242 , G06F2207/7261 , H04L9/003 , H04L9/0844 , H04L9/3252 , H04L63/1441 , H04L2209/04 , H04L2209/08 , H04L2209/56 , H04L2209/80
-
公开(公告)号:EP2119104A1
公开(公告)日:2009-11-18
申请号:EP08733551.9
申请日:2008-03-06
CPC分类号: H04L9/3066 , G06F7/535 , G06F7/721 , G06F7/725 , G06F7/726 , G06F2207/7238 , G06F2207/7242 , G06F2207/7261 , H04L9/003 , H04L9/0844 , H04L9/3252 , H04L63/1441 , H04L2209/04 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: Execution of the ECMQV key agreement algorithm requires determination of an implicit signature, which determination involves arithmetic operations. Some of the arithmetic operations employ a long-term cryptographic key. It is the execution of these arithmetic operations that can make the execution of the ECMQV key agreement algorithm vulnerable to a power analysis attack. In particular, an attacker using a power analysis attack may determine the long-term cryptographic key. By modifying the sequence of operations involved in the determination of the implicit signature and the inputs to those operations, power analysis attacks may no longer be applied to determine the long-term cryptographic key.
-
5.发明公开
公开(公告)号:EP2119101A1
公开(公告)日:2009-11-18
申请号:EP08733550.1
申请日:2008-03-06
CPC分类号: H04L9/3066 , G06F7/535 , G06F7/721 , G06F7/725 , G06F7/726 , G06F2207/7238 , G06F2207/7242 , G06F2207/7261 , H04L9/003 , H04L9/0844 , H04L9/3252 , H04L63/1441 , H04L2209/04 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: When multiplicative splitting is used to hide a scalar in an Elliptic Curve scalar Multiplication ECSM operation, the associated modular division operation employs the known Almost Montgomery Inversion algorithm. By including dummy operations in some of the branches of the main iteration loop of the Almost Montgomery Inversion algorithm, all branches of the algorithm may be viewed, from the perspective of a Power Analysis-based attack, as equivalent and, accordingly, devoid of information useful in determining the value of the scalar, which may be a cryptographic private key.
-
6.发明公开
公开(公告)号:EP2119100A1
公开(公告)日:2009-11-18
申请号:EP08733548.5
申请日:2008-03-06
CPC分类号: H04L9/3066 , G06F7/535 , G06F7/721 , G06F7/725 , G06F7/726 , G06F2207/7238 , G06F2207/7242 , G06F2207/7261 , H04L9/003 , H04L9/0844 , H04L9/3252 , H04L63/1441 , H04L2209/04 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: For an Elliptic Curve Scalar Multiplication (ECSM) operation to be performed on a scalar and a base point, a given previous set of parameters that was used to split the scalar for a previous ECSM operation and a selected random integer are used to determine a new set of parameters for splitting the scalar. By basing the new set of parameters on the previous set of parameters, repeated use of the scalar to determine key-splitting parameters is avoided and susceptibility to a Differential Power Analysis Side Channel attack is minimized.
-
公开(公告)号:EP3407537A1
公开(公告)日:2018-11-28
申请号:EP18173873.3
申请日:2018-05-23
IPC分类号: H04L9/32
CPC分类号: H04L9/3252 , G06F7/721 , G06F7/727 , H04L9/0643 , H04L9/0825 , H04L9/0861 , H04L2209/16
摘要: La présente invention concerne un procédé de signature électronique d'un document avec une clé secrète ( x ) prédéterminée, comprenant la mise en oeuvre d'étapes de :
(a) détermination d'un état interne initial ( s 0 ) par application à un condensat du document d'une première implémentation blanchie ( WB 0 ) de :
- la génération d'un nonce principal ( k ) ; puis
- une somme modulaire du nonce principal ( k ) et d'une constante prédéterminée ( K ) ;
(b) détermination d'un premier état interne ( s 1 ) par application à l'état interne initial ( s 0 ) d'une première opération d'arithmétique modulaire, puis d'un produit modulaire avec une exponentiation de la constante prédéterminée ( K ) ;
(c) Détermination d'un deuxième état interne ( s 2 ) par application audit condensat d'une deuxième implémentation blanchie ( WB s2 ) de :
- la génération du nonce principal ( k ) ; et
- une deuxième opération d'arithmétique modulaire fonction du premier état interne ( s 1 ), du nonce principal ( k ) et de la clé secrète ( x ) ;
(d) génération d'une signature électronique du document à partir du premier état interne ( s 1 ) et du deuxième état interne ( s 2 ).-
公开(公告)号:EP1504337B1
公开(公告)日:2011-11-30
申请号:EP03727434.7
申请日:2003-05-05
发明人: KAHL, Helmut
IPC分类号: G06F7/72
CPC分类号: G06F7/721
摘要: The invention relates to a method for calculating the modular inverses R of a value E in relation to a module M, wherein a breakdown of the module M is determined in at least two factors M1, M2, whereby each auxiliary value R1, R2 is calculated with respect to each of the factors M1, M2, whereby each auxiliary value R1, R2 is the modular inverse of the value E in relation to the respective factors M1, M2 as a module, and the modular inverse R is calculated at least by using the calculated auxiliary value R1, R2. A computer program product and a portable data carrier display corresponding characteristics. The invention also relates to an efficient method for modular inversion in terms of mechanical embodiment. Said method is especially suitable for use in cryptographic calculations on a portable data carrier.
-
9.发明授权
公开(公告)号:EP2119101B1
公开(公告)日:2011-10-05
申请号:EP08733550.1
申请日:2008-03-06
CPC分类号: H04L9/3066 , G06F7/535 , G06F7/721 , G06F7/725 , G06F7/726 , G06F2207/7238 , G06F2207/7242 , G06F2207/7261 , H04L9/003 , H04L9/0844 , H04L9/3252 , H04L63/1441 , H04L2209/04 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: When multiplicative splitting is used to hide a scalar in an Elliptic Curve scalar Multiplication ECSM operation, the associated modular division operation employs the known Almost Montgomery Inversion algorithm. By including dummy operations in some of the branches of the main iteration loop of the Almost Montgomery Inversion algorithm, all branches of the algorithm may be viewed, from the perspective of a Power Analysis-based attack, as equivalent and, accordingly, devoid of information useful in determining the value of the scalar, which may be a cryptographic private key.
-
10.发明公开
公开(公告)号:EP2119101A4
公开(公告)日:2010-11-10
申请号:EP08733550
申请日:2008-03-06
CPC分类号: H04L9/3066 , G06F7/535 , G06F7/721 , G06F7/725 , G06F7/726 , G06F2207/7238 , G06F2207/7242 , G06F2207/7261 , H04L9/003 , H04L9/0844 , H04L9/3252 , H04L63/1441 , H04L2209/04 , H04L2209/08 , H04L2209/56 , H04L2209/80
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.014 秒)
