公开(公告)号：US06968354B2

公开(公告)日：2005-11-22

申请号：US09935654

申请日：2001-08-24

申请人： Masahiro Kaminaga ,  Takashi Endo ,  Takashi Watanabe ,  Masaru Ohki

发明人： Masahiro Kaminaga ,  Takashi Endo ,  Takashi Watanabe ,  Masaru Ohki

IPC分类号： G06F12/14 ,  G06F7/72 ,  G06F21/06 ,  G06F21/24 ,  G06K19/07 ,  G09C1/00 ,  H04L9/10 ,  G06F7/38 ,  G06F15/00

CPC分类号： G06F7/724 ,  G06F7/722 ,  G06F7/725 ,  G06F7/728 ,  G06F2207/7257

摘要： The disclosed technology of the present invention relates to an information processing device such as an IC card, and specifically to the overflow processing which occurs in a modular multiplication operation during crypto-processing. Such overflow processing exhibits a particular pattern of consumption current. It is the subject of the present invention to decrease the relationship between the data processing and the pattern of the consumption current. In the processing procedures for performing a modular exponentiation operation according to the 2 bit addition chain method, the modular multiplication operation to be executed is selected at random, the selected modular multiplication operation is executed for each 2 bits, the correction of the result is performed, and the result of the calculation (i.e, a corrected value or uncorrected value) is outputted.

摘要翻译： 本发明所公开的技术涉及诸如IC卡的信息处理设备，具体涉及在密码处理期间的模乘法中发生的溢出处理。 这种溢流处理表现出特定的消耗电流模式。 本发明的主题是减少数据处理与消耗电流的模式之间的关系。 在根据2比特加法链法执行模幂运算的处理过程中，随机选择要执行的乘法运算，对于每2比特执行所选择的乘法运算，执行结果的校正 ，并输出计算结果（即校正值或未校正值）。

公开(公告)号：US20050021584A1

公开(公告)日：2005-01-27

申请号：US10868186

申请日：2004-06-16

申请人： Weon-il Jin ,  Mi-suk Huh

发明人： Weon-il Jin ,  Mi-suk Huh

IPC分类号： G06F7/544 ,  G06F7/72 ,  G09C1/00 ,  G06F7/00

CPC分类号： G06F7/724

摘要： A method and apparatus to square an element A when a defining polynomial of a finite field GF(2n) is expressed as f ⁡ ( x ) = x n + ∑ i = 1 i ⁢   ⁢ x k 1 + 1 , and the element A contained in the finite field is expressed as A−(a0,a1,a2 . . . ,an−1)∈GF(2n). The method determines coefficients mi, Iij, V0, Vij, and V such that the coefficient mi satisfies a predetermined condition with respect to ki when 1≦i≦t is a natural number, Iij depends on n, ki, and j when 2≦j≦mi, V0 and Vij of n bits, respectively, depend on n, Iij, and ki, and obtains the coefficient V with respect to mi according to the following formula V i = ⁢ V i2 ⊕ V i3 ⊕ … ⊕ V im , V = ⁢ V 0 ⊕ ∑ m 1 ≠ 0 ⁢   ⁢ V i determines a coefficient si according to ki and n and cyclically shifts the coefficient V by si; performing an XOR operation on the cyclically shifted coefficient V and the element A; and rewires a result of the XOR operation in a predetermined order and outputs results of the squaring.

公开(公告)号：US20040228478A1

公开(公告)日：2004-11-18

申请号：US10475174

申请日：2004-02-27

发明人： Marc Joye

IPC分类号： H04L009/00

CPC分类号： G06F7/725 ,  G06F7/724 ,  G06F2207/7228

摘要： A countermeasure method in an electronic component uses a public key cryptographic algorithm on a specific elliptic curve E on a body IK. An exponential computation of Qnulld.P type is carried out, where P and Q are points of the specific elliptic curve E, and d is a predetermined number. A non-null random number u is selected which is an element of the finite body IK, to define randomly an isomorphic elliptic curve Eunull. Co-ordinates of a point Pnull on the isomorphic elliptic curve Eunull are calculated which are an image of the point P. An exponentiation algorithm is applied to the point image Pnull on the isomorphic elliptic curve Eunull, to obtain a resulting point Qnull. Co-ordinates on the specific elliptic curve E of point Q, which is a pre-image of the resulting point Qnull, are then computed.

摘要翻译： 电子部件中的对策方法使用身体IK上的特定椭圆曲线E上的公钥密码算法。 执行Q = d.P类型的指数计算，其中P和Q是特定椭圆曲线E的点，d是预定数量。 选择作为有限体IK的元素的非空随机数u，以随机定义同构椭圆曲线Eu'。 计算同点椭圆曲线Eu'上的点P'的坐标，这是点P的图像。将求幂算法应用于同构椭圆曲线Eu'上的点图像P'，以获得结果点 Q'。 然后计算作为所得点Q'的前图像的点Q的特定椭圆曲线E上的坐标。

公开(公告)号：US20040153722A1

公开(公告)日：2004-08-05

申请号：US10248188

申请日：2002-12-25

发明人： Heng-Kuan Lee

IPC分类号： H02H003/05

CPC分类号： G06F7/724 ,  H03M13/158

摘要： An error correction code circuit with reduced hardware complexity is positioned inside a microprocessor. The microprocessor has a Galois field multiplier for performing a Galois field multiplication on data processed by the error correction code circuit. The error correction code circuit has a first register for storing an input data, a plurality of calculation units, a third register for storing an output data corresponding to the input data, and a controller for controlling operation of the error correction code circuit. Each calculation unit has a Galois field adder, and a second register electrically connected to the Galois field adder. The controller transmits data of each calculation unit to the same Galois field multiplier for a corresponding Galois field multiplication, and the result outputted by the Galois field multiplier is transmitted back to the error correction code circuit.

摘要翻译： 降低硬件复杂度的纠错码电路位于微处理器的内部。 微处理器具有伽罗瓦域乘法器，用于对由纠错码电路处理的数据执行伽罗瓦域乘法。 纠错码电路具有用于存储输入数据的第一寄存器，多个计算单元，用于存储对应于输入数据的输出数据的第三寄存器，以及用于控制纠错码电路的操作的控制器。 每个计算单元具​​有伽罗瓦域加法器和与伽罗瓦域加法器电连接的第二寄存器。 控制器将每个计算单元的数据发送到相应的伽罗瓦域乘法器用于对应的伽罗瓦域乘法，并且由伽罗瓦域乘法器输出的结果被发送回纠错码电路。

公开(公告)号：US20040153489A1

公开(公告)日：2004-08-05

申请号：US10354354

申请日：2003-01-30

发明人： Leonard D. Rarick ,  Sheueling Chang Shantz ,  Shreyas Sundaram

IPC分类号： G06F009/44

CPC分类号： G06F7/724 ,  G06F7/533

摘要： A multiply execution unit that is operable to generate the integer product and the XOR product of a multiplicand and a multiplier. The multiply execution unit includes a summing circuit for summing a plurality of partial products. The partial products may be Booth encoded. The summing circuit can generate an integer sum of the plurality of partial products and can generate an XOR sum of the plurality of partial products. The summing circuit includes a first plurality of full adders. The first plurality of full adders each has three inputs, a carry output, and a sum output. The sum outputs of the first plurality of full adders are independent of the value of any carry output in the summing circuit. The summing circuit also includes a second plurality of full adders. The second plurality of full adders each has three inputs, a carry output, and a sum output. The XOR sum is dependent upon at least one of the sum outputs of the first plurality of full adders but is independent of the sum outputs of the second plurality of full adders. The integer sum is dependent upon the sum outputs of at least one of the first plurality of full adders and is also dependent on at least one of the sum outputs of the second plurality of full adders.

摘要翻译： 乘法执行单元，其可操作以生成乘积和乘法器和乘法器的XOR乘积。 乘法执行单元包括用于求和多个部分乘积的求和电路。 部分产品可能是布斯编码的。 求和电路可以生成多个部分乘积的整数，并且可以产生多个部分乘积的XOR和。 求和电路包括第一多个完全加法器。 第一组多个全加器各有三个输入，一个进位输出和一个和输出。 第一多个完全加法器的和输出与求和电路中的任何进位输出的值无关。 求和电路还包括第二多个完全加法器。 第二组多个全加器各具有三个输入，一个进位输出和一个和输出。 XOR和取决于第一多个完全加法器的和输出中的至少一个，但是与第二多个完全加法器的和输出无关。 整数和取决于第一多个全加法器中的至少一个的总和输出，并且还取决于第二多个全加器的和输出中的至少一个。

公开(公告)号：US20040083251A1

公开(公告)日：2004-04-29

申请号：US10296957

申请日：2003-11-18

发明人： Felix Egmont Geiringer ,  Daniel Shelton

IPC分类号： G06F007/00

CPC分类号： G06F7/724 ,  H04L9/002 ,  H04L9/0662 ,  H04L9/3093 ,  H04L2209/125 ,  H04L2209/20 ,  H04L2209/34

摘要： Parallel modulo arithmetic calculations are carried out on a device adapted to perform bitwise logical operations by storing the numbers to be operated upon in a vector form, and performing arithmetical operations on multiple numbers in parallel. The invention finds particular application in cryptosystems, as well as in other fields.

摘要翻译： 在适于通过以矢量形式存储待操作的数字并且对多个并行执行算术运算的适于执行逐位逻辑运算的装置上进行并行模运算计算。 本发明特别适用于密码系统以及其他领域。

公开(公告)号：US20040078411A1

公开(公告)日：2004-04-22

申请号：US10460599

申请日：2003-06-12

发明人： Joshua Porten ,  Won Kim ,  Scott D. Johnson ,  John R. Nickolls

IPC分类号： G06F007/00

CPC分类号： G06F7/724

摘要： A Galois field arithmetic unit includes a Galois field multiplier section and a Galois field adder section. The Galois field multiplier section includes a plurality of Galois field multiplier arrays that perform a Galois field multiplication by multiplying, in accordance with a generating polynomial, a 1st operand and a 2nd operand. The bit size of the 1st and 2nd operands correspond to the bit size of a processor data path, where each of the Galois field multiplier arrays performs a portion of the Galois field multiplication by multiplying, in accordance with a corresponding portion of the generating polynomial, corresponding portions of the 1st and 2nd operands. The bit size of the corresponding portions of the 1st and 2nd operands corresponds to a symbol size of symbols of a coding scheme being implemented by the corresponding processor.

摘要翻译： 伽罗瓦域算术单元包括伽罗瓦域乘法器部分和伽罗瓦域加法器部分。 伽罗瓦域乘法器部分包括多个伽罗瓦域乘法器阵列，其通过根据生成多项式乘以1操作数和第2操作数来执行伽罗瓦域乘法。 第1和第2操作数的位大小对应于处理器数据路径的位大小，其中伽罗瓦域乘法器阵列中的每一个通过乘以相应的Galois域乘法来执行Galois域乘法的一部分 生成多项式的部分，第1和第2个操作数的对应部分。 第1和第2操作数的相应部分的位大小对应于由对应的处理器实现的编码方案的符号的符号大小。

公开(公告)号：US20040039768A1

公开(公告)日：2004-02-26

申请号：US10643972

申请日：2003-08-20

申请人： NEC CORPORATION

发明人： Seigo Arita

IPC分类号： G06F007/00

CPC分类号： G06F7/725 ,  G06F7/724

摘要： An objective is to obtain a Jacobian group element adder that can calculate addition in a Jacobian group of a Cab curve at a high speed, and can enhance practicality of the Cab curve. An algebraic curve parameter file A 10, and Groebner bases I1 and I2 of ideals of a coordinate ring of an algebraic curve designated by this file A are input into an ideal composition section 11 to perform arithmetic of producing a Groebner basis J of an ideal product of the ideal generated by I1 and ideal generated by I2. In a first ideal reduction section 12, arithmetic is performed of producing a Groebner basis J* of an ideal that is smallest in a monomial order designated by the file A among ideals equivalent to an inverse ideal of an ideal that J in the coordinate ring of the algebraic curve designated by the file A generates. In a second ideal reduction section 13, arithmetic is performed of producing a Groebner basis J** of a ideal that is smallest in the monomial order designated by the file A among ideals equivalent to an inverse ideal of an ideal that this J* generates to output it.

摘要翻译： 目的是获得可以高速度计算一个驾驶室曲线的雅可比组中的加法的雅可比组元加法器，并且可以提高驾驶室曲线的实用性。 代数曲线参数文件A 10和Groebner将由该文件A指定的代数曲线的坐标环的理想I1和I2输入到理想组合部分11中，以执行产生理想产品的Groebner基础J的算术 由I1产生的理想和由I2产生的理想。 在第一理想缩小部分12中，进行算术，以产生理想的Groebner基础J *，该理想在由文件A指定的单项式中最小，理想值等于理想的倒数理想，即坐标环中的J 由文件A指定的代数曲线生成。 在第二理想缩小部分13中，执行算术，以产生理想的Groebner基本J **，该理想在文件A中指定的单项式中最小，理想等于该J *产生的理想的反理想 输出它。

公开(公告)号：US06636882B1

公开(公告)日：2003-10-21

申请号：US09482623

申请日：2000-01-14

申请人： Wei-Ming Su ,  Shin Yung Chen Banyan ,  Yi-Lin Lai

发明人： Wei-Ming Su ,  Shin Yung Chen Banyan ,  Yi-Lin Lai

IPC分类号： G06F772

CPC分类号： G06F7/724

摘要： A multiplier for obtaining the product of elements in a Galois Field. The multiplier performs the multiplication of two n-bit elements, A(an-1, an-2, . . . , a3, a2, a1, a0) and B(bn-1, bn-2, . . . , b3, b2, b1, b0) in the Galois Field to yield the product C(cn-1, cn-2, . . . , c3, c2, c1, c0), wherein n≧1 ai(i=0˜n-1), bj(j=0˜n-1), and ck(k=O˜n-1) are all binary bits. The multiplier includes: an AND planer, for performing an AND logic operation of every bit ai in A(an-1, an-2, . . . , a3, a2, a1, a0) and every bit bj in B(bn-1, bn-2, . . . , b3, b2, b1, b0) to obtain (an-1bn-1, an-1bn-2, . . . , an-1b0, an-2bn-1, an-2bn-2, . . . , an-2b0, a0bn-1, a0bn-2, . . . , a0b0); and an XOR planer, for performing an XOR logic operation of the output from the AND planer to obtain C(cn-1, cn-2, . . . , c3, c2, c1, c0).

摘要翻译： 用于获得伽罗瓦域中元素乘积的乘数。 乘法器执行两个n位元素A（an-1，an-2，...，a3，a2，a1，a0）和B（bn-1，bn-2，...，b3 ，b2，b1，b0），以产生乘积C（cn-1，cn-2，...，c3，c2，c1，c0），其中n> = 1 ai（i = 0〜n -1），bj（j = 0〜n-1）和ck（k = 0〜n-1）都是二进制位。 乘法器包括：AND平面，用于执行A（an-1，an-2，...，a3，a2，a1，a0）中的每个位ai的AND逻辑运算以及B（bn- 1，bn-2，...，b3，b2，b1，b0），得到（an-1bn-1，a-1bn-2，...，a-1b0，an-20bn-1， -2，...，a-2b0，a0bn-1，a0bn-2，...，a0b0）; 和XOR刨床，用于对AND刨床的输出执行XOR逻辑运算，以获得C（cn-1，cn-2，...，c3，c2，c1，c0）。

公开(公告)号：US20030128841A1

公开(公告)日：2003-07-10

申请号：US10005291

申请日：2001-12-04

申请人： Innomedia Pte Ltd.

发明人： Jing Zheng Ouyang

IPC分类号： H04L009/06

CPC分类号： G06F7/724

摘要： The improved AES processing method provides an efficient alternative to both Mips intensive multiplication and to conventional table lookup, used to multiply terms over a Galois field (GF). The improved method takes advantage of the fact that in the GF, any non zero element X can be represented by a power of a primitive element P. The improved method thereby results in a 2 by 256 table. The log base P of the terms being multiplied are looked up and summed, and the anti-log of the sum is looked up in the same table.

摘要翻译： 改进的AES处理方法为Mips密集乘法和常规表查找提供了有效的替代方法，用于在伽罗瓦域（GF）上乘法。 改进的方法利用了以下事实：在GF中，任何非零元素X可以由原始元素P的幂表示。因此，改进的方法导致2×256的表。 查询和求和所乘的项目的日志基数P，并且在同一表中查找和的反对数。