公开(公告)号：US08817973B2

公开(公告)日：2014-08-26

申请号：US12890212

申请日：2010-09-24

申请人： Kouichi Itoh

发明人： Kouichi Itoh

IPC分类号： H04L9/00 ,  H04L9/30 ,  G06F7/72

CPC分类号： G06F7/723 ,  G06F2207/7219 ,  H04L9/003 ,  H04L9/302

摘要： Based on an encrypting method for performing an exponential remainder calculation y=ad (mod n) from an u-bit exponent d=(du-1, . . . , d0)2, input data a, and a modulo n, calculating a′=a2(mod n) is performed first. Next, calculating y=(a′)f(mod n) is performed on f=(du-1, du-2, . . . , d1)2. Then, when d0=1, calculating y=y×a (mod n) is performed. Then, outputting y=ad (mod n) is performed. In the first step, although an attacker inputs data including a minus value such as a=−1 and a=s, −s, etc., only plus values can be constantly generated in multiplication and squaring. Therefore, the method makes it hard to estimate a secret key using power analyzing attacks such as the SPA and the DPA, thereby realizing an encryption processor having high tamper-resistance.

摘要翻译： 基于用于从u位指数d =（du-1，...，d0）2执行指数余数计算y = ad（mod n）的加密方法，输入数据a和模n， '= a2（mod n）被首先执行。 接下来，对f =（du-1，du-2，...，d1）2进行y =（a'）f（mod n）的计算。 然后，当d0 = 1时，执​​行y = y×a（mod n）的计算。 然后，输出y = ad（mod n）。 在第一步中，尽管攻击者输入包括诸如a = -1和a = s，-s等的负值的数据，但是只能在乘法和平方中产生加值。 因此，该方法难以使用诸如SPA和DPA的功率分析攻击来估计秘密密钥，从而实现具有高抗篡改性的加密处理器。

公开(公告)号：US08638927B2

公开(公告)日：2014-01-28

申请号：US12886051

申请日：2010-09-20

申请人： Masahiko Takenaka ,  Kouichi Itoh

发明人： Masahiko Takenaka ,  Kouichi Itoh

IPC分类号： H04K1/00

CPC分类号： G06F7/723 ,  G06F2207/7242 ,  H04L9/003 ,  H04L9/302 ,  H04L2209/127

摘要： 401 stores, in 302, key d′ obtained by subtracting random number 2r held in 201 from key d held in 105. When an operation starts, the values “−C” and “−C2” are calculated respectively, and the resultant values are stored in a multiplication table memory 205 together with value “C”. In a first operation cycle, 107 selects and outputs an intermediate value 108 held in an in-operation data register 103, and thereby makes a modular-multiplication operation circuit 104 perform squaring. In the second operation cycle, 107 selects and outputs one of three values held in 205 in accordance with the combination of key bit value d′i and random number bit value ri, and thereby makes the modular-multiplication operation circuit 104 perform multiplication. Thereby, a cryptographic processing device that requires a short operation time period, small circuit scale, and has sufficient security can be realized.

摘要翻译： 401在302中存储通过从保持在105中的密钥d减去在201中保留的随机数2r获得的密钥d'。当操作开始时，分别计算值“-C”和“-C2”，并且得到的值为 与值“C”一起存储在乘法表存储器205中。 在第一操作周期中，107选择并输出保持在工作数据寄存器103中的中间值108，从而使得乘法运算电路104进行平方。 在第二操作周期中，107根据密钥位值d i和随机数位值ri的组合来选择并输出保持在205中的三个值之一，从而使乘法运算电路104进行乘法运算。 因此，可以实现需要短操作时间段，小电路规模并且具有足够安全性的密码处理装置。

公开(公告)号：US08369516B2

公开(公告)日：2013-02-05

申请号：US12889096

申请日：2010-09-23

申请人： Kouichi Itoh ,  Souichi Okada ,  Masahiko Takenaka

发明人： Kouichi Itoh ,  Souichi Okada ,  Masahiko Takenaka

IPC分类号： G06F21/00

CPC分类号： H04L9/0631 ,  H04L9/003 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/122

摘要： A common key block encryption apparatus for performing a nonlinear transformation with a multiplication executed in a binary field or a composite field includes a computing unit to execute a computation other than the nonlinear transformation with fixed value masked input data obtained by XORing input data with a fixed mask value, an XOR operation circuit to transform all input data into fixed value masked input data by XORing the input data with a fixed mask value and to transform the data into random value masked input data by XORing the input data with a random mask value in the multiplication, a multiplier to execute a multiplication based on the random value masked input data output from the XOR operation circuit, and a random value mask-to-fixed mask value transformation circuit to again transform the random value masked output data into fixed value masked output data and to output the data.

摘要翻译： 用于通过在二进制字段或复合字段中执行的乘法执行非线性变换的公共密钥块加密装置包括：计算单元，用于执行非线性变换以外的计算，该固定值掩码输入数据通过将具有固定值的输入数据进行异或 掩模值，XOR运算电路，通过用固定的掩码值对输入数据进行异或，将所有输入数据变换为固定值掩码输入数据，并通过将输入数据以随机掩码值进行异或来将数据变换为随机值屏蔽输入数据 乘法，乘法器，用于根据从异或运算电路输出的随机值屏蔽输入数据执行乘法，以及随机值掩码到固定掩码值变换电路，以将随机值屏蔽输出数据再次转换为固定值掩码 输出数据并输出数据。

公开(公告)号：US08295479B2

公开(公告)日：2012-10-23

申请号：US12834247

申请日：2010-07-12

申请人： Dai Yamamoto ,  Jun Yajima ,  Kouichi Itoh

发明人： Dai Yamamoto ,  Jun Yajima ,  Kouichi Itoh

IPC分类号： H04L9/06

CPC分类号： H04L9/0625 ,  H04L2209/122 ,  H04L2209/125 ,  H04L2209/20 ,  H04L2209/24

摘要： In a MISTY1 FI function, an exclusive OR to which a round key KIij2 is inputted is arranged between an exclusive OR arranged on a 9-bit critical path in a first MISTY structure and a zero-extend conversion connected to the branching point of a 7-bit right system data path. Then, a 9-bit round key KIij1 is truncate-converted to seven bits, the exclusive OR of the seven bits and the round key KIij1 is calculated by an exclusive OR and the calculation result is inputted to an exclusive OR arranged on the right system data path in the second stage MISTY structure.

摘要翻译： 在MISTY1FF功能中，输入循环密钥KIij2的异或被布置在第一MISTY结构中的9位关键路径上的异或或连接到7的分支点的零扩展转换 右边的系统数据路径。 然后，9位循环密钥KIij1被截断转换为7位，通过异或来计算7位和循环密钥KIij1的异或，并将计算结果输入到排列在右系统上的异或 数据路径在第二阶段MISTY结构。

公开(公告)号：US20110007894A1

公开(公告)日：2011-01-13

申请号：US12886051

申请日：2010-09-20

申请人： Masahiko TAKENAKA ,  Kouichi Itoh

发明人： Masahiko TAKENAKA ,  Kouichi Itoh

IPC分类号： H04L9/28

CPC分类号： G06F7/723 ,  G06F2207/7242 ,  H04L9/003 ,  H04L9/302 ,  H04L2209/127

摘要： 401 stores, in 302, key d′ obtained by subtracting random number 2r held in 201 from key d held in 105. When an operation starts, the values “−C” and “−C2” are calculated respectively, and the resultant values are stored in a multiplication table memory 205 together with value “C”. In a first operation cycle, 107 selects and outputs an intermediate value 108 held in an in-operation data register 103, and thereby makes a modular-multiplication operation circuit 104 perform squaring. In the second operation cycle, 107 selects and outputs one of three values held in 205 in accordance with the combination of key bit value d′i and random number bit value ri, and thereby makes the modular-multiplication operation circuit 104 perform multiplication. Thereby, a cryptographic processing device that requires a short operation time period, small circuit scale, and has sufficient security can be realized.

摘要翻译： 401在302中存储通过从保持在105中的密钥d减去在201中保留的随机数2r获得的密钥d'。当操作开始时，分别计算值“-C”和“-C2”，并且得到的值为 与值“C”一起存储在乘法表存储器205中。 在第一操作周期中，107选择并输出保持在工作数据寄存器103中的中间值108，从而使得乘法运算电路104进行平方。 在第二操作周期中，107根据密钥位值d i和随机数位值ri的组合来选择并输出保持在205中的三个值之一，从而使乘法运算电路104进行乘法运算。 因此，可以实现需要短操作时间段，小电路规模并且具有足够安全性的密码处理装置。

公开(公告)号：US20100278332A1

公开(公告)日：2010-11-04

申请号：US12834247

申请日：2010-07-12

申请人： Dai YAMAMOTO ,  Jun Yajima ,  Kouichi Itoh

发明人： Dai YAMAMOTO ,  Jun Yajima ,  Kouichi Itoh

IPC分类号： H04L9/28

CPC分类号： H04L9/0625 ,  H04L2209/122 ,  H04L2209/125 ,  H04L2209/20 ,  H04L2209/24

摘要： In a MISTY1 FI function, an exclusive OR to which a round key KIij2 is inputted is arranged between an exclusive OR arranged on a 9-bit critical path in a first MISTY structure and a zero-extend conversion connected to the branching point of a 7-bit right system data path. Then, a 9-bit round key KIij1 is truncate-converted to seven bits, the exclusive OR of the seven bits and the round key KIij1 is calculated by an exclusive OR and the calculation result is inputted to an exclusive OR arranged on the right system data path in the second stage MISTY structure.

摘要翻译： 在MISTY1FF功能中，输入循环密钥KIij2的异或被布置在第一MISTY结构中的9位关键路径上的异或或连接到7的分支点的零扩展转换 右边的系统数据路径。 然后，9位循环密钥KIij1被截断转换为7位，通过异或来计算七位和循环密钥KIij1的异或，并将计算结果输入到排列在右系统上的异或 数据路径在第二阶段MISTY结构。

公开(公告)号：US20100183143A1

公开(公告)日：2010-07-22

申请号：US12612290

申请日：2009-11-04

申请人： Dai YAMAMOTO ,  Kouichi Itoh

发明人： Dai YAMAMOTO ,  Kouichi Itoh

IPC分类号： H04L9/28

CPC分类号： H04L9/0625 ,  H04L2209/122

摘要： A cryptographic processing apparatus for performing arithmetic operation on an FL function and an FL−1 function in a cryptographic process includes a first arithmetic gate is configured to receive a first input bit string and a first extended key bit string, a first XOR gate configured to receive an output of the first arithmetic gate and a second input bit string, a second arithmetic gate configured to receive an output of the first XOR gate and a second extended key bit string, a second XOR gate configured to receive an output of the second arithmetic gate and the first input bit string, a third arithmetic gate configured to receive an output of the second XOR gate and the first extended key bit string, and a third XOR gate configured to receive an output of the third arithmetic gate and an output of the first XOR gate.

摘要翻译： 一种用于在密码处理中对FL功能和FL-1功能进行算术运算的加密处理装置，包括：第一运算门，被配置为接收第一输入位串和第一扩展密钥位串，第一XOR门被配置为 接收第一算术门和第二输入比特串的输出，第二运算门，被配置为接收第一异或门和第二扩展密钥位串的输出;第二异或门，被配置为接收第二算术的输出 栅极和第一输入位串，第三运算门，被配置为接收第二异或门和第一扩展密钥位串的输出;以及第三异或门，被配置为接收第三运算门的输出， 第一个XOR门。

公开(公告)号：US20100031055A1

公开(公告)日：2010-02-04

申请号：US12560222

申请日：2009-09-15

申请人： Kazuyoshi Furukawa ,  Kouichi Itoh ,  Masahiko Takenaka

发明人： Kazuyoshi Furukawa ,  Kouichi Itoh ,  Masahiko Takenaka

IPC分类号： H04L9/00 ,  H04L9/28 ,  G06F7/38

CPC分类号： G06F7/723 ,  G06F7/728 ,  G06F2207/7271 ,  H04L9/004 ,  H04L9/302 ,  H04L9/3066

摘要： A cryptographic processing device, comprising: a storage unit; initial setting unit for setting a value to be stored in the storage unit; Montgomery modular multiplication operation unit for performing a Montgomery modular multiplication operation plural times for a value set by the initial setting unit; and fault attack detection unit for determining whether or not a fault attack occurred for each of at least some parts of the Montgomery modular multiplication operations performed plural times.

摘要翻译： 一种加密处理装置，包括：存储单元; 初始设定单元，用于设定存储在存储单元中的值; 蒙哥马利乘法运算单元，用于对由初始设定单元设定的值进行多次蒙哥马利乘法运算; 以及故障攻击检测单元，用于确定多次执行的蒙哥马利乘法运算的至少一些部分中是否发生故障攻击。

公开(公告)号：US20090003598A1

公开(公告)日：2009-01-01

申请号：US11941663

申请日：2007-11-16

申请人： Kouichi Itoh ,  Souichi Okada ,  Masahiko Takenaka

发明人： Kouichi Itoh ,  Souichi Okada ,  Masahiko Takenaka

IPC分类号： H04L9/20

CPC分类号： H04L9/003 ,  H04L9/0631 ,  H04L2209/046 ,  H04L2209/12

摘要： The first route selection device re-arrays a plurality of extended key mask values at random according to the value of a random number generated by a random number generation device. An extended key operation device generates an exclusive logical OR of a plurality of the re-arrayed extended key mask values, a data string representing extended key and an input data string. The second route selection device re-arrays the data string of the exclusive logical OR by performing a re-array conversely with the first route selection device according to the value of the random number. A non-linear conversion device applies non-linear conversion to the re-arrayed data string and outputs a data string masked by a plurality of non-linear conversion mask values. The third route selection device re-arrays the masked data string by performing the same re-array as the first route selection device according to the value of the random number.

摘要翻译： 第一路由选择装置根据由随机数生成装置生成的随机数的值，随机地重新排列多个扩展密钥掩码值。 扩展密钥操作装置生成多个重新排列的扩展密钥掩码值的异或逻辑，表示扩展密钥的数据串和输入数据串。 第二路由选择装置通过根据随机数的值与第一路由选择装置相反地执行重排阵列来重新排列异或逻辑OR的数据串。 非线性转换装置对重新排列的数据串应用非线性转换，并输出由多个非线性转换掩码值掩蔽的数据串。 第三路由选择装置通过根据随机数的值执行与第一路由选择装置相同的重新阵列来重新排列被掩蔽的数据串。

公开(公告)号：US20080025500A1

公开(公告)日：2008-01-31

申请号：US11782168

申请日：2007-07-24

申请人： Tetsuya Izu ,  Kouichi Itoh ,  Masahiko Takenaka

发明人： Tetsuya Izu ,  Kouichi Itoh ,  Masahiko Takenaka

IPC分类号： H04L9/28 ,  G06F1/02

CPC分类号： H04L9/3066 ,  G06F7/725 ,  G06F2207/7238 ,  H04L9/003 ,  H04L9/302 ,  H04L2209/08 ,  H04L2209/127

摘要： A randomly selected point on an elliptic curve is set as the initial value of a variable and calculation including a random point value is performed in an algorithm for calculating arbitrary scalar multiple operation on an elliptic curve when scalar multiplication and addition on an elliptic curve are defined, then a calculation value obtained as a result of including a random point is subtracted from the calculation result, whereby an intended scalar multiple operation value on an elliptic curve is determined.

摘要翻译： 将椭圆曲线上随机选择的点设置为变量的初始值，并且在用于在椭圆曲线上计算任意标量多次操作的算法中执行包括随机点值的计算，当在椭圆曲线上进行标量乘法和加法时， ，则从计算结果中减去作为包括随机点的结果而获得的计算值，由此确定椭圆曲线上的期望标量多重操作值。