-
1.发明授权Modular exponentiation method and device resistant against side-channel attacks 有权模块化取幂方法和抵抗侧向通道攻击的装置公开(公告)号:US08984040B2
公开(公告)日:2015-03-17
申请号:US13469139
申请日:2012-05-11
申请人: Marc Joye
发明人: Marc Joye
CPC分类号: G06F7/722 , G06F7/723 , G06F7/724 , G06F2207/7261
摘要: A method and apparatus for performing modular exponentiation using iterative modular multiplications steps and taking as input a first modulus N, a secret exponent d and a base x. During at least one modular multiplication step aiming at computing a result c from two values a, b and the first modulus N so that c=a·b mod N, a processor takes as input the two values a, b and the first modulus N from which are obtained two operands a′, b′ and a second modulus N′ using operations with at most linear complexity—at least one of the two operands a′, b′ is different from the two values a, b, and the two operands a′, b′ are different when a is equal to b—so that the modular multiplication c=a·b mod N from a side-channel viewpoint behaves like a modular squaring except for when a′ equals b′ . An intermediate result c′=a′·b′ mod N′ is computed, and the result c is derived from the intermediate result c′ using an operation with at most linear complexity; and the result c is used in the modular exponentiation.
摘要翻译: 一种使用迭代模乘法执行模幂运算并将第一模数N,秘密指数d和基x作为输入的方法和装置。 在至少一个乘法步骤中,针对从两个值a,b和第一模数N计算结果c,使得c = a·b mod N,处理器将两个值a,b和第一模数N作为输入 使用具有至多线性复杂度的操作从中获得两个操作数a',b'和第二模数N' - 两个操作数a',b'中的至少一个不同于两个值a,b和 当a等于b时,操作数a',b'不同,使得从侧信道视点的模乘相乘c = a·b mod N表现得像模数平方,除了当“等于b”时。 计算中间结果c'= a'·b'mod N',并且使用具有至多线性复杂度的操作从中间结果c'导出结果c' 结果c用于模幂运算。
-
公开(公告)号:US08744074B2
公开(公告)日:2014-06-03
申请号:US12658990
申请日:2010-02-18
申请人: Marc Joye
发明人: Marc Joye
摘要: The public exponent e of an RSA key is embedded in a RSA key object that lacks this exponent. During exponentiation, the public exponent e may be extracted and used to verify that the result of the exponentiation is correct. The result is output only if this is the case. The invention counters fault-attacks. Also provided are an apparatus and a computer program product.
摘要翻译: RSA密钥的公开指数e嵌入缺少该指数RSA密钥对象。 在求幂中,公共指数e可以被提取并用于验证求幂的结果是正确的。 结果只有在这种情况下才能输出。 本发明针对故障攻击。 还提供了一种装置和计算机程序产品。
-
公开(公告)号:US20120321075A1
公开(公告)日:2012-12-20
申请号:US13487457
申请日:2012-06-04
申请人: Marc Joye , Mohamed Karroumi
发明人: Marc Joye , Mohamed Karroumi
IPC分类号: H04L9/28
CPC分类号: G06F7/723 , G06F2207/7261 , G06F2207/7271 , H04L9/003 , H04L9/004 , H04L9/302 , H04L2209/122
摘要: A method for performing a m-ary right-to-left exponentiation using a base x, a secret exponent d and a modulus N, wherein m is a power of 2. A device having a processor and m+1 registers R[0]-R[m] in at least one memory: initializes register R[0] to h for a chosen value h, wherein the order of the value h is a divisor of m*(m−1)/2, register R[m] to x(m−1) and the registers other than R[0] and R[m] to the value h; updates register R[r] to R[r] times x, wherein r is the remainder of a division of d by (m−1) mod N; obtains a working exponent q that is the quotient of the division of d by (m−1); performs l iterations, starting at i=0, of: setting R[qi] to R[qi] times R[m] and raising R[m] to the power of m, where l is the length of q in base m and qi is the i-th digit of the representation of q in base m and ql−1 is non-zero; verifies the correctness of the result by checking that R[m] equals the product of registers R[0]-R[m−1] to the power of m−1; and outputs the product of R[l]j, where 1≦j≦m−1, only if the correctness is successfully verified.
摘要翻译: 一种用于使用基数x,秘密指数d和模数N执行从右到左取幂的方法,其中m是2的幂。具有处理器并且m + 1寄存器R [0] 在至少一个存储器中的-R [m]:将寄存器R [0]初始化为h以选择值h,其中值h的顺序是m *(m-1)/ 2的除数,寄存器R [m ]到x(m-1)以及除R [0]和R [m]之外的寄存器到值h; 将寄存器R [r]更新为R [r]乘以x,其中r是d除以(m-1)mod N的余数的剩余部分; 得到一个工作指数q,即d(m-1)的除法的商; 从i = 0开始执行l次迭代,将R [qi]设置为R [qi]次R [m],并将R [m]提高到m的幂,其中l是基本m中q的长度, qi是基数m中q的表示的第i位数,ql-1是非零; 通过检查R [m]等于寄存器R [0] -R [m-1]的乘积与m-1的幂来验证结果的正确性; 并且仅当正确性被成功验证时才输出R [1] j的乘积,其中1≦̸ j≦̸ m-1。
-
4.发明申请MODULAR EXPONENTIATION METHOD AND DEVICE RESISTANT AGAINST SIDE-CHANNEL ATTACKS 有权模块化指导方法和防止侧向通道攻击的装置公开(公告)号:US20120290634A1
公开(公告)日:2012-11-15
申请号:US13469139
申请日:2012-05-11
申请人: Marc Joye
发明人: Marc Joye
IPC分类号: G06F7/487
CPC分类号: G06F7/722 , G06F7/723 , G06F7/724 , G06F2207/7261
摘要: A modular exponentiation comprising iterative modular multiplications steps and taking as input a first modulus N, a secret exponent d and a base x. During at least one modular multiplication step aiming at computing a result c from two values a, b and the first modulus N so that c=a·b mod N, a processor takes as input the two values a, b and the first modulus N from which are obtained two operands a′, b′ and a second modulus N′ using operations with at most linear complexity—at least one of the two operands a′, b′ is different from the two values a, b, and the two operands a′, b′ are different when a is equal to b—so that the modular multiplication c=a·b mod N from a side-channel viewpoint behaves like a modular squaring except for when a′ equals b′.
摘要翻译: 模幂运算包括迭代模乘法步骤,并将第一模数N,秘密指数d和基x作为输入。 在至少一个乘法步骤中,针对从两个值a,b和第一模数N计算结果c,使得c = a·b mod N,处理器将两个值a,b和第一模数N作为输入 使用具有至多线性复杂度的操作从中获得两个操作数a',b'和第二模数N' - 两个操作数a',b'中的至少一个不同于两个值a,b和 当a等于b时,操作数a',b'不同,使得从侧信道视点的模乘相乘c = a·b mod N表现得像模数平方,除了当“等于b”时。
-
公开(公告)号:US08233614B2
公开(公告)日:2012-07-31
申请号:US10534873
申请日:2003-11-13
申请人: Marc Joye , Karine Villegas
发明人: Marc Joye , Karine Villegas
CPC分类号: G06F7/535 , G06F7/72 , G06F2207/7261 , H04L9/003 , H04L9/302
摘要: The invention relates to a cryptographic method involving an integer division of type q=a div b and r=a mod b, wherein a is a number of m bits, b is a number of n bits, with n being less than or equal to m, and bn−1 being non-null and the most significant bit of b. In addition, each iteration of a loop subscripted by i, which varies between 1 and m−n+1, involves a partial division of a word A of n bits of number a by number b in order to obtain one bit of quotient q. According to the invention, the same operations are performed with each iteration, regardless of the value of the quotient bit obtained. In different embodiments of the invention, one of the following is also performed with each iteration: the addition and subtraction of number b to/from word A; the addition of number b or a complementary number /b of b to word A; or a complement operation at 2n of an updated datum (b or /b) or a dummy datum (c or /c) followed by the addition of the datum updated with word A.
摘要翻译: 本发明涉及一种包含类型为q = a div b和r = a mod b的整数除法的密码方法,其中a是m比特数,b是n比特数,n小于或等于 m和bn-1是非空的,b的最高有效位。 另外,在i和m-n + 1之间变化的由i下标的循环的每次迭代都涉及到数字a的n位的字A的部分划分,以便获得一个位q。 根据本发明,与每个迭代执行相同的操作,而不管获得的商位的值如何。 在本发明的不同实施例中,每次迭代还执行以下之一:对于字A的数字b的加和减; 在字A中添加数字b或补数b / b; 或在更新的数据(b或/ b)或虚拟数据(c或/ c)的2n处的补码操作,随后添加用词A更新的数据。
-
6.发明授权公开(公告)号:US08065735B2
公开(公告)日:2011-11-22
申请号:US12282806
申请日:2007-03-08
申请人: Marc Joye
发明人: Marc Joye
IPC分类号: H04L9/00
CPC分类号: G06F7/723 , G06F7/725 , G06F2207/7261
摘要: A cryptographic operation includes calculating a multiplication of an element of an additively denoted group by a scalar. After two registers R0+R1, are initialized, iterations are carried out over the components Ki of the scalar K. If Ki of the scalar equals 0, then the value in register R1 is replaced by 2(R0+R1) If Ki equals 1, the value in register R0 is replaced by 2(R0+R1). At the end of the algorithm, the value of the register R0 is returned as the calculated result. This method poses the advantage of carrying out a calculation of multiplying by a scalar by carrying out only doubling and adding operations of the type 2(A+B).
摘要翻译: 加密操作包括计算加法表示的组的元素乘以标量的乘法。 在两个寄存器R0 + R1被初始化之后,在标量K的分量Ki上执行迭代。如果标量的Ki等于0,则寄存器R1中的值被替换为2(R0 + R1)如果Ki等于1 ,寄存器R0中的值被替换为2(R0 + R1)。 在算法结束时,寄存器R0的值作为计算结果返回。 该方法具有通过仅执行类型2(A + B)的加倍和相加操作来执行乘以标量的计算的优点。
-
公开(公告)号:US20080144814A1
公开(公告)日:2008-06-19
申请号:US12071571
申请日:2008-02-22
CPC分类号: G06F7/723 , G06F2207/7242 , G06F2207/7257 , G06F2207/7271 , H04L9/003 , H04L9/004 , H04L9/302 , H04L2209/26
摘要: A method for the secure application of a cryptographic algorithm of the RSA type in an electronic component obtains the value of a public exponent e from a given set of probable values, without a priori knowledge of that value. Having determined the value for the public exponent e, the application of countermeasures using the value of e, to block error attacks and side channel attacks, particularly of the DPA and SPA type, are carried out on the application of a private operation of the cryptographic algorithm.
-
8.发明申请公开(公告)号:US20060056619A1
公开(公告)日:2006-03-16
申请号:US10523840
申请日:2003-08-05
申请人: Olivier Billet , Marc Joye
发明人: Olivier Billet , Marc Joye
CPC分类号: G06F7/725 , H04L9/003 , H04L9/3066
摘要: A method for universal calculation on the points of an elliptic curve defined by a quartic equation uses identical programmed calculating devices for operating an addition of points, a doubling of points and an addition of a neutral point. The calculating device is a central unit associated with a memory. The invention also concerns a cryptographic method using such a universal method. The invention further concerns a component for implementing the universal calculation method and/or the cryptographic method. For example, the invention is applicable to smart cards.
摘要翻译: 用四次方程定义的椭圆曲线的点进行通用计算的方法使用相同的编程计算装置来操作点的加法,点的加倍和中性点的加法。 计算装置是与存储器相关联的中央单元。 本发明还涉及使用这种通用方法的密码方法。 本发明还涉及用于实现通用计算方法和/或密码方法的组件。 例如,本发明适用于智能卡。
-
公开(公告)号:US20160020898A1
公开(公告)日:2016-01-21
申请号:US14771771
申请日:2013-09-25
申请人: Valeria NIKOLAENKO , Udi WEINSBERG , Stratis IOANNIDIS , Marc JOYE , Nina TAFT
发明人: VALERIA NIKOLAENKO , UDI WEINSBERG , STRATIS IOANNIDIS , MARC JOYE , NINA TAFT
CPC分类号: H04L9/008 , G06F21/602 , G09C1/00 , H04L9/0816 , H04L63/0428 , H04L2209/04 , H04L2209/24 , H04L2209/46 , H04L2209/50
摘要: A hybrid approach to privacy-preserving ridge regression is presented that uses both homomorphic encryption and Yao garbled circuits. Users in the system submit their data encrypted under a linearly homomorphic encryption. The linear homomorphism is used to carry out the first phase of the algorithm that requires only linear operations. The output of this phase generates encrypted data, in a form that is independent of the number of users n. In a second phase, a Yao garbled circuit that first implements homomorphic decryption and then does the rest of the regression algorithm (as shown, an optimized realization can avoid decryption in the garbled circuit) is evaluated. For this step a Yao garbled circuit approach is much faster than current fully homomorphic encryption schemes. Thus the best of both worlds is obtained by using linear homomorphisms to handle a large data set and using garbled circuits for the heavy non-linear part of the computation.
摘要翻译: 提出了一种使用隐形保护脊回归的混合方法,其使用同态加密和姚乱码电路。 系统中的用户在线性同态加密下提交加密的数据。 线性同态用于执行仅需要线性运算的算法的第一阶段。 该阶段的输出以独立于用户数n的形式生成加密数据。 在第二阶段,首先实现同态解密,然后进行剩余的回归算法(如图所示,优化的实现可以避免乱码电路中的解密)的Yao混乱电路被评估。 对于这一步骤,姚瑶混乱电路方法比当前的完全同态加密方案快得多。 因此,通过使用线性同态来处理大数据集并且使用用于计算的重非线性部分的乱码电路来获得两个世界中最好的。
-
10.发明授权公开(公告)号:US08744072B2
公开(公告)日:2014-06-03
申请号:US13138584
申请日:2010-03-01
申请人: Marc Joye
发明人: Marc Joye
CPC分类号: H04L9/002 , G06F7/38 , G06F7/72 , G06F7/723 , G06F7/724 , G06F7/728 , G06F2207/7261 , H04L9/003 , H04L9/004 , H04L9/30 , H04L9/3066
摘要: An exponentiation method resistant against side-channel attacks and safe-error attacks. Input to the method is g in a multiplicatively written group G and a /-digit exponent d with a radix m>1 and output is z=gd-1·(d−1) is expressed as a series of (/−1) non-zero digits, d*0 . . . d*I-2, in the set {m−1, . . . , 2m−2} and an extra digit d*I-1 that is equal to dI-1−1, where dI-1 represents the most significant radix-m digit of d, and gd-1 is evaluated through a m-ary exponentiation algorithm on input g and (d−1) represented by d*0 . . . d*I-1. Also provided are an apparatus and a computer program product.
摘要翻译: 一种抗侧向攻击和安全错误攻击的取幂方法。 该方法的输入为g,乘法编写的组G和a / -digit指数d,基数m> 1,输出为z = gd-1·(d-1)表示为一系列(/ -1) 非零数字,d * 0。 。 。 d * I-2,在集合{m-1,。 。 。 ,2m-2}和等于dI-1-1的额外数字d * I-1,其中dI-1表示d的最显着的rad-m数字,并且gd-1通过m-ar 由d * 0表示的输入g和(d-1)的求幂算法。 。 。 d * I-1。 还提供了一种装置和计算机程序产品。
-
-
-
-
-
-
-
-
-
搜索结果
55 条记录 (耗时 0.019 秒)
