公开(公告)号：US20010053220A1

公开(公告)日：2001-12-20

申请号：US09930836

申请日：2001-08-15

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Joshua M. Jaffe ,  Benjamin C. Jun

IPC: H04L009/00

CPC classification number: H04L9/0625 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/127

Abstract: Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1PnullK1null XOR K2P nullK2null equals the nullstandardnull DES key K, and M1PnullM1null XOR M2PnullM2null equals the nullstandardnull message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

Abstract translation: 公开了用于通过减少在处理期间泄露的有用信息的量（和信噪比）来改善DES和其他加密协议以防外部监视攻击的方法和装置。 本发明的改进的DES实施方案改为使用两个56位密钥（K1和K2）和两个64位明文消息（M1和M2），每个与排列相关联（即，K1P，K2P和M1P，M2P），使得 K1P {K1} XOR K2P {K2}等于“标准”DES密钥K，M1P {M1} XOR M2P {M2}等于“标准”消息。 在设备的操作期间，优选地通过将新鲜的熵引入到表中比信息泄漏出来更周期地更新表，使得攻击者将不能通过分析测量获得表内容。 该技术可在加密智能卡，防篡改芯片和各种安全处理系统中实现。

公开(公告)号：US20030028771A1

公开(公告)日：2003-02-06

申请号：US10136012

申请日：2002-04-29

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Joshua M. Jaffe

IPC: H04L009/00 ,  G06F017/60

CPC classification number: H04L9/3247 ,  G06F7/723 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  G06F2207/7257 ,  G06Q20/367 ,  G06Q20/401 ,  H04L9/002 ,  H04L9/0841 ,  H04L9/0891 ,  H04L9/3013 ,  H04L9/302 ,  H04L63/1441 ,  H04L2209/56

Abstract: We disclose methods and apparatuses for securing cryptographic devices against attacks involving external monitoring and analysis. A nullself-healingnull property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption.

公开(公告)号：US20010002486A1

公开(公告)日：2001-05-31

申请号：US09737182

申请日：2000-12-13

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Joshua M. Jaffe

IPC: H04L009/00

CPC classification number: H04L9/3247 ,  G06F7/723 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  G06F2207/7257 ,  G06Q20/367 ,  G06Q20/401 ,  H04L9/002 ,  H04L9/0841 ,  H04L9/0891 ,  H04L9/3013 ,  H04L9/302 ,  H04L63/1441 ,  H04L2209/56

Abstract: The present invention provides a method and apparatus for securing cryptographic devices against attacks involving external monitoring and analysis. A nullself-healingnull property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations of the invention are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption, ElGamal digital signing, and the Digital Signature Algorithm.