公开(公告)号：US20110013770A1

公开(公告)日：2011-01-20

申请号：US12890212

申请日：2010-09-24

申请人： KOUICHI ITOH

发明人： KOUICHI ITOH

IPC分类号： H04L9/28

CPC分类号： G06F7/723 ,  G06F2207/7219 ,  H04L9/003 ,  H04L9/302

摘要： Based on an encrypting method for performing an exponential remainder calculation y=ad (mod n) from an u-bit exponent d=(du−1, . . . , d0)2, input data a, and a modulo n, calculating a′=a2(mod n) is performed first. Next, calculating y=(a′)f(mod n) is performed on f=(du−1, du−2, . . . , d1)2. Then, when d0=1, calculating y=y×a (mod n) is performed. Then, outputting y=ad (mod n) is performed. In the first step, although an attacker inputs data including a minus value such as a=−1 and a=s, −s, etc., only plus values can be constantly generated in multiplication and squaring. Therefore, the method makes it hard to estimate a secret key using power analyzing attacks such as the SPA and the DPA, thereby realizing an encryption processor having high tamper-resistance.

摘要翻译： 基于用于从u位指数d =（du-1，...，d0）2执行指数余数计算y = ad（mod n）的加密方法，输入数据a和模n， '= a2（mod n）被首先执行。 接下来，对f =（du-1，du-2，...，d1）2进行y =（a'）f（mod n）的计算。 然后，当d0 = 1时，执​​行y = y×a（mod n）的计算。 然后，输出y = ad（mod n）。 在第一步中，尽管攻击者输入包括诸如a = -1和a = s，-s等的负值的数据，但是只能在乘法和平方中产生加值。 因此，该方法难以使用诸如SPA和DPA的功率分析攻击来估计秘密密钥，从而实现具有高抗篡改性的加密处理器。