摘要:
An elliptic curve cryptosystem apparatus performing an elliptic curve cryptosystem process has a coordinate transforming unit for transforming coordinates (X:Y:Z) on a point P on an elliptic curve over a finite field GF(pˆm) to coordinates (r1×(X−s1):r2×(Y−s2):r3×(Z−s3)) (where, p is a prime number, m is an integer not less than 1, r1, r2 and r3 are integers not less than 1 and not larger than (p−1), s1, s2 and s3 are integer not less than 0 and not larger than (p−1), and a code “ˆ” represents power), and a scalar multiplication operating unit for performing scalar multiplication on the point on the elliptic curve transformed by the coordinate transforming unit, wherein at least one of the parameters s1, s2 and s3 has a value other than 0. The apparatus can perform the scalar multiplication in the elliptic curve cryptosystem, with resistance to side channel attacks.
摘要:
An encryption device (FIG. 15) performs elliptic curve encryption using a secret key. The encryption device includes: operation means (ECDBL, ECADD) for performing scalar multiplication of a point on an elliptic curve; storage (T[0]-T[2]) having a plurality of data storing areas; and means (SEL) for determining, in accordance with a bit sequence of a given value (d) and with a random value (RNG), an address of one of the plurality of data storage areas that is to be coupled to the operation means for each scalar multiplication.
摘要:
An elliptic curve cryptosystem apparatus performing an elliptic curve cryptosystem process has a coordinate transforming unit for transforming coordinates (X:Y:Z) on a point P on an elliptic curve over a finite field GF(p^m) to coordinates (r1×(X−s1):r2×(Y−s2):r3×(Z−s3)) (where, p is a prime number, m is an integer not less than 1, r1, r2 and r3 are integers not less than 1 and not larger than (p−1), s1, s2 and s3 are integer not less than 0 and not larger than (p−1), and a code “^” represents power), and a scalar multiplication operating unit for performing scalar multiplication on the point on the elliptic curve transformed by the coordinate transforming unit, wherein at least one of the parameters s1, s2 and s3 has a value other than 0. The apparatus can perform the scalar multiplication in the elliptic curve cryptosystem, with resistance to side channel attacks.
摘要:
An encryption device performs elliptic curve encryption using a secret key. The encryption device includes an operation unit for performing scalar multiplication of a point on an elliptic curve a storage unit having a plurality of data storing areas and a determiner unit for determining, in accordance with a bit sequence of a given value (d) and with a random value (RNG), an address of one of the plurality of data storage areas that is to be coupled to the operation means for each scalar multiplication.
摘要:
An encryption device (10) for performing elliptic encryption processing with a private key, includes: randomizing means (16) for setting, into an initial elliptic point V0, an elliptic point R on an elliptic curve that is generated in accordance with a random value; operation means (20) for performing a first operation of summing the initial elliptic point V0 and a scalar multiple of a particular input elliptic point A on the elliptic curve, V1=V0+dA, in accordance with a bit sequence of a particular scalar value d for the elliptic encryption processing; de-randomizing means (22) for performing a second operation of subtracting the initial elliptic point V0 from the sum V1 determined by the first operation, V=V1−V0; and means (24) for providing, as an output, the elliptic point V determined by the de-randomization unit.
摘要:
A randomly selected point on an elliptic curve is set as the initial value of a variable and calculation including a random point value is performed in an algorithm for calculating arbitrary scalar multiple operation on an elliptic curve when scalar multiplication and addition on an elliptic curve are defined, then a calculation value obtained as a result of including a random point is subtracted from the calculation result, whereby an intended scalar multiple operation value on an elliptic curve is determined.
摘要:
A randomly selected point on an elliptic curve is set as the initial value of a variable and calculation including a random point value is performed in an algorithm for calculating arbitrary scalar multiple operation on an elliptic curve when scalar multiplication and addition on an elliptic curve are defined, then a calculation value obtained as a result of including a random point is subtracted from the calculation result, whereby an intended scalar multiple operation value on an elliptic curve is determined.
摘要:
An apparatus for executing cryptographic calculation on the basis of an elliptic point on an elliptic curve includes: a memory for storing a first value including a plurality of digits; and a processor for executing a process including: obtaining a second value representing a point on the elliptic curve; calculating output values by using a predetermined equation, each digit of the first value, and the second value; determining whether at least one of the second value and the output values indicates a point of infinity; terminating the calculation when at least one of the second value and the output values indicates the point at infinity; and completing calculation when both the second value and the output values do not indicate the point at infinity, so as to obtain a result of the cryptographic calculation.
摘要:
A method for calculating a conversion parameter of the Montgomery modular multiplication to improve the efficiency of software installation, comprising a first step for calculating H0=2v×R (mod n) (where v is an integer, v≧1, and (m×k)/v is an integer), a second step for calculating Hp=2v×2^p×R (mod n) from H0=2v×R (mod n) by repeating Hi=REDC(Hi−1, Hi−1)n with respect to i=1, 2, . . . , p (where p represents an integer satisfying the condition 2p≧(m×k)/v>2p−1, REDC represents the Montgomery modular multiplication REDC(a, b)n=a×b×R−1 (mod n), and x^i represents exponential computation xi); and a third step for calculating Hp=R2 (mod n) by calculating Hp=REDC(Hp, g)n with respect to Hp obtained in the second step when 2p>(m×k)/v (where g=2k×E(p,m,k), E(p, m, k)=2×m−(v×2p)/k) and finally outputting Hp as R2 (mod n).
摘要:
Ciphertext X and a constant C having relationships C>p and C>q with respect to secret keys p and q are input, and correction values C−dp and C−dq (dp=d mod (p−1), dq=d mod (q−1)) are obtained. Then, the ciphertext X is multiplied by the constant C. A remainder operation using the secret key p or q as a remainder value is conducted with respect to the multiplication result. A modular exponentiation operation based on a Chinese remainder theorem is conducted with respect to the remainder operation result, and a correction operation using a correction value C−dp or C−dq is conducted. Thereafter, plaintext Y before being encrypted is calculated.
摘要翻译:输入密文X和关于秘密密钥p和q具有关系C> p和C> q的常数C,并且校正值C SUP和D D < (dp = d mod(p-1),dq = d mod(q-1))。 然后,将密文X乘以常数C.使用秘密密钥p或q作为余数值的余数运算相对于相乘结果进行。 对余数运算结果进行基于中文余数定理的模幂运算,使用校正值C u> -dp或C-Dq SUP>的修正运算是 进行。 此后,计算加密前的明文Y。