公开(公告)号：US07848515B2

公开(公告)日：2010-12-07

申请号：US11358979

申请日：2006-02-22

申请人： Vincent Dupaquis ,  Michel Douguet

发明人： Vincent Dupaquis ,  Michel Douguet

IPC分类号： H04L9/28

CPC分类号： H04L9/0625 ,  H04L9/002 ,  H04L9/003 ,  H04L2209/043 ,  H04L2209/08 ,  H04L2209/24

摘要： A deterministic blinding method for cipher algorithms that employ key-mixing and substitution (S-box) operations uses a masking table constructed with a true mask and a plurality of dummy masks corresponding to every possible S-box input. Each mask is applied in the key-mixing operation (e.g., bitwise XOR) to the cipher key or to round subkeys to generate true and dummy keys or subkeys that are applied to the data blocks within the overall cipher algorithm or within individual cipher rounds. The mask values prevent side-channel statistical analyses from determining the true from the dummy keys or subkeys. The true mask is identifiable to the cipher but not by external observers.

摘要翻译： 使用密钥混合和替代（S-box）操作的密码算法的确定性盲法使用由真实掩码和与每个可能的S盒输入相对应的多个伪掩码构成的掩蔽表。 在密钥混合操作（例如，按位XOR）中对每个掩码应用于密码密钥或舍入子密钥以生成应用于整个加密算法内的数据块或单个密码轮内的真密钥或子密钥。 掩码值可以防止侧信道统计分析从虚拟键或子键确定真。 真正的掩码是可识别的，而不是外部观察者。

公开(公告)号：US07672990B2

公开(公告)日：2010-03-02

申请号：US11442776

申请日：2006-05-30

申请人： Vincent Dupaquis ,  Michel Douguet

发明人： Vincent Dupaquis ,  Michel Douguet

IPC分类号： G06F7/52

CPC分类号： G06F7/72 ,  G06F7/721 ,  G06F2207/7223

摘要： A computational method for implementation in an electronic digital processing system performs integer division upon very large (multi-word) operands. An approximated reciprocal of the divisor is obtained by extracting the two most significant words of the divisor, adding one to the extracted value and dividing from a power of two out to two significant words. Multiplying this reciprocal value by a remainder (initialized as the dividend) obtains a quotient value, which is then decremented by a random value. The randomized quotient is multiplied by the actual divisor, and decremented from the remainder. The quotient value is accumulated to obtain updated quotient values. This process is repeated over a fixed number of rounds related to the relative sizes in words of the dividend and divisor. Each round corrects approximation and randomization errors from a preceding round.

摘要翻译： 在电子数字处理系统中实现的计算方法在非常大（多字）操作数上执行整数除法。 通过提取除数的两个最高有效字，得到除数的近似倒数，将其与提取的值相加，并将其从2的幂除以2个有效字。 将该倒数值乘以余数（初始化为除数）获得商值，然后将其递减一个随机值。 随机商乘以实际除数，并从余数递减。 累积商值以获得更新的商值。 这个过程在与股息和除数的词语中相对于相对大小相关的固定数量的轮次中重复。 每一轮校正前一轮的近似和随机化错误。

公开(公告)号：US20080109501A1

公开(公告)日：2008-05-08

申请号：US11556894

申请日：2006-11-06

申请人： Michel Douguet ,  Vincent Dupaquis

发明人： Michel Douguet ,  Vincent Dupaquis

IPC分类号： G06F7/72 ,  G06F7/58

CPC分类号： G06F7/722

摘要： A modular multiplication method implemented in an electronic digital processing system takes advantage of the case where one of the operands W is known in advance or used multiple times with different second operands V to speed calculation. The operands V and W and the modulus M may be integers or polynomials over a variable X. A possible choice for the type of polynomials can be polynomials of the binary finite field GF(2N). Once operand W is loaded into a data storage location, a value P=└W·Xn+δ/M┘ is pre-computed by the processing system. Then when a second operand V is loaded, the quotient q̂ for the product V·W being reduced modulo M is quickly estimated, q̂=└V·P/Xn+δ┘, optionally randomized, q′=q̂−E, and can be used to obtain the remainder r′=V·W−q′·M, which is congruent to (V·M) mod M. A final reduction can be carried out, and the later steps repeated with other second operands V.

摘要翻译： 在电子数字处理系统中实现的模乘法利用了预先知道操作数W之一或者用不同的第二操作数V多次使用以加速计算的情况。 操作数V和W以及模数M可以是变量X上的整数或多项式。多项式类型的可能选择可以是二进制有限域GF（2≤N>）的多项式。 一旦操作数W被加载到数据存储位置中，则由处理系统预先计算值P =└W.Xn + delta delta / / / / /。 然后，当加载第二操作数V时，快速地估计产品VW减数M的商q，q =ⅣVP/ X n + delta┘，任选地随机化，q'= q- E，并且可以用于获得与（VW）mod M一致的余数r'= VW-q'.M。可以执行最终减少，并且随后的步骤与其他第二操作数V重复。

公开(公告)号：US07809133B2

公开(公告)日：2010-10-05

申请号：US10781311

申请日：2004-02-18

申请人： Vincent Dupaquis ,  Michel Douguet

发明人： Vincent Dupaquis ,  Michel Douguet

IPC分类号： H04L9/28 ,  H04L1/00

CPC分类号： G06F7/72 ,  G06F2207/7223 ,  H04L9/002 ,  H04L9/0662 ,  H04L9/302 ,  H04L2209/12

摘要： A cryptographically secure, computer hardware-implemented modular reduction method systematically underestimates and randomizes an approximate quotient used for computation of a remainder. The randomizing error injected into the approximate quotient is limited to a few bits, e.g. less than half a word. The computed remainder is congruent with but a small random multiple of the residue, which can be found by a final set of subtractions by the modulus. In addition to a computational unit and operations sequencer, the computing hardware also includes a random or pseudo-random number generator for producing the random error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.

摘要翻译： 一种加密安全的计算机硬件实现的模块化缩减方法系统地低估了用于计算余数的近似商。 注入到近似商中的随机化误差被限制在几位，例如 不到半个字。 计算的余数与残差的小随机倍数是一致的，这可以通过模数的最后一组减法来找到。 除了计算单元和操作定序器之外，计算硬件还包括用于产生随机误差的随机数或伪随机数发生器。 因此，模块化还原方法抵御硬件加密分析攻击，如时序和功耗分析攻击。

公开(公告)号：US07805480B2

公开(公告)日：2010-09-28

申请号：US11203939

申请日：2005-08-15

申请人： Vincent Dupaquis ,  Michel Douguet

发明人： Vincent Dupaquis ,  Michel Douguet

IPC分类号： G06F7/72

CPC分类号： G06F7/726 ,  G06F7/724 ,  G06F2207/7233

摘要： A cryptographically secure, computer hardware-implemented binary finite-field polynomial modular reduction method estimates and randomizes a polynomial quotient used for computation of a polynomial remainder. The randomizing error injected into the approximate polynomial quotient is limited to a few bits, e.g. less than half a word. The computed polynomial remainder is congruent with but a small random multiple of the residue, which can be found by a final strict binary field reduction by the modulus. In addition to a computational unit and operations sequencer, the computing hardware also includes a random or pseudo-random number generator for producing the random polynomial error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.

摘要翻译： 一种加密安全的计算机硬件实现的二进制有限域多项式模块化缩减方法估计并随机化用于计算多项式余数的多项式商。 注入近似多项式商的随机化误差被限制在几个比特，例如 不到半个字。 计算的多项式余数与残差的小随机倍数是一致的，这可以通过模数的最终严格的二进制字段减小来找到。 除了计算单元和操作定序器之外，计算硬件还包括用于产生随机多项式误差的随机或伪随机数发生器。 因此，模块化还原方法抵御硬件加密分析攻击，如时序和功耗分析攻击。

公开(公告)号：US20090016523A1

公开(公告)日：2009-01-15

申请号：US11777186

申请日：2007-07-12

申请人： Vincent Dupaquis ,  Michel Douguet

发明人： Vincent Dupaquis ,  Michel Douguet

IPC分类号： H04L9/28 ,  G06F7/58

CPC分类号： G06F7/725 ,  G06F2207/7242 ,  H04L9/003 ,  H04L9/3066 ,  H04L9/3252 ,  H04L2209/04

摘要： Masking and additive decomposition techniques are used to mask secret material used in field operations (e.g., point multiplication operations) performed by cryptographic processes (e.g., elliptic curve cryptographic processes). The masking and additive decomposition techniques help thwart “side-channel” attacks (e.g., power and electromagnetic analysis attacks).

摘要翻译： 掩蔽和加法分解技术用于掩蔽由密码处理（例如，椭圆曲线密码处理）执行的现场操作（例如，点乘法运算）中使用的秘密材料。 掩蔽和加法分解技术有助于阻止“侧信道”攻击（例如功率和电磁分析攻击）。

公开(公告)号：US08619977B2

公开(公告)日：2013-12-31

申请号：US12028427

申请日：2008-02-08

申请人： Michel Douguet ,  Vincent Dupaquis

发明人： Michel Douguet ,  Vincent Dupaquis

IPC分类号： H04K1/00

CPC分类号： G06F7/725 ,  G06F2207/7228 ,  H04L9/3066 ,  H04L2209/08

摘要： An elliptic curve cryptographic system where point coordinates are transformed from a first coordinate system to a second coordinate system. The transformed coordinates are processed by field operations, which have been modified for operating on the transformed point coordinates. In some implementations, the point coordinates are transformed from an affine coordinate system to a projective coordinate system using a non-random value for the projective coordinate. In some implementations, the transformed projective representation of the point can be changed from a first representation of the point in projective coordinates to a second representation of the point in projective coordinates, where the projective coordinate used in the representation change is a random value.

摘要翻译： 其中点坐标从第一坐标系变换到第二坐标系的椭圆曲线加密系统。 变换的坐标是通过现场操作进行处理的，这些操作已被修改以便在变换的点坐标上进行操作。 在一些实现中，使用投影坐标的非随机值将点坐标从仿射坐标系变换到投影坐标系。 在一些实现中，点的变换的投影表示可以从投影坐标中的点的第一表示改变为投影坐标中的点的第二表示，其中在表示变化中使用的投影坐标是随机值。

公开(公告)号：US20110213819A1

公开(公告)日：2011-09-01

申请号：US13042284

申请日：2011-03-07

申请人： Michel Douguet ,  Vincent Dupaquis

发明人： Michel Douguet ,  Vincent Dupaquis

IPC分类号： G06F7/487 ,  G06F7/58

CPC分类号： G06F7/722

摘要： A modular multiplication method implemented in an electronic digital processing system takes advantage of the case where one of the operands W is known in advance or used multiple times with different second operands V to speed calculation. The operands V and W and the modulus M may be integers or polynomials over a variable X. A possible choice for the type of polynomials can be polynomials of the binary finite field GF(2N). Once operand W is loaded into a data storage location, a value P=└W·Xn+δ/M┘ is pre-computed by the processing system. Then when a second operand V is loaded, the quotient q{circle around ( )} for the product V·W being reduced modulo M is quickly estimated, q{circle around ( )}=└V·P/Xn+δ┘, optionally randomized, q′=q{circle around ( )}−E, and can be used to obtain the remainder r′=V·W−q′·M, which is congruent to (V·W) mod M. A final reduction can be carried out, and the later steps repeated with other second operands V.

摘要翻译： 在电子数字处理系统中实现的模乘法利用了预先知道操作数W之一或者用不同的第二操作数V多次使用以加速计算的情况。 操作数V和W以及模数M可以是变量X上的整数或多项式。多项式类型的可能选择可以是二进制有限域GF（2N）的多项式。 一旦操作数W被加载到数据存储位置，则处理系统预先计算值P =└W·Xn +δ/M。 然后当加载第二个操作数V时，对于产品V·W减M的商q {circle around（）}被快速估计，q {circle around（）} =└V·P / Xn +δ' 可选地随机化，q'= q {circle around（）} -E，并且可以用于获得与（V·W）mod M一致的余数r'= V·W-q'·M。最终 可以执行减少，并且随后的步骤与其他第二操作数V重复。

公开(公告)号：US20090180611A1

公开(公告)日：2009-07-16

申请号：US12028427

申请日：2008-02-08

申请人： Michel Douguet ,  Vincent Dupaquis

发明人： Michel Douguet ,  Vincent Dupaquis

IPC分类号： H04L9/30 ,  G06F17/14

CPC分类号： G06F7/725 ,  G06F2207/7228 ,  H04L9/3066 ,  H04L2209/08

摘要： An elliptic curve cryptographic system where point coordinates are transformed from a first coordinate system to a second coordinate system. The transformed coordinates are processed by field operations, which have been modified for operating on the transformed point coordinates. In some implementations, the point coordinates are transformed from an affine coordinate system to a projective coordinate system using a non-random value for the projective coordinate. In some implementations, the transformed projective representation of the point can be changed from a first representation of the point in projective coordinates to a second representation of the point in projective coordinates, where the projective coordinate used in the representation change is a random value.

摘要翻译： 其中点坐标从第一坐标系变换到第二坐标系的椭圆曲线加密系统。 变换的坐标是通过现场操作进行处理的，这些操作已被修改以便在变换的点坐标上进行操作。 在一些实现中，使用投影坐标的非随机值将点坐标从仿射坐标系变换到投影坐标系。 在一些实现中，点的变换的投影表示可以从投影坐标中的点的第一表示改变为投影坐标中的点的第二表示，其中在表示变化中使用的投影坐标是随机值。

公开(公告)号：US20090180609A1

公开(公告)日：2009-07-16

申请号：US12033512

申请日：2008-02-19

申请人： Michel Douguet ,  Vincent Dupaquis

发明人： Michel Douguet ,  Vincent Dupaquis

IPC分类号： H04L9/28 ,  G06F7/72 ,  H04L9/30

CPC分类号： G06F7/72

摘要： A special form of a modulus and a modified Barrett reduction method are used to perform modular arithmetic in a cryptographic system. The modified Barrett reduction is a method of reducing a number modulo another number without the use of any division. By pre-computing static values used in the Barrett reduction method and by using a special form of the modulus, the calculation of reducing a number modulo another number can be reduced. This can result in a decrease in computation time, speeding up the overall cryptographic process.

摘要翻译： 在密码系统中使用模数特殊形式和修改后的Barrett简化方法进行模数运算。 修改后的巴雷特简化是一种在不使用任何划分的情况下减少数字模数的方法。 通过预先计算Barrett还原法中使用的静态值，并通过使用特殊形式的模数，可以减少模数减少数的计算。 这可能导致计算时间的减少，加快了整体加密过程。