摘要:
In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. Then an exponentiation phase is performed, wherein the exponentiation phase includes two or more parsing steps, wherein each of the parsing steps includes parsing a part of a cryptographic key into a window of size n, wherein n is a difficult to predict number.
摘要:
The invention concerns a method and a circuit for protecting a numerical quantity (d) contained in an integrated circuit (1) on a first number of bits (n), in a modular exponentiation computing of a data (M) by said numerical quantity, which consists in: selecting at least one second number (j) included between the unit and said first number minus two; dividing said numerical quantity into at least two parts, a first part (d(j−1, 0)) comprising, from the bit of rank null, a number of bits equal to said second number, a second part (d(n−1, j)) comprising the remaining bits; for each part of the quantity, computing a first modular exponentiation (23, 33) of said data by the part concerned and a second modular exponentiation (36, 34) of the result of the first by the FIG. 2 exponentiated to the power of the rank of the first bit of the part concerned; and computing (35) the product of the results of the first and second modular exponentiations.
摘要:
In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. Then an exponentiation phase is performed, wherein the exponentiation phase includes two or more parsing steps, wherein each of the parsing steps includes parsing a part of a cryptographic key into a window of size n, wherein n is a difficult to predict number.
摘要:
In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. This may be accomplished by creating a permutation of an order of powers and then performing a table initiation phase using a part of a key and the permuted order of powers to populate a data structure.
摘要:
The subject of the disclosed technology is, when a crypto-processing is performed utilizing an information processing device buried in an IC card, etc., to decrease the relationship between the waveform of the consumption current and the contents of the crypto-processing as a countermeasure against a tamper which observes the waveform of a consumption current. A solution means is shown in the following. When a decryption processing of an RSA cryptogram is performed according to CRT, in step 608, for every unit bit block of XP a modular exponentiation calculation is performed, and the partial result of CP up to the calculated bit block is stored in a memory. In step 609, for every unit bit block of XQ a modular exponentiation calculation is performed and the partial result of CQ up to the calculated bit block is stored in a memory. In step 606, a random number is generated, and in step 607, it is decided that step 608 is to be executed or step 609 is to be executed corresponding to the value of the random number.
摘要:
The invention provides a method for executing a cryptographic computation comprising a plurality of blocks while employing secret data in a processor, said executing being protected against spying out of secret data. To achieve a computational result of the computation, there is executed a multiple computation in which the computation is executed several times, at least twice. Within the multiple computation, blocks of the several, at least two, executions of the computation are executed in interlaced order.
摘要:
The method for elliptic curve scalar multiplication may provide several countermeasures to protect scalar multiplication of a private key k by a point P to produce the product kP from power analysis attacks. First, the private key, k, is partitioned into a plurality of key partitions, which are processed in a random order, the resulting points being accumulated to produce the scalar product kP. Second, in each partition, the encoding is randomly selected to occur in binary form or in Non-Adjacent Form (NAF), with the direction of bit inspection being randomly assigned between most-to-least and least-to-most. Third, in each partition, each zero in the key may randomly perform a dummy point addition operation in addition to the doubling operation. The method may be implemented in software, smart cards, circuits, processors, or application specific integrated circuits (ASICs) designed to carry out the method.
摘要:
An integrated circuit including a multiplication function configured to execute a multiplication operation of two binary words x and y including a plurality of basic multiplication steps of components xi of word x by components yj of word y is described. The multiplication function of the integrated circuit is configured to execute two successive multiplications by modifying, in a random or pseudo-random manner, an order in which the basic multiplication steps of components xi by components yj are executed.
摘要:
The method for elliptic curve scalar multiplication may provide several countermeasures to protect scalar multiplication of a private key k by a point P to produce the product kP from power analysis attacks. First, the private key, k, is partitioned into a plurality of key partitions, which are processed in a random order, the resulting points being accumulated to produce the scalar product kP. Second, in each partition, the encoding is randomly selected to occur in binary form or in Non-Adjacent Form (NAF), with the direction of bit inspection being randomly assigned between most-to-least and least-to-most. Third, in each partition, each zero in the key may randomly perform a dummy point addition operation in addition to the doubling operation. The method may be implemented in software, smart cards, circuits, processors, or application specific integrated circuits (ASICs) designed to carry out the method.
摘要:
The subject of the disclosed technology is, when a crypto-processing is performed utilizing an information processing device buried in an IC card, etc., to decrease the relationship between the waveform of the consumption current and the contents of the crypto-processing as a countermeasure against a tamper which observes the waveform of a consumption current.A solution means is shown in the following. When a decryption processing of an RSA cryptogram is performed according to CRT, in step 608, for every unit bit block of XP a modular exponentiation calculation is performed, and the partial result of CP up to the calculated bit block is stored in a memory. In step 609, for every unit bit block of XQ a modular exponentiation calculation is performed and the partial result of CQ up to the calculated bit block is stored in a memory. In step 606, a random number is generated, and in step 607, it is decided that step 608 is to be executed or step 609 is to be executed corresponding to the value of the random number.