-
1.发明申请MODULAR MULTIPLICATION METHOD WITH PRECOMPUTATION USING ONE KNOWN OPERAND 审中-公开使用一个已知操作进行预处理的模块化多路复用方法
公开(公告)号:WO2008057804A2
公开(公告)日:2008-05-15
申请号:PCT/US2007/082713
申请日:2007-10-26
发明人: DOUGUET, Michel , DUPAQUIS, Vincent
CPC分类号: G06F7/722
摘要: A modular multiplication method implemented in an electronic digital processing system takes advantage of the case where one of the operands W is known in advance or used multiple times with different second operands V to speed calculation. The operands V and W and the modulus M may be integers or polynomials over a variable X. A possible choice for the type of polynomials can be polynomials of the binary finite field GF (2 N ). Once operand W is loaded (30; 60) into a data storage (12) location, a value P = Lw-X n+δ /M J is pre- computed (32; 62) by the processing system (10). Then when a second operand V is loaded (34; 64), the quotient q Λ for the product V.W being reduced modulo M is quickly estimated (36; 66), q Λ = Lv-P/X n+δ J, optionally randomized (40; 70), q' = q Λ - E, and can be used to obtain (44; 74) the remainder r' = V.W - q'-M, which is congruent to (V.W) mod M. A final reduction (46; 76) can be carried out, and the later steps repeated (52; 82) with other second operands V.
摘要翻译: 在电子数字处理系统中实现的模乘法利用了预先知道操作数W之一或者用不同的第二操作数V多次使用以加速计算的情况。 操作数V和W以及模数M可以是变量X上的整数或多项式。多项式类型的可能选择可以是二进制有限域GF(2≤N>)的多项式。 一旦操作数W被加载(30; 60)到数据存储器(12)位置中,则通过处理(32; 62)预先计算值P = Lw-X> n + d / 系统(10)。 然后,当加载第二操作数V(34; 64)时,快速地估计产品VW减数M的商q(S)> SUP,(36; 66),q O > = Lv-P / X
d,J,任选随机化(40; 70),q'= q O - E,并且可以用于获得(44 ; 74)余数r'= VW-q'-M,其与(VW)mod M一致。可以执行最终减少(46; 76),并且后面的步骤与其他步骤重复(52; 82) 第二个操作数V. -
公开(公告)号:WO2007102898A2
公开(公告)日:2007-09-13
申请号:PCT/US2006/061165
申请日:2006-11-21
发明人: DUPAQUIS, Vincent , DOUGUET, Michel
IPC分类号: H04K1/00
CPC分类号: H04L9/0625 , H04L9/002 , H04L9/003 , H04L2209/043 , H04L2209/08 , H04L2209/24
摘要: A deterministic blinding method for cipher algorithms that employ key -mixing and substitution (S -box) operations uses a masking table (MASK[0] to MASK [63] ) constructed with a true mask (MASK[0] ) and a plurality of dummy masks corresponding to every possible S-box input. Each mask is applied in the key -mixing operation (e.g., bitwise XOR) to the cipher key (K) or to round subkeys (K1 to K16) to generate true and dummy keys or subkeys that are applied to the data blocks (DATA) within the overall cipher algorithm or within individual cipher rounds. The mask values prevent side-channel statistical analyses from determining the true from the dummy keys or subkeys. The true mask is identifiable to the cipher but not by external observers.
摘要翻译: 使用密钥混合和替代(S-box)操作的密码算法的确定性盲法使用由真实掩码(MASK [0])构成的掩蔽表(MASK [0]至MASK [63])和多个 对应于每个可能的S盒输入的虚拟掩码。 每个掩码在密钥混合操作(例如,按位XOR)中应用于密钥(K)或舍入子密钥(K1至K16)以生成应用于数据块(DATA)的真实密钥或虚拟密钥或子密钥, 在整个加密算法内或个别密码轮内。 掩码值可以防止侧信道统计分析从虚拟键或子键确定真。 真正的掩码是可识别的,而不是外部观察者。
-
公开(公告)号:WO2008079524A3
公开(公告)日:2008-07-03
申请号:PCT/US2007/083426
申请日:2007-11-02
发明人: DOUGUET, Michel , DUPAQUIS, Vincent
IPC分类号: H04L9/00
摘要: A method of protecting secret key integrity in a hardware cryptographic system includes first obtaining an encryption result (13) and corresponding checksum (14) of known data using the secret key, saving those results, then masking the secret key (16, 17) and storing the masked key (18). When the masked key is to be used in a cryptographic application, the method checks key integrity against fault attacks by decrypting (19) the prior encryption results using the masked key. If upon comparison (20), the decryption result equals valid data (PASS), then the key's use in the cryptographic system can proceed. Otherwise (FAIL), all data relating to the masked key is wiped from the system and fault injection is flagged (21).
-
公开(公告)号:WO2008079524A2
公开(公告)日:2008-07-03
申请号:PCT/US2007083426
申请日:2007-11-02
申请人: ATMEL CORP , DOUGUET MICHEL , DUPAQUIS VINCENT
发明人: DOUGUET MICHEL , DUPAQUIS VINCENT
IPC分类号: H04L9/00
CPC分类号: H04L9/0662 , H04L9/004 , H04L9/3236 , H04L2209/046 , H04L2209/12 , H04L2209/34
摘要: A method of protecting secret key integrity in a hardware cryptographic system includes first obtaining an encryption result (13) and corresponding checksum (14) of known data using the secret key, saving those results, then masking the secret key (16, 17) and storing the masked key (18). When the masked key is to be used in a cryptographic application, the method checks key integrity against fault attacks by decrypting (19) the prior encryption results using the masked key. If upon comparison (20), the decryption result equals valid data (PASS), then the key's use in the cryptographic system can proceed. Otherwise (FAIL), all data relating to the masked key is wiped from the system and fault injection is flagged (21).
摘要翻译: 一种在硬件加密系统中保护密钥完整性的方法包括首先使用秘密密钥获得已知数据的加密结果(13)和相应的校验和(14),保存这些结果,然后掩蔽秘密密钥(16,17)和 存储被屏蔽的键(18)。 当在密码应用程序中使用被屏蔽的密钥时,该方法通过使用屏蔽的密钥解密(19)先前的加密结果来检查密钥完整性以防故障攻击。 如果比较(20),解密结果等于有效数据(PASS),则密钥在加密系统中的使用可以进行。 否则(FAIL),所有与屏蔽键相关的数据都从系统中擦除,故障注入被标记(21)。
-
公开(公告)号:WO2010126647A2
公开(公告)日:2010-11-04
申请号:PCT/US2010/025443
申请日:2010-02-25
发明人: DUPAQUIS, Vincent , DOUGUET, Michel
IPC分类号: H04L9/06
CPC分类号: H04L9/0631 , G09C1/00 , H04L2209/122 , H04L2209/24
摘要: A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation.
摘要翻译: 加密系统可以包括包含密钥的寄存器和耦合到寄存器的处理器。 处理器可以用于执行第一加密操作,其中加密操作包括使用该寄存器作为工作空间来计算密钥调度。 在第一次加密操作结束时,该密钥从该寄存器中恢复以用于第二次加密操作。
-
公开(公告)号:WO2008112273A1
公开(公告)日:2008-09-18
申请号:PCT/US2008/003324
申请日:2008-03-12
IPC分类号: H04L9/00
CPC分类号: G06F7/723 , G06F2207/7247 , H04L9/302
摘要: A system performing cryptography may operate to load private key values, including at least one pnvate key exponent and two private key moduli, into a data storage accessible to electronic processing hardware and to select, by the electronic processing hardware, a transformation factor The electronic processing hardware may multiply the pnvate key moduli by the transformation factor to produce transformed moduli and load a ciphertext message first data value into the data storage at any time pπor to performing modular exponentiation and to perform, by the electronic processing hardware, a modular exponentiation upon the first data value using the at least one private key exponent and the transformed moduli to obtain an intermediate data value The electronic processing hardware may reduce the intermediate data value modulo a product of the two pnvate key moduli to obtain a decrypted plaintext message final
摘要翻译: 执行密码术的系统可以操作以将包括至少一个pnvate密钥指数和两个私钥模块的私钥值加载到电子处理硬件可访问的数据存储器中,并且由电子处理硬件选择变换因子电子处理 硬件可以将pnvate密钥模数乘以变换因子以产生变换的模数,并且在任何时候将密文消息第一数据值加载到数据存储器中,以执行模幂运算,并且由电子处理硬件执行模幂变换 第一数据值使用至少一个私钥指数和经变换的模数来获得中间数据值。电子处理硬件可以将中间数据值模数化为两个pnvate密钥模块的乘积,以获得解密的明文消息最终
-
7.发明申请MODULAR MULTIPLICATION METHOD WITH PRECOMPUTATION USING ONE KNOWN OPERAND 审中-公开使用一个已知的操作数的具有预定义的模乘法
公开(公告)号:WO2008057804A3
公开(公告)日:2008-07-31
申请号:PCT/US2007082713
申请日:2007-10-26
申请人: ATMEL CORP , DOUGUET MICHEL , DUPAQUIS VINCENT
发明人: DOUGUET MICHEL , DUPAQUIS VINCENT
IPC分类号: G06F7/44
CPC分类号: G06F7/722
摘要: A modular multiplication method implemented in an electronic digital processing system takes advantage of the case where one of the operands W is known in advance or used multiple times with different second operands V to speed calculation. The operands V and W and the modulus M may be integers or polynomials over a variable X. A possible choice for the type of polynomials can be polynomials of the binary finite field GF (2 N ). Once operand W is loaded (30; 60) into a data storage (12) location, a value P = Lw-X n+d /M J is pre- computed (32; 62) by the processing system (10). Then when a second operand V is loaded (34; 64), the quotient q ? for the product V.W being reduced modulo M is quickly estimated (36; 66), q ? = Lv-P/X n+d J, optionally randomized (40; 70), q' = q ? - E, and can be used to obtain (44; 74) the remainder r' = V.W - q'-M, which is congruent to (V.W) mod M. A final reduction (46; 76) can be carried out, and the later steps repeated (52; 82) with other second operands V.
摘要翻译: 在电子数字处理系统中实现的模乘算法利用事先知道操作数W中的一个或与不同的第二操作数V多次使用以加速计算的情况。 操作数V和W以及模数M可以是变量X上的整数或多项式。多项式类型的可能选择可以是二元有限域GF(2 N)的多项式。 一旦操作数W被加载(30; 60)到数据存储器(12)位置,通过处理预先计算值(32; 62)的值P = Lw-Xn + d / 系统(10)。 然后,当加载第二操作数V(34; 64)时,快速估计乘积M的模数M减的商q(SUP;θ),其中q ≥ = Lv-P / X n + d J,任选随机化(40; 70),q'= q SUP→E,并且可以用于获得(44 ; 74)剩余部分r'= VW-q'-M,其与(VW)mod M一致。可以执行最终减少(46; 76),并且随后的步骤与其他 第二操作数V.
-
公开(公告)号:WO2006124160A2
公开(公告)日:2006-11-23
申请号:PCT/US2006/013795
申请日:2006-04-12
发明人: DUPAQUIS, Vincent , DOUGUET, Michel
IPC分类号: H02P1/00
CPC分类号: G06F7/726 , G06F2207/7233
摘要: A cryptographically secure, computer hardware-implemented binary finite-field polynomial modular reduction method estimates (32) and randomizes (36) a polynomial quotient q' (x) used for computation of a polynomial remainder. The randomizing error E (x) injected into the approximate polynomial quotient q (x) is limited to a few bits, e.g. less than half a word. The computed (38) polynomial remainder r' (x) is congruent with but a small random multiple of the residue r (x), which can be found by a final strict binary field reduction by the modulus M (x). In addition to a computational unit (10) and operations sequencer (16), the computing hardware also includes a random or pseudo-random number generator (20) for producing the random polynomial error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.
摘要翻译: 一种加密安全的计算机硬件实现的二进制有限域多项式模块化缩减方法估计(32)并随机化(36)用于计算多项式余数的多项式q'(x)。 注入近似多项式q(x)的随机化误差E(x)被限制在几位,例如 不到半个字。 计算出的(38)多项式余数r'(x)与残差r(x)的小随机倍数是一致的,这可以通过模量M(x)的最终严格二进制字段减小来找到。 除了计算单元(10)和操作定序器(16)之外,计算硬件还包括用于产生随机多项式误差的随机或伪随机数发生器(20)。 因此,模块化还原方法抵御硬件加密分析攻击,如时序和功耗分析攻击。
-
公开(公告)号:WO2010126647A3
公开(公告)日:2010-12-29
申请号:PCT/US2010025443
申请日:2010-02-25
发明人: DUPAQUIS VINCENT , DOUGUET MICHEL
IPC分类号: H04L9/06
CPC分类号: H04L9/0631 , G09C1/00 , H04L2209/122 , H04L2209/24
摘要: A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation.
摘要翻译: 密码系统可以包括包含密钥的寄存器和耦合到寄存器的处理器。 处理器可操作用于执行第一加密操作,其中加密操作包括使用寄存器作为工作空间来计算密钥调度。 在第一次加密操作结束时,密钥从寄存器中恢复,用于第二次加密操作。
-
公开(公告)号:WO2009091748A1
公开(公告)日:2009-07-23
申请号:PCT/US2009/030869
申请日:2009-01-13
发明人: DOUGUET, Michel , DUPAQUIS, Vincent
CPC分类号: G06F7/72
摘要: A special form of a modulus and a modified Barrett reduction method are used to perform modular arithmetic in a cryptographic system. The modified Barrett reduction is a method of reducing a number modulo another number without the use of any division. By pre-computing static values used in the Barrett reduction method and by using a special form of the modulus, the calculation of reducing a number modulo another number can be reduced. This can result in a decrease in computation time, speeding up the overall cryptographic process. The teachings of the invention can be advantageously applied to the implementation of an elliptic curve public-key cryptography system that is secure against side-channel attacks.
摘要翻译: 在密码系统中使用模数特殊形式和修改后的Barrett简化方法进行模数运算。 修改后的巴雷特简化是一种在不使用任何划分的情况下减少数字模数的方法。 通过预先计算Barrett还原法中使用的静态值,并通过使用特殊形式的模数,可以减少模数减少数的计算。 这可能导致计算时间的减少,加快了整体加密过程。 本发明的教导可以有利地应用于安全地防止侧向信道攻击的椭圆曲线公钥密码系统的实现。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.016 秒)
