CN106571922B - Decryption device, method and circuit - Google Patents
Decryption device, method and circuit Download PDFInfo
- Publication number
- CN106571922B CN106571922B CN201510657057.3A CN201510657057A CN106571922B CN 106571922 B CN106571922 B CN 106571922B CN 201510657057 A CN201510657057 A CN 201510657057A CN 106571922 B CN106571922 B CN 106571922B
- Authority
- CN
- China
- Prior art keywords
- decryption
- pseudo
- square
- multiplication
- circuit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
A decryption method includes: receiving encrypted data, wherein the encrypted data is encrypted by an RSA public key; and sequentially performing a plurality of operations according to the RSA private key and the encrypted data to obtain the decrypted data, wherein the operations include a plurality of decryption operations and at least one pseudo-operation, the decryption operations include at least one decryption multiplication operation and at least one decryption square operation, and the at least one pseudo-operation includes at least one of at least one first pseudo-multiplication operation and at least one first pseudo-square operation.
Description
Technical Field
The present disclosure relates to an apparatus, method and circuit. In particular, the present disclosure relates to a decryption apparatus, method and circuit.
Background
The RSA encryption algorithm is an asymmetric encryption algorithm. The encryption device can encrypt the message by using the RSA public key, and the decryption device can decrypt the encrypted message by using the RSA private key after receiving the encrypted message.
However, when the decryption device performs decryption, an attacker can determine the operation performed by the decryption device by measuring the related signal of the decryption device, and further know the RSA private key used by the decryption device.
Disclosure of Invention
To solve the above problem, an embodiment of the present invention relates to a decryption method, including: receiving encrypted data encrypted by an RSA public key; and sequentially performing a plurality of operations according to the RSA private key and the encrypted data to obtain decrypted data, wherein the operations include a plurality of decryption operations and at least one pseudo-operation, the decryption operations include at least one decryption multiplication operation and at least one decryption square operation, and the pseudo-operation includes at least one of at least one first pseudo-multiplication operation and at least one first pseudo-square operation.
An embodiment of the present disclosure relates to a decryption device, which includes a communication module and a decryption element. The decryption component is used for receiving the encrypted data encrypted by the RSA public key through the communication module; the method comprises the steps of sequentially carrying out a plurality of operations according to an RSA private key and encrypted data to obtain decrypted data, wherein the operations comprise a plurality of decryption operations and at least one pseudo-operation, the decryption operations comprise at least one decryption multiplication operation and at least one decryption square operation, and the pseudo-operation comprises at least one of at least one first pseudo-multiplication operation and at least one first pseudo-square operation.
Another embodiment of the present disclosure relates to a decryption circuit, which includes an arithmetic circuit and a control circuit. The arithmetic circuit is used for sequentially carrying out a plurality of operations according to the RSA private key and the encrypted data and generating a plurality of operation results, wherein the operations comprise a plurality of decryption operations and at least one pseudo operation, the decryption operations comprise at least one decryption multiplication operation and at least one decryption square operation, and the at least one pseudo operation comprises at least one of at least one first pseudo multiplication operation and at least one first pseudo square operation. The control circuit is used for receiving the operation results in sequence, providing the operation results of the decryption operation to the operation circuit and preventing the operation results of at least one pseudo operation from being provided to the operation circuit.
By applying the above-mentioned embodiment, the protection against the measurement attack can be performed during the decryption.
Drawings
FIG. 1 is a diagram illustrating a decryption system according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a decryption method according to an embodiment of the disclosure;
FIG. 3 is a diagram illustrating a decryption method according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a decryption circuit according to an embodiment of the present disclosure;
FIG. 5 is a diagram illustrating a decryption method according to an embodiment of the present disclosure; and
fig. 6 is a schematic diagram of a decryption circuit according to an embodiment of the disclosure.
Description of the symbols
10: decryption system
20: encryption device
100: decryption device
110: decryption element
112: decryption circuit
112 a: arithmetic circuit
112 b: control circuit
114: decryption circuit
114 a: arithmetic circuit
114 b: control circuit
120: communication module
200: decryption method
S1-S2: step (ii) of
2. 22, 24, 26: sequence of
SQ, MT, SQ ', MT', SQ ", MT": operations
a1, a 2: characteristic value
And MUX: multiplexer
MTC: multiplier and method for generating a digital signal
SQC: squaring device
REG: temporary storage device
CTL: controller
N: encrypting data
CS: control signal
OPS: operating signal
T1-T8, Q1-Q4: period of time
DCR1-DCR 3: decryption operations
DUM1-DUM 3: pseudo operation
Detailed Description
Fig. 1 is a schematic diagram of a decryption system 10 according to an embodiment of the present disclosure. The decryption system 10 includes a decryption apparatus 100 and an encryption apparatus 20. The encryption device 20 is used to encrypt the original message by using RSA public key to generate the encrypted data N, and the decryption device 100 is used to receive the encrypted data N and decrypt it.
The decryption apparatus 100 includes a decryption device 110 and a communication module 120 electrically connected to each other. The communication module 120 is used for receiving the encrypted data N from the encryption device 20 and transmitting the encrypted data N to the decryption component 110. The decryption component 110 is used to decrypt the encrypted data N to obtain the original message.
The decryption element 110 may be implemented by a processor or other suitable computing element executing specific instructions or programs, or may be implemented in circuitry. In one embodiment, the communication module 120 may be implemented with a wired or wireless communication element.
Referring also to fig. 2, the decryption method 200 of fig. 2 may be applied to the same or similar decryption apparatus 100 shown in fig. 1. The decryption method 200 will be described below by taking the decryption apparatus 100 in fig. 1 as an example.
Step S1: the decryption component 110 receives the encrypted data N from the encryption device 20 through the communication module 120, wherein the encrypted data N is encrypted by the RSA public key.
Step S2: the decryption component 110 decrypts the encrypted data N to obtain a decrypted data (i.e. the original message before encryption). The decryption component 110 can sequentially perform a plurality of operations according to the RSA private key corresponding to the RSA public key and the encrypted data N to obtain the decrypted data. In one embodiment, the operations may include a plurality of decryption operations and at least one first dummy operation (described in detail below). These decryption operations can be used to decrypt the encrypted data N into decrypted data. In one embodiment, the decryption operations include at least one decryption multiplication operation and at least one decryption square operation.
For example, referring to table one, when the value of the RSA private key is 123, the binary form is 2' b 1111011. Therefore, when performing decryption, the decryption multiplication operation and/or the decryption square operation corresponding to each bit are performed in sequence. Viewed from another perspective, the decryption component 110 calculates N ^123 ((((((N ^2) ^ N) ^2 ^ N) ^2 ^ N during decryption to obtain the decrypted data.
Watch 1
Two position type | 1 | 1 | 1 | 1 | 0 | 1 | 1 |
Open a jump of decipher multiplication | - | ˇ | ˇ | ˇ | - | ˇ | ˇ |
Square calculation with decipher | ˇ | ˇ | ˇ | ˇ | ˇ | ˇ | - |
In the plural decryption operations, the number of times of the decryption multiplication operation is corresponding to the number of 1 in the binary form of the RSA private key. For example, in table one, 5 decryption multiplications are performed because the binary form of the RSA private key has 5 bits with a value of 1, except for the first left bit (i.e., the Most Significant Bit (MSB)).
In addition, the number of times of the square decryption operation corresponds to the bit length (bit length) of the RSA private key. For example, the binary bit length of the RSA private key is 7 bits, and the decryption element 110 needs to perform 7-1 to 6 decryption square operations.
In one embodiment, the first dummy operation is not used to generate decrypted data. In one embodiment, the first dummy operation may be performed before, during, or after the decryption operation. In one embodiment, the first pseudo-operation may include at least one first pseudo-multiplication operation and/or at least one first pseudo-square operation.
In one embodiment, the metric characteristics of the first pseudo-multiply operation and the decrypted multiply operation are the same (e.g., a2 of FIG. 3), and the metric characteristics of the first pseudo-square operation and the decrypted square operation are the same (e.g., a1 of FIG. 3). The measurement characteristic refers to the related signals (such as power, current, voltage, temperature, frequency, etc.) that can be measured when the decryption apparatus 100 performs an operation.
By the above operations, it is difficult for an attacker to obtain the plurality of decryption operations and the corresponding RSA private keys by measuring the relevant signals of the decryption apparatus 100.
In one embodiment, the decryption component 110 performs at least one decrypted square operation or first pseudo-square operation between performing two first pseudo-multiplications or between performing one first pseudo-multiplications and one decrypted multiplications. Therefore, the method can avoid the condition that an attacker knows extra information due to the abnormal operation sequence after the first pseudo-square operation or the first pseudo-multiplication operation is inserted.
An example operation is provided below with reference to fig. 3, in which the value of the RSA private key is 123 and the binary form thereof is 2' b 1111011. During the decryption process, the decryption component 110 sequentially performs a plurality of operations in the operation sequence 2, including a decryption square operation SQ, a decryption multiplication operation MT, a first pseudo square operation SQ ″ and a first pseudo multiplication operation MT ″. Wherein, the decryption component 110 generates the decrypted data by sequentially executing the decryption operations DCRs 1-3 in the operation sequence 2. The first dummy operation DUM1 performed before the decrypt operation DCR1, the first dummy operation DUM2 performed between the decrypt operations DCR 1-2, and the first dummy operation DUM3 performed after the decrypt operation DCR3 are all unused to generate decrypted data.
In this operation, even if the attacker measures the relevant signals of the decryption apparatus 100 to know that the decryption apparatus 100 executes the operations in the operation sequence 2, the attacker cannot identify the decryption operation DCR and the corresponding RSA private key.
In one embodiment, the decryption component 110 may include a decryption circuit 112 for performing the decryption process. Fig. 4 is a schematic diagram of the decryption circuit 112 according to an embodiment of the invention, in which the decryption circuit 112 includes an operation circuit 112a and a control circuit 112 b. The operation circuit 112a is used for receiving the encrypted data N and sequentially generating a plurality of operation results according to the RSA private key and the encrypted data N, wherein the operation can include a plurality of decryption operations and at least one first pseudo operation. The control circuit 112b is used for sequentially receiving the plurality of operation results generated by the operation circuit 112a, and the control circuit 112b can provide the operation results of the decryption operation to the operation circuit 112a and prevent the operation results of the first pseudo operation from being provided to the operation circuit 112 a.
In one embodiment, the operation circuit 112a includes a multiplier MTC and a multiplexer MUX. The first input end of the multiplexer MUX is electrically connected with the output end of the register REG and the source end of the encrypted data N, the second input end receives the encrypted data N, the control end receives a control signal CS corresponding to the RSA private key, and the output end is electrically connected with the first input end of the multiplier MTC. The multiplexer MUX is used to output the received input data or encrypted data N according to the RSA private key as the multiplexer output. During the decryption multiplication or the first pseudo multiplication, the multiplexer MUX outputs the encrypted data N as the multiplexer output; during the decrypted square operation or the first pseudo-square operation, the multiplexer MUX outputs the input data as the multiplexer output.
The second input terminal of the multiplier MTC is electrically connected to the output terminal of the register REG and the source terminal of the encrypted data N, and the output terminal is electrically connected to the control circuit 112 b. The multiplier MTC is configured to multiply the input value and the multiplexer output to generate a multiplier output.
The control circuit 112b includes a register REG and a controller CTL. The register REG is used to selectively register the multiplier output and selectively provide the multiplier output to the multiplexer MUX and the multiplier MTC as a new input value (e.g. a new input value in the next round of operation).
The controller CTL is electrically connected to the register REG for providing an operation signal OPS to the register REG, so that the register REG selectively provides the multiplier output to the multiplexer MUX and the multiplier MTC according to the operation signal OPS. For example, in the first operation state, the controller CTL prevents the register REG from providing the multiplier output to the operation circuit 112a by the operation signal OPS; in the second operation state, the controller CTL controls the register REG by the operation signal OPS to provide the multiplier output to the operation circuit 112 a.
For example, referring to fig. 3, in the period P1, the input values are all N, and the multiplexer MUX selects the input values as the multiplexer output according to the control signal CS. The multiplier MTC outputs N ^2 as the first multiplier output. The controller CTL controls the register REG to hold the original value (e.g. null value) by the operation signal OPS and provides the original value as an input value in the next round of operation.
In the period P2, since the output of the register REG is the original value, the input values are all still N, and the multiplexer MUX selects the encrypted data N as the multiplexer output according to the control signal CS. The multiplier MTC outputs N ^2 as the second multiplier output. The controller CTL controls the register REG to maintain the original value by the operation signal OPS and provides the original value as an input value in the next operation.
The operation of the period P3 is similar to that of the period P1, and is not repeated here.
In the period P4, since the output of the register REG is the original value, the multiplexer MUX selects the input value as the multiplexer output according to the control signal CS. The multiplier MTC outputs N ^2 as the fourth multiplier output. The controller CTL controls the register REG to temporarily store the output of the fourth multiplier by the operation signal OPS, and provides the output of the fourth multiplier as the input value in the next round of operation.
In period P5, the input value of multiplexer MUX and multiplier MTC is N ^ 2. The multiplexer MUX selects the encrypted data N as the multiplexer output according to the control signal CS. The multiplier MTC outputs N ^3 as the fifth multiplier output. The controller CTL controls the register REG to temporarily store the output of the fifth multiplier by the operation signal OPS, and provides the output of the fifth multiplier as the input value in the next round of operation. The rest steps are analogized in the same way.
By the above operations, an attacker cannot know the operation performed by the decryption apparatus 100 during decryption and the corresponding RSA private key by measuring the relevant signals of the decryption apparatus 100.
Furthermore, in some embodiments, the decryption component 110 may further perform at least one second pseudo operation according to the encrypted data N while performing the decryption operation. In one embodiment, the decryption component 110 may further perform at least one second pseudo-square operation according to the encrypted data N while performing the decryption multiplication operation of the plurality of decryption operations. In one embodiment, the decryption component 110 may further perform at least one second pseudo-multiplication operation according to the encrypted data N while performing the decryption square operation in the decryption operation.
In one embodiment, the result of the second pseudo-square operation or the result of the second pseudo-multiply operation is not used to generate the decrypted data.
In one embodiment, the second pseudo-multiplication operation may be performed the same or less times than the decryption square operation during the decryption process. Similarly, in one embodiment, the second pseudo-square operation may be performed the same or less times than the decryption multiplication operation during the decryption process.
Referring to fig. 5, in some embodiments, the decryption component 110 further performs at least one second pseudo operation according to the encrypted data N while performing the decryption operation and the first pseudo operation. Further, the decryption element 110 may perform an operation sequence 22 that inserts a first pseudo-square operation SQ "and a first pseudo-multiply operation MT". The decryption component 110 may also perform the operation sequence 24 while performing the operation sequence 22, so as to perform the corresponding second pseudo-multiplication operation MT 'while performing at least one of the decryption square operation SQ and the first pseudo-square operation SQ ″ in the operation sequence 22, and perform the corresponding second pseudo-square operation SQ' while performing at least one of the decryption multiplication operation MT and the first pseudo-multiplication operation MT ″ in the operation sequence 22. Thus, during the decryption process, the attacker can only obtain the sequence 26, and it is difficult to identify the RSA private key from the measurement result.
In one embodiment, the decryption device 110 may include a decryption circuit 114 (shown in fig. 6) for performing the decryption process. The decryption circuit 114 includes an operation circuit 114a and a control circuit 114b, and the operation circuit 114a includes a squarer SQC, a multiplier MTC, and a multiplexer MUX. The elements and functions of control circuit 114b are similar to control circuit 112b of fig. 4.
The input terminal of the squarer SQC is electrically connected to the output terminal of the control circuit 114b and the source terminal of the encrypted data N, and the output terminal is electrically connected to the first input terminal of the multiplexer MUX. The first input terminal of the multiplier MTC is electrically connected to the output terminal of the control circuit 114b and the source terminal of the encrypted data N, the second input terminal receives the encrypted data N, and the output terminal is electrically connected to the second input terminal of the multiplexer MUX.
The squarer SQC is used for generating a squarer output according to an input value. Wherein the input value can be the encrypted data N or the output of the control circuit 114 b. The multiplier MTC is used to perform a decryption multiplication or a second pseudo multiplication on the input value and the encrypted data N to generate a multiplier output. The squarer SQC and the multiplier MTC perform the decryption square operation (or the first pseudo square operation) and the second pseudo multiplication operation simultaneously, or perform the second pseudo square operation and the decryption multiplication (or the first pseudo multiplication operation) simultaneously, so that an attacker cannot know the decryption operation and its corresponding RSA private key by measuring the related signals of the decryption apparatus 100.
For example, referring also to FIG. 5, during period Q1, the input values are all N. The squarer SQC performs a decrypted square operation and outputs N ^2, while the multiplier MTC performs a second pseudo multiplication and outputs N ^ 2. The multiplexer MUX selects the squarer output as the first multiplexer output according to the control signal CS. The controller CTL controls the register REG to temporarily store the output of the first multiplexer through the operation signal OPS, and provides the output of the first multiplexer to the squarer SQC and the multiplier MTC as the input value in the next round of operation.
In period Q2, the input values are all N2. The squarer SQC performs a second pseudo-squaring operation and outputs N ^4, while the multiplier MTC performs a first pseudo-multiplication operation and outputs N ^ 3. The multiplexer MUX selects the multiplier output as the second multiplexer output according to the control signal CS. The controller CTL controls the register REG to store the first multiplexer output through the operation signal OPS and provides the first multiplexer output as a new input value in the next round of operation. The steps in periods Q3, Q4, and so on. By the above operations, the attacker cannot know the operation performed by the decryption apparatus 100 during decryption and the corresponding RSA private key by measuring the relevant signals of the decryption apparatus 100.
Although the present invention has been described with reference to exemplary embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention, and it is intended that the invention be limited only by the terms of the appended claims.
Claims (8)
1. A decryption method, comprising:
receiving an encrypted data, wherein the encrypted data is encrypted by an RSA public key; and
sequentially performing a plurality of operations according to an RSA private key and the encrypted data to obtain decrypted data, wherein the operations comprise a plurality of decryption operations and at least one pseudo operation, the decryption operations comprise at least one decryption multiplication operation and at least one decryption square operation, and the at least one pseudo operation comprises at least one first pseudo multiplication operation and at least one first pseudo square operation;
wherein the decrypted square operation or the first pseudo-square operation is performed between performing the first pseudo-multiplication operation and performing the decrypted multiplication operation once.
2. The decryption method of claim 1, wherein the operation result of performing the first pseudo-square operation or the operation result of performing the first pseudo-multiply operation is not used to generate the decryption data.
3. The decryption method according to claim 1, wherein at least one second pseudo-square operation is performed according to the encrypted data while performing the at least one decryption multiplication operation; at the same time of performing the square operation of decryption, at least one second pseudo multiplication operation is performed according to the encrypted data.
4. A decryption apparatus comprising:
a communication module; and
a decryption component for:
receiving an encrypted data through the communication module, wherein the encrypted data is encrypted by an RSA public key; and
sequentially performing a plurality of operations according to an RSA private key and the encrypted data to obtain decrypted data, wherein the operations comprise a plurality of decryption operations and at least one pseudo operation, the decryption operations comprise at least one decryption multiplication operation and at least one decryption square operation, and the at least one pseudo operation comprises at least one first pseudo multiplication operation and at least one first pseudo square operation;
wherein the decrypted square operation or the first pseudo-square operation is performed between performing the first pseudo-multiplication operation and performing the decrypted multiplication operation once.
5. A decryption circuit, comprising:
an arithmetic circuit for performing a plurality of operations in sequence according to an RSA private key and an encrypted data to generate a plurality of operation results, wherein the operations include a plurality of decryption operations and at least one pseudo operation, the decryption operations include at least one decryption multiplication operation and at least one decryption square operation, the at least one pseudo operation includes at least one first pseudo multiplication operation and at least one first pseudo square operation, and the arithmetic circuit is further configured to perform the decryption square operation or the first pseudo square operation between performing the first pseudo multiplication operation and performing the decryption multiplication operation; and
a control circuit for receiving the operation results in sequence, providing the operation results of the decryption operation to the operation circuit, and preventing the operation results of the at least one pseudo operation from being provided to the operation circuit.
6. The decryption circuit of claim 5, wherein the arithmetic circuit comprises:
a multiplexer for receiving an input value and the encrypted data, and outputting one of the input value and the encrypted data according to the RSA private key as a multiplexer output; and
a multiplier for receiving the input value and the multiplexer output, and performing a decryption multiplication operation on the input value and the multiplexer output to generate a first operation result of the operation results.
7. The decryption circuit of claim 6, wherein the control circuit comprises:
a register for receiving the first operation result; and
a controller for controlling the register to selectively provide the first operation result to the operation circuit, wherein in a first operation state, the controller prevents the register from providing the first operation result to the operation circuit, and in a second operation state, the controller controls the register to provide the first operation result to the operation circuit.
8. The decryption circuit of claim 5, wherein the operation circuit is further configured to perform a second pseudo-square operation while performing the at least one decryption multiplication operation, or perform a second pseudo-multiplication while performing the at least one decryption square operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510657057.3A CN106571922B (en) | 2015-10-12 | 2015-10-12 | Decryption device, method and circuit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510657057.3A CN106571922B (en) | 2015-10-12 | 2015-10-12 | Decryption device, method and circuit |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106571922A CN106571922A (en) | 2017-04-19 |
CN106571922B true CN106571922B (en) | 2020-03-10 |
Family
ID=58508160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510657057.3A Active CN106571922B (en) | 2015-10-12 | 2015-10-12 | Decryption device, method and circuit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106571922B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108737073B (en) * | 2018-06-22 | 2021-09-28 | 北京智芯微电子科技有限公司 | Method and device for resisting energy analysis attack in block encryption operation |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102684876A (en) * | 2011-02-25 | 2012-09-19 | 英赛瑟库尔公司 | Encryption method comprising an exponentiation operation |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100472751C (en) * | 2005-03-17 | 2009-03-25 | 联想(北京)有限公司 | Method of preventing energy analysis attack to RSA algorithm |
CN1753357A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Differential power consumption analysis shield circuit for DES encrypted chip |
US8090957B2 (en) * | 2005-10-19 | 2012-01-03 | Panasonic Corporation | Information security device, information security method, computer program, computer-readable recording medium, and integrated circuit |
DE602007007310D1 (en) * | 2006-04-06 | 2010-08-05 | Nxp Bv | DECODING METHOD |
US20100257318A1 (en) * | 2009-04-03 | 2010-10-07 | Samsung Electronics Co., Ltd. | Evicting code sections from secondary memory to improve the security of computing systems |
EP2535804A1 (en) * | 2011-06-17 | 2012-12-19 | Thomson Licensing | Fault-resistant exponentiation algorithm |
FR2997780B1 (en) * | 2012-11-07 | 2016-01-22 | Inside Secure | CRYPTOGRAPHY METHOD COMPRISING A MODULAR EXPONENTIATION OPERATION |
-
2015
- 2015-10-12 CN CN201510657057.3A patent/CN106571922B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102684876A (en) * | 2011-02-25 | 2012-09-19 | 英赛瑟库尔公司 | Encryption method comprising an exponentiation operation |
Also Published As
Publication number | Publication date |
---|---|
CN106571922A (en) | 2017-04-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3143720B1 (en) | Differential power analysis countermeasures | |
US9772821B2 (en) | Cryptography method comprising an operation of multiplication by a scalar or an exponentiation | |
CN105940439B (en) | Countermeasure to side-channel attacks on cryptographic algorithms using permutation responses | |
US10243727B2 (en) | Method and system for constant time cryptography using a co-processor | |
WO2018063626A1 (en) | Linear masking circuits for side-channel immunization of advanced encryption standard hardware | |
CN105337736A (en) | Fully-homomorphic message authentication method, device and system | |
US11385893B2 (en) | Method secured against side-channel attacks performing an arithmetic operation of a cryptographic algorithm mixing Boolean and arithmetic operations | |
US11695542B2 (en) | Technology for generating a keystream while combatting side-channel attacks | |
US10326596B2 (en) | Techniques for secure authentication | |
Backlund et al. | Secret key recovery attack on masked and shuffled implementations of crystals-kyber and saber | |
EP3022864B1 (en) | Apparatus and method for key update for use in a block cipher algorithm | |
CN106571922B (en) | Decryption device, method and circuit | |
CN109804596B (en) | Programmable block cipher with masked input | |
US10057063B2 (en) | Decryption device, method, and circuit | |
CN110249299A (en) | Generate method, chip and the electronic equipment of random number | |
TWI575924B (en) | Decryption device, method and circuit | |
CN106571916B (en) | Decryption device, method and circuit | |
KR20140116725A (en) | Method and apparatus for block encryption algorithm | |
Beuchat | FPGA implementations of the RC6 block cipher | |
JP2007214721A (en) | Decoding method, decoding apparatus and decoding program | |
Hori et al. | Bitstream protection in dynamic partial reconfiguration systems using authenticated encryption | |
WO2008013154A1 (en) | Extension filed multiplication program and extension filed multiplication device | |
CN112688909B (en) | Data transmission system, method, device, medium and equipment | |
US20230379134A1 (en) | Method and device for performing homomorphic permutation | |
WO2024086243A1 (en) | Protection of polynomial cryptographic operations against side-channel attacks with change-of-variable transformations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |