AU2007213585B2 - Protection of a cryptographic algorithm - Google Patents

Protection of a cryptographic algorithm Download PDF

Info

Publication number
AU2007213585B2
AU2007213585B2 AU2007213585A AU2007213585A AU2007213585B2 AU 2007213585 B2 AU2007213585 B2 AU 2007213585B2 AU 2007213585 A AU2007213585 A AU 2007213585A AU 2007213585 A AU2007213585 A AU 2007213585A AU 2007213585 B2 AU2007213585 B2 AU 2007213585B2
Authority
AU
Australia
Prior art keywords
operational system
data block
cryptographic
value
additional
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU2007213585A
Other versions
AU2007213585A1 (en
Inventor
Julien Bringer
Herve Chabanne
Emmanuelle Dottax
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Safran Electronics and Defense SAS
Original Assignee
Sagem Defense Securite SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sagem Defense Securite SA filed Critical Sagem Defense Securite SA
Publication of AU2007213585A1 publication Critical patent/AU2007213585A1/en
Application granted granted Critical
Publication of AU2007213585B2 publication Critical patent/AU2007213585B2/en
Ceased legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Amplifiers (AREA)
  • Train Traffic Observation, Control, And Security (AREA)
  • Peptides Or Proteins (AREA)

Abstract

An algorithm includes a first and a second cryptographic operation. A first operational system (102) is applied to an initial data block and a first intermediate data block is obtained, said first operational system corresponding to a combination of the first cryptographic operation (103), a first random operation (104) which provides a determined value with a defined probability value, a second random operation (105), and a bijective operation (106). Next, a second operational system (116) is applied to the intermediate data block and a second intermediate data block is obtained, said second operational system corresponding to a combination of the inverse operation (117) to the bijective operation of the previous operational system, the second cryptographic operation (118), and an operation which provides the zero value for a value associated with said determined value (119). The application of the first and second operational systems is repeated N times, N being determined as a function of the probability value, and the encrypted data block is determined on the basis of the second intermediate data blocks, as a function of the probability value.

Description

WO 2007/090961 -1- PCT/FR2007/000222 Protection of a cryptographic algorithm The present invention relates to the field of cryptography and more particularly to the protection of 5 information relating to calculations carried out according to a cryptographic algorithm. Cryptographic algorithms allow in particular data to be encrypted and/or data to be decrypted. Such algorithms 10 can also be used for numerous other applications. In fact, they can also serve to sign or even to authenticate certain information. They may also be used in the field of timestamping. 15 Such algorithms generally comprise a sequence of several operations or calculations that are successively applied to a piece of data to be encrypted in order to obtain a piece of encrypted data or again to a piece of encrypted data in order to obtain a piece 20 of decrypted data. Among these algorithms, some are founded on a use of private keys while others are based on a mixed use of public and secret keys. 25 Whatever the type of cryptographic algorithm, in order to preserve the confidential character of the algorithm, secret keys and other information, it is important that the calculations carried out remain 30 secret. This is because when an attacker is able to determine the calculations carried out according to a cryptographic algorithm, he may then access secret 35 information and breach the confidential character of the data according to this algorithm.
WO 2007/090961 - 2 - PCT/FR2007/000222 In some algorithms the protection of the confidential character rests on the fact that the calculations are carried out in a protected environment that is not accessible to potential attackers. 5 In some other algorithms the calculations may be carried out in an environment accessible to potential attackers. It is therefore necessary for such algorithms that they are resistant to tests called 10 "white box" tests. These tests aim to attempt to breach the confidential character of the algorithm from the calculations carried out in the course of implementing the algorithm. 15 The document "A White-Box DES Implementation for DRM Applications" by S. Chow, P. Eisen, H. Johnson and P.C. van Oorschot proposes a method allowing protection against white-box tests, i.e. when the complete implementation of the algorithm is available to the 20 attacker. The technique used is based on the use of tables allowing the operations of the algorithm to be implemented after encoding with the help of bijections has been introduced between various rounds of the algorithm. 25 However, the document "Attacking an Obfuscated Cipher by Injecting Faults" by Matthias Jacob, Dan Boneh and Edward W. Felten in 2003 discloses a method allowing the secret information used in the execution of the 30 algorithm according to the method described in the previously cited document to be found. The document "White-box Cryptography and an AES Implementation" by S. Chow, P. Eisen, H. Johnson and 35 P.C. van Oorschot proposes another implementation based on similar principles to those stated by the document "A White-Box DES Implementation for DRM Applications". But encoding is added outside rounds.
WO 2007/090961 - 3 - PCT/FR2007/000222 The document "Cryptanalysis of a White-Box AES Implementation" by Olivier Billet, Henri Gilbert and Charaf Ech-Chatbi discloses an attack on this other implementation. 5 Hence, the protection methods of this type have weaknesses that allow the confidential character of the algorithm to be breached. 10 It would be advantageous if the present invention would increase the confidentiality protection level of an algorithm against white-box tests. A first aspect of the present invention proposes a 15 method for carrying out a cryptographic calculation in an electronic component, according to a specified cryptographic algorithm including at least a first and a second cryptographic operation. The algorithm is designed to generate an encrypted data block from an 20 initial data block. The method comprises the following steps: (a) applying a first operational system to the initial data block and obtaining a first intermediate 25 data block, said first operational system corresponding to a combination of at least the first cryptographic operation, a first random operation that generates a determinate value with a defined probability value, a second random operation, and a bijective operation; 30 (b) applying a second operational system to the intermediate data block generated in the preceding step and obtaining a second intermediate data block, said second operational system corresponding to a combination of at least the inverse operation of the 35 bijective operation of the preceding operational system, the second cryptographic operation, and an operation that generates the value zero for a value associated with said determinate value; WO 2007/090961 - 4 - PCT/FR2007/000222 (c) repeating the steps (a) and (b) N times, N being an integer determined depending on said defined probability value; and (d) determining the encrypted data block from the 5 second intermediate data block(s) depending on the defined probability value. Thanks to these measures, the cryptographic operations to be applied according to the algorithm to be 10 protected remain secret for any attacker. This is because they are applied to data to be encrypted in combination with at least two random operations, one of these two operations providing a determinate value with a defined probability. The effect of this first random 15 operation is advantageously only cancelled with the application of the operation that generates the value zero for a value associated with said determinate value. Hence, from the application of the first random operation and through to the application of the 20 operation that generates zero for a value associated with the determinate value, the data manipulated in the course of carrying out such calculations are protected against attacks. 25 When the method corresponds to the application of a first and of a second operational system alone, the associated value is equal to the determinate value. It should be noted that the term "cryptographic 30 operation" corresponds to a cryptographic operation in the broad sense, i.e. that this term also denotes a succession of cryptographic operations. The application of the first operational system may 35 correspond to the application in combination of: - the first cryptographic operation generating a first result of the first operational system from the initial data block; WO 2007/090961 - 5 - PCT/FR2007/000222 - the first random operation generating a second result of the first operational system from the initial data block; - the second random operation generating a third 5 result of the first operational system from the initial data block; and - the bijective operation generating the first intermediate data block from the first, second and third results of the first operational system. 10 The application of the second operational system may correspond to the application in combination of: - the inverse operation of the bijective operation of the preceding operational system generating, from 15 the intermediate data block obtained by the preceding operational system, said first and second results of the preceding operational system; - the second cryptographic operation generating a first result of the second operational system from the 20 first result of the preceding operational system; - the operation that generates the value zero for a value associated with the determinate value from the second result of the preceding operational system, hence generating a second result of the second 25 operational system; and - an addition of the first and the second result of the second operational system generating the second intermediate data block. 30 Each piece of data in the first and the second intermediate data blocks may be obtained in polynomial form from data of the initial data block and data of the first intermediate data block respectively. 35 The first and second operational systems may be applied in the form of tables of values to the initial data block and to the first intermediate data block respectively.
WO 2007/090961 - 6 - PCT/FR2007/000222 The first random operation, which generates a determinate value with a defined probability value, may be carried out in a finite mathematical space in which it generates at most one determinate set of values; and 5 in which the operation that provides the value zero for a value associated with said determinate value also generates the value zero for the other values of said set. 10 Hence, the number N corresponding to the number of iterations of steps to determine the encrypted data block may advantageously be equal to 1. When the algorithm includes a set of K additional 15 cryptographic operation(s) between the first and second cryptographic operations, K being a positive integer, the method may furthermore comprise the following step between the step (a) and the step (b): - applying a number K of successive additional 20 system(s) operational (108) respectively associated with said set of additional cryptographic operation(s), each additional operational system generating an additional intermediate data block (114) from the intermediate data block (107) generated by the 25 preceding operational system; in which each additional operational system corresponds to a combination of at least the inverse operation (109) of the bijective operation of the preceding operational system, the additional cryptographic 30 operation (110) associated with said additional operational system, an additional operation (111), a random operation (112) and a bijective operation (113). In this case, the value associated with the determinate 35 value for which the function is cancelled advantageously corresponds to the value resulting from the application of the additional operation on said WO 2007/090961 - 7 - PCT/FR2007/000222 determinate value, or even from successive applications of additional operations on the determinate value. The additional operational system may correspond to the 5 application in combination of: - the inverse operation of the bijective operation of the preceding operational system, generating, from the intermediate data block provided by the preceding operational system, the first, second and third results 10 of the preceding operational system; - the additional cryptographic operation generating a first result of the additional operational system from the first result of the preceding operational system; 15 - the additional operation generating a second result of the additional operational system from the second result of the preceding operational system; - the random operation generating a third result of the additional operational system from at least one 20 of the first, second and third results of the preceding operational system; and - a bijective operation generating the additional intermediate data block from the first, second and third results of the additional operational system. 25 The additional operation may advantageously correspond to an identity operation and hence make the calculations easier. In such a case, the value associated with the determinate value, for which the 30 second specific operation generates a zero value, is more precisely equal to this determinate value. Likewise, the bijective operations may advantageously correspond to linear bijective operations and hence 35 reduce the calculations. A second aspect of the present invention proposes an electronic component for carrying out a cryptographic WO 2007/090961 - 8 - PCT/FR2007/000222 calculation according to a cryptographic algorithm including at least a first and a second cryptographic operation, this electronic component being designed to implement a method for carrying out calculations 5 according to the first aspect of the present invention. At least one of the first random operation, the second random operation and the bijective operation may differ at each repetition of the first and second operational 10 systems. The present invention provides in a third aspect electronic component for carrying out a cryptographic calculation according to a cryptographic algorithm 15 including at least a first and a second cryptographic operation, said algorithm being designed to generate an encrypted data block from an initial data block, said component comprising: - first means for applying a first operational 20 system to the initial data block and generating a first intermediate data block, said first operational system corresponding to a combination of at least the first cryptographic operation, a first random operation that generates a determinate value with a defined 25 probability value, a second random operation, and a bijective operation; - second means for applying a second operational system to the intermediate data block generated by the preceding means and generating a second intermediate 30 data block, said second operational system corresponding to a combination of at least an inverse operation of the bijective operation of the preceding means, the second cryptographic operation, and an operation that generates the value zero for a value 35 associated with said determinate value; - means for repeating the application of the first and second operational systems N times, N being an WO 2007/090961 - 9 - PCT/FR2007/000222 integer determined depending on said defined probability value; and - means for determining the encrypted data block from the second intermediate data block(s) depending on 5 the defined probability value. Other aspects, embodiments and advantages of the invention will become apparent on reading the description of one of its embodiments. 10 The invention will be better understood with the help of the drawings in which: - Figure 1 illustrates the various steps of a cryptographic algorithm comprising a plurality of 15 cryptographic operations; and - Figure 2 illustrates the main stages of a method of carrying out according to an embodiment of the present invention. 20 It would be advantageous if embodiments of the present invention would improve the resistance to attacks against cryptographic algorithms in the course of so called white-box tests, i.e. when the implementation of the cryptographic algorithm to be protected is 25 accessible to potential attackers. To this end, the cryptographic operations to be applied to a data block according to the determinate algorithm to be protected are changed. Hence, instead of directly and successively applying the cryptographic operations of 30 the algorithm to be protected, respective operational systems are successively applied such that, on the one hand, the output data obtained from these operational systems differ from the output data obtained from the cryptographic operations of the algorithm to be 35 protected and, on the other hand, the output data from the various operational systems do not allow the confidentiality of the cryptographic algorithm to be protected to be breached.
WO 2007/090961 - 10 - PCT/FR2007/000222 According to one embodiment of the present invention, each operational system is generated from each cryptographic operation of the respective algorithm. More precisely, in each operational system 5 corresponding to a determinate cryptographic operation, random variables are introduced. Then, at least two operational systems, among the operational systems thus generated from the various cryptographic operations of the algorithm to be protected, furthermore comprise a 10 first and a second specific operation respectively. In addition to the randomness introduced by the random operations introduced in each operational system, these two specific operations enable effective improvement of 15 the protection of the cryptographic algorithm, in particular in relation to the cryptographic operations that are carried out between the two cryptographic operations to which the two operational systems that include these two specific operations correspond. 20 In fact, the output data from each operational system implemented between these two operational systems including the two specific operations may be captured by a potential attacker without that being able to 25 threaten the confidentiality of the part of the algorithm to be protected which is included between the two cryptographic operations of the algorithm that are carried out within these two operational systems. 30 With the aim of protecting all the cryptographic operations of the algorithm, the two specific operations may advantageously be introduced in the first operational system generated from the first cryptographic operation of the algorithm and in the 35 last operational system generated from the last cryptographic operation of the algorithm.
WO 2007/090961 - 11 - PCT/FR2007/000222 The first specific operation corresponds to a random function which generates an output value in a random manner, this output value assuming a determinate value with a defined probability. 5 The second specific operation corresponds to a function that generates the value zero as an output value for an input value corresponding to a value associated with the determinate value. Generally speaking, this 10 associated value corresponds to the transformation undergone by the determinate value, if need be, following the application of additional operations of additional operational systems implemented between the first and the second operational system according to an 15 embodiment of the present invention. Consequently, in a general case, when an application of associated first and second operational systems, as described above, is reiterated a number of times 20 determined as a function of the value of the defined probability, it is possible to cancel the effect of the first specific operation through that of the second specific operation associated with it. Note that each set of first and second associated operational systems 25 may advantageously be constructed with different associated first and second specific operations, also different random operations and bijective operations. Insofar as the effect of the first specific operation 30 is not cancelled, the information accessible to an attacker during execution of the algorithm according to an embodiment of the present invention differs greatly from the data obtained from different steps of a direct execution of the algorithm to be protected. 35 The data able to be captured by an attacker at the output of each of the operational systems not only do not correspond to the data that would be obtained by WO 2007/090961 - 12 - PCT/FR2007/000222 directly applying the corresponding cryptographic operations, but also have a random character relative to the data that should be obtained. Hence, potential attacks during the execution of such an algorithm are 5 in vain. Embodiments of the present invention are described in its application to an algorithm comprising a plurality of rounds, each round being able to correspond to a 10 plurality of cryptographic operations. However, it should be noted that no limitation is attached to the type of cryptographic algorithm. In fact embodiments of the present invention may easily be applied to any cryptographic algorithm comprising at least a first and 15 a second cryptographic operation. In one embodiment of the present invention, the two specific operations are introduced in the first round and the last round. However, the introduction of these 20 two specific operations may be foreseen at any step of the algorithm to be protected. Figure 1 illustrates the steps of a cryptographic algorithm comprising a plurality of rounds. In a step 25 10, a round of the algorithm comprising one or more cryptographic operations is applied to an initial data block X 101 to be encrypted. The application of the cryptographic operations of this round is a round of operations R 1 . A data block Yi is then obtained at a 30 step 11. It satisfies the equation: Yi=R (X) Next, in step 12, the operations of the second round R 2 of the cryptographic algorithm are applied to this block Y 1 . A block Y 2 satisfying the following equation 35 is then obtained:
Y
2
=R
2
(Y
1 ) The various rounds Ri, for i between 1 and r, are successively applied in this way. A step 14 represents WO 2007/090961 - 13 - PCT/FR2007/000222 the data block Yr-i thus obtained at the output of the penultimate round Rr-i. This data block satisfies the following equation: Yr-i=Rr-i (Yr-2) 5 Next, in step 15, the operations of the last round Rr of the algorithm considered are applied to this block Yr-i and, in step 16, the encrypted data block Yr satisfying the following equation is obtained: Yr=Rr (Yr-1) 10 Figure 2 describes the steps of a method of carrying out cryptographic calculations according to an embodiment of the present invention applied to an algorithm corresponding to that described above with 15 reference to Figure 1. In one embodiment of the present invention, when a operational system comprises a plurality of cryptographic operations to be applied to an initial 20 data block X=(x,..., xn) so as to generate a data block Z=(zl,..., zn) resulting from the series of successive operations, each component of the resulting data block is expressed in a polynomial form as a function of the various components xl,..., xn of the initial data block 25 X. More precisely, when a operational system S to be applied to an initial data block X to obtain a resultant data block Z comprises a succession of 30 operations, this data block X is decomposed into a plurality of smaller data blocks, xl,..., xn. Each component data block zi of the data block Z may then be obtained in a polynomial form as a function of the various components xi of the initial data block. In 35 this way, each component of the data block resulting from the application of the operations of the operational system considered is then generated in a single transformation. In such conditions, the WO 2007/090961 - 14 - PCT/FR2007/000222 succession and the distinction of the operations comprising the operational system applied is then difficult for a potential attacker to access. 5 The following equation may therefore be written: Z=S(X) [1] and for i between 1 and n, a polynomial pi exists such that: zi=pi (xi,...-, xn) [2] 10 The following sections use the application of various cryptographic operations in the combined form expressed above. 15 In a variant, it is also possible to envisage obtaining the various components of the data block resulting from the cryptographic operations of the operational system in the form of tables of values. 20 Whichever method of application is used, either in a polynomial form or even in the form of tables of values, the operations to be applied according to an operational system are preferably applied in combination, such that each component of the data block 25 coming from the operational system is obtained in a single transformation. In one embodiment of the present invention, the algorithm to be protected is implemented by modifying 30 the rounds of operations Ri, for i between 1 and r, as described above. In one embodiment of the present invention, at least one round of operations Ri of the algorithm is associated with an operational system Si which is a combination of at least the round of 35 operations Ri of the algorithm to be protected, a random operation Ai, and a random operation V that generates a determinate value v with a defined probability. A combined execution of the various WO 2007/090961 - 15 - PCT/FR2007/000222 operations of such operational systems Si advantageously allows a data block to be obtained resulting from the initial data block in a single transformation. Hence, a potential attacker is not able 5 to distinguish the various operations separately. It should be noted that embodiments of the present invention are also easily applied to the case where a round of operations of the algorithm Ri corresponds to 10 a single cryptographic operation. In a step 102, a first operational system Si is applied to the initial data block 101. More precisely, in an embodiment of the present invention, this first 15 operational system corresponds to applying to the initial data block 101 in combination: - the first round of operations R, of the algorithm to be protected; - the random operation A,; and 20 - the first random operation V; then combining the various data blocks resulting from these three operations applied to the initial data block 101, so as to obtain a first intermediate data block 107. This combination is obtained by applying a bijective 25 mapping to the results of these three aforementioned operations. This operational system is carried out in the form of a single transformation, allowing the first intermediate 30 data block to be obtained component by component from the initial data block, as described above. It may also be implemented in a polynomial form or even in the form of tables of values. 35 The following section details the operations to which the application of the first operational system Si according to an embodiment of the present invention corresponds.
WO 2007/090961 - 16 - PCT/FR2007/000222 The round of operations R 1 of the algorithm considered is applied to the initial data block X 101, which can be written in the form of a data series x 1 ,..., xn. A first result 103 is obtained from the first operational 5 system, denoted Y 1
,
1 , corresponding to a data block that satisfies the following equation:
Y
1 ,i=R 1 (X) Note that Y 1
,
1 is equal to Yi as defined above with reference to Figure 1. But such a result is not 10 accessible to a potential attacker, since in the course of carrying out the operations comprising the operational system Si this step is mixed with other operations to be applied and described above, in polynomial form or in the form of tables of values. 15 Next, when the function V is applied to the initial data block, a second result 104 is obtained from this first operational system in the form of a data block satisfying the following equation: 20 Y 1 , 2 =V (X) By applying the random operation Ai to the initial data block X, a third result 105 is obtained from the first operational system in the form of a data block Y 1
,
3 25 satisfying the following equation:
Y
1 , 3A (X ) In a manner not allowing distinction of the three results described above output from the first 30 operational system, a combination 106 of these three results is carried out to generate the first intermediate data block 107, corresponding to the carrying out of the first round of the algorithm according to an embodiment of the present invention. 35 Hence, at the output of the first operational system Si the intermediate data block XIi is obtained, satisfying the following equation: WO 2007/090961 - 17 - PCT/FR2007/000222 XI1=M1(Y1,1; Y 1
,
2 ; Y 1
,
3 ) where Mi is the bijective combination applied in the first operational system S1. 5 Advantageously, the intermediate data block X1, differs from the data block Yi obtained from the first round according to the cryptographic algorithm with reference to Figure 1. Such a difference does not enable the data block Y 1 , which is equal to the data block Y 1
,
1 , to be 10 found from the data block XIi. Then a second operational system 108, corresponding to carrying out the second round of the algorithm to be protected according to an embodiment of the present 15 invention, is applied to the first intermediate data block 107. It corresponds to the combined application of an inverse operation of the bijective operation from the preceding operational system, the second round of operations from the algorithm to be protected R 2 , a 20 random operation A 2 , an operation corresponding to the identity 12, and a bijective operation M 2 . This second operational system corresponds to the application of the operations described separately in 25 detail in the following sections, but which are applied component by component in a single transformation, as for all the operational systems described according to an embodiment of the present invention. 30 This operational system corresponds to the application first of the inverse operation Mj 1 109 of the operation M, on the data block X1, so as to obtain in a distinct manner the three results described for the first operational system Y 1
,
1 ; Y 1
,
2 and Y 1
,
3 . 35 Next, the cryptographic operations of the round R 2 of the cryptographic algorithm are then applied to the first result Yi,1 110, and a first result Y 2
,
1 is then WO 2007/090961 - 18 - PCT/FR2007/000222 obtained from the second operational system S2, satisfying the following equation:
Y
2 , =R 2
(Y
1 , 1 ) Then the operation 12 is applied to the second result 5 from the preceding operational system Y 1
,
2 and a second result 111 is obtained from the second operational system, satisfying the following equation:
Y
2 , 2 =Yi, 2 In the example described below, the identity operation 10 is considered. But this operation may be different from an identity operation. More generally, this operation may be any operation at all. The random operation A 2 is then applied to the third 15 result from the preceding operational system Y 1
,
3 to obtain a third result 112 of the second operational system, satisfying the following equation: Y2,3=A2(Yi,i; Yi,2; Yi,3) 20 In a variant, it is possible to envisage the random operation taking any subset of the three results Y 1
,
1 ;
Y
1
,
2 ; Y 1
,
3 as input. Next, referred to as 113, a bijective operation M 2 is 25 then applied to the first, second and third results from the second operational system to obtain a third intermediate data block 114 X1 2 . This data block 114 satisfies the following equation: X1 2
=M
2
(Y
2 ,i; Y 2
,
2 ; Y 2
,
3 ) 30 In one embodiment of the present invention, the operational systems Si, for i between 2 and r-1, correspond to the application of operations similar to those described with reference to the second 35 operational system. From the above description it is easy to deduce variants of the application of the present invention in WO 2007/090961 - 19 - PCT/FR2007/000222 which the operations may differ depending on the operational systems. Thus, for example, it is possible to envisage that in some operational systems the function I previously described is an identity 5 function, while in others it is any function differing from the identity function. Next, the final operational system 116 Sr corresponds to the combined application of an operation 10 corresponding to the inverse operation 117 of the bijective operation Mr-i from the preceding operational system, the round of operations Rr of the algorithm to be protected, and an operation Z, that generates the value zero for a value associated with the determinate 15 value v. The following sections detail the separate application of these various operations. It should be noted that, as in each operational system Si, these operations are applied in combination. 20 The preceding operational system Sr-1 generates an (r 1)th intermediate data block XIr-1, referred to as 115. The inverse operation 117 of the bijective operation Mr-i~ 1 generates the first and second result of the operational system Sr.1 from the intermediate data block 25 XIr-1. The round of operations Rr of the algorithm to be protected is applied to the first result Yr-,1 and a first result 118 of the operational system Sr is 30 obtained, satisfying the following equation: Yr, i=Rr (Yr-i,1) The operation Z, is applied to the second result of the preceding operational system Yr-1,2 and a second result 35 119 is obtained, satisfying the following equation: Yr, 2=Zv (Yr-1, 2) WO 2007/090961 - 20 - PCT/FR2007/000222 Now, this second result Yr-,2 corresponds to the second result of the first operational system Y 1
,
2 . In fact, in the case where the operations 12,..., Ir-1 are considered to be the identity operation, it has not been 5 transformed by the various operational systems that have succeeded the first operational system. Hence, it is possible to write: Yr, 2 =Zv(V(X) 10 In the case where the operations 12,..., Ir-i are different from the identity operation, this last equation is no longer satisfied. But, in this case, the function V is advantageously chosen so as to generate 15 the value zero for the value associated with the determinate value V(X), i.e. for the value which results from the transformations of V(X) in the various additional operational systems. 20 Next, the first and second results are finally combined to generate an r-th intermediate data block 120 XIr. This last intermediate data block satisfies the following equation: XIr=Yr, i+Yr, 2 25 In a general case, a minimum number of repetitions of different versions of the algorithm to be protected according to an embodiment of the present invention is determined depending on the defined probability value 30 with which the operation V generates the determinate value v. Hence, for example, if the defined probability value is equal to 2/3, the application of the set of successive 35 operational systems respectively associated with the set of cryptographic operations of the algorithm, as defined above, should be repeated at least three times so as to be able to determine after execution that data WO 2007/090961 - 21 - PCT/FR2007/000222 block among the last intermediate data blocks obtained which corresponds to the encrypted data block according to the initial algorithm to be protected, i.e. that which corresponds to the data block Yr. The set of 5 successive operational systems of each of the applications satisfies the characteristics described according to an embodiment of the present invention, but these sets of operational systems may differ from each other at each new application. They may in 10 particular be based on different random operations and different bijective operations. Thanks to the measures described in the preceding sections, when the function V is introduced in the 15 first operational system and the function Zv is introduced in the last operational system, no piece of data accessible to a potential attacker provides information about the intermediate output data corresponding to the direct execution of the algorithm 20 to be protected. The following sections describe a particular case of the application of the present invention in which the data block encrypted according to the algorithm to be 25 protected is determined by executing the method of execution according to an embodiment of the present invention a single time. When placed in the finite body GF(2), any polynomial P 30 can take only two values, either 0 or 1. It is possible to choose: V(X)=(P(X)+vi..., P(X)+vm) Hence, V(X) can assume only two different values, either: 35 v=(vi,..., vn) ; or v ' = (vi+1, ... , v'+1).
WO 2007/090961 - 22 - PCT/FR2007/000222 In such a context, if the function Z, assumes the value 0 at the values v and v', then a single iteration of the execution of the algorithm to be protected according to an embodiment of the present invention 5 suffices to obtain the data block encrypted according to said algorithm.

Claims (12)

1. Method for carrying out a cryptographic calculation in an electronic component, according to a specified 5 cryptographic algorithm including at least a first and a second cryptographic operation, said algorithm being designed to generate an encrypted data block from an initial data block; said method comprising the following steps: 10 (a) applying a first operational system to the initial data block and obtaining a first intermediate data block, said first operational system corresponding to a combination of at least the first cryptographic operation, a first random operation that generates a 15 determinate value with a defined probability value, a second random operation, and a bijective operation; (b) applying a second operational system to the intermediate data block generated in the preceding step and obtaining a second intermediate data block, said 20 second operational system corresponding to a combination of at least the inverse operation of the bijective operation of the preceding operational system, the second cryptographic operation, and an operation that generates the value zero for a value 25 associated with said determinate value; (c) repeating the steps (a) and (b) N times, N being an integer determined depending on said defined probability value; and (d) determining the encrypted data block from the 30 second intermediate data block(s) depending on the defined probability value.
2. Method for carrying out a cryptographic calculation according to Claim 1, in which the application of the 35 first operational system corresponds to the application in combination of: WO 2007/090961 - 24 - PCT/FR2007/000222 - the first cryptographic operation generating a first result of the first operational system from the initial data block; - the first random operation generating a second 5 result of the first operational system from the initial data block; - the second random operation generating a third result of the first operational system from the initial data block; and 10 - the bijective operation generating the first intermediate data block from the first, second and third results of the first operational system; and in which the application of the second operational system corresponds to the application in combination 15 of: - the inverse operation of the bijective operation of the preceding operational system generating, from the intermediate data block obtained by the preceding operational system, said first and second results of 20 the preceding operational system; - the second cryptographic operation generating a first result of the second operational system from the first result of the preceding operational system; - the operation that generates the value zero for 25 a value associated with the determinate value from the second result of the preceding operational system, hence generating a second result of the second operational system; and - an addition of the first and the second result 30 of the second operational system generating the second intermediate data block.
3. Method for carrying out a cryptographic calculation according to Claim 1 or 2, in which each piece of data 35 in the first and the second intermediate data blocks may be obtained in polynomial form from data of the initial data block and data of the intermediate data block respectively. WO 2007/090961 - 25 - PCT/FR2007/000222
4. Method for carrying out a cryptographic calculation according to Claim 1 or 2, in which the first and second operational systems are applied in the form of 5 tables of values to the initial data block and to the first intermediate data block respectively.
5. Method for carrying out a cryptographic calculation according to any one of the preceding claims, in which 10 the first random operation, which generates a determinate value with a defined probability value, is carried out in a finite mathematical space in which it generates at most one determinate set of values; and in which the operation that provides the value zero for a 15 value associated with said determinate value also generates the value zero for the values of said set that are different from said determinate value.
6. Method for carrying out a cryptographic calculation 20 according to any one of the preceding claims, furthermore comprising, when the algorithm includes a set of K additional cryptographic operation(s) between the first and second cryptographic operations, K being a positive integer, the following step between the step 25 (a) and the step (b): - applying a number K of successive additional operational system(s) respectively associated with said set of additional cryptographic operation(s), each additional operational system generating an additional 30 intermediate data block from the intermediate data block generated by the preceding operational system; - in which each additional operational system corresponds to a combination of at least the inverse operation of the bijective operation of the preceding 35 operational system, the additional cryptographic operation associated with said additional operational system, an additional operation, a random operation and a bijective operation. WO 2007/090961 - 26 - PCT/FR2007/000222
7. Method for carrying out a cryptographic calculation according to Claim 6, in which each additional operational system corresponds to the application in combination of: 5 - the inverse operation of the bijective operation of the preceding operational system, generating, from the intermediate data block provided by the preceding operational system, the first, second and third results of the preceding operational system; 10 - the additional cryptographic operation generating a first result of the additional operational system from the first result of the preceding operational system; - the additional operation generating a second 15 result of the additional operational system from the second result of the preceding operational system; - the random operation generating a third result of the additional operational system from at least one of the first, second and third results of the preceding 20 operational system; and - a bijective operation generating the additional intermediate data block from the first, second and third results of the additional operational system. 25
8. Method for carrying out a cryptographic calculation according to claim 7, in which the additional operation is an identity operation and in which the value associated with the determinate value is equal to the determinate value. 30
9. Electronic component for carrying out a cryptographic calculation according to a cryptographic algorithm including at least a first and a second cryptographic operation, said algorithm being designed 35 to generate an encrypted data block from an initial data block, said component comprising: - first means for applying a first operational system to the initial data block and generating a first WO 2007/090961 - 27 - PCT/FR2007/000222 intermediate data block, said first operational system corresponding to a combination of at least the first cryptographic operation, a first random operation that generates a determinate value with a defined 5 probability value, a second random operation, and a bijective operation; - second means for applying a second operational system to the intermediate data block generated by the preceding means and generating a second intermediate 10 data block, said second operational system corresponding to a combination of at least an inverse operation of the bijective operation of the preceding means, the second cryptographic operation, and an operation that generates the value zero for a value 15 associated with said determinate value; - means for repeating the application of the first and second operational systems N times, N being an integer determined depending on said defined probability value; and 20 - means for determining the encrypted data block from the second intermediate data block(s) depending on the defined probability value.
10. Electronic component for carrying out a 25 cryptographic calculation according to Claim 9, in which at least one of the first random operation, the second random operation and the bijective operation differs at each repetition of the first and second operational systems. 30
11. Method substantially as herein described with reference to one or more of the drawings.
12. Electronic component substantially as herein 35 described with reference to one or more of the drawings.
AU2007213585A 2006-02-08 2007-02-07 Protection of a cryptographic algorithm Ceased AU2007213585B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0601135A FR2897216B1 (en) 2006-02-08 2006-02-08 PROTECTION OF CRYPTOGRAPHIC ALGORITHM
FR0601135 2006-02-08
PCT/FR2007/000222 WO2007090961A1 (en) 2006-02-08 2007-02-07 Protection of a cryptographic algorithm

Publications (2)

Publication Number Publication Date
AU2007213585A1 AU2007213585A1 (en) 2007-08-16
AU2007213585B2 true AU2007213585B2 (en) 2011-02-03

Family

ID=37620240

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2007213585A Ceased AU2007213585B2 (en) 2006-02-08 2007-02-07 Protection of a cryptographic algorithm

Country Status (6)

Country Link
EP (1) EP1982461B1 (en)
AT (1) ATE525825T1 (en)
AU (1) AU2007213585B2 (en)
ES (1) ES2373334T3 (en)
FR (1) FR2897216B1 (en)
WO (1) WO2007090961A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2966953B1 (en) * 2010-11-02 2015-08-28 St Microelectronics Rousset METHOD OF CRYPTOGRAPHIC COUNTERPRESSION BY DERIVATION OF SECRET DATA
DE102014016548A1 (en) * 2014-11-10 2016-05-12 Giesecke & Devrient Gmbh Method for testing and hardening software applications

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2776445A1 (en) * 1998-03-17 1999-09-24 Schlumberger Ind Sa Cryptographic algorithm security technique
GB2345229A (en) * 1998-12-23 2000-06-28 Motorola Ltd Encryption system resists differential power analysis attacks
US6327661B1 (en) * 1998-06-03 2001-12-04 Cryptography Research, Inc. Using unpredictable information to minimize leakage from smartcards and other cryptosystems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2776445A1 (en) * 1998-03-17 1999-09-24 Schlumberger Ind Sa Cryptographic algorithm security technique
US6327661B1 (en) * 1998-06-03 2001-12-04 Cryptography Research, Inc. Using unpredictable information to minimize leakage from smartcards and other cryptosystems
GB2345229A (en) * 1998-12-23 2000-06-28 Motorola Ltd Encryption system resists differential power analysis attacks

Also Published As

Publication number Publication date
ES2373334T3 (en) 2012-02-02
ATE525825T1 (en) 2011-10-15
FR2897216A1 (en) 2007-08-10
EP1982461A1 (en) 2008-10-22
EP1982461B1 (en) 2011-09-21
AU2007213585A1 (en) 2007-08-16
FR2897216B1 (en) 2008-05-02
WO2007090961A1 (en) 2007-08-16

Similar Documents

Publication Publication Date Title
Wyseur et al. Cryptanalysis of white-box DES implementations with arbitrary external encodings
US8199909B2 (en) Method and device for carrying out a cryptographic calculation
JP5688528B2 (en) White-box cryptosystem using input-dependent encoding
US8966279B2 (en) Securing the implementation of a cryptographic process using key expansion
US8504845B2 (en) Protecting states of a cryptographic process using group automorphisms
US9189425B2 (en) Protecting look up tables by mixing code and operations
US8605894B2 (en) Cryptographic process execution protecting an input value against attacks
EP2293487A1 (en) A method of diversification of a round function of an encryption algorithm
AU2011292312B2 (en) Apparatus and method for block cipher process for insecure environments
Lee et al. A masked white-box cryptographic implementation for protecting against differential computation analysis
CN105359450B (en) Tamper resistant cryptographic algorithm implementation
US8675866B2 (en) Multiplicative splits to protect cipher keys
US8718280B2 (en) Securing keys of a cipher using properties of the cipher process
JP2004533630A (en) Secure cryptography and components using this cryptography
Grosso et al. Efficient masked S-boxes processing–a step forward–
US9692592B2 (en) Using state reordering to protect against white box attacks
US8699702B2 (en) Securing cryptographic process keys using internal structures
JP2008516502A (en) Method and apparatus for automatically generating a cryptographic set of instructions and code generation
Coron et al. High order masking of look-up tables with common shares
Lepoint et al. Another nail in the coffin of white-box AES implementations
EP3078154B1 (en) A computing device for iterative application of table networks
AU2007213585B2 (en) Protection of a cryptographic algorithm
CN115730296A (en) Secure execution of cryptographic processes
AU2018374489B2 (en) Method for protecting a source of entropy used in countermeasures securing a whitebox cryptographic algorithm
McMillion et al. Attacking white-box AES constructions

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)
MK14 Patent ceased section 143(a) (annual fees not paid) or expired