CN103441843A - Method and device for obtaining private key elements of RSA algorithm - Google Patents
Method and device for obtaining private key elements of RSA algorithm Download PDFInfo
- Publication number
- CN103441843A CN103441843A CN2013103183688A CN201310318368A CN103441843A CN 103441843 A CN103441843 A CN 103441843A CN 2013103183688 A CN2013103183688 A CN 2013103183688A CN 201310318368 A CN201310318368 A CN 201310318368A CN 103441843 A CN103441843 A CN 103441843A
- Authority
- CN
- China
- Prior art keywords
- power consumption
- bit
- value
- half part
- consumption curve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000012360 testing method Methods 0.000 claims abstract description 209
- 230000000052 comparative effect Effects 0.000 claims description 11
- 238000012986 modification Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 8
- 238000012423 maintenance Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 12
- 206010021703 Indifference Diseases 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 239000000047 product Substances 0.000 description 3
- 239000012467 final product Substances 0.000 description 2
- 230000003321 amplification Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Tests Of Electronic Circuits (AREA)
Abstract
The embodiment of the invention discloses a method and device for obtaining private key elements of an RSA algorithm of a security chip. The method for obtaining the private key elements of the RSA algorithm comprises the steps of setting test codes; testing whether the private key elements of the RSA algorithm of the tested security chip can be obtained or not by setting different data for the test codes; when the private key elements of the RSA algorithm of the tested security chip can be obtained, setting the preset data for the test codes; setting values of all bits of the half lower portion according to the preset data in the test codes, and after setting of the values of all the bits of the half lower portion is finished, using the data of the half lower portion as one private key element of the RSA algorithm of the tested security chip. The device for obtaining the private key elements of the RSA algorithm comprises a setting unit, a testing unit, a presetting unit, a first determining unit, a second determining unit and a third determining unit. By the adoption of the method and device, the private key elements of the RSA algorithm of the security chip can be effectively obtained.
Description
Technical field
The present invention relates to the safety certification field, relate in particular to RSA Algorithm private key element acquisition methods and the RSA Algorithm private key element deriving means of safety chip.
Background technology
RSA Algorithm is a kind of asymmetric cryptographic algorithm, at first this algorithm selects two prime numbers as two RSA Algorithm private key elements, then the key pair that uses two RSA Algorithm private key Element generations to comprise PKI and private key, when the PKI of use cipher key pair is encrypted data, only have and use private key could the data after encrypting be decrypted, same, when the private key of use cipher key pair is signed to data, only use public-key and could the data after signature be authenticated.
Along with the development of technology, RSA Algorithm is used widely, and the various safety chips that can realize RSA Algorithm occurred.Safety chip based on realizing RSA Algorithm, the technical staff has designed the safety products such as smart card and intelligent code key, and various safety products also have been widely used in the every field such as finance, communication, social security, traffic.Due to extensive use of safety chip, its safety issue is also more come also more to come into one's own.For the fail safe of the safety products such as testing smart card, especially safety chip is realized the fail safe of RSA Algorithm process, and people have used various methods to obtain the RSA Algorithm private key of safety chip.
The inventor is to finding after prior art research, the simplest method of RSA Algorithm private key of obtaining safety chip is exactly to obtain the RSA Algorithm private key element of the RSA Algorithm private key that generates safety chip, and then according to the RSA Algorithm private key of RSA Algorithm private key Element generation safety chip.But existing method all can not meet the demand of the RSA Algorithm private key element that obtains safety chip.
Summary of the invention
The embodiment of the present invention provides RSA Algorithm private key element acquisition methods and RSA Algorithm private key element deriving means, all can not meet the problem of the RSA Algorithm private key element demand of obtaining safety chip to solve existing method.
First aspect, the embodiment of the present invention provides a kind of RSA Algorithm private key element acquisition methods, and the method comprises:
Test patterns is set, and it is long that the bit length of described test patterns equals the bit of RSA PKI mould of tested safety chip, and described test patterns is comprised of height half part and low half part of bit appearance etc., and the bit of described low half part is long is t; By for described test patterns, different data being set, whether the RSA Algorithm private key element of testing described tested safety chip can obtain; When the RSA Algorithm private key element of described tested core can obtain, for described test patterns arranges preset data; According to the described preset data in described test patterns, the described low partly value of the t-1 bit of part is arranged; After described value setting of hanging down the t-1 bit of half part completes, according to the value to described low half part i bit, the data in rear described test patterns are set, the described low partly value of the i-1 bit of part is arranged, wherein i belongs to [2, t-1]; After the value setting of other bits of described low half part except the 0th bit completes, according to the data in described test patterns, value to described low half part the 0th bit is arranged, after the value setting of described low half part the 0th bit completes, the data in described low half part are a RSA Algorithm private key element of tested safety chip.
In conjunction with first aspect, in the first in possible implementation,
Described by for described test patterns, different data being set, whether the RSA Algorithm private key element of testing described tested safety chip can obtain, comprise: the value of the t bit of described test patterns is set to preset value, and the value of the 0th bit is set to 1, and the value of all the other all bits is set to 0; The first power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing; After obtaining the first power consumption curve, keep the value of all bits of described height half part constant, the value of the low all bits of half part is set to 1; The second power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing; More described the first power consumption curve with described the second power consumption curve in power consumption and whether consistent on the time.
The possible implementation in conjunction with the first of first aspect, at the second in possible implementation,
When the described private key of the RSA Algorithm when described tested core element can obtain, for described test patterns arranges preset data, be specially: when described the first power consumption curve and described the second power consumption curve in power consumption and when consistent on the time, keep the value of described height half part constant, the value of the described low all bits of half part is set to 0; Described according to the described preset data in described test patterns, the described low partly value of the t-1 bit of part is arranged, comprising: keep the value of other bit in described test patterns constant, the value of described low half part t-1 bit is revised as to 1; The 3rd power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing; More described the first power consumption curve with described the 3rd power consumption curve in power consumption and whether consistent on the time; When described the first power consumption curve and described the 3rd power consumption curve in power consumption and when consistent on the time, the value of described low half part t-1 bit is set to 1, perhaps, when described the first power consumption curve and described the 3rd power consumption curve, in power consumption or when inconsistent on the time, the value of described low half part t-1 bit is set to 0.
The possible implementation in conjunction with the first of first aspect, at the third in possible implementation,
Described basis arranges the data in rear described test patterns to the value of described low half part i bit, the described low partly value of the i-1 bit of part is arranged, comprise: keep value to the i bit that the value of other bits in rear described test patterns is set constant, the value of the i-1 bit of described low half part is set to 1; The 4th power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing; More described the first power consumption curve with described the 4th power consumption curve in power consumption and whether consistent on the time; When described the first power consumption curve and the 4th power consumption curve in power consumption and when consistent on the time, the value of the i-1 bit of described low half part is set to 1, perhaps, when described the first power consumption curve and described the 4th power consumption curve, in power consumption or when inconsistent on the time, the value of the i-1 bit of described low half part is set to 0.
The possible implementation in conjunction with the first of first aspect, in the 4th kind of possible implementation,
Described according to the data in described test patterns, value to described low half part the 0th bit is arranged, comprise: after the value setting of other bits of described low half part except the 0th bit completes, the 5th power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing; More described the first power consumption curve with described the 5th power consumption curve in power consumption and whether consistent on the time; When described the first power consumption curve and described the 5th power consumption curve, in power consumption and when consistent on the time, the value of the 0th bit of low half part is set to 1.
Second aspect, the embodiment of the present invention also provides a kind of RSA Algorithm private key element deriving means, and this device comprises:
Setting unit, for test patterns is set, it is long that the bit length of described test patterns equals the bit of RSA PKI mould of tested safety chip, and described test patterns is comprised of height half part and low half part of bit appearance etc., and the bit of described low half part is long is t; Test cell, for by for the described test patterns of described setting unit setting arranges different data, whether the RSA Algorithm private key element of testing described tested safety chip can obtain; Default unit, for the test when through described test cell, when the RSA Algorithm private key element of described tested core can obtain, for described test patterns arranges preset data; The first determining unit, the described preset data of presetting for the described default unit according to described test patterns, arranged the described low partly value of the t-1 bit of part; The second determining unit, after in described the first determining unit, the value setting of the t-1 bit of described low half part being completed, according to the value to described low half part i bit, the data in rear described test patterns are set, the described low partly value of the i-1 bit of part is arranged, wherein i belongs to [2, t-1]; The 3rd determining unit, after in described the second determining unit, the value setting of other bits of described low half part except the 0th bit being completed, according to the data in described test patterns, value to described low half part the 0th bit is arranged, after the value setting of described low half part the 0th bit completes, the data in described low half part are a RSA Algorithm private key element of tested safety chip.
In conjunction with second aspect, in the first, in possible implementation, described test cell comprises:
First arranges subelement, for the value of the t bit of described test patterns, is set to preset value, and the value of the 0th bit is set to 1, and the value of all the other all bits is set to 0; First generates subelement, the first power consumption curve while for obtaining described tested safety chip, the data of the first generation subelement setting described in described test patterns being carried out to computing; Second arranges subelement, after at described the first generation subelement, obtaining the first power consumption curve, keeps the value of all bits of described height half part constant, and the value of the low all bits of half part is set to 1; Second generates subelement, the second power consumption curve while for obtaining described tested safety chip, the data of the second generation subelement setting described in described test patterns being carried out to computing; First compares subelement, for the more described first described the first power consumption curve and described second that generates the subelement generation, generates the described second power consumption curve of subelement generation in power consumption and whether consistent on the time.
The possible implementation in conjunction with the first of second aspect, at the second in possible implementation,
Described default unit, specifically for when described the first power consumption curve and described the second power consumption curve in power consumption and when consistent on the time, keep the value of described height half part constant, the value of the described low all bits of half part is set to 0;
Described the first determining unit comprises: first revises subelement, constant for the value that keeps described other bit of test patterns, and the value of described low half part t-1 bit is revised as to 1; The 3rd generates subelement, for obtain described tested safety chip to described test patterns the 3rd power consumption curve when the amended data of the first modification subelement are carried out computing; Second compares subelement, for the more described first described the first power consumption curve and the described the 3rd that generates the subelement generation, generates described the 3rd power consumption curve of subelement generation in power consumption and whether consistent on the time; First determines subelement, for according to the described second comparative result that compares subelement, the described low partly value of the t-1 bit of part being arranged, when described the first power consumption curve and described the 3rd power consumption curve in power consumption and when consistent on the time, the value of described low half part t-1 bit is set to 1, perhaps, when described the first power consumption curve and described the 3rd power consumption curve, in power consumption or when inconsistent on the time, the value of described low half part t-1 bit is set to 0.
The possible implementation in conjunction with the first of second aspect, at the third, in possible implementation, described the second determining unit comprises:
Second revises subelement, after completing for the value setting of the t-1 bit to described low half part, keep value to the i bit that the value of other bits in rear described test patterns is set constant, the value of the i-1 bit of described low half part is set to 1, wherein i belongs to [2, t-1]; The 4th generates subelement, for obtain described tested safety chip to described test patterns the 4th power consumption curve when the amended data of the second modification subelement are carried out computing; The 3rd compares subelement, for the more described first described the first power consumption curve and the described the 4th that generates the subelement generation, generates described the 4th power consumption curve of subelement generation in power consumption and whether consistent on the time; Second determines subelement, for according to the described the 3rd comparative result that compares subelement, the described low partly value of the i-1 bit of part being arranged, when described the first power consumption curve and the 4th power consumption curve in power consumption and when consistent on the time, the value of the i-1 bit of described low half part is set to 1, perhaps, when described the first power consumption curve and described the 4th power consumption curve, in power consumption or when inconsistent on the time, the value of the i-1 bit of described low half part is set to 0.
The possible implementation in conjunction with the first of second aspect, in the 4th kind of possible implementation, described the 3rd determining unit comprises:
The 5th generates subelement, after completing for the value setting at other bits of described low half part except the 0th bit, and the 5th power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing; The 4th compares subelement, for the more described first described the first power consumption curve and the described the 5th that generates the subelement generation, generates described the 5th power consumption curve of subelement generation in power consumption and whether consistent on the time; The 3rd determines subelement, for according to the described the 4th comparative result that compares subelement, the described low partly value of the 0th bit of part being arranged, when described the first power consumption curve and described the 5th power consumption curve, in power consumption and when consistent on the time, the value of the 0th bit of low half part is set to 1.
Compared with prior art, the RSA Algorithm private key element acquisition methods that the embodiment of the present invention provides and RSA Algorithm private key element deriving means, can effectively obtain the RSA Algorithm private key element of safety chip, can meet the demand of obtaining RSA Algorithm private key element, for the RSA Algorithm private key that generates safety chip provides condition.
The accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will the accompanying drawing of required use in embodiment be briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.Shown in accompanying drawing, above-mentioned and other purpose of the present invention, Characteristics and advantages will be more clear.In whole accompanying drawings, identical Reference numeral is indicated identical part.Deliberately by actual size equal proportion convergent-divergent, do not draw accompanying drawing, focus on illustrating purport of the present invention.
The flow chart that Fig. 1 is an embodiment of RSA Algorithm private key element acquisition methods of the present invention;
The flow chart that Fig. 2 is another embodiment of RSA Algorithm private key element acquisition methods of the present invention;
The embodiment block diagram that Fig. 3 is RSA Algorithm private key element deriving means of the present invention;
The embodiment block diagram that Fig. 4 is RSA Algorithm private key element deriving means test cell of the present invention;
The embodiment block diagram that Fig. 5 is RSA Algorithm private key element deriving means of the present invention the first determining unit;
The embodiment block diagram that Fig. 6 is RSA Algorithm private key element deriving means of the present invention the second determining unit;
The embodiment block diagram that Fig. 7 is RSA Algorithm private key element deriving means of the present invention the 3rd determining unit.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out to clear, complete description, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment obtained, belong to the scope of protection of the invention.
Secondly, the present invention is described in detail in conjunction with schematic diagram, when the embodiment of the present invention is described in detail in detail; for ease of explanation; the profile of indication device structure can be disobeyed general ratio and be done local the amplification, and described schematic diagram is example, and it should not limit the scope of protection of the invention at this.The three-dimensional space that in actual fabrication, should comprise in addition, length, width and the degree of depth.
Referring to Fig. 1, be the flow chart of an embodiment of RSA Algorithm private key element acquisition methods of the present invention, the method comprises the steps:
Obtain safety chip, i.e. the RSA Algorithm private key element of tested safety chip, at first need, according to the bit length of the RSA PKI mould of tested safety chip, a test patterns is set, and this test patterns can mean with C.Test patterns C can be the memory space of a regular length, it is long that the bit length of test patterns C equals the bit of RSA PKI mould, the long bit for RSA PKI mould of bit that is memory space is long, because the bit long of RSA PKI key mould in actual use is generally even number, test patterns C is comprised of the contour half part CH of bit appearance and low half part CL, i.e. C=CH||CL.The value of each bit of test patterns C can be arranged as required or be revised, by the data in test patterns C, arranged, finally obtain RSA Algorithm private key element, the data that the data setting in test patterns C is being kept in memory space are arranged.
Because the bit of RSA PKI mould is long, it is even number, the bit length of RSA PKI mould can mean by 2t, when the bit length of RSA PKI mould is 2t, the height half part CH of test patterns C is t with the bit length of low half part CL, each bit of high half part CH can be labeled as from high to low 2t-1,2t-2 ..., t; Each bit of low half part CL can be labeled as from high to low t-1, t-2 ..., 0; The highest-order bit of high half part CH is the 2t-1 bit, and the lowest bit position of high half part CH is the t bit, and the highest-order bit of low half part CL is the t-1 bit, and the lowest bit position of low half part CL is the 0th bit; The first RSA Algorithm private key element p or the second RSA Algorithm private key element q bit length are also t usually, thus be the bit of the chip modulus m that carries out RSA-test patterns CRT modulo operation long be also t.For example, when the bit length of RSA PKI mould is 1024 bit, high half part CH is also that 512, m is also that 512 bits are long with the bit length that the bit length of hanging down half part CL is 512, the first RSA Algorithm private key element p or the second RSA Algorithm private key element q.
Use method of the present invention to obtain RSA Algorithm private key element, when during precondition, chip is signed at data decryption or to data, will carry out direct modulo operation.Therefore at first to judge that whether safety chip carries out modulo operation when carrying out data signature or deciphering, obtains RSA Algorithm private key element when comprising modulo operation again.Due to tested safety chip, data are signed or decrypted packet when the modulo operation, whether carry out the relation that the delivery process depends on input data and modulus m, when the input data are more than or equal to m, need execution delivery process; When the input data are less than m, without carrying out the delivery process.Therefore can, by setting two different values, whether carry out the delivery process while according to tested safety chip, these two different values being processed and judge.
When whether the RSA Algorithm private key element of the tested safety chip of test can obtain, at first for test patterns C, a preset value is set.When for test patterns C, preset value being set, can be arranged respectively height half part CH and low half part CL.
In the ordinary course of things the value of the t bit of test patterns C is made as to 0, and then the value that other bits are set tested, specifically, the value of all bits of height half part CH of test patterns C is set to 0; And the value that will hang down the 0th bit of half part CL is made as 1, the value of other bits of low half part CL all is made as 0,, the value of the 0th bit of test patterns C is made as to 1 that is, and the value of all the other bits all is set to 0.After for test patterns C, setting up preset value, the data in test patterns C can be designated as C1.
Data C1 in test patterns C is input in tested safety chip as the input data, tested safety chip can carry out computing according to the input data, the first power consumption curve when by the energy spectrometer instrument, obtaining tested safety chip and carry out computing, this first power consumption curve can be designated as TraceL.
After obtaining the first power consumption curve, keep the value of high half part CH in test patterns C constant, and the value of the low all bits of half part CL is set to 1, now the data in test patterns C can be designated as C2; Data C2 in test patterns C is input in tested safety chip as the input data, the second power consumption curve when by the energy spectrometer instrument, obtaining tested safety chip and carry out computing, this second power consumption curve can be designated as TraceH.
The information such as the power consumption curve got due to the energy spectrometer instrument has embodied tested safety chip when the input data are processed required time, power consumption, so TraceL and obtain TraceH and embodied time or the power consumption that tested safety chip consumes when C1, two different data of C2 are processed.Therefore by contrast TraceL and TraceH.Can know chip power consumption or temporal difference when processing two different input data, according to comparison result, judgement can judge whether the RSA Algorithm private key element of tested safety chip can obtain, if TraceL and TraceH are variant, the RSA Algorithm private key element that this chip is described can obtain, if TraceL and TraceH indifference, can further be tested chip.
Also the value of the t bit of test patterns C can be made as to 1 in the other situation, and then the value that other bits are set is tested, specifically, the value of the t bit of the height of test patterns C half part CH is made as to 1, the value of other bits of high half part CH all is made as 0, and the value that will hang down the 0th bit of half part CL is made as 1, the value of other bits of low half part CL all is made as 0,, the value of the t bit of test patterns C and the 0th bit is made as to 1, and the value of all the other bits all is set to 0.Then use the aforementioned process of obtaining and comparing TraceL and TraceH, according to comparison result, judgement can judge whether the RSA Algorithm private key element of tested safety chip can obtain, if TraceL and TraceH are variant, the RSA Algorithm private key element that this chip is described can obtain, if TraceL and TraceH indifference, can further be tested chip.
When chip is tested, if first the value of the t bit of test patterns C is made as to 1, the test draw TraceL and TraceH indifference as a result the time, the value of the t bit of test patterns C can be made as to 0, and then tested, if still draw the test result of two power consumption curve indifferences, so just the RSA Algorithm private key element of tested safety chip can not obtain, otherwise, if two power consumption curves are variant, can draw the retrievable conclusion of RSA Algorithm private key element of tested safety chip.
Same, when chip is tested, if first the value of the t bit of test patterns C is made as to 0, the test draw TraceL and TraceH indifference as a result the time, the value of the t bit of test patterns C can be made as to 1, and then tested, if still draw the test result of two power consumption curve indifferences, so just the RSA Algorithm private key element of tested safety chip can not obtain, otherwise, two power consumption curves are variant, can draw the retrievable conclusion of RSA Algorithm private key element of tested safety chip.Concrete test process, referring to aforementioned, just repeats no more at this.
At this, it should be noted that, the present invention does not do restriction to the order of obtaining the first power consumption curve TraceL and obtain the second power consumption curve TraceH, can first obtain wherein any one.
When through to the comparison of TraceL and TraceH, determine when variant between the two, illustrate that tested safety chip can carry out modulo operation when data being decrypted or signing, the RSA Algorithm private key element of tested safety chip can obtain.Now can judge the whether retrievable process of tested safety chip RSA Algorithm private key element according to aforementioned, data in test patterns C are arranged, specifically, due to when obtaining TraceL and TraceH, height half part CH is set to a preset value, as TraceL and TraceH, when variant, need to keep the value of high half part CH in test patterns C constant, the value that then will hang down each bit of half part CL all is set to 0.
When chip utilizes Chinese remainder theorem to be accelerated the processing procedure of signature or deciphering, whether carry out the relation that the delivery process depends on input data and modulus m in processing procedure to the input data, therefore can be by input different input data to tested safety chip, then by being to judge whether that delivery judges the magnitude relationship of input data and m, input data by modification, make to input data approximation in m, and then obtain the value of m.
The highest-order bit to low half part CL, when the value of the t-1 bit of test patterns C is arranged, can keep the value of other bits in test patterns C constant, and the value of low half part CL t-1 bit is revised as to 1; The 3rd power consumption curve when obtaining described tested safety chip the data C3 in test patterns C being carried out to computing, the 3rd power consumption curve can be designated as Trace (t).Then relatively the first power consumption curve TraceL with the 3rd power consumption curve Trace (t) in power consumption and whether consistent on the time; Finally according to comparative result, the value to the t-1 bit of low half part CL is arranged, and when TraceL is consistent with Trace (t), the value of the t-1 bit of low half part CL is set to 1; As TraceL and Trace (t), when inconsistent, the value of the t-1 bit of low half part CL is set to 0.
After the value setting to the t-1 bit completes, at first from the height low level that puts in place, successively the remaining bits position except the 0th bit low half part CL is arranged, be set to be designated as the i-1 bit, when the value of i-1 bit is arranged, need to use the value to the i bit that the data in rear test patterns C are set, wherein i belongs to [2, t-1], that is, from the higher bit position to low bit, by bit, the value to low half part CL t-2 bit to the 1 bit is arranged.For example, when the value of the 510th bit in test patterns C is arranged, need to use the value to the 511st bit in test patterns C that the data in rear test patterns C are set.
Specifically: when the i-1 bit to low half part CL is arranged, keep value to the i bit that the value of other bits in rear test patterns C is set constant, the value of the i-1 bit of low half part CL is set to 1; The 4th power consumption curve when then obtaining described tested safety chip the data C4 in test patterns C being carried out to computing, the 4th power consumption curve can be designated as Trace (i); More described TraceL with Trace (i) in power consumption and whether consistent on the time; Finally according to comparative result, the value to the i-1 bit of low half part CL is arranged, when TraceL is consistent with Trace (i), the value of the i-1 bit of low half part CL is set to 1, perhaps, as TraceL and Trace (i), when inconsistent, the value of the current bit of low half part CL is set to 0.
After the value setting of other bits to outside low half part CL the 0th bit completes, value to the 0th bit of low half part CL, while being arranged, when the value of the 0th bit of low half part CL is arranged, at first obtain the 5th power consumption curve of described tested safety chip when in test patterns C, existing data C5 carries out computing, the 5th power consumption curve can be designated as Trace(0); Then compare TraceL and Trace(0) in power consumption and whether consistent on the time; As TraceL and Trace(0) when consistent, the value of the 0th bit of low half part CL is set to 1.After the value setting of low half part CL the 0th bit completes, the data of low half part CL are a RSA Algorithm private key element of tested safety chip.
Can find out from above-described embodiment, adopt method provided by the invention, can effectively obtain the RSA Algorithm private key element of safety chip.
Referring to Fig. 2, be the flow chart of another embodiment of RSA Algorithm private key element acquisition methods of the present invention, this embodiment describes the overall process of obtaining tested safety chip RSA Algorithm private key element in detail.
Can find out from above-described embodiment, adopt method provided by the invention, can effectively obtain the RSA Algorithm private key element of safety chip.
Corresponding with the RSA Algorithm private key element acquisition methods of safety chip of the present invention, the present invention also provides the RSA Algorithm private key element deriving means of safety chip.
Referring to Fig. 3, it is an embodiment block diagram of RSA Algorithm private key element deriving means of the present invention.
This device comprises: setting unit 301, test cell 302, default unit 303, the first determining unit 304, the second determining unit 305, the three determining units 306.
Wherein, described setting unit 301, for test patterns C is set, it is long that the bit length of described test patterns C equals the bit of RSA PKI mould of tested safety chip, described test patterns is comprised of height half part and low half part of bit appearance etc., and the bit of described low half part is long is t.
Obtain the RSA Algorithm private key element of tested safety chip, at first setting unit 301 needs, according to the bit length of the RSA PKI mould of tested safety chip, a test patterns C is set.It is long that the bit length of test patterns C equals the bit of RSA PKI mould, and test patterns C is comprised of the contour half part CH of bit appearance and low half part CL, i.e. C=CH||CL.The value of each bit of test patterns C can be arranged as required or be revised.
Described test cell 302, arrange different data for the described test patterns by arranging for described setting unit 302, and whether the RSA Algorithm private key element of testing described tested safety chip can obtain.
Whether at the RSA Algorithm private key element of the tested safety chip of test can obtain the time, at first test cell 302 is arranged the value of each bit of test patterns C.In the ordinary course of things the value of the t bit of test patterns C is made as to 0, and then the value that other bits are set is tested; When needs are further tested, then the value of the t bit of test patterns C is made as to 0, and then the value that other bits are set is tested; Perhaps, also the value of the t bit of test patterns C can be made as to 1, and then the value that other bits are set is tested; When needs are further tested, then the value of the t bit of test patterns C is made as to 0, and then the value that other bits are set is tested.Concrete test process can, referring to previous embodiment, just repeat no more at this.
Described default unit 303, for the test when through described test cell 302, when the RSA Algorithm private key element of described tested core can obtain, for described test patterns C arranges preset data.
When through the test of test cell 302, and determine when variant between the two to TraceL and TraceH, illustrate that tested safety chip can carry out modulo operation when data being decrypted or signing, the RSA Algorithm private key element of tested safety chip can obtain.Now default unit 303 can judge the whether retrievable process of tested safety chip RSA Algorithm private key element according to aforementioned, data in test patterns C are arranged, specifically, due to when obtaining TraceL and TraceH, CH is set to a preset value, as TraceL and TraceH, when variant, keep the value of high half part CH in test patterns C constant, the value that then will hang down each bit of half part CL all is set to 1.
Described the first determining unit 304, for the default described preset data in described default unit 303 according to described test patterns, arranged the described low partly value of the t-1 bit of part.
When the t-1 bit of the low half part CL of the first 304 pairs of determining units is arranged, can keep the value of other bits in test patterns C constant, the value of low half part CL t-1 bit is revised as to 1; The 3rd power consumption curve when obtaining described tested safety chip the data C3 in test patterns C being carried out to computing; The 3rd power consumption curve can be designated as Trace (t), can more described the first power consumption curve TraceL with described the 3rd power consumption curve Trace (t) in power consumption and whether consistent on the time; When described TraceL is consistent with described Trace (t), the value of the t-1 bit of low half part CL is set to 1; As described TraceL and described Trace (t), when inconsistent, the value of the t-1 bit of low half part CL is set to 0.
Described the second determining unit 305, after in described the first determining unit 304, the value setting of the t-1 bit of described low half part being completed, according to the value to described low half part i bit, the data in rear described test patterns are set, the described low partly value of the i-1 bit of part is arranged, wherein i belongs to [2, t-1].
The second determining unit 305, when the i-1 bit is arranged, keeps value to the i bit that the value of other bits in rear test patterns C is set constant, and the value of the i-1 bit of low half part CL is set to 1; The 4th power consumption curve when obtaining described tested safety chip the data C4 in test patterns C being carried out to computing, the 4th power consumption curve can be designated as Trace (i); More described TraceL with Trace (i) in power consumption and whether consistent on the time; When TraceL is consistent with Trace (i), the value of the i-1 bit of low half part CL is set to 1, or, when TraceL and Trace (i) are inconsistent, the value of hanging down the current bit of half part CL is set to 0.
Described the 3rd determining unit 306, after completing for the value setting according at other bits of 305 pairs of described low half parts of described the second determining unit except the 0th bit, according to the data in described test patterns, value to described low half part the 0th bit is arranged, after the value setting of described low half part the 0th bit completes, the data in described low half part are a RSA Algorithm private key element of tested safety chip.
The 3rd determining unit 306 is after the value setting of other bits to outside low half part CL the 0th bit completes, value to the lowest bit position of low half part CL, the i.e. value of the 0th bit, while being arranged, at first obtain the 5th power consumption curve of described tested safety chip when in test patterns C, existing data C5 carries out computing, the 5th power consumption curve can be designated as Trace (0), relatively TraceL with Trace (0) in power consumption and whether consistent on the time; When TraceL is consistent with Trace (0), the value of the 0th bit of low half part CL is set to 1, after the value setting of low half part CL the 0th bit completes, the data of low half part CL are a RSA Algorithm private key element of tested safety chip.
Need two RSA Algorithm private key elements when encrypting due to RSA Algorithm, two RSA Algorithm private key elements can mean with p and q, because method provided by the invention can be obtained a RSA Algorithm private key element p, so PKI N and e based on known, by calculating N/p(or q), obtain the value of another prime number q; By calculating e about (p-1) and (q-1) contrary, can calculate dp, dq; Finally, by calculating contrary about p of q, obtain complete RSA_CRT key pair.
Can find out from above-described embodiment, adopt safety chip RSA Algorithm private key element deriving means provided by the invention, can effectively obtain a RSA Algorithm private key element of the RSA Algorithm of safety chip.
Referring to Fig. 4, it is an embodiment block diagram of RSA Algorithm private key element deriving means test cell of the present invention.
This test cell comprises: first arranges subelement 401, the first generation subelements 402, the second arranges relatively subelement 405 of subelement 403, the second generation subelements 404, the first.
Wherein, described first arranges subelement 401, for the value of the t bit of described test patterns, is set to preset value, and the value of the 0th bit is set to 1, and the value of all the other all bits is set to 0, and described preset value is 0 or 1.
Described first generates subelement 402, the first power consumption curve TraceL while for obtaining described tested safety chip, the data C1 that described in described test patterns C, the first generation subelement 401 arranges being carried out to computing.
Described second arranges subelement 403, after at described the first generation subelement 402, obtaining the first power consumption curve TraceL, keeps the value of high half part CH constant, and the value of low half each bit of part CL all is set to 1.
Described second generates subelement 404, the second power consumption curve TraceH while for obtaining described tested safety chip, the data C2 that described in described test patterns C, the second generation subelement 403 arranges being carried out to computing.
Described first compares subelement 405, for the more described first described the first power consumption curve TraceL and described second that generates subelement 402 generations, generates the described second power consumption curve TraceH of subelement 404 generations in power consumption and whether consistent on the time.
From above-described embodiment, can find out, the test cell of invention safety chip RSA Algorithm private key element deriving means, can whether obtain and judge the RSA Algorithm private key element of tested safety chip, for obtaining a ready condition of RSA Algorithm private key element of RSA Algorithm.
Referring to Fig. 5, it is an embodiment block diagram of RSA Algorithm private key element deriving means of the present invention the first determining unit.
This first determining unit comprises: first revises subelement 501, the three generates the relatively definite subelement 504 of subelement 503, the first of subelement 502, the second.
Wherein, described first revises subelement 501, constant for the value that keeps described other bits of test patterns C, and the value of described low half part CL t-1 bit is revised as to 1.
The described the 3rd generates subelement 502, for obtain described tested safety chip to described test patterns C the 3rd power consumption curve Trace (t) when the amended data C3 of the first modification subelement 501 carries out computing.
Described second compares subelement 503, for the more described first described the first power consumption curve TraceL and the described the 3rd that generates the subelement generation, generates described the 3rd power consumption curve Trace (t) of subelement 502 generations in power consumption and whether consistent on the time.
Described first determines subelement 504, value for the comparative result according to described the second comparison subelement 503 to the t-1 bit of described low half part CL is arranged, as described the first power consumption curve TraceL and described the 3rd power consumption curve Trace (t) in power consumption and when consistent on the time, the value of described low half part CL t-1 bit is set to 1, perhaps, when described the first power consumption curve and described the 3rd power consumption curve, in power consumption or when inconsistent on the time, the value of described low half part CL t-1 bit is set to 0.
Can find out that from above-described embodiment the first determining unit of invention safety chip RSA Algorithm private key element deriving means can be arranged the value of low half part CL the highest-order bit, for obtaining a ready condition of RSA Algorithm private key element of RSA Algorithm.
Referring to Fig. 6, it is an embodiment block diagram of RSA Algorithm private key element deriving means of the present invention the second determining unit.
This second determining unit comprises: second revises subelement 601, the four generates the relatively definite subelement 604 of subelement 603, the second of subelement 602, the three.
Wherein, second revises subelement 601, after described value setting of hanging down the t-1 bit of half part CL is completed, the value that maintenance arranges other bits in rear described test patterns C to the value of i bit is constant, the value of the i-1 bit of described low half part CL is set to 1, wherein i belongs to [2, t-1].
The 4th generates subelement 602, for obtain described tested safety chip to described test patterns C the 4th power consumption curve Trace (i) when the amended data C4 of the second modification subelement 601 carries out computing.
The 3rd compares subelement 603, for the more described first described the first power consumption curve TraceL and the described the 4th that generates the subelement generation, generates described the 4th power consumption curve Trace (i) of subelement 604 generations in power consumption and whether consistent on the time.
Second determines subelement 604, value for the comparative result according to described the 3rd comparison subelement to the i-1 bit of described low half part CL is arranged, as described the first power consumption curve TraceL and the 4th power consumption curve Trace (i) in power consumption and when consistent on the time, the value of the i-1 bit of described low half part CL is set to 1, perhaps, as described the first power consumption curve TraceL and described the 4th power consumption curve Trace (i), when inconsistent, the value of the i-1 bit of described low half part CL is set to 0.
From above-described embodiment, can find out, the second determining unit of invention safety chip RSA Algorithm private key element deriving means, can the value of low other bits of half part CL except the highest-order bit and lowest bit position be arranged, for obtaining a ready condition of RSA Algorithm private key element of RSA Algorithm.
Referring to Fig. 7, it is an embodiment block diagram of RSA Algorithm private key element deriving means of the present invention the 3rd determining unit.
The 3rd determining unit comprises: the 5th generates the relatively definite subelement 703 of subelement 702, the three of subelement 701, the four.
Wherein, the described the 5th generates subelement 701, after in described the second determining unit, the value setting of described low other bits of half part CL except the 0th bit being completed, the 5th power consumption curve Trace(0 when obtaining described tested safety chip the data C5 in described test patterns C being carried out to computing).
The described the 4th compares subelement 702, for the more described first described the first power consumption curve TraceL and the described the 5th that generates the subelement generation, generates described the 5th power consumption curve Trace(0 that subelement 701 generates) in power consumption and whether consistent on the time.
The described the 3rd determines subelement 703, value for the comparative result according to described the 4th comparison subelement 702 to the 0th bit of described low half part CL is arranged, as described the first power consumption curve TraceL and described the 5th power consumption curve Trace(0) in power consumption and when consistent on the time, the value of the 0th bit of low half part CL is set to 1.
Can find out that from above-described embodiment the 3rd determining unit of invention safety chip RSA Algorithm private key element deriving means can be arranged the value of low half part CL the 0th bit, for obtaining a ready condition of RSA Algorithm private key element of RSA Algorithm.
Those skilled in the art can be well understood to the mode that technology in the embodiment of the present invention can add essential general hardware platform by software and realize.Understanding based on such, the part that technical scheme in the embodiment of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, or the network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and between each embodiment, identical similar part is mutually referring to getting final product, and each embodiment stresses is the difference with other embodiment.Especially, for system embodiment, due to it, substantially similar in appearance to embodiment of the method, so description is fairly simple, relevant part gets final product referring to the part explanation of embodiment of the method.
Above-described embodiment of the present invention, do not form limiting the scope of the present invention.Any modification of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a RSA Algorithm private key element acquisition methods, is characterized in that, described method comprises:
Test patterns is set, and it is long that the bit length of described test patterns equals the bit of RSA PKI mould of tested safety chip, and described test patterns is comprised of height half part and low half part of bit appearance etc., and the bit of described low half part is long is t;
By for described test patterns, different data being set, whether the RSA Algorithm private key element of testing described tested safety chip can obtain;
When the RSA Algorithm private key element of described chip under test can obtain, for described test patterns arranges preset data;
According to the described preset data in described test patterns, the described low partly value of the t-1 bit of part is arranged;
After described value setting of hanging down the t-1 bit of half part completes, according to the value to described low half part i bit, the data in rear described test patterns are set, the described low partly value of the i-1 bit of part is arranged, wherein i belongs to [2, t-1];
After the value setting of other bits of described low half part except the 0th bit completes, according to the data in described test patterns, value to described low half part the 0th bit is arranged, after the value setting of described low half part the 0th bit completes, the data in described low half part are a RSA Algorithm private key element of tested safety chip.
2. the method for claim 1, is characterized in that, described by for described test patterns, different data being set, and whether the RSA Algorithm private key element of testing described tested safety chip can obtain, and comprising:
The value of the t bit of described test patterns is set to preset value, and the value of the 0th bit is set to 1, and the value of all the other all bits is set to 0;
The first power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing;
After obtaining the first power consumption curve, keep the value of all bits of described height half part constant, the value of the low all bits of half part is set to 1;
The second power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing;
More described the first power consumption curve with described the second power consumption curve in power consumption and whether consistent on the time.
3. method as claimed in claim 2, is characterized in that,
When the described private key of the RSA Algorithm when described tested core element can obtain, for described test patterns arranges preset data, be specially:
When described the first power consumption curve and described the second power consumption curve, in power consumption and when consistent on the time, keep the value of described height half part constant, the value of the described low all bits of half part is set to 0;
Described according to the described preset data in described test patterns, the described low partly value of the t-1 bit of part is arranged, comprising:
Keep the value of other bit in described test patterns constant, the value of described low half part t-1 bit is revised as to 1;
The 3rd power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing;
More described the first power consumption curve with described the 3rd power consumption curve in power consumption and whether consistent on the time;
When described the first power consumption curve and described the 3rd power consumption curve in power consumption and when consistent on the time, the value of described low half part t-1 bit is set to 1, perhaps, when described the first power consumption curve and described the 3rd power consumption curve, in power consumption or when inconsistent on the time, the value of described low half part t-1 bit is set to 0.
4. method as claimed in claim 2, is characterized in that, described basis arranges the data in rear described test patterns to the value of described low half part i bit, and the described low partly value of the i-1 bit of part is arranged, and comprising:
The value that maintenance arranges other bits in rear described test patterns to the value of i bit is constant, and the value of the i-1 bit of described low half part is set to 1;
The 4th power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing;
More described the first power consumption curve with described the 4th power consumption curve in power consumption and whether consistent on the time;
When described the first power consumption curve and the 4th power consumption curve in power consumption and when consistent on the time, the value of the i-1 bit of described low half part is set to 1, perhaps, when described the first power consumption curve and described the 4th power consumption curve, in power consumption or when inconsistent on the time, the value of the i-1 bit of described low half part is set to 0.
5. method as claimed in claim 2, is characterized in that, described according to the data in described test patterns, and described value of hanging down half part the 0th bit is arranged, and comprising:
After the value setting of other bits of described low half part except the 0th bit completes, the 5th power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing;
More described the first power consumption curve with described the 5th power consumption curve in power consumption and whether consistent on the time;
When described the first power consumption curve and described the 5th power consumption curve, in power consumption and when consistent on the time, the value of the 0th bit of low half part is set to 1.
6. a RSA Algorithm private key element deriving means, is characterized in that, described device comprises:
Setting unit, for test patterns is set, it is long that the bit length of described test patterns equals the bit of RSA PKI mould of tested safety chip, and described test patterns is comprised of height half part and low half part of bit appearance etc., and the bit of described low half part is long is t;
Test cell, for by for the described test patterns of described setting unit setting arranges different data, whether the RSA Algorithm private key element of testing described tested safety chip can obtain;
Default unit, for the test when through described test cell, when the RSA Algorithm private key element of described tested core can obtain, for described test patterns arranges preset data;
The first determining unit, the described preset data of presetting for the described default unit according to described test patterns, arranged the described low partly value of the t-1 bit of part;
The second determining unit, after in described the first determining unit, the value setting of the t-1 bit of described low half part being completed, according to the value to described low half part i bit, the data in rear described test patterns are set, the described low partly value of the i-1 bit of part is arranged, wherein i belongs to [2, t-1];
The 3rd determining unit, after in described the second determining unit, the value setting of other bits of described low half part except the 0th bit being completed, according to the data in described test patterns, value to described low half part the 0th bit is arranged, after the value setting of described low half part the 0th bit completes, the data in described low half part are a RSA Algorithm private key element of tested safety chip.
7. device as claimed in claim 6, is characterized in that, described test cell comprises:
First arranges subelement, for the value of the t bit of described test patterns, is set to preset value, and the value of the 0th bit is set to 1, and the value of all the other all bits is set to 0;
First generates subelement, the first power consumption curve while for obtaining described tested safety chip, the data of the first generation subelement setting described in described test patterns being carried out to computing;
Second arranges subelement, after at described the first generation subelement, obtaining the first power consumption curve, keeps the value of all bits of described height half part constant, and the value of the low all bits of half part is set to 1;
Second generates subelement, the second power consumption curve while for obtaining described tested safety chip, the data of the second generation subelement setting described in described test patterns being carried out to computing;
First compares subelement, for the more described first described the first power consumption curve and described second that generates the subelement generation, generates the described second power consumption curve of subelement generation in power consumption and whether consistent on the time.
8. device as claimed in claim 7, is characterized in that,
Described default unit, specifically for when described the first power consumption curve and described the second power consumption curve in power consumption and when consistent on the time, keep the value of described height half part constant, the value of the described low all bits of half part is set to 0;
Described the first determining unit comprises:
First revises subelement, constant for the value that keeps described other bit of test patterns, and the value of described low half part t-1 bit is revised as to 1;
The 3rd generates subelement, for obtain described tested safety chip to described test patterns the 3rd power consumption curve when the amended data of the first modification subelement are carried out computing;
Second compares subelement, for the more described first described the first power consumption curve and the described the 3rd that generates the subelement generation, generates described the 3rd power consumption curve of subelement generation in power consumption and whether consistent on the time;
First determines subelement, for according to the described second comparative result that compares subelement, the described low partly value of the t-1 bit of part being arranged, when described the first power consumption curve and described the 3rd power consumption curve in power consumption and when consistent on the time, the value of described low half part t-1 bit is set to 1, perhaps, when described the first power consumption curve and described the 3rd power consumption curve, in power consumption or when inconsistent on the time, the value of described low half part t-1 bit is set to 0.
9. device as claimed in claim 7, is characterized in that, described the second determining unit comprises:
Second revises subelement, after completing for the value setting of the t-1 bit to described low half part, keep value to the i bit that the value of other bits in rear described test patterns is set constant, the value of the i-1 bit of described low half part is set to 1, wherein i belongs to [2, t-1];
The 4th generates subelement, for obtain described tested safety chip to described test patterns the 4th power consumption curve when the amended data of the second modification subelement are carried out computing;
The 3rd compares subelement, for the more described first described the first power consumption curve and the described the 4th that generates the subelement generation, generates described the 4th power consumption curve of subelement generation in power consumption and whether consistent on the time;
Second determines subelement, for according to the described the 3rd comparative result that compares subelement, the described low partly value of the i-1 bit of part being arranged, when described the first power consumption curve and the 4th power consumption curve in power consumption and when consistent on the time, the value of the i-1 bit of described low half part is set to 1, perhaps, when described the first power consumption curve and described the 4th power consumption curve, in power consumption or when inconsistent on the time, the value of the i-1 bit of described low half part is set to 0.
10. device as claimed in claim 7, is characterized in that, described the 3rd determining unit comprises:
The 5th generates subelement, after completing for the value setting at other bits of described low half part except the 0th bit, and the 5th power consumption curve when obtaining described tested safety chip the data in described test patterns being carried out to computing;
The 4th compares subelement, for the more described first described the first power consumption curve and the described the 5th that generates the subelement generation, generates described the 5th power consumption curve of subelement generation in power consumption and whether consistent on the time;
The 3rd determines subelement, for according to the described the 4th comparative result that compares subelement, the described low partly value of the 0th bit of part being arranged, when described the first power consumption curve and described the 5th power consumption curve, in power consumption and when consistent on the time, the value of the 0th bit of low half part is set to 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310318368.8A CN103441843B (en) | 2013-07-26 | 2013-07-26 | RSA Algorithm private key element acquisition methods and acquisition device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310318368.8A CN103441843B (en) | 2013-07-26 | 2013-07-26 | RSA Algorithm private key element acquisition methods and acquisition device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103441843A true CN103441843A (en) | 2013-12-11 |
| CN103441843B CN103441843B (en) | 2016-09-21 |
Family
ID=49695512
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310318368.8A Active CN103441843B (en) | 2013-07-26 | 2013-07-26 | RSA Algorithm private key element acquisition methods and acquisition device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103441843B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030053621A1 (en) * | 2000-01-26 | 2003-03-20 | Olivier Benoit | Modular exponential algorithm in an electronic component using a public key encryption algorithm |
| CN1411644A (en) * | 1999-10-14 | 2003-04-16 | 格姆普拉斯公司 | Countermeasure method in electronic component which uses RSA-type public key cryptographic algorithm |
| CN1835207A (en) * | 2005-03-17 | 2006-09-20 | 联想(北京)有限公司 | Method of preventing energy analysis attack to RSA algorithm |
| CN102983964A (en) * | 2012-12-28 | 2013-03-20 | 大唐微电子技术有限公司 | method and device for improving digital encryption standard resisting differential power analysis |
| CN103067164A (en) * | 2013-01-17 | 2013-04-24 | 北京昆腾微电子有限公司 | Anti-attack method for electronic components using RSA public key encryption algorithm |
-
2013
- 2013-07-26 CN CN201310318368.8A patent/CN103441843B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1411644A (en) * | 1999-10-14 | 2003-04-16 | 格姆普拉斯公司 | Countermeasure method in electronic component which uses RSA-type public key cryptographic algorithm |
| US20030053621A1 (en) * | 2000-01-26 | 2003-03-20 | Olivier Benoit | Modular exponential algorithm in an electronic component using a public key encryption algorithm |
| CN1835207A (en) * | 2005-03-17 | 2006-09-20 | 联想(北京)有限公司 | Method of preventing energy analysis attack to RSA algorithm |
| CN102983964A (en) * | 2012-12-28 | 2013-03-20 | 大唐微电子技术有限公司 | method and device for improving digital encryption standard resisting differential power analysis |
| CN103067164A (en) * | 2013-01-17 | 2013-04-24 | 北京昆腾微电子有限公司 | Anti-attack method for electronic components using RSA public key encryption algorithm |
Non-Patent Citations (1)
| Title |
|---|
| 李志强等: "《差分能量攻击样本选取方法》", 《计算机应用》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103441843B (en) | 2016-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103427997B (en) | A kind of method generating digital signature and device | |
| CN106357701A (en) | Integrity verification method for data in cloud storage | |
| CN107678763A (en) | Electric energy meter upgrade method and system based on digital signature technology | |
| CN102687184B (en) | Act on behalf of computing system, method and agency and calculate trust device | |
| CN101951314B (en) | Design method of S-box in symmetric password encryption | |
| CN109245903A (en) | Both sides cooperate with endorsement method, device and the storage medium for generating SM2 algorithm | |
| CN105045695B (en) | A kind of chip enters guard method and the system of test pattern | |
| CN105162583A (en) | Scatter method and system for single asymmetrical secret key pair, single-stage asymmetrical secret key pair and multistage asymmetrical secret key pair | |
| CN109981265B (en) | Identity-based ciphertext equivalence determination method without using bilinear pairings | |
| CN101969377A (en) | Zero-knowledge identity authentication method and system | |
| CN110505061B (en) | Digital signature algorithm and system | |
| CN110166238A (en) | The generation method and device of quantum key | |
| CN105763333A (en) | Method and system for negotiating asymmetric key | |
| CN109450640A (en) | Two side's endorsement methods and system based on SM2 | |
| CN105956921A (en) | Method and device for selecting bankcard number by user himself/herself | |
| CN102279840B (en) | Method for quickly generating prime number group applicable to information encryption technology | |
| CN105553667A (en) | Dynamic password generating method | |
| CN107104788B (en) | Terminal and non-repudiation encryption signature method and device thereof | |
| CN103326861B (en) | A kind of data are carried out the method for RSA security signature, device and safety chip | |
| CN113434906A (en) | Data query method and device, computer equipment and storage medium | |
| CN110990846A (en) | Information storage method, device and computer readable storage medium | |
| CN104767622B (en) | Encryption method and device | |
| CN103441843A (en) | Method and device for obtaining private key elements of RSA algorithm | |
| CN103580858B (en) | RSA Algorithm private key element acquisition methods and acquisition device | |
| CN104468100A (en) | Improved sliding window modular exponentiation computing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210802 Address after: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing Patentee after: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. Patentee after: CETC (Beijing) information evaluation and Certification Co.,Ltd. Address before: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing Patentee before: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. Patentee before: NO.15 INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240315 Address after: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing Patentee after: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. Country or region after: China Patentee after: NO.15 INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp. Address before: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing Patentee before: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd. Country or region before: China Patentee before: CETC (Beijing) information evaluation and Certification Co.,Ltd. |
|
| TR01 | Transfer of patent right |