CN103441843B - RSA Algorithm private key element acquisition methods and acquisition device - Google Patents

RSA Algorithm private key element acquisition methods and acquisition device Download PDF

Info

Publication number
CN103441843B
CN103441843B CN201310318368.8A CN201310318368A CN103441843B CN 103441843 B CN103441843 B CN 103441843B CN 201310318368 A CN201310318368 A CN 201310318368A CN 103441843 B CN103441843 B CN 103441843B
Authority
CN
China
Prior art keywords
power consumption
value
bit
lower half
consumption profile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310318368.8A
Other languages
Chinese (zh)
Other versions
CN103441843A (en
Inventor
王亚伟
谢蒂
王冠华
李国俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
CETC 15 Research Institute
Original Assignee
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
CETC 15 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HUADA INFOSEC TECHNOLOGY Ltd, CETC 15 Research Institute filed Critical BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Priority to CN201310318368.8A priority Critical patent/CN103441843B/en
Publication of CN103441843A publication Critical patent/CN103441843A/en
Application granted granted Critical
Publication of CN103441843B publication Critical patent/CN103441843B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Tests Of Electronic Circuits (AREA)

Abstract

The embodiment of the invention discloses safety chip RSA Algorithm private key element acquisition methods and acquisition device.Described acquisition methods includes: arrange test patterns;By arranging different data for described test patterns, whether the RSA Algorithm private key element testing described tested safety chip can obtain;When the RSA Algorithm private key element of described tested safety chip can obtain, preset data is set for described test patterns;According to the described preset data in test patterns, the value that described lower half is divided all bits is configured, after described lower half divides the value of all bits to be provided with, the data during described lower half is divided are a RSA Algorithm private key element of tested safety chip.Described acquisition device includes: arranging unit, test cell, preset unit, first determines unit, and second determines unit, and the 3rd determines unit.The method and apparatus using the present invention to provide, can effectively obtain safety chip RSA Algorithm private key element.

Description

RSA Algorithm private key element acquisition methods and acquisition device
Technical field
The present invention relates to safety certification field, particularly relate to RSA Algorithm private key element acquisition methods and the RSA of safety chip Algorithm private key element acquisition device.
Background technology
RSA Algorithm is a kind of asymmetric cryptographic algorithm, and first this algorithm selects two prime numbers as two RSA Algorithm private keys Element, the double secret key then using two RSA Algorithm private key Element generations to comprise PKI and private key, use cipher key pair When data are encrypted by PKI, private key is only used could the data after encryption to be decrypted, same, use close When data are signed by the private key of key centering, PKI is only used could the data after signature to be authenticated.
Along with the development of technology, RSA Algorithm has been used widely, and occurs in that the various peace being capable of RSA Algorithm Full chip.Being based on realizing the safety chip of RSA Algorithm, technical staff devises smart card and intelligent code key etc. Safety product, various safety products have been widely used in the every field such as finance, communication, social security, traffic.Due to Safety chip is the most extensively applied, and its safety issue is the most more come the most more to come into one's own.In order to the safety such as testing smart card are produced The safety of product, especially safety chip realize the safety of RSA Algorithm process, are used various method Obtain the RSA Algorithm private key of safety chip.
Inventor finds after prior art research, and the simplest method of RSA Algorithm private key obtaining safety chip obtains exactly Take the RSA Algorithm private key element of the RSA Algorithm private key generating safety chip, and then according to RSA Algorithm private key Element generation The RSA Algorithm private key of safety chip.But existing method all can not meet the RSA Algorithm private key element obtaining safety chip Demand.
Summary of the invention
Embodiments provide RSA Algorithm private key element acquisition methods and RSA Algorithm private key element acquisition device, with Solve the problem that existing method all can not meet the RSA Algorithm private key element demand obtaining safety chip.
First aspect, embodiments provides a kind of RSA Algorithm private key element acquisition methods, and the method includes:
Arranging test patterns, the bit bit length of described test patterns is equal to the bit bit length of the RSA PKI mould of tested safety chip, Described test patterns is grouped into lower half by height half part that bit length is equal, a length of t of bit that described lower half is divided; By arranging different data for described test patterns, whether the RSA Algorithm private key element testing described tested safety chip may be used Obtain;When the RSA Algorithm private key element of described tested core can obtain, preset data is set for described test patterns;According to Described preset data in described test patterns, is configured the value of the t-1 bit that described lower half is divided;Described After the value of the t-1 bit that lower half is divided is provided with, after the value of described lower half point ith bit position is arranged Data in described test patterns, the value of the i-th-1 bit dividing described lower half is configured, and wherein i belongs to [2,t-1];After described lower half divides the value of other bits in addition to the 0th bit to be provided with, according to described survey Data in examination code, divide described lower half the value of the 0th bit to be configured, divide the 0th bit in described lower half Value be provided with after, the data during described lower half is divided are a RSA Algorithm private key element of tested safety chip.
In conjunction with first aspect, in the implementation that the first is possible,
Described by arranging different data for described test patterns, test the RSA Algorithm private key unit of described tested safety chip Whether element can obtain, including: the value of the t bit of described test patterns is set to preset value, the value of the 0th bit Being set to 1, the value of remaining all bit is set to 0;Obtain described tested safety chip to the data in described test patterns Carry out the first power consumption profile during computing;After obtaining the first power consumption profile, keep the described high half all bits of part It is worth constant, lower half is divided the value of all bits be set to 1;Obtain described tested safety chip in described test patterns The data the second power consumption profile when carrying out computing;Relatively described first power consumption profile and described second power consumption profile are in power consumption And it is the most consistent on the time.
In conjunction with the first possible implementation of first aspect, in the implementation that the second is possible,
Described when the RSA Algorithm private key element of described tested core can obtain, preset data is set for described test patterns, tool Body is: when described first power consumption profile and described second power consumption profile power consumption and on the time consistent time, keep described height half The value of part is constant, and the value that described lower half divides all bits is set to 0;Described according to the institute in described test patterns State preset data, the value of the t-1 bit that described lower half is divided is configured, including: keep in described test patterns The value of other bit is constant, divides the value of t-1 bit to be revised as 1 described lower half;Obtain described tested safety Chip carries out the 3rd power consumption profile during computing to the data in described test patterns;Relatively described first power consumption profile is with described 3rd power consumption profile power consumption and on the time the most consistent;When described first power consumption profile and described 3rd power consumption profile are in merit Consumption and the time upper the most consistent time, described lower half is divided the value of t-1 bit be set to 1, or, when described first merit Consumption curve and described 3rd power consumption profile power consumption or on the time inconsistent time, divide t-1 bit by described lower half Value is set to 0.
In conjunction with the first possible implementation of first aspect, in the implementation that the third is possible,
Described basis arranges the data in rear described test patterns to the value of described lower half point ith bit position, to described low by half The value of the i-th-1 bit of part is configured, including: after keeping the value of ith bit position is arranged in described test patterns The value of other bits is constant, and the value of the i-th-1 bit described lower half divided is set to 1;Obtain described tested peace Full chip carries out the 4th power consumption profile during computing to the data in described test patterns;Relatively described first power consumption profile and institute State the 4th power consumption profile power consumption and on the time the most consistent;When described first power consumption profile and the 4th power consumption profile are in power consumption And the time upper the most consistent time, the value of the i-th-1 bit described lower half divided is set to 1, or, when described first merit Consumption curve and described 4th power consumption profile power consumption or on the time inconsistent time, the i-th-1 bit that described lower half is divided Value be set to 0.
In conjunction with the first possible implementation of first aspect, in the 4th kind of possible implementation,
Described according to the data in described test patterns, described lower half is divided the value of the 0th bit be configured, including: After described lower half divides the value of other bits in addition to the 0th bit to be provided with, obtain described tested safe core Sheet carries out the 5th power consumption profile during computing to the data in described test patterns;Relatively described first power consumption profile and described the Five power consumption profile power consumption and on the time the most consistent;When described first power consumption profile and described 5th power consumption profile are in power consumption And time the most consistent on the time, the value of the 0th bit lower half divided is set to 1.
Second aspect, the embodiment of the present invention additionally provides a kind of RSA Algorithm private key element acquisition device, and this device includes:
Arranging unit, be used for arranging test patterns, the bit bit length of described test patterns is equal to the RSA PKI of tested safety chip The bit bit length of mould, described test patterns is grouped into lower half by height half part that bit length is equal, and described lower half is divided The a length of t of bit;Test cell, for by arranging different numbers for the described described test patterns arranging unit setting According to, whether the RSA Algorithm private key element testing described tested safety chip can obtain;Preset unit, for when through institute State the test of test cell, when the RSA Algorithm private key element of described tested core can obtain, arrange pre-for described test patterns If data;First determines unit, for the described preset data preset according to the described default unit in described test patterns, The value of the t-1 bit that described lower half is divided is configured;Second determines unit, for determining list described first After the value of the t-1 bit that described lower half is divided by unit is provided with, divide ith bit position according to described lower half Value arranges the data in rear described test patterns, and the value of the i-th-1 bit dividing described lower half is configured, wherein i Belong to [2, t-1];3rd determines unit, for described second determine unit described lower half is divided except the 0th bit it After the value of other outer bits is provided with, according to the data in described test patterns, divide the 0th bit to described lower half Position value be configured, after described lower half divides the value of the 0th bit to be provided with, described lower half divide in data It is a RSA Algorithm private key element of tested safety chip.
In conjunction with second aspect, in the implementation that the first is possible, described test cell, including:
First arranges subelement, for the value of the t bit of described test patterns is set to preset value, and the 0th bit Value be set to 1, the value of remaining all bit is set to 0;First generates subelement, is used for obtaining described tested safety Chip carries out the first power consumption profile during computing to the data that the first generation subelement described in described test patterns is arranged;Second Subelement is set, after obtaining the first power consumption profile at described first generation subelement, keeps described height half part all The value of bit is constant, and lower half is divided the value of all bits be set to 1;Second generates subelement, is used for obtaining institute State tested safety chip and generate the second power consumption when the data that subelement arranges carry out computing to described in described test patterns second Curve;First compares subelement, generates described first power consumption profile of subelement generation with described for the most described first Second generate subelement generate described second power consumption profile power consumption and on the time the most consistent.
In conjunction with the first possible implementation of second aspect, in the implementation that the second is possible,
Described default unit, specifically for when described first power consumption profile and described second power consumption profile are in power consumption and on the time Time consistent, the value keeping described height half part is constant, and the value that described lower half divides all bits is set to 0;
Described first determines that unit includes: the first amendment subelement, for keeping the value of other bit in described test patterns Constant, divide the value of t-1 bit to be revised as 1 described lower half;3rd generates subelement, is used for obtaining described quilt Survey safety chip bent to the 3rd power consumption when the first amendment amended data of subelement carry out computing in described test patterns Line;Second compares subelement, generates described first power consumption profile that subelement generates and described for relatively more described first Three generate subelements generate described 3rd power consumption profile power consumption and on the time the most consistent;First determines subelement, uses In the comparative result comparing subelement according to described second, the value of the t-1 bit that described lower half is divided is configured, When described first power consumption profile and described 3rd power consumption profile power consumption and on the time consistent time, described lower half is divided The value of t-1 bit is set to 1, or, when described first power consumption profile and described 3rd power consumption profile are in power consumption or time Time the most inconsistent, the value of t-1 bit is divided to be set to 0 described lower half.
In conjunction with the first possible implementation of second aspect, in the implementation that the third is possible, described second true Cell includes:
Second amendment subelement, after being provided with the value of the t-1 bit that described lower half is divided, keeps the It is constant that the value of i bit arranges the value of other bits in rear described test patterns, the i-th-1 bit described lower half divided The value of position is set to 1, and wherein i belongs to [2, t-1];4th generates subelement, is used for obtaining described tested safety chip pair The 4th power consumption profile when the second amendment amended data of subelement carry out computing in described test patterns;3rd is the most sub Unit, generates subelement for the most described first described first power consumption profile generating subelement generation and the described 4th raw Become described 4th power consumption profile power consumption and on the time the most consistent;Second determines subelement, for according to the described 3rd The relatively value of the i-th-1 bit that described lower half is divided by the comparative result of subelement is configured, when described first power consumption Curve and the 4th power consumption profile power consumption and on the time consistent time, the value of the i-th-1 bit described lower half divided is arranged Be 1, or, when described first power consumption profile and described 4th power consumption profile power consumption or on the time inconsistent time, by institute The value stating the i-th-1 bit that lower half is divided is set to 0.
In conjunction with the first possible implementation of second aspect, in the 4th kind of possible implementation, described 3rd true Cell includes:
5th generates subelement, for dividing the value of other bits in addition to the 0th bit to set up in described lower half Cheng Hou, obtains the 5th power consumption profile when described tested safety chip carries out computing to the data in described test patterns;4th Relatively subelement, generates son for the most described first described first power consumption profile generating subelement generation with the described 5th Unit generate described 5th power consumption profile power consumption and on the time the most consistent;3rd determines subelement, for according to institute The value stating the 0th bit that described lower half is divided by the 4th comparative result comparing subelement is configured, when described first Power consumption profile and described 5th power consumption profile power consumption and on the time consistent time, the value of the 0th bit lower half divided sets It is set to 1.
Compared with prior art, the embodiment of the present invention provide RSA Algorithm private key element acquisition methods and RSA Algorithm private key Element acquisition device, can effectively obtain the RSA Algorithm private key element of safety chip, can meet acquisition RSA Algorithm private The demand of key element, provides condition for generating the RSA Algorithm private key of safety chip.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to required in embodiment Accompanying drawing to be used is briefly described, it should be apparent that, the accompanying drawing in describing below is only some enforcements of the present invention Example, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to attached according to these Figure obtains other accompanying drawing.Shown in accompanying drawing, above and other purpose, feature and the advantage of the present invention will become apparent from. The part that reference instruction identical in whole accompanying drawings is identical.The most deliberately draw attached by actual size equal proportion scaling Figure, it is preferred that emphasis is illustrate the purport of the present invention.
Fig. 1 is the flow chart of RSA Algorithm private key one embodiment of element acquisition methods of the present invention;
Fig. 2 is the flow chart of RSA Algorithm private key element another embodiment of acquisition methods of the present invention;
Fig. 3 is an embodiment block diagram of RSA Algorithm private key element acquisition device of the present invention;
Fig. 4 is an embodiment block diagram of RSA Algorithm private key element acquisition device test cell of the present invention;
Fig. 5 is the embodiment block diagram that RSA Algorithm private key element acquisition device first of the present invention determines unit;
Fig. 6 is the embodiment block diagram that RSA Algorithm private key element acquisition device second of the present invention determines unit;
Fig. 7 is the embodiment block diagram that RSA Algorithm private key element acquisition device the 3rd of the present invention determines unit.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Description, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Base Embodiment in the present invention, it is all that those of ordinary skill in the art are obtained under not making creative work premise Other embodiments, broadly fall into the scope of protection of the invention.
Secondly, the present invention combines schematic diagram and is described in detail, when describing the embodiment of the present invention in detail, for purposes of illustration only, table The profile of showing device structure can be disobeyed general ratio and be made partial enlargement, and described schematic diagram is example, and it is at this not The scope of protection of the invention should be limited.Additionally, the three dimensions chi of length, width and the degree of depth should be comprised in actual fabrication Very little.
Seeing Fig. 1, for the flow chart of RSA Algorithm private key one embodiment of element acquisition methods of the present invention, the method includes Following steps:
Step 101, arranges test patterns, and the bit bit length of described test patterns is equal to the RSA PKI mould of tested safety chip Bit bit length, described test patterns is grouped into lower half by height half part that bit length is equal, the ratio that described lower half is divided Special bit length is t.
Safety chip to be obtained, the RSA Algorithm private key element of the most tested safety chip, it is necessary first to according to tested safe core The bit bit length of the RSA PKI mould of sheet arranges a test patterns, and this test patterns can represent with C.Test patterns C is permissible Being the memory space of a regular length, the bit bit length of test patterns C, equal to the bit bit length of RSA PKI mould, i.e. stores The bit bit length of bit a length of RSA PKI mould in space, owing to the bit long of RSA PKI key mould in actual use is led to Being often even number, test patterns C is divided CL to form by contour half part CH of bit appearance and lower half, i.e. C=CH | | CL.Survey The value of each bit of examination code C can be configured as required or revise, by carrying out the data in test patterns C Arrange, finally give RSA Algorithm private key element, be configured the data in test patterns C being being saved in storage sky Data between are configured.
Due to a length of even number of bit of RSA PKI mould, the bit bit length of RSA PKI mould can represent with 2t, works as RSA During a length of 2t of bit of PKI mould, high half part CH of test patterns C and lower half divide the bit bit length of CL to be t, Each bit of high half part CH can be labeled as 2t-1,2t-2 ..., t from high to low;Lower half divides CL's Each bit can be labeled as from high to low t-1, t-2 ..., 0;The highest-order bit of high half part CH is 2t-1 Bit, the lowest bit position of high half part CH is t bit, and lower half divides the highest-order bit of CL to be t-1 Bit, lower half divides the lowest bit position of CL to be the 0th bit;First RSA Algorithm private key element p or the 2nd RSA Algorithm private key element q bit bit length is generally also t, i.e. so i.e. chip carries out the mould of RSA-test patterns CRT modulo operation The bit bit length of number m is also t.Such as, during a length of 1024 bit of bit of RSA PKI mould, high half part CH The bit bit length dividing CL with lower half is 512, the first RSA Algorithm private key element p or the second RSA Algorithm private key element The bit bit length of q is also 512, and m is also 512 bit bit lengths.
Step 102, by arranging different data for described test patterns, tests the RSA Algorithm of described tested safety chip Whether private key element can obtain.
The method of the present invention to be used obtains RSA Algorithm private key element, and during precondition, chip is solving ciphertext data or to data Direct modulo operation is carried out when signing.Therefore first have to judge that safety chip when carrying out data signature or deciphering is No carry out modulo operation, obtain RSA Algorithm private key element when comprising modulo operation again.Due to tested safety chip logarithm According to carry out signing or decrypted packet containing modulo operation time, if perform the relation that delivery process depends on inputting data with modulus m, When inputting data more than or equal to m, need to perform delivery process;When inputting data less than m, it is not necessary to perform delivery mistake Journey.Therefore when the two different value being processed according to tested safety chip can be by setting two different values The no delivery process that carries out judges.
When whether the RSA Algorithm private key element testing tested safety chip can obtain, first arrange one for test patterns C Preset value.When arranging preset value for test patterns C, CL can be divided to be configured respectively high half part CH and lower half.
In the ordinary course of things the value of the t bit of test patterns C being set to 0, the value arranging other bits the most again is entered Row test, specifically, is set to 0 by the value of the high half all bits of part CH of test patterns C;And lower half is divided The value of the 0th bit of CL is set to 1, and lower half divides the value of other bits of CL to be all set to 0, i.e. by test patterns C The value of the 0th bit be set to 1, the value of remaining bit is disposed as 0.After setting up preset value for test patterns C, Data in test patterns C can be designated as C1.
Data C1 in test patterns C being input in tested safety chip as input data, tested safety chip can root Carry out computing according to input data, carry out the first power consumption profile during computing by the energy spectrometer instrument tested safety chip of acquisition, This first power consumption profile can be designated as TraceL.
After obtaining the first power consumption profile, keep the value of high half part CH in test patterns C constant, and lower half divides CL The value of all bits is set to 1, and now the data in test patterns C can be designated as C2;By data C2 in test patterns C It is input in tested safety chip as input data, when carrying out computing by the energy spectrometer instrument tested safety chip of acquisition The second power consumption profile, this second power consumption profile can be designated as TraceH.
The power consumption profile got due to energy spectrometer instrument embodies tested safety chip when processing input data The information such as required time, power consumption, therefore TraceL and acquisition TraceH embodies to two different numbers of C1, C2 The time consumed according to tested safety chip when processing or power consumption.Therefore by contrast TraceL and TraceH.Permissible Know chip power consumption or temporal difference when processing two different input data, judge may determine that according to comparison result Whether the RSA Algorithm private key element of tested safety chip can obtain, if TraceL and TraceH is variant, then says The RSA Algorithm private key element of this chip bright can obtain, if TraceL and TraceH zero difference, then can enter chip One step is tested.
The value of the t bit of test patterns C can also be set to 1 in yet some other cases, other ratios are set the most again The value of special position is tested, and specifically, the value of the t bit of high half part CH of test patterns C is set to 1, height The value of other bits of half part CH is all set to 0, and lower half is divided the value of the 0th bit of CL be set to 1, low by half The value of other bits of part CL is all set to 0, i.e. the t bit of test patterns C and the value of the 0th bit are set Being 1, the value of remaining bit is disposed as 0.Then use aforementioned acquisition and compare the process of TraceL and TraceH, Judge to may determine that whether the RSA Algorithm private key element of tested safety chip can obtain according to comparison result, if TraceL and TraceH is variant, then illustrate that the RSA Algorithm private key element of this chip can obtain, if TraceL and TraceH zero difference, then can test chip further.
When testing chip, if first the value of the t bit of test patterns C being set to 1, test draws During the result of TraceL and TraceH zero difference, the value of the t bit of test patterns C can be set to 0, enter the most again Row test, if still drawing the test result of two power consumption profile zero differences, then just it may be said that the RSA of tested safety chip Algorithm private key element can not obtain, whereas if two power consumption profile are variant, then can draw tested safety chip The retrievable conclusion of RSA Algorithm private key element.
Same, when chip is tested, if first the value of the t bit of test patterns C to be set to 0, survey When examination draws the result of TraceL and TraceH zero difference, the value of the t bit of test patterns C can be set to 1, Test the most again, if still drawing the test result of two power consumption profile zero differences, then just it may be said that tested safety The RSA Algorithm private key element of chip can not obtain, otherwise, two power consumption profile are variant, then can draw tested safety The RSA Algorithm retrievable conclusion of private key element of chip.Concrete test process sees aforementioned, just repeats no more at this.
At this it should be noted that the present invention is to obtaining the first power consumption profile TraceL and obtaining the second power consumption profile The order of TraceH does not limits, and can first obtain any of which one.
Step 103, when the RSA Algorithm private key element of described tested core can obtain, arranges present count for described test patterns According to.
When through the comparison to TraceL and TraceH, when determining the most variant, illustrate that tested safety chip exists Can perform modulo operation when being decrypted data or sign, the RSA Algorithm private key element of tested safety chip can obtain. Now can judge the tested safety chip RSA Algorithm the most retrievable process of private key element, to test patterns C according to aforementioned In data be configured, specifically, due to obtain TraceL and TraceH time, by high half part CH It is set to a preset value, when TraceL and TraceH is variant, needs to keep high half part CH in test patterns C Value constant, then lower half divides the value of each bit of CL be both configured to 0.
Step 104, according to the described preset data in described test patterns, to the t-1 bit that described lower half is divided Value is configured.
When chip utilizes Chinese remainder theorem to be accelerated the processing procedure of signature or deciphering, the process to input data Whether journey performs the relation that delivery process depends on inputting data with modulus m, therefore can be by tested safety chip Input different input data, then by being to judge whether that delivery judges to input data and the magnitude relationship of m, pass through Amendment input data, make input data approximation in m, and then obtain the value of m.
When the value that lower half is divided the t-1 bit of the highest-order bit of CL, i.e. test patterns C is configured, permissible Keep the value of other bits in test patterns C constant, lower half is divided the value of CL t-1 bit be revised as 1;Obtain Described tested safety chip carries out the 3rd power consumption profile during computing to data C3 in test patterns C, and the 3rd power consumption profile can To be designated as Trace (t).Then compare the first power consumption profile TraceL and the 3rd power consumption profile Trace (t) is timely in power consumption On between the most consistent;The value that lower half is divided the t-1 bit of CL finally according to comparative result is configured, when When TraceL with Trace (t) is consistent, lower half is divided the value of the t-1 bit of CL be set to 1;When TraceL with When Trace (t) is inconsistent, lower half is divided the value of the t-1 bit of CL be set to 0.
Step 105, after the value of the t-1 bit divided in described lower half is provided with, divides according to described lower half The value of ith bit position arranges the data in rear described test patterns, and the value of the i-th-1 bit dividing described lower half is carried out Arranging, wherein i belongs to [2, t-1].
After the value of t-1 bit is provided with, first successively lower half is divided CL remove from the height low level that puts in place Remaining bits position outside 0th bit is configured, and is arranged to be designated as the i-th-1 bit, to the i-th-1 ratio When the value of special position is configured, need to use the value to ith bit position to be configured the data in rear test patterns C, wherein I belongs to [2, t-1], i.e. divide CL t-2 bit to the 1st lower half from higher bit position to low bit position by bit The value of bit is configured.Such as, to when in test patterns C, the value of the 510th bit is configured, it is right to need to use In test patterns C, the value of the 511st bit is configured the data in rear test patterns C.
Specifically: when the i-th-1 bit that lower half is divided CL is configured, the value to ith bit position is kept It is constant that the value of other bits in rear test patterns C is set, lower half is divided the value of i-th-1 bit of CL be set to 1; Then the 4th power consumption profile when described tested safety chip carries out computing to data C4 in test patterns C, the 4th merit are obtained Consumption curve can be designated as Trace (i);Relatively described TraceL with Trace (i) power consumption and on the time the most consistent;? The value that lower half is divided i-th-1 bit of CL afterwards according to comparative result is configured, as TraceL Yu Trace (i) During cause, lower half is divided the value of i-th-1 bit of CL be set to 1, or, when TraceL with Trace (i) differs During cause, lower half is divided the value of the current bit position of CL be set to 0.
Step 106, after described lower half is divided the value of other bits in addition to the 0th bit be provided with, root According to the data in described test patterns, described lower half is divided the value of the 0th bit be configured, divide in described lower half After the value of 0 bit is provided with, the data during described lower half is divided are a RSA Algorithm private of tested safety chip Key element.
After the value of other bits outside lower half is divided CL the 0th bit is provided with, divide CL's to lower half The value of the 0th bit, when being configured, when lower half is divided the value of the 0th bit of CL be configured, first obtains Described tested safety chip carries out the 5th power consumption profile during computing to data C5 existing in test patterns C, and the 5th power consumption is bent Line can be designated as Trace(0);Then compare TraceL with Trace(0) power consumption and on the time the most consistent;When TraceL with Trace(0) consistent time, lower half is divided the value of the 0th bit of CL be set to 1.Divide in lower half After the value of CL the 0th bit is provided with, the RSA that lower half divides the data of CL to be tested safety chip calculates Method private key element.
From above-described embodiment it can be seen that the method using the present invention to provide, the RSA that can effectively obtain safety chip calculates Method private key element.
See Fig. 2, for the flow chart of RSA Algorithm private key element another embodiment of acquisition methods of the present invention, this embodiment The overall process that obtain tested safety chip RSA Algorithm private key element is described in detail.
Step 201, arranges test patterns, and the bit bit length of described test patterns is equal to the RSA PKI mould of tested safety chip Bit bit length, described test patterns is grouped into lower half by height half part that bit length is equal, the ratio that described lower half is divided Special bit length is t.
Step 202, is both configured to 0 by the value of the described test patterns all bits in addition to the 0th bit.
Step 203, obtains the first power consumption when described tested safety chip carries out computing to the data in described test patterns bent Line.
Step 204, after obtaining the first power consumption profile, the value keeping the described high half all bits of part is constant, by low The value of the half all bits of part is disposed as 1.
Step 205, obtains the second power consumption when described tested safety chip carries out computing to the data in described test patterns bent Line.
Step 206, relatively described first power consumption profile and described second power consumption profile power consumption and on the time the most consistent.
Step 207, when described first power consumption profile and described second power consumption profile power consumption and on the time consistent time, keep The value of the described high half all bits of part is constant, and the value that described lower half divides all bits is disposed as 0.
Step 208, keeps the value of other bits in described test patterns constant, by described test patterns t-1 bit Value is revised as 1.
Step 209, obtains the 3rd power consumption when described tested safety chip carries out computing to the data in described test patterns bent Line.
Step 210, relatively described first power consumption profile and described 3rd power consumption profile power consumption and on the time the most consistent.
Step 211, when described first power consumption profile and described 3rd power consumption profile power consumption and on the time consistent time, by institute Stating lower half divides the value of t-1 bit to be set to 1, or, when described first power consumption profile is bent with described 3rd power consumption Line power consumption or on the time inconsistent time, divide the value of t-1 bit to be set to 0 described lower half.
Step 212, after keeping arranging the value of ith bit position, in described test patterns, the value of other bits is constant, by institute The value stating the i-th-1 bit that lower half is divided is set to 1, and wherein i belongs to [2, t-1].
Step 213, obtains the 4th power consumption when described tested safety chip carries out computing to the data in described test patterns bent Line.
Step 214, relatively described first power consumption profile and described 4th power consumption profile power consumption and on the time the most consistent.
Step 215, when described first power consumption profile and the 4th power consumption profile power consumption and on the time consistent time, by described low The value of the i-th-1 bit of half part is set to 1, or, when described first power consumption profile and described 4th power consumption profile Power consumption or on the time inconsistent time, the value of the i-th-1 bit described lower half divided is set to 0.
Step 216, after described lower half is divided the value of other bits in addition to the 0th bit be provided with, obtains Take the 5th power consumption profile when described tested safety chip carries out computing to the data in described test patterns.
Step 217, relatively described first power consumption profile and described 5th power consumption profile power consumption and on the time the most consistent.
Step 218, when described first power consumption profile and described 5th power consumption profile power consumption and on the time consistent time, by low The value of the 0th bit of half part is set to 1, after lower half divides the value of all bits of CL to be provided with, low by half The data of part CL are a RSA Algorithm private key element of tested safety chip A algorithm chip.
From above-described embodiment it can be seen that the method using the present invention to provide, the RSA that can effectively obtain safety chip calculates Method private key element.
Corresponding with the RSA Algorithm private key element acquisition methods of safety chip of the present invention, present invention also offers safety chip RSA Algorithm private key element acquisition device.
See Fig. 3, for an embodiment block diagram of RSA Algorithm private key element acquisition device of the present invention.
This device includes: arranging unit 301, test cell 302, preset unit 303, first determines unit 304, the Two determine unit 305, and the 3rd determines unit 306.
Wherein, described arranging unit 301, be used for arranging test patterns C, the bit bit length of described test patterns C is equal to tested The bit bit length of the RSA PKI mould of safety chip, described test patterns is divided with lower half by height half part that bit length is equal Composition, a length of t of bit that described lower half is divided.
Obtain the RSA Algorithm private key element of tested safety chip, unit 301 is set firstly the need of according to tested safe core The bit bit length of the RSA PKI mould of sheet arranges test patterns C.The bit bit length of test patterns C is equal to RSA PKI mould Bit bit length, test patterns C divided CL to form by contour half part CH of bit appearance and lower half, i.e. C=CH | | CL.Survey The value of each bit of examination code C can be configured as required or revise.
Described test cell 302, for by arranging different numbers for the described described test patterns arranging unit 302 setting According to, whether the RSA Algorithm private key element testing described tested safety chip can obtain.
When whether the RSA Algorithm private key element testing tested safety chip can obtain, test cell 302 is first to test The value of each bit of code C is configured.In the ordinary course of things the value of the t bit of test patterns C is set to 0, The value arranging other bits the most again is tested;When needs are tested further, then by the t bit of test patterns C The value of position is set to 0, and the value arranging other bits the most again is tested;Or, it is also possible to by the t of test patterns C The value of bit is set to 1, and the value arranging other bits the most again is tested;When needs are tested further, then will The value of the t bit of test patterns C is set to 0, and the value arranging other bits the most again is tested.Concrete test Process may refer to previous embodiment, just repeats no more at this.
Described default unit 303, for when the test through described test cell 302, the RSA Algorithm of described tested core When private key element can obtain, preset data is set for described test patterns C.
When the test through test cell 302, and determine to TraceL and TraceH the most variant time, explanation Tested safety chip can perform modulo operation when being decrypted data or signing, and the RSA Algorithm of tested safety chip is private Key element can obtain.Now presetting unit 303 can be according to aforementioned judgement tested safety chip RSA Algorithm private key element Data in test patterns C are configured by no retrievable process, specifically, owing to obtaining TraceL and TraceH Time, CH is set to a preset value, when TraceL and TraceH is variant, has kept high by half in test patterns C The value of part CH is constant, and then lower half divides the value of each bit of CL be both configured to 1.
Described first determines unit 304, described pre-for preset according to the described default unit 303 in described test patterns If data, the value of the t-1 bit that described lower half is divided is configured.
First determines when lower half is divided the t-1 bit of CL to be configured by unit 304, can keep test patterns C In the value of other bits constant, lower half is divided the value of CL t-1 bit be revised as 1;Obtain described tested safety Chip carries out the 3rd power consumption profile during computing to data C3 in test patterns C;3rd power consumption profile can be designated as Trace (t), can compare described first power consumption profile TraceL and described 3rd power consumption profile Trace (t) in power consumption and On time the most consistent;When described TraceL is consistent with described Trace (t), lower half is divided the t-1 bit of CL The value of position is set to 1;When described TraceL is inconsistent with described Trace (t), lower half is divided the t-1 ratio of CL The value of special position is set to 0.
Described second determines unit 305, for determining, described first, the t-1 ratio that described lower half is divided by unit 304 After the value of special position is provided with, according to the data in described test patterns after the value of described lower half point ith bit position is arranged, The value of the i-th-1 bit dividing described lower half is configured, and wherein i belongs to [2, t-1].
Second determines that unit 305, when being configured the i-th-1 bit, is surveyed after keeping arranging the value of ith bit position In examination code C, the value of other bits is constant, and lower half is divided the value of i-th-1 bit of CL be set to 1;Obtain described Tested safety chip carries out the 4th power consumption profile during computing to data C4 in test patterns C, and the 4th power consumption profile can be remembered For Trace (i);Relatively described TraceL with Trace (i) power consumption and on the time the most consistent;When TraceL with When Trace (i) is consistent, lower half is divided the value of i-th-1 bit of CL be set to 1, or, as TraceL Yu Trace (i) Time inconsistent, lower half is divided the value of the current bit position of CL be set to 0.
Described 3rd determines unit 306, for according to determining that described lower half is divided except the 0th by unit 305 described second After the value of other bits outside bit is provided with, according to the data in described test patterns, described lower half is divided The value of the 0th bit is configured, and after described lower half divides the value of the 0th bit to be provided with, described lower half is divided In data be a RSA Algorithm private key element of tested safety chip.
After 3rd determines that the value of the unit 306 other bits outside lower half is divided CL the 0th bit is provided with, Lower half is divided the value of the lowest bit position of CL, the value of the i.e. the 0th bit, when being configured, first obtains described tested Safety chip carries out the 5th power consumption profile during computing to data C5 existing in test patterns C, and the 5th power consumption profile can be remembered For Trace (0), compare TraceL with Trace (0) power consumption and on the time the most consistent;When TraceL Yu Trace (0) Time consistent, lower half divided the value of the 0th bit of CL be set to 1, divides in lower half the value of CL the 0th bit to set After having put, lower half divides the data of CL to be a RSA Algorithm private key element of tested safety chip.
Owing to RSA Algorithm needs two RSA Algorithm private key elements when encryption, two RSA Algorithm private key elements can be used P with q represents, the method provided due to the present invention can obtain a RSA Algorithm private key element p, therefore based on known PKI N and e, by calculating N/p(or q), obtains the value of another prime number q;By calculate e about (p-1) and (q-1) inverse, can calculate dp, dq;Finally by calculating inverse about p of q, it is thus achieved that complete RSA_CRT Double secret key.
From above-described embodiment it can be seen that use the safety chip RSA Algorithm private key element acquisition device of present invention offer, Can effectively obtain a RSA Algorithm private key element of the RSA Algorithm of safety chip.
See Fig. 4, for an embodiment block diagram of RSA Algorithm private key element acquisition device test cell of the present invention.
This test cell includes: first arranges subelement 401, and first generates subelement 402, and second arranges subelement 403, Second generates subelement 404, and first compares subelement 405.
Wherein, described first arranges subelement 401, for the value of the t bit of described test patterns is set to preset value, The value of the 0th bit is set to 1, and the value of remaining all bit is set to 0, and described preset value is 0 or 1.
Described first generates subelement 402, is used for obtaining described tested safety chip to described in described test patterns C first Data C1 that generation subelement 401 is arranged carry out the first power consumption profile TraceL during computing.
Described second arranges subelement 403, obtains the first power consumption profile for generating subelement 402 described first After TraceL, the value keeping high half part CH is constant, and lower half is divided the value of each bit of CL be disposed as 1.
Described second generates subelement 404, is used for obtaining described tested safety chip to described in described test patterns C second Data C2 that generation subelement 403 is arranged carry out the second power consumption profile TraceH during computing.
Described first compares subelement 405, generates, for the most described first, described first power consumption that subelement 402 generates Curve TraceL generates the described second power consumption profile TraceH of subelement 404 generation in power consumption and time with described second On the most consistent.
From above-described embodiment it can be seen that the test cell of invention safety chip RSA Algorithm private key element acquisition device, can Whether obtain with the RSA Algorithm private key element to tested safety chip and judge, for obtaining a RSA of RSA Algorithm The ready condition of algorithm private key element.
See Fig. 5, determine an embodiment block diagram of unit for RSA Algorithm private key element acquisition device first of the present invention.
This first determines that unit includes: the first amendment subelement 501, and the 3rd generates subelement 502, the second relatively sub-list Unit 503, first determines subelement 504.
Wherein, described first amendment subelement 501, for keeping the value of other bits in described test patterns C constant, The value that described lower half divides CL t-1 bit is revised as 1.
Described 3rd generates subelement 502, is used for obtaining described tested safety chip and repaiies through first in described test patterns C Change the 3rd power consumption profile Trace (t) when amended data C3 of subelement 501 carry out computing.
Described second compares subelement 503, generates, for the most described first, described first power consumption profile that subelement generates Described 3rd power consumption profile Trace (t) that TraceL generates subelement 502 generation with the described 3rd in power consumption and on the time is No unanimously.
Described first determines subelement 504, for comparing the comparative result of subelement 503 to described low according to described second The value of the t-1 bit of half part CL is configured, when described first power consumption profile TraceL and described 3rd power consumption Curve Trace (t) power consumption and on the time consistent time, the value that described lower half divides CL t-1 bit is set to 1, Or, when described first power consumption profile and described 3rd power consumption profile power consumption or on the time inconsistent time, will described low partly The value of part CL t-1 bit is set to 0.
From above-described embodiment it can be seen that the first of invention safety chip RSA Algorithm private key element acquisition device determines unit, Lower half can be divided the value of CL the highest-order bit be configured, for obtaining a RSA Algorithm private key element of RSA Algorithm Ready condition.
See Fig. 6, determine an embodiment block diagram of unit for RSA Algorithm private key element acquisition device second of the present invention.
This second determines that unit includes: the second amendment subelement 601, and the 4th generates subelement 602, the 3rd relatively sub-list Unit 603, second determines subelement 604.
Wherein, the second amendment subelement 601, for dividing the value of the t-1 bit of CL to be provided with to described lower half After, after keeping arranging the value of ith bit position, in described test patterns C, the value of other bits is constant, by described lower half The value dividing i-th-1 bit of CL is set to 1, and wherein i belongs to [2, t-1].
4th generates subelement 602, is used for obtaining described tested safety chip to sub through the second amendment in described test patterns C Amended data C4 of unit 601 carry out the 4th power consumption profile Trace (i) during computing.
3rd compares subelement 603, generates, for the most described first, described first power consumption profile that subelement generates Described 4th power consumption profile Trace (i) that TraceL generates subelement 604 generation with the described 4th in power consumption and on the time is No unanimously.
Second determines subelement 604, for dividing CL according to described 3rd comparative result comparing subelement to described lower half The value of the i-th-1 bit be configured, when described first power consumption profile TraceL and the 4th power consumption profile Trace (i) Power consumption and on the time consistent time, described lower half is divided the value of i-th-1 bit of CL be set to 1, or, work as institute State the first power consumption profile TraceL and described 4th power consumption profile Trace (i) inconsistent time, divide CL's by described lower half The value of the i-th-1 bit is set to 0.
From above-described embodiment it can be seen that the second of invention safety chip RSA Algorithm private key element acquisition device determines unit, The value that lower half can be divided the CL other bits in addition to the highest-order bit and lowest bit position is configured, for obtaining One RSA Algorithm ready condition of private key element of RSA Algorithm.
See Fig. 7, determine an embodiment block diagram of unit for RSA Algorithm private key element acquisition device the 3rd of the present invention.
3rd determines that unit includes: the 5th generates subelement 701, and the 4th compares subelement 702, and the 3rd determines that son is single Unit 703.
Wherein, the described 5th generates subelement 701, for determining that described lower half is divided CL to remove the by unit described second After the value of other bits outside 0 bit is provided with, obtain described tested safety chip in described test patterns C Data C5 the 5th power consumption profile Trace(0 when carrying out computing).
Described 4th compares subelement 702, generates, for the most described first, described first power consumption profile that subelement generates TraceL generates, with the described 5th, the described 5th power consumption profile Trace(0 that subelement 701 generates) in power consumption and on the time The most consistent.
Described 3rd determines subelement 703, for comparing the comparative result of subelement 702 to described low according to the described 4th The value of the 0th bit of half part CL is configured, when described first power consumption profile TraceL is bent with described 5th power consumption Line Trace(0) power consumption and on the time consistent time, lower half is divided the value of the 0th bit of CL be set to 1.
From above-described embodiment it can be seen that the 3rd of invention safety chip RSA Algorithm private key element acquisition device the determines unit, Lower half can be divided the value of CL the 0th bit be configured, for obtaining a RSA Algorithm private key element of RSA Algorithm Ready condition.
Those skilled in the art it can be understood that can add by software to the technology in the embodiment of the present invention required The mode of general hardware platform realizes.Based on such understanding, the technical scheme in the embodiment of the present invention substantially or Saying that the part contributing prior art can embody with the form of software product, this computer software product is permissible It is stored in storage medium, such as ROM/RAM, magnetic disc, CD etc., instructs with so that a computer sets including some Standby (can be personal computer, server, or the network equipment etc.) performs each embodiment of the present invention or embodiment The method described in some part.
Each embodiment in this specification all uses the mode gone forward one by one to describe, identical similar part between each embodiment Seeing mutually, what each embodiment stressed is the difference with other embodiments.Especially for system For embodiment, owing to it is substantially similar to embodiment of the method, so describe is fairly simple, relevant part sees method The part of embodiment illustrates.
Invention described above embodiment, is not intended that limiting the scope of the present invention.Any the present invention's Amendment, equivalent and the improvement etc. made within spirit and principle, should be included within the scope of the present invention.

Claims (4)

1. a RSA Algorithm private key element acquisition methods, it is characterised in that described method includes:
Arranging test patterns, the bit bit length of described test patterns is equal to the bit bit length of the RSA PKI mould of tested safety chip, described Test patterns is grouped into lower half by height half part that bit length is equal, a length of t of bit that described lower half is divided;
By arranging different data for described test patterns, whether the RSA Algorithm private key element testing described tested safety chip may be used Obtain;
When the RSA Algorithm private key element of described tested safety chip can obtain, preset data is set for described test patterns;
According to the described preset data in described test patterns, the value of the t-1 bit that described lower half is divided is configured;
After the value of the t-1 bit divided in described lower half is provided with, according to the value that described lower half is divided ith bit position Data in described test patterns after arranging, the value of the i-th-1 bit dividing described lower half is configured, and wherein i belongs to [2,t-1];
After described lower half divides the value of other bits in addition to the 0th bit to be provided with, according in described test patterns Data, divide the value of the 0th bit to be configured to described lower half, divide the value of the 0th bit to be provided with in described lower half After, the data during described lower half is divided are a RSA Algorithm private key element of tested safety chip;
Wherein, described by arranging different data for described test patterns, test the RSA Algorithm private key of described tested safety chip Whether element can obtain, including:
The value of the t bit of described test patterns is set to preset value, and the value of the 0th bit is set to 1, remaining all ratio The value of special position is set to 0;
Obtain the first power consumption profile when described tested safety chip carries out computing to the data in described test patterns;
After obtaining the first power consumption profile, the value keeping the described high half all bits of part is constant, and lower half is divided all bits The value of position is set to 1;
Obtain the second power consumption profile when described tested safety chip carries out computing to the data in described test patterns;
Relatively described first power consumption profile and described second power consumption profile power consumption and on the time the most consistent;
Described basis arranges the data in rear described test patterns to the value of described lower half point ith bit position, divides described lower half The value of the i-th-1 bit be configured, including:
After keeping arranging the value of ith bit position, in described test patterns, the value of other bits is constant, the described lower half divided The value of i-1 bit is set to 1;
Obtain the 4th power consumption profile when described tested safety chip carries out computing to the data in described test patterns;
Relatively described first power consumption profile and described 4th power consumption profile power consumption and on the time the most consistent;
When described first power consumption profile and the 4th power consumption profile power consumption and on the time consistent time, i-th-1 that described lower half is divided The value of bit is set to 1, or, when described first power consumption profile differs in power consumption or on the time with described 4th power consumption profile During cause, the value of the i-th-1 bit described lower half divided is set to 0;
Described according to the data in described test patterns, described lower half is divided the value of the 0th bit be configured, including:
After described lower half divides the value of other bits in addition to the 0th bit to be provided with, obtain described tested safe core Sheet carries out the 5th power consumption profile during computing to the data in described test patterns;
Relatively described first power consumption profile and described 5th power consumption profile power consumption and on the time the most consistent;
When described first power consumption profile and described 5th power consumption profile power consumption and on the time consistent time, the 0th ratio that lower half is divided The value of special position is set to 1.
2. the method for claim 1, it is characterised in that
Described when the RSA Algorithm private key element of described tested core can obtain, preset data is set for described test patterns, particularly as follows:
When described first power consumption profile and described second power consumption profile power consumption and on the time inconsistent time, keep described high half part Value constant, the value that described lower half divides all bits is set to 0;
Described according to the described preset data in described test patterns, the value of the t-1 bit that described lower half is divided is configured, Including:
Keep the value of other bit in described test patterns constant, divide the value of t-1 bit to be revised as 1 described lower half;
Obtain the 3rd power consumption profile when described tested safety chip carries out computing to the data in described test patterns;
Relatively described first power consumption profile and described 3rd power consumption profile power consumption and on the time the most consistent;
When described first power consumption profile and described 3rd power consumption profile power consumption and on the time consistent time, described lower half is divided The value of t-1 bit is set to 1, or, when described first power consumption profile and described 3rd power consumption profile are in power consumption or on the time Time inconsistent, the value of t-1 bit is divided to be set to 0 described lower half.
3. a RSA Algorithm private key element acquisition device, it is characterised in that described device includes:
Arranging unit, be used for arranging test patterns, the bit bit length of described test patterns is equal to the RSA PKI mould of tested safety chip Bit bit length, described test patterns is grouped into lower half by height half part that bit length is equal, the bit that described lower half is divided A length of t;
Test cell, for by arranging different data for the described described test patterns arranging unit setting, testing described tested Whether the RSA Algorithm private key element of safety chip can obtain;
Preset unit, for when the test through described test cell, when the RSA Algorithm private key element of described tested safety chip When can obtain, preset data is set for described test patterns;
First determines unit, for the described preset data preset according to the described default unit in described test patterns, to described low The value of the t-1 bit of half part is configured;
Second determines unit, for determining that described first the value of t-1 bit that described lower half divided by unit is provided with After, according to the data in described test patterns after the value of described lower half point ith bit position is arranged, that described lower half is divided The value of i-1 bit is configured, and wherein i belongs to [2, t-1];
3rd determines unit, for determining that described lower half is divided other bits in addition to the 0th bit by unit described second After the value of position is provided with, according to the data in described test patterns, described lower half is divided the value of the 0th bit be configured, After described lower half divides the value of the 0th bit to be provided with, the data during described lower half is divided are the one of tested safety chip Individual RSA Algorithm private key element;
Wherein, described test cell, including:
First arranges subelement, for the value of the t bit of described test patterns is set to preset value, and the value of the 0th bit Being set to 1, the value of remaining all bit is set to 0;
First generates subelement, is used for obtaining described tested safety chip and generates subelement setting to described in described test patterns first The data the first power consumption profile when carrying out computing;
Second arranges subelement, after obtaining the first power consumption profile at described first generation subelement, keeps described high half part The value of all bits is constant, and lower half is divided the value of all bits be set to 1;
Second generates subelement, is used for obtaining described tested safety chip and generates subelement setting to described in described test patterns second The data the second power consumption profile when carrying out computing;
First compares subelement, generates described first power consumption profile of subelement generation for the most described first raw with described second Become subelement generate described second power consumption profile power consumption and on the time the most consistent;
Described second determines that unit includes:
Second amendment subelement, after being provided with the value of the t-1 bit that described lower half is divided, keeps the i-th ratio It is constant that the value of special position arranges the value of other bits in rear described test patterns, and the value of the i-th-1 bit described lower half divided sets Being set to 1, wherein i belongs to [2, t-1];
4th generates subelement, be used for obtaining described tested safety chip in described test patterns after the second amendment subelement amendment The data the 4th power consumption profile when carrying out computing;
3rd compares subelement, generates described first power consumption profile of subelement generation for the most described first raw with the described 4th Become subelement generate described 4th power consumption profile power consumption and on the time the most consistent;
Second determines subelement, for the i-th-1 ratio divided described lower half according to the described 3rd comparative result comparing subelement The value of special position is configured, when described first power consumption profile and the 4th power consumption profile power consumption and on the time unanimously time, by described low The value of the i-th-1 bit of half part is set to 1, or, when described first power consumption profile and described 4th power consumption profile are in merit When consumption or time are the most inconsistent, the value of the i-th-1 bit described lower half divided is set to 0;
Described 3rd determines that unit includes:
5th generates subelement, is used for after described lower half divides the value of other bits in addition to the 0th bit to be provided with, Obtain the 5th power consumption profile when described tested safety chip carries out computing to the data in described test patterns;
4th compares subelement, generates described first power consumption profile of subelement generation for the most described first raw with the described 5th Become subelement generate described 5th power consumption profile power consumption and on the time the most consistent;
3rd determines subelement, for the 0th bit divided described lower half according to the described 4th comparative result comparing subelement The value of position is configured, when described first power consumption profile and described 5th power consumption profile power consumption and on the time consistent time, by low partly The value of the 0th bit of part is set to 1.
4. device as claimed in claim 3, it is characterised in that
Described default unit, specifically for differing in power consumption and on the time with described second power consumption profile when described first power consumption profile During cause, the value keeping described height half part is constant, and the value that described lower half divides all bits is set to 0;
Described first determines that unit includes:
First amendment subelement, for keeping the value of other bit in described test patterns constant, divides t-1 by described lower half The value of bit is revised as 1;
3rd generates subelement, be used for obtaining described tested safety chip in described test patterns after the first amendment subelement amendment The data the 3rd power consumption profile when carrying out computing;
Second compares subelement, generates, for the most described first, described first power consumption profile and the described three lives that subelement generates Become subelement generate described 3rd power consumption profile power consumption and on the time the most consistent;
First determines subelement, for the t-1 ratio divided described lower half according to the described second comparative result comparing subelement The value of special position is configured, when described first power consumption profile and described 3rd power consumption profile power consumption and on the time consistent time, by institute Stating lower half divides the value of t-1 bit to be set to 1, or, when described first power consumption profile and described 3rd power consumption profile exist When power consumption or time are the most inconsistent, the value of t-1 bit is divided to be set to 0 described lower half.
CN201310318368.8A 2013-07-26 2013-07-26 RSA Algorithm private key element acquisition methods and acquisition device Active CN103441843B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310318368.8A CN103441843B (en) 2013-07-26 2013-07-26 RSA Algorithm private key element acquisition methods and acquisition device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310318368.8A CN103441843B (en) 2013-07-26 2013-07-26 RSA Algorithm private key element acquisition methods and acquisition device

Publications (2)

Publication Number Publication Date
CN103441843A CN103441843A (en) 2013-12-11
CN103441843B true CN103441843B (en) 2016-09-21

Family

ID=49695512

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310318368.8A Active CN103441843B (en) 2013-07-26 2013-07-26 RSA Algorithm private key element acquisition methods and acquisition device

Country Status (1)

Country Link
CN (1) CN103441843B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1411644A (en) * 1999-10-14 2003-04-16 格姆普拉斯公司 Countermeasure method in electronic component which uses RSA-type public key cryptographic algorithm
CN1835207A (en) * 2005-03-17 2006-09-20 联想(北京)有限公司 Method of preventing energy analysis attack to RSA algorithm
CN102983964A (en) * 2012-12-28 2013-03-20 大唐微电子技术有限公司 method and device for improving digital encryption standard resisting differential power analysis
CN103067164A (en) * 2013-01-17 2013-04-24 北京昆腾微电子有限公司 Anti-attack method for electronic components using RSA public key encryption algorithm

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2804225B1 (en) * 2000-01-26 2002-05-03 Gemplus Card Int MODULAR EXPONENTIATION ALGORITHM IN AN ELECTRICAL COMPONENT USING A PUBLIC KEY ENCRYPTION ALGORITHM

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1411644A (en) * 1999-10-14 2003-04-16 格姆普拉斯公司 Countermeasure method in electronic component which uses RSA-type public key cryptographic algorithm
CN1835207A (en) * 2005-03-17 2006-09-20 联想(北京)有限公司 Method of preventing energy analysis attack to RSA algorithm
CN102983964A (en) * 2012-12-28 2013-03-20 大唐微电子技术有限公司 method and device for improving digital encryption standard resisting differential power analysis
CN103067164A (en) * 2013-01-17 2013-04-24 北京昆腾微电子有限公司 Anti-attack method for electronic components using RSA public key encryption algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《差分能量攻击样本选取方法》;李志强等;《计算机应用》;20120101;第32卷(第1期);全文 *

Also Published As

Publication number Publication date
CN103441843A (en) 2013-12-11

Similar Documents

Publication Publication Date Title
US8472621B2 (en) Protection of a prime number generation for an RSA algorithm
US8509429B2 (en) Protection of a prime number generation against side-channel attacks
CN100579006C (en) RSA ciphering method for realizing quick big prime generation
CN105515778B (en) Cloud storage data integrity services signatures method
Kennedy Monte Carlo tests of stochastic Loewner evolution predictions for the 2D self-avoiding walk
CN109450640A (en) Two side's endorsement methods and system based on SM2
CN105956921A (en) Method and device for selecting bankcard number by user himself/herself
CN102279840B (en) Method for quickly generating prime number group applicable to information encryption technology
CN106972924A (en) Encryption, decryption, Electronic Signature, the method and device for verifying stamped signature
CN107171788A (en) A kind of identity-based and the constant online offline aggregate signature method of signature length
CN103326861B (en) A kind of data are carried out the method for RSA security signature, device and safety chip
CN109257159A (en) The building method of novel higher-dimension hyperchaotic system
CN110213050B (en) Key generation method, device and storage medium
CN107104788B (en) Terminal and non-repudiation encryption signature method and device thereof
CN102520908B (en) Pseudo-random number generator and pseudo-random number generating method
CN104954124B (en) Encrypting and decrypting data processing method, device and system
CN105391716B (en) A kind of method and system for identifying Encryption Algorithm
CN103441843B (en) RSA Algorithm private key element acquisition methods and acquisition device
CN110990846B (en) Information storage method, device and computer readable storage medium
CN106020820A (en) User process termination method and apparatus
CN104767622B (en) Encryption method and device
CN103580858B (en) RSA Algorithm private key element acquisition methods and acquisition device
CN104079561A (en) Secret key attacking method and device
CN111538480A (en) Doubling point operation method and system for elliptic curve password
CN106850219A (en) A kind of data processing method and terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210802

Address after: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing

Patentee after: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd.

Patentee after: CETC (Beijing) information evaluation and Certification Co.,Ltd.

Address before: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing

Patentee before: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd.

Patentee before: NO.15 INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240315

Address after: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing

Patentee after: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd.

Country or region after: China

Patentee after: NO.15 INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp.

Address before: 100015 4th and 5th floors, block B, building 21, No. 2, Wanhong West Street, dongzhimenwai, Chaoyang District, Beijing

Patentee before: BEIJING HUADA INFOSEC TECHNOLOGY, Ltd.

Country or region before: China

Patentee before: CETC (Beijing) information evaluation and Certification Co.,Ltd.