DE10221409A1 - Circuit and method for performing a calculation - Google Patents

Abstract

A circuit for performing a calculation on useful input data in order to obtain useful output data comprises a device (12) for performing an algorithm with one or more algorithm steps and a control device (18). The control device (18) controls the device (12) for performing such that the same carries out one or more algorithm steps before the algorithm is carried out with the useful input data in order to obtain the useful output data and / or after the algorithm has been carried out it is intended to destroy or at least reduce the correlation between the total execution time and the user input data. The distinction between the algorithm steps during the execution of the actual algorithm and the algorithm steps that are carried out before or after the aggravation of timing attacks is made more difficult by the fact that all algorithm steps are carried out using the same device, so that, for example, power attacks such as z. B. SPA, no difference can be perceived.

Description

The present invention relates to implementation from calculations on useful input data to useful output data to get, and especially on arrangements for such Circuits against hardware attacks in the event of their Use in cryptography.

With the advent of more and more small mobile Crypto devices such as B. smart cards and SIM cards, was one new category of attacks on cryptographic algorithms relevant directly to the hardware implementation of the Target cryptosystem. Attacks of this type use the Data from very fine measurements on the crypto device, while encryption is in progress, and derive secret information from these measurements, such as z. B. a cryptographic key. The attacker For example, suspects some key bits and tries the Correctness of the presumption by correlation with the measurements to verify.

Some hardware attacks have been suggested, such as z. B. Measure the time required for encryption or other time periods or measuring the performance or Electricity consumption and radiation patterns to provide information via a secret key or other way of obtaining that are stored on the device. Attacks of this kind are generally independent of the one used cryptographic algorithm by the cryptographic device is implemented, and can be applied to any device that is not protected against such attacks.

A special type of hardware attack is that Timing or timing attacks, in which by accurate Measure the amount of time it takes to complete one perform cryptographic algorithm, attackers in the Able to transfer information about that from the implemented cryptographic algorithm processed data or the key or keys used by the same receive. Timing attacks take advantage of the fact that Crypto devices often have a slightly different one Time required to get different input data to process. The reasons for this can be varied and include, for example, performance optimizations to avoid unnecessary Skip operations, conditional jump instructions, RAM cache Hit and arithmetic units, the arithmetic operations such. B. Multiplication and division, in different time periods perform, depending on both the cryptographic Key as well as the input data.

Previous circuits for performing a cryptographic algorithm suffer because of their Execution time dependent on input data for carrying out the Algorithm a vulnerable target for timing attacks represent. This is even more serious with the Calculation of cryptographic algorithms using asynchronous electronic circuits, since they generally have a inherently data-dependent execution time prevails. at synchronous circuits where the constancy of the total duration of a Mostly calculation in terms of the number of required cycles through appropriate control structures or software can often be guaranteed, the time base is often tried destroy within the time grid, so correlative Attacks, (such as SPA attacks "simple power analysis = Single power analysis) can be prevented. Although these Property of the variable time base for asynchronous circuits is inherent, the need remains with them defense against timing attacks.

There is therefore a need for circuits for Carrying out a calculation on user input data in order To receive useful output data for which the execution time is none Dependence on the usage input data shows, and thus that Explore secret data or keys based on them Dependency is effectively avoided.

The object of the present invention is a Circuit and method for performing a calculation of useful input data in order to obtain useful output data create so that security against hardware attacks is increased.

This object is achieved by a circuit according to claim 1 and solved a method according to claim 13.

The present invention is based on the finding that the safety of circuits to carry out a Calculation on useful input data in order to obtain useful output data against hardware attacks can be increased effectively by a device for performing an algorithm with a or more algorithm steps a control device is associated with the device for performing such controls that before performing the actual Algorithm with the user input data to the user output data received, and / or afterwards one or more Algorithm steps are performed that are only intended to do so are the correlation between total execution time and Destroy useful input data or at least reduce it. Distinguishing the algorithm steps during the Implementation of the actual algorithm and the Algorithm steps that aggravate timing attacks before or done thereafter, according to the invention is complicated by the fact that all algorithm steps using the same Setup are carried out so that based on, for example Power attacks, such as B. SPA, no difference perceived can be.

An advantage of the present invention is that the same with many cryptographic algorithms implement because these algorithms anyway that Repeat calculation operations or algorithm steps exhibit. Examples of cryptographic algorithms that use the Repeating operations with the same characteristics, include, for example, the DES algorithm (data encryption standard = data encryption standard), for the 16 rounds the AES standard (advanced encryption standard = extended encryption standard), where 10, 12 or 14 rounds are performed using the RSA algorithm (named after its three founders Rivest, Shamir and Adleman), which performed many modular multiplications or the ECC algorithm (ECC = Elliptic Curve Cryptography = elliptic curve cryptography) with also many modular multiplications. The present The invention thus makes use of these algorithms inherent characteristic of repeated use of Take advantage of arithmetic operations.

Further preferred embodiments are the subject of Dependent claims.

Preferred embodiments of the present invention are referred to below with reference to the enclosed Drawings explained in more detail. Show it:

Fig. 1 is a block diagram of a circuit for performing a calculation according to a general embodiment of the present invention; and

Fig. 2 is a block diagram of a circuit for performing a DES algorithm according to a specific embodiment of the present invention.

The present invention will first be described with reference to FIG. 1 using a general exemplary embodiment.

Fig. 1 shows a circuit for performing a calculation on Nutzeingangsdaten to obtain Nutzausgangsdaten which is generally indicated by 10. The circuit 10 comprises a device 12 for performing an algorithm, such as. B. a DES, AES or RSA algorithm, or part of the same with one or more algorithm steps, such as. B. the rounds in the case of the DES and AES algorithm and the modular multiplications in the case of the RSA algorithm. The device 12 receives the user input data to be processed at an input 14 , which it converts into useful output data in an execution time to be discussed below, which in turn outputs the same at an output 16 after the execution time has expired. The circuit 12 is connected to a control device 18 which controls the device 12 in such a way that it carries out one or more additional algorithm steps before the actual algorithm is carried out with the useful input data in order to obtain the useful output data and / or after the same.

The control device 18 controls the device 12 in such a way that the useful input data are not deleted while the additional algorithm steps are carried out before the actual algorithm is carried out and the user output data obtained are not deleted during the additional algorithm steps after the actual algorithm is carried out. The execution time required by the circuit 10 to output the useful output data at the output 16 after the user input data has been received at the input 14 is consequently the sum of the time periods which the device 12 has to carry out the algorithm steps of the actual algorithm and the additional algorithm steps before and needed afterwards.

For the circuit 10 above there are two essential properties which protect it against hardware attacks. First of all, the correlation between the input data and the execution time of the circuit 10 is no longer dependent solely on the algorithm implemented by the device 12 and the input data, since the time required to carry out the additional algorithm step (s) is added to the pure calculation time. A dependency of the execution time on the user input data due to, for example, different cache hits, conditional jumps or the like in the device 12 is thereby obscured. In particular in the case of an asynchronously operating device 12 , the time period for performing an algorithm step is dependent on the input data. This is because asynchronous circuits are self-clocked, so that the intermediate results of the various logic components from which the asynchronous circuits are constructed are processed by the logic components of the subsequent stage independently of a clock whenever all are required as input data for a respective logic component Interim results are available. In addition, different input data in asynchronous circuits lead to different logic paths being taken within the logic components from which the asynchronous circuit is constructed, which in turn have different runtimes. This leads to the fact that asynchronous circuits have an inherently data-dependent execution time, since each intermediate result and also the end result, depending on the chosen logic paths within the logic components, are present immediately and not in units of a cycle sooner or later at the output. In the case of an asynchronously self-clocking device 12 , the addition of performing the additional algorithm steps consequently obscures the data dependence of the execution time of the circuit 10 .

Various measures can be taken to further reduce the dependency of the execution time of the circuit 10 on the user input data 14 , or even to completely eliminate it. A first possibility is to randomly redetermine the number of additional algorithm steps carried out before and after the actual algorithm has been carried out, from calculation to calculation, ie from the user receipt date to the user receipt date. In this way, the part of the execution time of the circuit 10 caused by the additional algorithm steps performed per calculation varies, so that the dependence of the execution time on the useful input data is even less and timing attacks are even more difficult. In the case of circuits in which the execution time is dependent on the data to be processed, i.e. in particular in the case of asynchronous, self-clocking circuits, a further obscuring of the dependence of the execution time on the user input data can be achieved by the additional algorithm steps carried out before or after the actual algorithm has been carried out, random "sham" input data are used. Due to the inherently data-dependent execution time of an asynchronously operating device 12 , the additional execution time caused by the additionally performed algorithm steps, which is added to the execution time caused by the execution of the actual algorithm, varies in the case of an asynchronous circuit even if the number of additional algorithm steps per The calculation is the same, provided that the algorithm steps are carried out immediately one after the other without being triggered by an external clock at certain points in time.

A further property of the circuit 10 , which helps it to provide increased protection against hardware attacks, is that the additional algorithm steps carried out are based on arithmetic operations with the same characteristics, or in other words the additional algorithm steps carried out by the same device 12 . In the examples mentioned above and in the exemplary embodiment in FIG. 2, which will be discussed below, the algorithm steps are based on the same arithmetic operations and differ from one another only by different input operands, such as, for example, FIG . B. the intermediate result of the previous algorithm step and the key to be used in this step. In this case, an attacker, while observing the power consumption, cannot distinguish additional dummy algorithm steps from those algorithm steps that are carried out during the actual algorithm.

A special exemplary embodiment of a circuit for carrying out a DES calculation is described below with reference to FIG. 2, in which additional algorithm steps are carried out both before and after the actual algorithm has been carried out. The circuit of FIG. 2, indicated generally at 50, includes a circuit portion 52 for performing a DES algorithm and a control unit 54 for controlling the circuit portion 52 . The circuit part 52 comprises an input register 56 , a result register 58 and a DES module 60 . The circuit section 52 also includes multiplexers 62 and 64 and an additional register 66 . The input register 56 is connected directly to an input 68 of the circuit 50 . Multiplexer 62 connects either input register 56 or additional register 66 to an input of DES module 60 , as indicated by a control signal that multiplexer 62 receives from control unit 54 connected to it. To return the result of a round of the DES algorithm as an input operand for the next DES round, the multiplexer 64 is able to connect the output of the DES module 60 to the register 66 via a further multiplexer 69 . However, the multiplexer 64 can also connect the output of the DES module to the result register 58 . The connection established by the multiplexer 64 depends on a control signal which the multiplexer 64 receives from the control unit 54 connected to it. The output register 58 is connected to an output 70 of the circuit 50 . In addition to the input connected to the multiplexer 64 , the multiplexer 69 comprises a further input via which, as will be described in the following, a random start value d _{z can be} loaded into the additional register 66 , to which an output of the multiplexer 69 is connected. Which of the two inputs, ie the one at which the value d _z is received or the one to which the intermediate result is supplied from the DES module via the multiplexer 64 , the multiplexer 69 connects to the input of the register 62 depends on a control signal that the multiplexer 69 receives from the control unit connected to it. The control unit 54 includes a counter 72 for counting the laps performed during an overall calculation, as will be described below.

After the structure of the circuit of Fig. 2 has been described above, the operation of the same will be described below. The circuit 50 is provided to carry out a calculation on useful input data at the input 68 and to output the result in the form of useful output data at the output 70 . In particular, it is assumed in FIG. 2 that the circuit 50 is provided for performing a DES calculation, which maps 64 bits of useful input data to 64 bits of useful output data. The DES round calculations are carried out by the DES module 60 , which is asynchronous in the present case and works self-clocked. In other words, the execution time of the lap calculations by the DES module 60 is different for each lap or for each input value and the result of a lap is present at the output of the DES module 60 immediately after the calculation, regardless of a clock. A lap calculation by the DES module 60 is therefore dependent on input data.

• 1. Unterteilen des 64-Bit-Blocks der vorhergehenden Runde oder, in dem Fall der ersten Runde, der Nutzeingangsdaten in eine linke Hälfte von 32 Bits und eine rechte Hälfte von 32 Bits,
• 2. Abbilden der rechten Hälfte der vorhergehenden Runde auf eine linke Hälfte eines 64-Bit-Blocks der aktuell zu berechnenden Runde,
• 3. Expandieren der 32 Bits der rechten Hälfte des vorhergehenden Blocks zu einem 48-Bit-Block gemäß einer Auswahltabelle, die einige der Bits der rechten Hälfte der vorhergehenden Runde doppelt verwendet,
• 4. Unterziehen des expandierten 48-Bit-Blocks einer XOR- Operation mit einem aus einem DES-Schlüssel berechneten Runden- bzw. Teilschlüssel, der der aktuellen Runde zugeordnet ist,
• 5. Zugreifen mit jeder von acht Gruppen zu je sechs Bits des verschlüsselten 48-Bit-Blocks als Adresse auf sogenannte "S- Boxen", die Funktionen darstellen, die einen 6-Bit-Block auf einen 4-Bit-Block abbilden, wobei für jede Gruppe eine S-Box definiert ist,
• 6. nach Abbildung jeder 6-Bit-Gruppe in eine 4-Bit-Gruppe, Permutieren des resultierenden 32-Bit-Blocks, und
• 7. Durchführen einer XOR-Operation zwischen der linken Hälfte der vorhergehenden Runde und dem permutierten 32-Bit- Block, um die aktuellen 32 Bits der rechten Hälfte der aktuellen Runde zu erhalten.

In the following, a calculation is used to understand the encryption of a 64-bit block of the user input data at input 68 . During a calculation, the 64-bit block is subjected to 16 rounds that are performed by the DES module 60 . Each round performed by the DES module 60 is based on the same arithmetic operation, which in turn consists of several arithmetic operations. These arithmetic operations consist of the following steps:

• 1. Divide the 64-bit block of the previous round or, in the case of the first round, the usage data into a left half of 32 bits and a right half of 32 bits,
• 2. mapping the right half of the previous round to a left half of a 64-bit block of the current round to be calculated,
• 3. Expand the 32 bits of the right half of the previous block into a 48 bit block according to a selection table that uses some of the bits of the right half of the previous round twice.
• 4. subjecting the expanded 48-bit block to an XOR operation with a round key or partial key calculated from a DES key and assigned to the current round,
• 5. Access with each of eight groups of six bits each of the encrypted 48-bit block as an address to so-called "S-boxes", which represent functions that map a 6-bit block to a 4-bit block, whereby an S-Box is defined for each group,
• 6. after mapping each 6-bit group into a 4-bit group, permuting the resulting 32-bit block, and
• 7. XOR between the left half of the previous round and the permuted 32-bit block to get the current 32 bits of the right half of the current round.

A total of 16 rounds are carried out per 64-bit block to be processed. The circuit 50 carries out further permutations for a complete DES encryption.

In particular, the 64 bits present at input 68 were previously subjected to a further permutation for complete DES encryption. In addition, the 64 bits resulting after the 16 DES rounds are subjected to an inverse permutation. However, these permutations, which are achieved, for example, via fixed wiring, make no or at least no significant contribution to the total calculation time of DES encryption and thus only the time is taken into account in the following with regard to the execution time or duration of a complete DES encryption, necessary for the 16 DES rounds. For the following discussion, the pure execution time for a calculation of the actual DES encryption of a 64-bit data block is therefore composed of the 16 rounds by the DES module 60 . Due to the asynchronous nature of the DES module 60, it would be extremely dependent on the 64 bit input data.

For this reason, additional rounds are added to the actual 16 rounds of a DES calculation in order to determine the correlation between the execution time of the circuit 50 on the one hand and secret information such as, for example, B. the user input data to be encrypted and the DES key or the round keys, on the other hand.

To initialize a calculation, a random start value d _z is first loaded into the additional register 66 via the multiplexer 69 , which serves as an input operand for the cyclically carried out additional rounds before the actual algorithm is carried out. Thereupon the multiplexer 69 is switched over in order from now on to connect the input of the additional register 66 to the multiplexer 64 . In addition, the counter 72 of the control unit 54 is set to a random start value z ₀ . When the 64-bit input block arrives, it is first stored in the input register 56 . The control unit 54 controls the multiplexer 62 in such a way that the random value d _z from the additional register 66 is first fed to the DES module 60 in order to carry out a DES round. For each DES round performed, the counter 72 in the control unit 54 increments the counter value z _i (i∈ | N, where i is to indicate the number of the DES round currently being carried out) by 1. For this purpose, the counter 72 is preferably designed such that the Counter value z _{i is} gray-coded, so that only one bit per increment changes in the bit representation of the counter value z _{i in} order to offer few clues for hardware attacks.

In this way, the DES module 60 carried out a "false round", ie a round that does not belong to the actual rounds of the actual DES calculation and thus is not used to calculate the useful output data. The control unit 54 sets the multiplexer 64 in such a way that the output of the DES module 60 is connected to the register 66 , so that the result of the false round is copied into the additional register 66 . The control unit 54 monitors how many false rounds are carried out with the intermediate results stored in the additional register 66 and constantly compares the counter value z _i in the counter 72 with a comparison value v.

As soon as the counter value z _{i of} the counter 72 has reached the comparison value v, the control unit switches the multiplexer 62 in such a way that it connects the input register 56 to the input of the DES module 60 . In this way, the DES module carried out 60 m = v - z ₀ false rounds, namely as many rounds starting from the initialization until the constant comparison value v was reached by incrementing the random value z ₀ . The number of bogus rounds at this time is therefore m = v - z ₀ . According to a further exemplary embodiment, the comparison value v can of course also be set at random.

Due to the conversion of the multiplexer 62 , the 64-bit user data input block, which, as mentioned above, has already been subjected to permutation in a permutation module, not shown, is fed from the input register 56 into the DES module 60 . After performing the first DES round on the 64-bit input block, the DES module 60 outputs the result or the first 64-bit useful intermediate data block via the multiplexer 64 into the intermediate register 66 , whereupon the counter 72 increments its counter value z _i , The control unit 54 again switches the multiplexer 62 in such a way that the additional register 66 is connected to the input of the DES module 60 . The 15 remaining rounds of the actual DES calculation are then carried out, the intermediate result to be encoded being entered by the additional register 66 into the DES module 60 and subjected to a DES round there, and the new intermediate result again in the additional register 66 is copied. Alternatively, each intermediate result could also be copied into the input register 56 during these 16 DES rounds of the actual DES calculation, in which case an additional data path would lead from the output of the DES module 60 via the multiplexer 64 to the register 56 .

The control unit 54 ensures that after the 16 DES rounds of the actual calculation, the multiplexer 64 is changed over such that the register 58 is connected to the output of the DES module 60 . The result of the 16 th DES round of the actual DES calculation, which consequently represents the encrypted 64-bit useful output block, is correspondingly copied into the register 58 . From the point in time when the required result or the 64-bit user output block is available, ie after 16 DES rounds of the actual DES calculation, further round results are only copied into the additional register 66 , which is different from the characteristic, such as B. the current consumption and the switching times, behaves the same as the result register 58 , in which the result now rests. The control unit 54 takes care of this by converting the multiplexer 64 again in such a way that it connects the output of the DES module 60 to the additional register 66 .

The gray-coded counter 72 or its counter value z _i , however, has continued to a value v + 16 = z ₀ + m + 16. Although the actual 64-bit result is already available in the result register 58 , the control unit leaves 54 the DES module 60 executes further bogus rounds, and ensures that the result is retained in the result register 58 for as long as this. The control unit 54 monitors the counter value z _{i of} the counter 72 reaches a fixed or a random end value e. In the apparent rounds following the 16th round of the actual DES calculation, the intermediate results temporarily stored in the additional register 66 are fed to the DES module. In the first dummy round after the 16th round of the actual calculation, the DES module is consequently supplied with the same intermediate result which has led to the final 64-bit useful data output block stored in the result register 58 .

After the control unit 54 has determined that the counter value z _{i of} the counter 72 has reached the end value e, there are a total of n + 16 + m rounds by the DES module, ie including the dummy rounds and the 16 DES rounds of the actual calculation 60 was carried out, where n is the number of rounds carried out according to the actual calculation and n = e - z ₀ - m - 16 and m = v - z ₀ . When this counter value e is reached, the control unit 54 prevents any further DES rounds from being carried out in the current calculation and releases the result in the result register 58 for output at the output 70 .

From the preceding discussion of the mode of operation during a DES calculation of the circuit 50 , it is clear that the correlation between the 64-bit user input data and the execution time required for calculating the 64-bit useful output data, ie including the false rounds, is low. Each round carried out in the DES module 60 requires a different period of time, which depends on the 64 bit input data to be processed by the respective round and the respective round subkey. Assuming that the DES module 60 also works with the lap keys that are used during the actual DES calculation for the dummy rounds before and after the actual DES calculation, the total calculation execution time therefore depends primarily on the total number m + 16 + n of the DES rounds carried out, ie the DES rounds of the actual DES calculation and the false rounds before and after. Due to the self-clocked mode of operation of the DES module 60 and the associated input data-dependent lap calculation time, the total execution time also depends on the random value on which the additional register 66 is initialized at the beginning of each calculation. The total number of rounds m + 16 + n in turn depends on the random value to which the counter 72 is initialized, and additionally, as mentioned above, possibly on a random comparison value v and a random final value e.

In the case of a hardware attack in which time measurements and power consumption measurements are carried out, it is therefore initially difficult to draw conclusions from the execution time of secret data, such as, for example, B. the slot input data or the secret DES key are pulled. In addition, based on observations of the time course of the power consumption, false rounds cannot be distinguished from the actual 16 DES rounds, since all rounds are carried out by the same DES module 60 , and thus each round, whether a false round or one of the 16 DES rounds has the same power consumption characteristics.

In the preceding description, it was assumed that the counter 72, controlled by the round processing by the DES module 60, increments its counter value at each round completion, and that the round calculations by the DES module 60 thus follow one another immediately, without an external clock starting every DES round from outside. In another embodiment, the counter 72 is clocked, which clock is also used to activate the DES rounds by the DES module 60 . In this case it can be achieved by a fixed end value e that the DES calculation by the circuit 50 always takes the same time.

In an alternative embodiment, the control unit 54 instead of the counter 72 comprises a timer which measures the time from the arrival of the user input data at the input 78 , the control unit 54 performing the DES calculation by the circuit 50 before or after the DES bill round the actual DES calculation stops, on which the timer exceeds a certain predetermined period of time. In this case too, the execution time of the circuit 50 can be kept constant except for units of a calculation duration for a DES round.

In the event that the slot input data to be processed by circuit 50 is data of a certain protocol with constant block length, such as e.g. B. an ATM protocol (ATM = asynchronous transfer mode), in which the block length is a multiple of the DES block length of 64 bits, the encryption of all DES blocks belonging to a protocol block can be carried out in a longer "mill pass", so that the circuit does not come to rest until the protocol block is fully encrypted. The total number of deflection rounds v _i and n _i to be used can be minimized at the expense of increased latency and with the addition of additional registers. For example, in addition to the additional register per 64 bit block of a protocol block, an input register and an output register are provided, alternating false rounds and then the 16 rounds being carried out on one of the 64 bit blocks.

The embodiment of FIG. 2 consequently causes the execution time to be extended to any random or to an adjustable constant value, from which no longer occurs, by temporally variable prepending or appending operations of the same characteristic as in the algorithm to be protected, but using random data the original data-dependent execution time can be inferred. It is important to point out that not only the DES algorithm shown in FIG. 2, but also many other crypto-algorithms include the repetition of operations with the same characteristic anyway, such as e.g. B. the AES algorithm, which has 10, 12 or 14 rounds, or the RSA algorithm, which has the execution of several modular multiplications. The embodiment of FIG. 2 consequently takes advantage of the many algorithms inherent characteristic of the reuse of a single operation for the additional operations.

In addition, as described above, the data-dependent execution time of asynchronous circuits cannot be measured made by a flexible adjustable control unit is provided, which ensures that before and / or after the actual calculations performed random calculations to hide the real calculation time.

With reference to the embodiment of FIG. 2, it is pointed out that in addition to the three registers shown, a fourth can be provided, in which the random value can be provided when a DES calculation is initiated, which is used as the basis for the first DES round of DES , In addition, the exemplary embodiment shown in FIG. 2 could easily be transferred to the case that false rounds are only carried out before or only after the actual 16 DES rounds. In this case, either the input register 56 or the result register 58 may be missing. On the other hand, the above exemplary embodiment could easily be transferred to the case that false rounds are also interspersed between the individual rounds of the actual calculation. It is also not necessary to provide a register in this feedback path for the feedback of the preliminary result of a preliminary round to a subsequent round, regardless of whether it is a false round or two of the 16 DES rounds of the actual calculation. It is also pointed out that the counter value of the counter 72 in FIG. 2 does not have to be incremented during the known fixed number of 16 DES rounds of the actual DES calculation, provided that a separate counter is available for the 16 DES rounds.

Furthermore, it is finally pointed out that the description with reference to FIG. 1 can also be transferred to a corresponding device in which the blocks in FIG. 1 represent corresponding steps of a method. In general, the idea on which the present invention is based can be implemented in integrated circuits, chip cards, SIM cards or wired circuits. Implementation in combined hardware and software is also conceivable. Reference Signs List 10 circuit
12 Device for performing an algorithm
14 entrance
16 output
18 control device
50 DES circuit
52 circuit part
54 control unit
56 input registers
58 result register
60 DES module
62 multiplexers
64 multiplexers
66 additional registers
68 entrance
69 multiplexers
70 exit
72 counters

Claims (13)

1. Circuit for performing a calculation on useful input data in order to obtain useful output data with
means ( 12 , 52 ) for performing an algorithm with one or more algorithm steps; and
a control device ( 18 ; 54 ) for controlling the device ( 12 , 52 ) for performing such that it performs one or more algorithm steps before performing the algorithm with the useful input data in order to obtain the useful output data and / or after performing the algorithm performs. 2. Circuit according to claim 1, in which all algorithm steps are based on the same arithmetic operation, and in which the device ( 52 ) for performing has the following features:
a result register ( 58 );
an additional register ( 66 );
an arithmetic unit ( 60 ) for performing the arithmetic operation; and
a switchover unit ( 64 ) for connecting an output of the computing unit ( 60 ) to either the result register ( 58 ) or the additional register ( 66 ),
the control unit ( 54 ) being adapted to control the means for performing such that the output of the arithmetic unit ( 60 ) is connected to the result register ( 58 ) upon completion of the execution of the algorithm and that the output of the arithmetic unit ( 60 ) is connected to the additional register ( 66 ) during the execution of the one or more algorithm steps after the execution of the algorithm. 3. A circuit according to claim 1 or 2, wherein the means ( 52 ) for performing further comprises an input register ( 56 ) for storing the useful input data during the execution of the algorithm steps prior to the execution of the algorithm. 4. The circuit of claim 3, wherein the device ( 52 ) further comprises:
a random register for storing a random number; and
a further changeover unit ( 62 ) for connecting an input of the computing unit ( 60 ) to the input register ( 56 ) or the random register ( 66 ),
the control unit ( 54 ) being adapted in such a way that it controls the device ( 52 ) for carrying out such that when the algorithm steps start before the algorithm is carried out, the input of the computing unit ( 60 ) with the random register and at the start of the execution of the Algorithm of the input of the computing unit ( 60 ) is connected to the input register ( 56 ). 5. Circuit according to one of claims 1 to 4, wherein the control unit has a counter ( 72 ) for incrementing a counter value per performed algorithm step when performing the algorithm steps before and / or after the execution of the algorithm, the control unit ( 54 ) being adapted to abort the execution of the algorithm steps when the counter value has reached a predetermined comparison value. 6. The circuit of claim 5, wherein the counter ( 72 ) is adapted such that the counter value is gray-coded. 7. A circuit according to claim 5 or 6, wherein the counter ( 72 ) is adapted to increment in a synchronous case according to a clock which further starts the execution of each algorithm step, both before and / or after the execution of the actual algorithm as well as that of the algorithm, or is adapted in such a way that it increments in an asynchronous case as soon as an algorithm step in the execution of the algorithm steps or an algorithm step in the execution of the algorithm has ended. 8. A circuit according to any one of claims 5 or 6, further a device for initializing the counter value a random value before each calculation by the circuit having. 9. Circuit according to one of claims 1 to 4, wherein the control unit ( 54 ) has a device for detecting the past time for the execution of the algorithm steps before and / after the execution of the algorithm, wherein the control unit ( 54 ) is adapted to abort the execution of the algorithm steps when the detected time period has reached a predetermined time value. 10. Circuit according to one of claims 1 to 9, in which the device ( 52 ) for performing work is self-timed, and an execution time of the device ( 52 ) for performing depends on the useful input data. 11. Circuit according to one of claims 1 to 10, wherein the Algorithm steps Round a DES or AES algorithm or modular multiplications of an RSA or an ECC Algorithm. 12. Circuit according to one of claims 1 to 11, wherein the algorithm comprises a predetermined sequence of algorithm steps, and the control unit ( 54 ) is adapted such that the means ( 52 ) for performing when performing the algorithm steps before performing the algorithm and when performing the algorithm steps after performing the algorithm, performing the algorithm steps according to the predetermined sequence. 13. Method for performing a calculation on useful input data in order to obtain useful output data with
Performing an algorithm with one or more algorithm steps; and
Controlling the implementation in such a way that one or more algorithm steps are carried out before the algorithm is carried out with the user input data in order to obtain the useful output data and / or after the algorithm is carried out.