EA003874B1 - Method for making data processing resistant to extraction of data by analysis of unintended side-channel signals - Google Patents

Abstract

1. A method of processing data to reduce the risk of unauthorized access to the data, characterized by the following steps of: (a) inputting a first secret data set into a processor, including possible subsequent repetition of this step; (b) providing the processor with a source of unpredictable data; (c) providing the processor with a method for selecting mappings of initial data to mapped data by using unpredictable data (b), wherein mapped data allows or realize a calculation of initial data with knowledge of mapping selection, but doesn't allow any part of initial data without knowledge of mapping selection; (d) providing the processor with at least one algorithm for mapping the first secret data set to a mapped form; (e) initial mapping the first secret data set (a), for storage in a mapped form using mappings selected in step (c); (f) changing the data mapping applied to any data from a prior data mapping by use of a secondary mapping utilizing unpredictable information (b); (g) mapping incoming data for input to the modified algorithm implementation, using a mapping selected in (c); and (h) modifying an algorithm implementation to operate on mapped and other data selected from mapped data of steps (e), (f)m (g), or mapped output data of modified algorithm on step (h), so that output data is mapped data, from which it is possible to receive output data of initial algorithm, working on the data of initial input with knowledge of used selection of mapping, wherein modified original algorithm operating data is substituted, which includes mappings and/or searching tables, which are derivatives of selected mappings and any initial searching tables; (i) ) changing the data mapping applied to any data from a prior data mapping by use of a secondary mapping utilising unpredictable information. 2. A method data processing as claimed in claim 1, wherein the secret data set of step (a) is a cryptographic key. 3. A method data processing as claimed in claim 1, characterized in that a data mapping and/or a secondary data mapping are in the form of an algorithm with mapping selection data or parameters. 4. A method data processing as claimed in any one of the preceding claims, wherein the mapped data and/or the mappings are transmitted to a remote location. 5. A method data processing as claimed in any one of the preceding claims, wherein the mappings are performed by way of a set of mappings selected such that when the input operands are substituted by using such mappings, the original output may be recovered from the resulting output by using a mapping derived from the input mappings. 6. A method data processing as claimed in claim 5 wherein for any operand, the set of all input mappings may be determined from the output mapping. 7. A method data processing as claimed in any one of the preceding claims wherein an operation of the original algorithm is modulo-m addition described by x +y-+z (mod m) and the corresponding operation used in the modified algorithm is to remain the same the permitted mappings being described by xi [triple bond] aix+bi (mod m), yi [triple bond] aiy+ci (mod m), and zi-=aiz +bi + ci (mod m), in which mappings ai is any number that is mutually prime with m with proviso that ai is not 1. 8. A method of data processing as claimed in any one of claims 1 to 12, wherein an operation of the original algorithm corresponds to modulo-m multiplication described by xy [triple bond] z (mod m) and the corresponding operation used in the modified cipher is that code to remain the same and wherein permitted mappings are described by xi [triple bond] bix<AI> (mod m), yi [triple bond] ciy<AI> (mod m), and zi [triple bond] bicjz<AI> (mod m) in which mappings ai is any number mutually prime with0 (m) which is Euler's Totient function of m, and bi and ci are any numbers mutually prime with m. 9. A method of data processing as claimed in any one of the preceding claims 1-6 wherein algorithm operation corresponds to addition of two vectors of n components over the field Z2. 10. A method of data processing as claimed in any one of the preceding claims, wherein the algorithm includes the use of unary operators. 11. A method of data processing as claimed in any one of the preceding claims including data hiding through varying of mapping of some or all data being processed onto a mapped form for computation and/or storage. 12. A computer system for processing data to reduce the risk or ease of unauthorized access to the data, characterized in that: (a) a processor is provided by means for (i) use of modified algorithm to input data, using mapped cryptographic key, in order to generate output data, where the modified algorithm of calculating of first data is changed by mapped data, and which includes mappings and/or of a lookup-tables, which are derivatives of selected mappings and any initial lookup mappings, and; (ii) modifying of data mapping of mapped cryptographic key from preceding data mapping by using the secondary mapping. (b) storing of information to save a cryptographic key in mapped form.

Description

This invention relates to data protection, in particular this invention relates to reducing the risk of unauthorized access to data.

BACKGROUND Attacks on Secret Data Through Side I / O Channels

Cryptographic systems are traditionally depicted with a cipher (encoding or decoding) in the form of a metaphorical black box in which the input data (plaintext or encrypted text) is internally processed using a secret code, and the only information leaving the black box is the predefined output data.

Recently it was shown (for example, in the works of P. Kocher, J. Jaffe and B. June, Differential analysis of the degree. Abuapsek Сη Sgur1o1odu - Rtoseyeshdk o £ Stur1o '99, Beszgge ΝοΚδ ίη Sotrietet 8s1epse, Uo1. 1666, 8gaddy. that side I / O channel information such as unintentionally caused electromagnetic radiation or power fluctuations emanating from a device can be easily and efficiently used in an attack whose purpose is to monitor the information being processed. This leads to the fact that obtaining a secret code becomes much easier than the traditional cryptanalysis model suggests, since direct observation of internal processing, albeit with interference, becomes available to the attacker.

Where the encryption operation uses the key repeatedly, the attacker can generally receive it by monitoring and analyzing collateral information for several operations, without resorting to traditional cryptanalysis methods. The minimum number of repeated actions that must be observed in order to find out the meaning of the code (or any reused internal data) usually changes in inverse relation to the ratio of signal power (which the attacker is trying to observe) to noise power (signal-to-noise ratio). For example, where a hardware modification reduces this ratio by a factor of 100 (i.e., by 20 bV), in order to extract the key, the attacker will most likely have to observe a lot of actions, about 100 times more.

There are practical and economic limits to reducing the signal-to-noise ratio of the side I / O channel, which is done using, for example, shielding and adding noise. Where a reliable processor (such as a crystal microchip) remains in the hands of a potential attacker, it can easily stimulate the processor to re-enter input data by carefully observing the side channel of the input / output. Cards with a microcircuit include, for example, boards of a special paid cable channel and bank cards. Having spent quite a bit of time and money, an attacker may be able to extract the information he is interested in using the statistical methods here called ERA (Differential Degree Analysis). This designation appeared due to the most popular I / O channels for monitoring cards with a microcircuit, being an observation of the power fluctuations issued by the device. The ERA technique can be applied alternately to masked reception and to the analysis of radio frequency signals emitted by a computer that performs data manipulation.

Using simple development of cards with a microchip, analysis of differences in the average of groups of several similar waveforms can lead to the extraction of secret data. This is an example of a first level ERA attack. It has been shown that currently available commercial cards with a microchip, almost without exception, are vulnerable to such an attack, having the resources available to the most determined individuals. Using the appropriate algorithmic design and adding randomness, it is possible to keep data secret during a first-level attack or even with a higher order ERA attack.

The order of an ERA attack can be defined as the minimum number of intermediate variables from which any of the data subjected to attack can be obtained, with each of these intermediate variables obtained from observations using an averaging process in a large number of observations. A more intuitive (but less accurate) definition may be such that it is the number of internal digital states from which direct (if interfered) observations of the side I / O channel must be made in order to obtain any information desired by the attacker.

With more complicated data processing (the so-called higher order ERA attack) and a large number of observations, in principle, it will remain possible to determine with some degree of certainty any secret data being processed, although the required number of observations can be prohibitive.

The purpose of the methods of the invention presented here is to reduce the amount of useful information that an attacker can receive from an I / O side signal and to increase the minimum complexity and difficulty of a successful attack. Methods include defense against attacks of the first and higher order.

The purpose of developments in security devices regarding secret data in general should be to keep the amount of leaky information about secret data below the acceptable limits during the life of the secret. This can be achieved through cryptographic mechanisms for creating the process of combining small amounts of leaky information into an integer used that is difficult to process computationally. This can also be achieved by limiting the speed of information leakage so that the cumulative leakage of secret during the life of the secret information (defined in the information-theoretical sense) was acceptably low, which is the purpose of this invention.

Math basics

A dataset (e.g., bits), which is here called the original dataset, can be mapped onto another dataset so that the original dataset remains completely unknown to the observer, although the displayed dataset is known to the observer. The original data can be restored from the displayed data when the selection of the display is known. In order to keep data secret, the selection of the display should not be known to the observer and the display should be randomly selected for each new data set so that each possible initial data set is displayed for each possible displayed representation with equal probability. This principle is used by the present invention.

Operators (to combine one or more operands into a result) are used as building blocks in cipher design. Examples of such operators include a lookup table — a unary operator modular addition or subtraction, a bit for a bit exclusive OR machine-machine-wide, and p-modular multiplication (over a set of values from 1 to p-1, where p is the first number). The latter are all binary operators. The NEA cipher (developed by Huijia Lay and James Messei) is widely known, which uses three such binary operators, and the widely known ΌΕ8 cipher (Data Encryption Standard) uses lookup tables, a bit for the bit that excludes the OR operator and permutation of the digit.

In general, a separately and arbitrarily selected one-to-one mapping can be applied to each of the inputs and to the output of any operator. Then, an equivalent operator can be determined that generates the correct displayed output data values from the displayed input data values for each selected display. For any given operator, there may exist a set of such mappings, so that this equivalent operator will be identical to the original operator and will satisfy the necessary conditions for keeping information regarding the original data secret. The principle, including the restriction on the identical operator, is often called selectively blocking (blind), although the degree of the range of mappings possible for typical operators is rarely implemented.

For example, the mapping operation adding unit x + y = ζ (t tob) at ogranicheninii that the operator remains unchanged, allows family exist mappings from (x, y, ζ) to (x ;, _y;, ζ _1), where x ₁ ^ a ₁ x + b ₁ (tobt), y, ^ a, y + c, (tobt) and ζ, Ξα, ζ + Ε + ο, (tobt), where a! is any number that is coprime with m, and b and c ₁ are any numbers. If m is a power of 2 (that is, of the form m = 2 ⁿ ), then there are m / 2 possible values for a ₁ and m possible values for each of b and c ₁ . Many bit operations (such as addition, multiplication, and exponentiation) will exhibit similar properties.

The bit-by-bit operation is an exclusive OR word wide (which we consider here as the addition of two vectors and components over a field Ζ ₂ , addition and multiplication are equivalent to binary operations exclusive of OR and AND, respectively, and we use lower case to indicate the vector and the upper register to specify the matrix) x + y = ζ has a larger selection of data mappings than a modulo 2 ^n, under the constraint that the operator should remain unchanged. They have the forms x1 = A1x + b1, y1 = A1y + c1 and ζι = Α; ζ + 1> ί + θί. And, it can be any of 0 ^{<2 21} matrices - with inversion - and b1 and c ₁ can each have any of 2 values, giving “explicit mappings for each value (if you do not pay attention to the restrictions implied by the joint matrix A ₁ ). If n = 8 bits, then there are approximately 2 ^70.2 such mappings.

The size of the series of mappings available for the exclusive OR operation can significantly reduce the applicability of the I / O side signal and thus may compromise some of the requirements for classified information. Such a compromise (for example, reusing the selection of mappings) can be useful in reducing the complexity of the final development of the algorithm, while maintaining the amount of information flowing to the attacker at an acceptably low level.

Multiple mappings can be applied sequentially to the same data in order to create a composite object mapping - for example, x = A (x), x ₁ _1 = Y, (x ₁ ). Although this is equivalent to a single mapping x _k = / _k (x), where _k = φ ° Y1, but if placed correctly, the attacker should receive information about multiple independent data sets (the three in the example are x _k , / ₁ and before obtaining any information about the initial data, which increases the attack order ΌΡΆ (usually equal to the number of independent data sets) and the number of observations required (usually as the degree of the number of independent data sets) needed before extracting useful information from the observations.

Unary operators (such as lookup tables or bit permutations) also find applications in ciphers. Mappings that allow the operator to remain unchanged are limited only when data loss occurs in the operation (i.e., as many as one), but may become more sensitive for changing the operator in these cases, for example, using a display-dependent lookup table .

The international publication XVO 99/67919 of Kocher, Jaffe and Juna offers methods and devices for an improved ΌΕ8 cryptographic protocol against external surveillance attacks by reducing the amount (and signal-to-noise ratio) of useful information that leaks during processing. The improved ΌΕδ coding in the invention instead uses two 56-bit codes (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each of which is associated with a permutation (i.e., Κ1Ρ, Κ2Ρ and M1P, M2P ) such that Κ1Ρ {Κ1} KHOK K2P {K2} is equal to the standard K8 code K and M1P {M1} KHOK M2P {M2} is equal to the standard message. When the device is in operation, it is preferable that the tables are periodically updated by introducing fresh entropy into the tables faster than information leaks out, so that attackers are not able to obtain the contents of the table using measurement analysis. The technique can be implemented in cryptographic cards with a microcircuit (smart cards), faking security chips and making processing systems of all kinds safe. If selective blocking is used, the relationship between the number of observations necessary to extract useful information through the side I / O channels and the degree of 8ΝΚ of this channel is inversely proportional to the observations, but there is no evidence of understanding of this principle in this application. In the case of selective blocking, as in this sentence (with or without permutation), it should be expected that the number of required observations will vary inversely with the square of degree 8ΝΚ (i.e., the fourth degree of magnitude 8ΝΚ).

SUMMARY OF THE INVENTION

The methodology of the invention provides a practical and effective modification of cryptographic and other processes, while such a modification is based on data privacy through a variable display of all secret and intermediate data for calculation and storage. Examples of such data are cryptographic codes, stored and reported data.

Where the displayed data or the selected display (or all displays of the composite object where it is used) is unknown, no information regarding the secret data can be determined. This technique has the potential to significantly reduce the leakage of the amount of available information regarding the initial data through the side I / O channel, provided that the observed leakage of the side I / O channel is sufficiently low.

Secret data, most often cryptographic codes, is never needed in its original form (without application display), except for its use in the initial display, and is randomly re-displayed on a viewing basis to avoid data repetition, which would facilitate an ΌΡΆ-attack.

An example of when this technique will be of great importance are cards with microcircuits, where ΌΡΆ in some cases it can enable an unauthorized party to use the data for several minutes, exclusively through the analysis of missing signals of side I / O. Another potential use is to compute and store data in computing devices where electromagnetic radiation can compromise data privacy.

Thus, in order to benefit from the invention, a data processing method is proposed here in order to reduce the risk of unauthorized access to data, for example, through ΌΡΆ, this method includes the following steps:

the development of algorithms, in particular, but not exclusively, ciphers, to maximize the benefits of this technique;

expanding the well-known method of selectively blocking data to a larger set of mappings;

modifying the execution of the algorithm to work on the displayed data;

initial display of data, especially cryptographic codes, for storage;

changing the display from each previous display using the secondary display;

display of input data for input to a mutable solution of the algorithm; and displaying the output from the modified algorithm for future use.

The method may include both the storage of secret data and the selection of displaying data on a secret.

The data mapping and the secondary data mapping may be in the form of a lookup table, an algorithm with display data - selection, or the like.

Methods may include composite (cascading), but separately applied mappings in order to reduce the amount of information that can be obtained from a given number of observations by an attacker and increase the lowest order of a successful attack ΌΡΆ.

The displayed data and display selection can be transmitted to a remote location.

Description of drawings

The invention can be better understood by using the following explanations, unlimited examples and accompanying drawings.

FIG. 1 schematically depicts a prototype cryptographic operation;

FIG. 2 - side leakage of information on input-output channels in the operation of FIG. one;

FIG. 3 - replacement of a two-input operation with an equivalent with the displayed data;

FIG. 4 - combining sequential mappings;

FIG. 5 - replacement of the cipher with its modified equivalent;

FIG. 6 - initial display of the code for storage;

FIG. 7 - iterative mapping of the code;

FIG. 8 is a simplified cipher illustrating the display process; and FIG. 9 shows some features of Example 3: creating a ΌΕδ-cipher resistant to attacks ΌΡΆ of both the 1st and 2nd orders.

In FIG. The 1 digit of reference 10 as a whole denotes a traditional black box of cryptographic operation. In operation 10, input 12 is converted using code 14 to output 16.

In FIG. 2, the reference numeral 20 generally indicates a traditional cryptographic operation, such as that shown in FIG. 1, further indicating a leak through the side channel of the input / output. Operation 20 includes data input 22, code conversion 24 to output 26, and signal leak 28.

In FIG. The 3 digit of reference 30 as a whole indicates the process of replacing an operation with two inputs with an equivalent with selectively blocked data. In operation 30, the standard two-input operation is presented with inputs 32 and 34, which operate through operator 31 to produce output 36. The selective data blocking operation again uses inputs 32 and 34, which are then displayed by displays 35 and 37 before using operator 33. The combined output is then displayed with an output displaying 39 to provide the displayed output 36.

In FIG. 4, the reference numeral 40 generally indicates the process of combining successive mappings of FIG. 3 of cascading actions. Operators 41 and 47 correspond to two separate cases of operation 33 of FIG. 3. The mapping 43 corresponds to the output mapping 39 with respect to the operator 41, and the mapping 45 corresponds to the input mapping (of type 35 or 37) with respect to the operator 47. The mapping 49 (C, a) is the only composite display object obtained from 43 and 45, which is not generates no data correlated to the original data even as intermediate values.

In FIG. 5, the reference numeral 50 generally means replacing the cipher with its modified equivalent (as an intermediate step in obtaining the final embodiment of the invention). It can be seen that in the unmodified cryptographic operation, the input data 52 acts through the encryption operation 53 when using the code 51, transmitting the output data 54. In the modified equivalent, the input data 52 is converted by transforming 56 into a mapped form before acting through a modified cipher 57 when using code in the displayed form, transmitting the displayed output from which the original output 54 can be obtained using conversion 58.

In FIG. 6, the reference numeral 60 generally indicates the process of creating unpredictable display selection. The initial code 62 is displayed 63 according to the selection carried out 60 and stored 64. The selection of the display is saved 68 for use with the displayed code.

In FIG. 7, the reference numeral 70 indicates a process for creating an unpredictable secondary display selection. The pre-mapped code 72 is then mapped 73 using the selected secondary display display and stored 74, usually replacing 72. The pre-stored display selection 76 has been processed with knowledge of the secondary display selection to produce a display selection applicable to 74, and this is saved 78, usually replacing 76 .

In FIG. The 8 digit of reference 80 as a whole indicates the process of replacing the algorithm with an algorithm that works on the displayed data.

The cipher 83 operates on the input text 81 and the cipher 82 to produce a block of the output text 84. When replacing, the input text 81 is displayed as 85 when using one or more corresponding mappings. At random, the original code 82 is likewise displayed as 86 in order to give the displayed code 89. Alternatively, 89 can be obtained from the displayed output of the decryption operation. 86 further relates to a repeated display change with reference to code. The modified cipher 87 operates on the displayed data, and its displayed output randomly works on 88 through the display operation in order to produce the same output 84 as the unmodified cipher 83 would. Alternately, output 87 can be used directly with the display selection data in similarly modified algorithms in the equivalents of 85 and 86 in order to avoid the appearance of the original data form.

In FIG. 9, the reference numeral 90 generally indicates the process of replacing bit permutations with the manipulation of displayed data and display selection data for independently applicable mappings for each displayed information bit. Reference numeral 91 likewise indicates the replacement of duplication of the information category without introducing differentiation between the mappings, but with a warning that caution should be exercised with respect to the recombination of such data introducing an undesirable abolition of unpredictability. The reference numeral 92 represents the same replacement operation, except that unpredictable information 95 is introduced in order to avoid the warning mentioned for 91. The reference numeral 93 likewise indicates the replacement of an exclusive OR operation. Reference number 94 indicates the replacement of the lookup table ΌΕ8-8 of the function (having six input bits and four output bits) by a previously calculated lookup table using the displayed values. In the preliminary calculation, unpredictable data 96 and all possible input values 97 are combined with the original table in order to generate all the displayed I / O combinations 98 for writing to the displayed search table 99. This preliminary calculation can be performed for each use or for complex applications of the table according to design choice. This lookup table 99 is then used in connection with the adequately highlighted re-mapping actions (exclusive OR) to operate on the displayed data. No two bit vectors in the diagram can be used to reconstruct the original data. In order to obtain sufficient isolation, it may be necessary to introduce delays in the signal paths (as with the help of synchronous latches between actions exclusive OR).

Disclosure of the invention

Cipher design

Special care should be taken when choosing a cipher algorithm. Appropriate cipher development can lead to the next step (cipher modifications), adding very little processing to the cipher. When choosing a set of operations that are used in a cipher, it is important to minimize complexity and minimize data confidentiality before a possible attack using the I / O side channel. An understanding of the following aspects of the project is essential for development.

Repeated use of the mapping with different data sets within the algorithm will even more potentially weaken the attack, but where such attenuation is not too large (if resistance is required only to the first-level attack), this can lead to much less work in additional calculation. This should be borne in mind when developing the algorithm.

Cipher Modification

Fresh mapping selection can be used for each data value (including the output of each operation) on the entire cipher, otherwise the mapping may remain unchanged between the two operations. The latter is usually not possible when the two operations are not interconnected, but when possible, it is useful to keep complexity low. Care should be taken to ensure that the mapping associated with all intermediate computational values adheres to the necessary conditions for concealment of secrecy (for example, if two values that have the same applied mapping are combined through an exclusive OR operator, then the initial zero output will be always displayed with a value of zero).

Each operation is replaced by an operation that performs an equivalent operation with all displayed values, as shown in FIG. 3. The output representing 39 (/ _s ) is determined by the introductory mappings 35, 37 (/ _a and / _b ) and any changes before the main kernel operation. For example, if the input mappings are composed of separate, randomly selected values for each of the inputs of the add operation, then the display of the output will be composed of subtracting the sum of the random values from the output, assuming that the operations of the main addition remain identical.

The original values 32, 34 and 36 (a, b and c) still exist in FIG. 4, but not after the next step is applied. The operation performed on the displayed values will usually be selected as the operation applied earlier if it is impractical to search for an appropriate alternative (for example, for addition), but may differ if the replacement is reasonable (for example, for an arbitrary search table).

The next step is to combine successive mappings 43 and 45 (/ _s and / _a ) from cascading actions 41 and 47 into a single mapping 49 (DD, as shown in Fig. 4. This mapping should not, even as an intermediate calculation value, display the original data or any data related to the original data. This can generally be achieved when display 49 is constructed only from information that cannot be used to derive information about the original data from the displayed value. Existence is correlated For example, if these two mappings 43 and 45 are the addition of a module of individual random values, then mapping 49 will be the addition of the sum of these values from which no information can be deduced regarding the individual display selections. neighboring actions are connected, then this mapping can be simplified. Where the selections of successive mappings 43 and 45 are correlated (that is, the selection of one affects the selection of the other), the composite mapping may be somewhat simpler or It may even be identical to the operation (and therefore be omitted).

Where the cascade operators 41 and 47 are not interconnected, it may be necessary to perform a complex (complex) operation like performing a mapping 49 (/ _s d). If necessary, this can be implemented using a lookup table or other operation. If one of the neighboring actions is a lookup table, then the resulting cascading lookup tables can be combined into one lookup table. After this step, in addition to the input data, code data and output data, the data on all calculations preserve the secret with the help of mappings. These external mappings are processed separately in the following steps.

With careful selection of the design of the cipher and restrictions on the selection of mappings, the complexity of the variable cipher should not be much greater than the complexity of the original cipher, regardless of the selection of the display, manipulation and display external to the variable cipher 57. The calculation regarding the mapping used in each operation be minimized. The resulting mathematically equivalent cipher is shown in FIG. 5.

Initial storage of codes

In FIG. 5, the original code 51, input 52, and output 54 are still shown as existing without application mapping and can still be the target of an attack ΌΡΆ when they are accessed through an operation, especially for the mapping process. The cryptographic code should be stored only in the displayed form, where the selection of the display has a given randomness. In addition, information encoding display selection must be stored. This initial storage is necessary only when the initial or main codes are loaded (usually in a secure environment), and never for codes downloaded in encrypted messages (see cipher input mapping data). This can be expressed as initially storing the code k with the applied mapping k ₀ = / ₀ (k), as well as information identifying the selection of the mapping, / ₀ . The mapping family is usually selected relative to the operators used in the cipher in which the code is applied to avoid unnecessary repeated mappings.

Pre-used code mapping

Even saved by the applied (applied) mapping both in the “Initial storage of codes”, repeated accesses would allow to recover both secret data and display information through methods of the first level (for example, through the analyzed average exercise groups of the observed tracks). Therefore, before each use of cryptographic code, the old display should be replaced with a new, randomly selected display, subject to the restrictions imposed by the project. The original code value should not be calculated in this process even as a temporary variable. This leads to obtaining values in the form k ₁ = q ₁ (k _1-1 ]) and / 1 = e1 ° / 1 _-1 . In relation to the latter, this means the derivation of / ₁ such that / ι (η) = §ι (/ ι _-1 (η)) for any c. |. The values of the displayed data to ₁ and display selection / ₁ will replace the corresponding stored values to _1-1 and / _1-1 . These values will remain connected by the identity k1 = / 1 (k).

Display cipher input

Input data 52 (x in FIG. 5) is initially displayed using the display selected for these inputs. This is similar to the initial display of the code (according to the “Initial storage of codes”), but it can occur with all processed data, such as the received encrypted text that needs to be decrypted, or plain text that will be encrypted for transmission. If sensitive data (for example, codes) must be encrypted, then they should already be stored in the displayed form and have the performed display substitution where it is appropriate (as in the “Pre-used code display”).

Cipher Output Display

The output can be displayed to its original value where secrecy is not a decisive factor (for example, if encrypted text was created for transmission). If this data should remain secret (for example, transmitted cryptographic codes), then it and display selection information should be stored without being displayed back to its original form. Therefore, the initial display of the code mentioned above does not occur with the received and decrypted codes. This makes the code loading process resistant to ΌΡΆ.

Example 1. Creating an exclusive OR based on a ΌΡΆ-resistant cipher.

In this example, a simplified cipher is created entirely from modulo 2 addition that excludes OR from octets (vectors of eight bits each) and a single lookup table that produces an 8-bit output value for each 8-bit input value. Due to the simplified nature of the cipher, only a single data set can be reliably encrypted to use the code (as in the Vegpash cipher or one-time filling), but re-encryption of the same data provides first-level ΌΡΆ-resistance. The pre-used code mapping is not shown and is necessary for ΌΡΆ-resistance. However, this example is intended to clarify the design of the cipher for use within a strictly limited computing environment, such as a card with a chip. It uses a single lookup lookup.

Associated mappings are applied to each octet of data in this example, the form k _n , ₁ = A ₁ k _n + b ₁ , x _n , ₁ = A ₁ x _n + s ₁ and y _n , ₁ = A; y _n + th ₁ . The subscripts n and ί refer respectively to the selection of an octet within each data set and counting the use of the cipher. And ₁ is a randomly selected non-singular 8-by-8 bit matrix and each b, with ₁ and th, is a randomly selected octet.

In FIG. 8 these actions were combined in order to clarify an example. A typical cryptographic cipher (encryption or decryption) would use much more action, and the data sizes k, x and y would usually be at least 64 bits. Each arrow represents a stream of one octet. The chart shows equivalent data display operations. Both the initial and incremental code mappings (described in the “Pre-Used Code Mapping”) are shown in the code mapping.

The initially mapped code kn, o = A _o k _n + b0 and the mapping f _o = (A _o , b _o ) are preserved.

Preferably, before any use of the code, a new mapping is performed by selecting the new O ₁ and th ₁ . We replace k _{n> 1-1} by k _m _ _| = C _| to _m , _{| - |} + H _| , A _1-1 on A ₁ = O ₁ A _1-1 and b _1-1 on b ₁ = O ₁ b _1-1 + th ₁ .

Each lookup table is replaced by its equivalent of 5 ₁ for the operation on the displayed values, determined using 5 ₁ (/) = A ₁ k (A _1-1 (x + b ₁ + s ₁ )) + th ₁ . Map the input octets x _p using the associated mapping, x _p , ₁ = A ₁ x _p + s ₁ . Encrypt the displayed input using the original cipher, with the exception of the replaced lookup table. In addition to displaying the preliminary cipher of the replaced search table, the initial mapping and the final mapping, there are no calculations included in the cipher.

Ultimately, if the output of y should remain secret, as, for example, with the code, use y ₁ , A ₁ and th ₁ instead of y. If it should be displayed in its original state, then this can be expressed as yn = A ₁ -1y _{n> 1} + th ₁ .

An important observation that needs to be made is that, due to the large number (2 ^{? O} ' ² ) of possible mappings, the same mapping can be used for effective secrecy of more than one octet of data. This allows the modified cipher to remain simple. A simpler mapping cannot adequately store multiple bytes against ΌΡΛ. Simplification based on the reuse of the same display should be minimized and, where feasible, the mappings selected for the individual data sets should be independently selected.

Since the mapping (A _1, L ₁₎ and the data displayed ₁ st changed during each use, the processed data (including code) is not correlated with the original data. Only the function of several data bits and mappings are correlated with the original data. Each bit of the original data can be expressed as a function of 17 processed bits.

This example, applied to a cryptographically powerful cipher, can now be effectively used in circuit boards for integrated circuits, including those that use 8-bit processors and modest amounts of memory space.

Example 2. Creating a ΌΡΆ-resistant ΙΌΕΆ cipher.

This example illustrates the use of this concept in relation to the well-known cipher, which was developed without any attempt to create resistance to ΌΡΆ.

The cipher ΙΌΕΆ was deliberately composed of three mutually incompatible operators based on simple basic elements available on most universal computers - binary excluding or, summing and multiplying 16-bit values. To make this cipher resistant, due to incompatible operators, a lookup table is entered in each data path in order to display the displayed value from one operator to the next.

Each exclusive OR may have a mapping as in the above example, except that the vector size is increased to 16 bits. In the aforementioned context, each means that the random mapping is not limited to the same throughout the cipher and can be independently selected wherever the repeated mapping is performed.

The addition operator has less display freedom than the exclusive OR operator. The multiplication operator has the freedom of selecting a mapping similar to that of the addition operator. Mappings must be randomly selected from the appropriate set, code and data must be respectively mapped, lookup tables must be created, and the cipher must be executed.

The service data here is a series of search tables 65536 of 16-bit words each, storage of information identifying the mappings in relation to the code, and service processing data that contain about 2 times more search tables than the operations performed.

In a typical modern personal computer, these resources are easily accessible. As this example shows, many existing applications can easily be saved against most ΌΡΆ attacks using this technique. Using ΌΡΆ, secretly catching electromagnetic radiation from a computer performing a cryptographic process, quickly becomes impractical when using this approach.

It should be borne in mind that if it is necessary to process a large amount of data, then in this process the data display should be updated at certain intervals.

Example 3. Creating a ΌΡΆ-resistant ΌΕδ-cipher.

The data encryption standard (ΌΕ8) is widely used, and although its 56-bit code length makes it vulnerable to brute force attacks, it is still widely used. It is also used in more secure variants such as the Triple Data Encryption Algorithm ((ΤΌΕΆ), commonly known as the Triple-ΌΕδ) and ΌΕ8Χ (cipher derived from ΌΕ8). Thus, consideration of the application of this invention to ΌΕ8 is appropriate.

ΌΕ8 was not designed with ΌΡΆ in mind. As often happens, measures that were designed to increase cryptographic power have reduced the compatibility of mappings, which can be used sparingly for sequential actions. Three important operations are used in ΌΕ8 - modulo 2 addition excluding OR, an extension (very similar to permutation, except that some or all of the input bits are duplicated), and eight 6-by-4-bit lookup tables (called 8 or selection functions ) Shifts, bitwise permutations (reordering), and register rotation are not addressed in this discussion, since the display selections applied to each bit are simply traced (assuming that the signals are kept isolated) without having to process them as separate operations with the selected display strategy. Replacing unmodified bit displacements with variable bit displacements, including display selection tracking, is shown in 90.

Although specific permutations, extensions, and exclusive OR operators allow for a large set of mappings on data (including code), any mapping involving several bits should essentially be re-mapped in order to allow only six bits to be used at a time input to each function 8. It would be unacceptable to consider all eight 8-functions together as the only object for this purpose. For simplicity of this example, mappings involving more than one bit will not be considered here. This does not imply that a more complex display with a re-display after almost every operation is necessarily complex (complex).

The mapping to be considered here includes a separate selection for each bit processed in the algorithm. To reduce the need for new random data, a compromise solution can be used that allows the selections to be correlated, although special attention is required here to ensure that the order of ΌΡΆ-resistance is not reduced below the desired order. The implementation of this compromise will not be included in the example.

Suppose for this example that we want to get an IRA resistance of 2 orders. To achieve this, we will use the principle that the number of independent digital values needed before being able to reconstruct any information about the original data should be one higher, that is 3. Due to the fact that digital signals interact in several unexpected ways , signals cannot be considered independent if they are not properly isolated.

Signal isolation in a universal processor is often much smaller than the technical description implies. For example, loading a value into an adder type register can lead to hidden actions, such as determining if the value is null. Erasing data from a circuit, followed by a time interval, before loading additional data will usually provide sufficient isolation, even if subtle interactions occur (such as data-dependent heating or ion migration). The interaction between data values in KAM words that are not directly accessible can still be felt during other accesses due to the implementation of the addressing logic. Here we assume execution in hardware with data storage registers with corresponding properties. The first of these properties is that as soon as the data has been erased from the circuit and the corresponding interval has passed (for example, one clock cycle), there will be no interaction with subsequent data on this circuit. The second property is that the interaction between the data in the individual circuits is insignificant, although the more conservative form of this property is that the interaction between the data in the individual circuits is appropriately isolated, provided that no signal-related movements of the signal occur simultaneously in both circuits. It should be noted that various information bits processed simultaneously cannot generally be considered isolated and, therefore, should not be treated as independent.

We assume that all input data for the algorithm is provided in a mapped form (one bit of the mapped data is represented as one bit), with two independently applied mappings for each bit, and each mapping has a single independent unpredictable bit of display of the selection information. Each display is selected from a set of two. The first display of the set leaves the information bit unchanged, and the second mutually changes two possible values. It will be seen that there were three bits associated with the original bit, combined using an exclusive OR operation, resulting in the original bit. Omitting any one bit of these three will ensure the secrecy of the initial data (assuming that each selection of the mapping is unpredictable, each case is equally probable and no form of correlation exists between the selections).

When modifying the IE8 cipher, any displayed bit is passed through any permutation, as before, tracing the associated display bits (90). The same holds for extensions, except where bit duplication occurs (including where all bits are duplicated), the resulting duplicates should be made independent, unless further analysis indicates that this is not necessary (in this case modification, as in 91). Using two independently selected mappings (two new bits of random data are needed), then composite mappings with previous mappings can then be obtained. The incoming mapped data can have two pairs of mappings applied (using an exclusive exclusive operation OR) to redisplay the data for each duplicate, plus a composite object, display mappings displayed for each of the two display mappings for each duplicate. This includes four new unpredictable selection bits, of which one associated with each input mapping can be omitted without loss of security (as in 92). These two duplicates are not correlated with each other and can be used together in further actions without fear of a consistent combination introducing instability to the IRA. The exclusive OR actions in the IE8 cipher with this mapping remain the same, with composite mappings displayed for the first and second mappings for each bit. This definition can be traced in hardware - when an exclusive OR of two displayed information bits is found, each selection bit is combined with the corresponding selection bit of another data display using the same operation (93). The resulting three bits are then processed as a masked information bit and two application mappings. Screenings can be made in a correlated manner from time to time without reducing the lowest order of viable IRA attack, with such an effect that additional computational complexity and unpredictable data requirements can be reduced.

It should be noted in the above that some of the simplifications proposed in the description of the invention have already been applied in this example. In particular, the mapping of the output of the previous operation is made the same as that applied to the inputs of the exclusive-OR operation, simplifying the repeated mapping to the identity operations (thus allowing lowering). With the data extension (92), only sufficient additional unpredictability (95) has been added in order to ensure that no sequential actions can reduce the BRA-resistance. Sequential simplification may be possible based on a deliberate correlation of the display of selections.

8-functions are the only areas (within the cipher) remaining addressed in this example. According to the nature of the mappings so far selected, for the purposes of this example, we will restrict the choice of mappings to mappings on individual bits. There are a number of approaches that can be taken when introducing simplifications. The approach adopted here is to re-display the input according to the new mappings selected for the functional inputs (lookup table) (thus allowing more than one use of the table), and combining the display of inputs is unpredictable with those of the lookup output. The re-mapping approach is used here when modifying the search table of the 8-function (94), but it should be borne in mind that the output bits of the 8-functions should not be associated with those of the inputs. We select two mappings unpredictably and independently of all other mappings for each bit (96) of the input and output of the 8-function, and before use, the replacement inputs for the 8-function table (99) (98) are written for each possible input (generated in this example conversion device 97). The mapped inputs are then re-mapped, the written 8-function mapped table is applied and the selected output mappings are distributed in conjunction with the input mappings for added unpredictability, although simplification can be made. The 8-function lookup table is stored in hardware registers (collectively, it will be 2048 bits of the register to implement eight 8-functions) or KAM. Values stored in this memory must be pre-calculated from the corresponding mappings in such a way as to preserve the desired resistance to attack of the second-order ARB. Each resulting mapped input value is used to address the register file and the mapped value is stored in the selected four register bits.

The introduction of random bits (as with 95 in modification 92) for data expansion is usually expensive. In this example (under the assumption that the mapping of the output of the 8-function is unrelated), one can do as in each case when duplicates are inputs to actions exclusive OR with uncorrelated data (93). Thanks to multiple code-bit duplication, a new mapping of the output of the 8-function is required in order to guarantee this non-correlation. It should also be noted that each bit of code is used on average almost 14 times.

Calculating a fresh set of function table 8 for each BE8 cycle (there are 16 cycles for each cipher application), including getting two unpredictable bits for each output bit (of which there are 32 for each cycle), can be extremely expensive. In hardware, it may be possible to recalculate the 8-function table on each cipher cycle. Because of this cost, the usual implementation is to reuse these lookup tables without changing more than one lookup table, and perhaps even for more than one initiation of the cipher algorithm. This violates the previous assumption about non-correlation of output bitmap mappings in different cycles, and care should be taken to determine where this will reduce the lowest order of a viable ARB attack. In addition, the strength of the I / O side signal correlated to internal discharges increases with the amount of use, and this should be taken into account in determining whether the leak signal is small enough. In some cases, it may be necessary to maintain an unpredictable redisplay, especially a bit of code (which is used several times). Another limitation resulting from this simplification is that the bit input mapping of an 8-function must be the same for each use before replacing the contents of the lookup table. More than limiting the mapping applied to individual data bits (including code), the mapping applied to the data should be replaced by a pair of mappings applicable to inputs to an 8-function. This must be done in two steps (using two separate actions exclusive OR, each using a composite object of two mappings (one applicable to the 8-function, one to the data).

The added complexity of second-order resistance, in addition to mappings applied to data that are external to the modified main cipher, is approximately tripling the number of actions excluding OR and replacing fixed 8-functions with mutually displayed inputs and outputs of 8-functions, including the use of unpredictable data. Externally, the data that you need to work with should not be replaced by the displayed value and display selection data and codes should be initially displayed and subsequently displayed and stored incrementally, including additional displayed data. In the example, the storage requirements for the displayed data and the display selection data are three times the requirements for the original data. The output, where there is code for use in ΌΕ8, must be saved in this form for future use, except that the correlation of the output mappings between the output bits, due to the relatively static mappings of the 8-function, must be removed using the output incrementing mapping data using fresh display selection.

It is worth noting that while the 8-function is not considered, the difference between using a selectively blocked data value and displaying selection data and multiple shared resources - equivalent data that must be combined using an algorithm to determine the initial data - is not obvious. In particular, the actions performed on the display selection data up to this point are similar to those performed on the displayed data. However, for 8 functions (and any functions not related to or more complex than the mapping operation), it will be seen that the actions applied to the mapping selection data relate to the mapping selection and only indirectly the actions of the algorithm. In the mapping of input and output of 8-functions, the manipulation of display selection data was completely different from adding similar actions on shared resources obtained from the original data.

Benefits

The method increases the order of attack ΌΡΆ (essentially, the number of moments in the observed signal that must be combined in order to extract any initial data). This makes the required attack more complicated and difficult.

As an extension of the previously existing concept of selective blocking to all (or at least most) possible mappings that allow the main operation to remain unchanged, the attacker's task becomes more difficult. Where, for reasons of economy, the selection of the mapping used on one data set is related to the selection of the mapping for another data set, a larger number of possible mappings could make such a simplification acceptable without leading to excessive data leakage.

In addition, the number of observations required to extract the initial data from the side interference channel can increase significantly more than is achievable through hardware shielding, provided that the hardware shielding is good enough. This increase may result in even high order attacks ΌΡΆ being ineffective.

And further, data storage and processing requirements have not grown as much as in some related schemes. An example of such a scheme can be a representation of each information bit as a pair of bits, the first value selected randomly and the second being the original bit when the first bit is zero, and its Boolean inversion when it is one (binary exclusive OR).

Moreover, a system containing a cryptographic component may remain unaffected (for example, protocols may remain unchanged), although the choice of cipher can be optimized in order to facilitate the use of this technique.

In addition, this technique can be applied to symmetric (the presence of a single, shared code) and asymmetric (the presence of separate, but interconnected open and secret codes) ciphers.

In addition, this technique can be used together with other methods to increase resistance to ΌΡΆ, thus sequentially changing the code using a complex function in a coordinated manner, both during encryption and decryption.

Claims (12)

1. A method of processing data to reduce the risk of unauthorized access to data, characterized by the following steps: (a) entering an initial secret data set into the processor, including the possible subsequent repetition of this step; (b) providing the processor with a source of unpredictable data; (c) providing the processor with a method of selecting mappings from the original data to the mapped data using unpredictable data (b), in which the mapped data allows the calculation of the original data with knowledge of the displayed selection, but does not allow any part of the original data to be calculated without knowledge of the displayed selection; (b) providing the processor with at least one algorithm for displaying the initial secret data set in the displayed form; (e) initially displaying the initial secret data set (a) for storage in the displayed form when using the mappings, as selected in (c); (ί) a change in the display of data with respect to any data from a previous display of data using a secondary display using unpredictable information (b); (e) mapping input data for input into a modified implementation algorithm using mappings as selected in (c); and (11) changing the implementation algorithm to control the displayed data selected from the displayed data in step (e), step (ί), step (e), or the displayed output of the modified algorithm in step (1) so that the output is mapped data from which it is possible to obtain the output of the original algorithm working on primary input data with knowledge of the used display selections, in which the modified original algorithm execution data is replaced by the mapped data and which include read mappings and / or search tables that are derived from the selected mappings and any initial search tables; (ί) when the initial output is required, the inverse of the mapping is applicable to the output from the modified algorithm to output the original output. 2. The data processing method according to claim 1, characterized in that the set of secret data of step (a) is a cryptographic code. 3. A method of processing data according to any one of the preceding paragraphs, characterized in that the data display and / or secondary data display are in the form of an algorithm with the data of the selected display or with parameters. 4. A method of processing data according to any one of the preceding paragraphs, characterized in that the displayed data is transmitted to a remote location. 5. A method of processing data according to any one of the preceding paragraphs, characterized in that the mappings are performed by means of a mappings selected from a set of mappings so that when the input operands are replaced using the selected mappings, the initial output can be derived from the resulting output using the mapping obtained from the input mappings. 6. The data processing method according to claim 5, characterized in that for any operand the set of all input mappings can be determined from the output mapping. 7. A method of processing data according to any one of the preceding paragraphs, characterized in that the operation of the original algorithm is addition modulo m, described as x + y = / (tob), and the corresponding operation used in the modified algorithm should remain the same , while the allowed mappings are described by x, = a, x + b _| (tobt), y ^ y + c, (tobt), and ζ, Ξΐι, ζ + ^ + μ (tobt), in which the mapping a ₁ is any number that is coprime with m, provided that a _{1 is} not equal to 1. 8. A method of processing data according to any one of the preceding paragraphs, characterized in that the operation of the original algorithm corresponds to a multiplication modulo m described by xy = ζ (tob), and the corresponding operation used in the modified code is to keep the code such in the same way, and where the allowed mappings are described by x ₁ = b ₁ x ^a1 (tob), y ^ su ”(tob) and ζ ^ βζ” (tob), in which a ₁ -mapping is any number coprime with φ (τ), which is the Euler t-function, and b ₁ and c ₁ are any numbers coprime to t 9. The method of processing data according to any one of the preceding paragraphs. 1-6, characterized in that the operation of the algorithm corresponds to the addition of two vectors of η components in the field Ζ ₂ . 10. A method of processing data according to any one of the preceding paragraphs, characterized in that the algorithm includes the use of unary operators. 11. A method of processing data according to any one of the preceding paragraphs, characterized in that the data is hidden by changing the display of some or all of the processed data through the displayed form for calculation and / or storage. 12. A computer system for processing data to reduce the risk of unauthorized access to data, characterized in that the processor is provided with means for (ί) applying the modified algorithm to the input data using the displayed cryptographic code to generate output data in which the modified algorithm for calculating the initial data replaced by displayed data, which includes mappings and / or lookup tables that are derived from selected mappings and any initial search ABLE, and (d) changes the display data displayed cryptographic code on the preceding display data by using the secondary display, and (iii) storing information for storing the cryptographic code mapped form.