EP1044534A1 - Verschlüsselungsverfahren zum ausführen von kryptographischen operationen - Google Patents

Verschlüsselungsverfahren zum ausführen von kryptographischen operationen

Info

Publication number
EP1044534A1
EP1044534A1 EP99948821A EP99948821A EP1044534A1 EP 1044534 A1 EP1044534 A1 EP 1044534A1 EP 99948821 A EP99948821 A EP 99948821A EP 99948821 A EP99948821 A EP 99948821A EP 1044534 A1 EP1044534 A1 EP 1044534A1
Authority
EP
European Patent Office
Prior art keywords
memory cell
bit word
data
written
random numbers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99948821A
Other languages
German (de)
English (en)
French (fr)
Inventor
Stefan Philipp
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Philips Intellectual Property and Standards GmbH
Koninklijke Philips NV
Original Assignee
Philips Intellectual Property and Standards GmbH
Philips Corporate Intellectual Property GmbH
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from DE19936890A external-priority patent/DE19936890A1/de
Application filed by Philips Intellectual Property and Standards GmbH, Philips Corporate Intellectual Property GmbH, Koninklijke Philips Electronics NV filed Critical Philips Intellectual Property and Standards GmbH
Publication of EP1044534A1 publication Critical patent/EP1044534A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2123Dummy operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Definitions

  • the invention relates to an encryption method, wherein at least one partial cryptographic operation is carried out digitally as data stored as at least one data bit word in a memory cell or a register, according to the preamble of claim 1.
  • cryptographic operations serve to protect the operation of these devices or to protect data carried in the device.
  • the calculation operations required for this are carried out both by standard arithmetic units and by dedicated crypto arithmetic units.
  • a typical example of the latter are chip cards or IC cards.
  • the data or intermediate results used in this context are usually security-relevant information, such as cryptographic keys or operands.
  • CMOS complementary metal-oxide-semiconductor
  • This type of cryptanalysis is also referred to as "differential power analysis", by means of which an outsider can successfully carry out a possibly unauthorized cryptanalysis of the cryptographic operations, algorithms, operands or data by simply observing changes in the power consumption of the data processing device.
  • a memory card with microcircuit and at least one memory known from EP 0 482 975 B1 which is connected to a data processing element, the data processing element being controlled by a data signal from outside the card and emitting an end-of-command signal in response to this data signal, which is delayed by a predetermined duration (T) with respect to the reception of the data signal, the duration (T) is chosen to be variable in time to increase the protection.
  • T duration
  • Data bit word in a memory cell in which a data bit word is stored which is generated based on random numbers.
  • the current consumption changes only as a function of a difference in the Hamming weight of the written data from the unknown random number, so that this difference and thus the change in current consumption are random and cannot be predetermined.
  • bit word based on random numbers is written into the memory cell by an arithmetic unit.
  • bit word based on random numbers is written into the latter via a direct connection between a random number source and the memory cell.
  • a temporal correlation between the writing of the random number into a memory cell and the cryptographic partial operation is avoided in that the bit word based on random numbers is stored in the memory cell at a time interval before the cryptographic partial operation.
  • a memory cell 10 or a register for writing or storing data Xj in the form of a data bit word is provided via a connection 11.
  • 12 random numbers are generated by a random number source and written into the memory cell 10 via a direct connection 14 or stored therein.
  • the memory cell 10 is assigned a random value r; initialized.
  • the random value T ⁇ can also be written via the connection 11 by an arithmetic logic unit which has previously received the random value from the random number source 12.
  • the time of this pre-initialization can be selected as desired and is preferably not carried out immediately before the cryptographic operation.
  • the memory area or register is expediently pre-initialized with changing random numbers. If the memory areas or registers thus pre-initialized are loaded with data x, in the course of a cryptographic operation, the current consumption changes only as a function of a difference in the Hamming weight of the operand x, and the Hamming weight of the unknown random number. Based on this random difference value, it is now not possible to derive information about the operands or intermediate results used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
EP99948821A 1998-09-30 1999-09-20 Verschlüsselungsverfahren zum ausführen von kryptographischen operationen Withdrawn EP1044534A1 (de)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
DE19845096 1998-09-30
DE19845096 1998-09-30
DE19936890A DE19936890A1 (de) 1998-09-30 1999-08-05 Verschlüsselungsverfahren zum Ausführen von kryptographischen Operationen
DE19936890 1999-08-05
PCT/EP1999/007019 WO2000019657A1 (de) 1998-09-30 1999-09-20 Verschlüsselungsverfahren zum ausführen von kryptographischen operationen

Publications (1)

Publication Number Publication Date
EP1044534A1 true EP1044534A1 (de) 2000-10-18

Family

ID=26049211

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99948821A Withdrawn EP1044534A1 (de) 1998-09-30 1999-09-20 Verschlüsselungsverfahren zum ausführen von kryptographischen operationen

Country Status (3)

Country Link
EP (1) EP1044534A1 (ja)
JP (1) JP2002526849A (ja)
WO (1) WO2000019657A1 (ja)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100042851A1 (en) * 2005-11-04 2010-02-18 Gemplus Method for Securely Handling Data During the Running of Cryptographic Algorithms on Embedded Systems
US20110022852A1 (en) * 2008-03-25 2011-01-27 Mitsubishi Electric Corporation Cryptographic computation apparatus, cryptographic computation program, and storage medium
FR2955436B1 (fr) * 2010-01-19 2012-11-23 St Microelectronics Rousset Procede et dispositif de contremesure pour proteger des donnees circulant dans un composant electronique

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4386234A (en) * 1977-12-05 1983-05-31 International Business Machines Corp. Cryptographic communication and file security using terminals
JPH01298829A (ja) * 1988-05-27 1989-12-01 Nec Corp データ変換器

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0019657A1 *

Also Published As

Publication number Publication date
WO2000019657A1 (de) 2000-04-06
JP2002526849A (ja) 2002-08-20

Similar Documents

Publication Publication Date Title
DE3811378C3 (de) Informationsaufzeichnungssystem
EP0281057B1 (de) Schaltungsanordnung zur Sicherung des Zugangs zu einem Datenverarbeitungssystem mit Hilfe einer Chipkarte
DE4339460C1 (de) Verfahren zur Authentifizierung eines Systemteils durch ein anderes Systemteil eines Informationsübertragungssystems nach dem Challenge-and Response-Prinzip
EP0030381B1 (de) Verfahren und Vorrichtung zur Erzeugung und späteren Kontrolle von gegen Nachahmung, Verfälschung und Missbrauch abgesicherten Dokumenten und Dokument zu dessen Durchführung
EP0932867B1 (de) Elektronische datenverarbeitungsschaltung
EP1115094A2 (de) Datenverarbeitungseinrichtung und Verfahren zu dessen Betrieb
DE2810168A1 (de) Verfahren zum sichern eines computerprogramms gegenueber entnahme bzw. wiedergabe durch einen benutzer sowie vorrichtung zur durchfuehrung des verfahrens
EP1044426B1 (de) Datenverarbeitungseinrichtung und verfahren zu deren spannungsversorgung
EP0981115A2 (de) Verfahren zur Ausführung eines Verschlüsselungsprogramms zur Verschlüsselung von Daten in einem mikroprozessorgestützten, tragbaren Datenträger
DE10319585A1 (de) Manipulationssicheres Datenverarbeitungssystem und zugehöriges Verfahren zur Manipulationsverhinderung
DE60036928T2 (de) Gegenmassnahmeverfahren in einem elektronischen baustein zur ausführung eines krypto-algorithmus mit geheimschlüssel
EP1272984B1 (de) Tragbarer datenträger mit schutz vor seitenkanalattacken
DE3318083A1 (de) Schaltungsanordnung mit einem speicher und einer zugriffskontrolleinheit
EP1044534A1 (de) Verschlüsselungsverfahren zum ausführen von kryptographischen operationen
DE102006035610A1 (de) Speicherzugriffssteuerung und Verfahren zur Speicherzugriffssteuerung
DE19936890A1 (de) Verschlüsselungsverfahren zum Ausführen von kryptographischen Operationen
EP0724343A2 (de) Vorrichtung zum Nachweis einer Manipulation an übertragenen Daten
DE69934707T2 (de) Gegenmassnahmenvorrichtung in einem elektronischen bauteil um einen krypto-algorithmus mit geheimschlüssel durchzuführen
DE4242579C2 (de) Verfahren zur Echtheitserkennung von Datenträgern
DE69422570T2 (de) Inhaltadressierbarer Speicher
EP1046142A1 (de) Datenverarbeitungseinrichtung und verfahren zu dessen betrieb zum verhindern einer differentiellen stromverbrauchanalyse
DE19936939A1 (de) Datenverarbeitungseinrichtung und Verfahren zu dessen Betrieb zum Verhindern einer differentiellen Stromverbrauchanalyse
WO2008040686A1 (de) Fahrtschreiberanordnung und verfahren zum einbringen einer kennung in einen adapter für die fahrtschreiberanordnung
DE10130099B4 (de) Challenge-Response-Vorrichtung, Authentifikationssystem, Verfahren zum Erzeugen eines Response-Signals aus einem Challenge-Signal und Verfahren zur Authentifikation
DE60035915T2 (de) Einrichtung und Verfahren zur Prüfung eines nichtflüchtigen wiederprogrammierbaren Speichers

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17P Request for examination filed

Effective date: 20001006

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: PHILIPS CORPORATE INTELLECTUAL PROPERTY GMBH

Owner name: KONINKLIJKE PHILIPS ELECTRONICS N.V.

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: PHILIPS INTELLECTUAL PROPERTY & STANDARDS GMBH

Owner name: KONINKLIJKE PHILIPS ELECTRONICS N.V.

17Q First examination report despatched

Effective date: 20050504

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20050915