EP1104607A1 - Method and device for authenticating with symmetrical algorithm - Google Patents
Method and device for authenticating with symmetrical algorithmInfo
- Publication number
- EP1104607A1 EP1104607A1 EP99936740A EP99936740A EP1104607A1 EP 1104607 A1 EP1104607 A1 EP 1104607A1 EP 99936740 A EP99936740 A EP 99936740A EP 99936740 A EP99936740 A EP 99936740A EP 1104607 A1 EP1104607 A1 EP 1104607A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- xor
- faire
- secret key
- array
- alg
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Definitions
- the present invention relates to an authentication method using a symmetric algorithm having the main characteristic that, each time two parts are authenticated, commonly called A and B, a cryptographic calculation with a variable key, called K ', is carried out.
- the invention relates more precisely to the cryptographic calculations cited above during an authentication of the two parties, called A and B, independent of each other in the context of data exchange.
- This can be between a PC and a server, a reader and a server, a smart card and a smart card reader such as, for example, a cash dispenser when using a credit card.
- chip called A by a user who, wishing to obtain a few banknotes, goes to a place with an ATM, called B.
- the two parts A and / or B can be considered as a smart card and / or a reader.
- A who has a secret key K, chooses a random R or random number also called a message.
- A sends this hazard R to B, which also has the same secret key K.
- r is the result of the encryption of the message R with the algorithm ALG and the secret key K.
- the algorithm called ALG is a symmetric encryption algorithm. This can be the DES (Data Encryption Message), the triple DES, the IDEA, etc.
- the authentication of B by A is carried out in this way.
- this operation is not sufficient because it is vulnerable to current measurements and therefore to attacks by a possible hacker.
- An attacker, or hacker measures the electrical current consumption of the chip. According to the curve obtained, it can deduce information on the operations and the data used by the processor. In order to make precise measurements, the attacker must make several measurements and filter them.
- the hacker To obtain a relevant measurement, the hacker must perform several measurements and filter them to extract the relevant information. Due to the use of the same constant key K, all the measurements use the same key K and therefore the filtering result is characteristic of the key K.
- the invention proposes a first feature which consists of a brief modification which is carried out in the formula for calculating r ′ of the authentication protocol which is the subject of the invention.
- Part A which has the secret key K, sends a random number chosen randomly] _, to part B.
- the latter also has the same secret key K.
- B chooses a random number R2, then calculates the number K ', which is also a secret key from the following formula:
- the impossibility of attack to date stems from the fact that, since K ′ changes with each authentication, the current consumption of the calculation of r and r ′ is different with each execution of the authentication. However, the calculation of K 'remains vulnerable to attacks in current consumption.
- the invention therefore provides a second feature not related to the first described above, concerning the calculation of K '.
- K k ⁇ _ xor k2 xor ... xor k n .
- a first table k called below in the description by k [], is used; this table contains the values of the n under keys kj_.
- the first step, or step a consists in that as long as there remains an element of the array a_ette [] at the value "T", then a random number i, between 1 and n, is chosen.
- step b is the equality test of the element i of the array a_excellent [] and the value "T”, called below in the description and in the figure.
- step b If the equality test in step b is false, then the calculation system returns to the first step, or step a.
- This algorithm is not in constant time because it is possible to execute more loops than there are sub-keys k-j_.
- the invention also relates to an authentication system with a symmetric encryption algorithm between two entities or parts A and B, having the same secret key K, which implements the method described above.
- n number of sub-keys
- n ⁇ 2 number of sub-keys
- the initialization remains identical to the general case described above; it is mentioned in FIG. 2 by the reference A or 10.
- the algorithm loop is performed as follows:
- the probability of putting at the value "F” the two elements of the array a_ttle [] in two loops or tests is equal to half, or 1/2.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9810591A FR2782431B1 (en) | 1998-08-17 | 1998-08-17 | SYMMETRIC ALGORITHM AUTHENTICATION METHOD AND DEVICE |
FR9810591 | 1998-08-17 | ||
PCT/FR1999/001995 WO2000010287A1 (en) | 1998-08-17 | 1999-08-16 | Method and device for authenticating with symmetrical algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1104607A1 true EP1104607A1 (en) | 2001-06-06 |
Family
ID=9529804
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99936740A Withdrawn EP1104607A1 (en) | 1998-08-17 | 1999-08-16 | Method and device for authenticating with symmetrical algorithm |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP1104607A1 (en) |
JP (1) | JP2002523923A (en) |
CN (1) | CN1323478A (en) |
AU (1) | AU5173199A (en) |
FR (1) | FR2782431B1 (en) |
MX (1) | MXPA01001783A (en) |
WO (1) | WO2000010287A1 (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2804524B1 (en) * | 2000-01-31 | 2002-04-19 | Oberthur Card Systems Sas | METHOD FOR EXECUTING A CRYPTOGRAPHIC PROTOCOL BETWEEN TWO ELECTRONIC ENTITIES |
FR2819078B1 (en) * | 2000-12-29 | 2003-02-14 | Gemplus Card Int | METHOD OF PROTECTION AGAINST ATTACKS BY MEASURING CURRENT OR BY MEASURING ELECTROMAGNETIC RADIATION |
FR2819079B1 (en) * | 2000-12-29 | 2003-02-14 | Gemplus Card Int | METHOD OF PROTECTION AGAINST ATTACKS BY MEASURING CURRENT OR ELECTROMAGNETIC RADIATION |
US6950517B2 (en) * | 2002-07-24 | 2005-09-27 | Qualcomm, Inc. | Efficient encryption and authentication for data processing systems |
CN1684411B (en) * | 2004-04-13 | 2010-04-28 | 华为技术有限公司 | Method for verifying user's legitimate of mobile terminal |
CN100364262C (en) * | 2004-08-04 | 2008-01-23 | 中国联合通信有限公司 | Access discrimination method and device for EV-DO network |
US7401222B2 (en) * | 2004-12-16 | 2008-07-15 | Xerox Corporation | Method of authentication of memory device and device therefor |
CN100405395C (en) * | 2005-03-22 | 2008-07-23 | 刘普合 | Commodity composite anti-fake code and symmetric test anit-fake method |
CN1863042B (en) * | 2005-12-13 | 2011-05-04 | 华为技术有限公司 | Method for information encryption and decryption |
CN102411692B (en) * | 2010-09-25 | 2015-07-01 | 中国移动通信有限公司 | Method, system and equipment for running terminal |
CN101997880A (en) * | 2010-12-01 | 2011-03-30 | 湖南智源信息网络技术开发有限公司 | Method and device for verifying security of network page or interface |
CN102014136B (en) * | 2010-12-13 | 2013-03-06 | 南京邮电大学 | Peer to peer (P2P) network secure communication method based on random handshake |
FR2974694B1 (en) * | 2011-04-27 | 2013-05-31 | Peugeot Citroen Automobiles Sa | METHOD OF SECURELY EXCHANGING SYMMETRICALLY ENCRYPTED MESSAGES |
CZ309614B6 (en) * | 2022-03-17 | 2023-05-17 | Jan Ing. Topol | A method of municipal wastewater treatment and equipment for performing the method |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2530053B1 (en) * | 1982-07-08 | 1986-04-25 | Bull Sa | METHOD FOR CERTIFYING THE SOURCE OF AT LEAST ONE INFORMATION RECORDED IN A MEMORY OF A FIRST ELECTRONIC DEVICE AND TRANSMITTED TO A SECOND ELECTRONIC DEVICE, AND SYSTEM FOR IMPLEMENTING SUCH A METHOD |
FR2612315A1 (en) * | 1987-03-13 | 1988-09-16 | Trt Telecom Radio Electr | METHOD FOR SIMULTANEOUSLY READING AND CERTIFYING INFORMATION PRESENT IN A MEMORY OF AN ELECTRONIC MEDIUM |
JP2531354B2 (en) * | 1993-06-29 | 1996-09-04 | 日本電気株式会社 | Authentication method |
FR2738972B1 (en) * | 1995-09-15 | 1997-11-28 | Thomson Multimedia Sa | DATA PAGING METHOD FOR A SECURE DATA EXCHANGE PROTOCOL |
DE19716111A1 (en) * | 1997-04-17 | 1998-10-22 | Giesecke & Devrient Gmbh | Procedure for mutual authentication of two units |
-
1998
- 1998-08-17 FR FR9810591A patent/FR2782431B1/en not_active Expired - Fee Related
-
1999
- 1999-08-16 EP EP99936740A patent/EP1104607A1/en not_active Withdrawn
- 1999-08-16 WO PCT/FR1999/001995 patent/WO2000010287A1/en active Application Filing
- 1999-08-16 AU AU51731/99A patent/AU5173199A/en not_active Abandoned
- 1999-08-16 JP JP2000565636A patent/JP2002523923A/en active Pending
- 1999-08-16 MX MXPA01001783A patent/MXPA01001783A/en unknown
- 1999-08-16 CN CN99812286.6A patent/CN1323478A/en active Pending
Non-Patent Citations (1)
Title |
---|
See references of WO0010287A1 * |
Also Published As
Publication number | Publication date |
---|---|
AU5173199A (en) | 2000-03-06 |
CN1323478A (en) | 2001-11-21 |
WO2000010287A1 (en) | 2000-02-24 |
FR2782431B1 (en) | 2000-09-29 |
JP2002523923A (en) | 2002-07-30 |
FR2782431A1 (en) | 2000-02-18 |
MXPA01001783A (en) | 2002-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1529369B1 (en) | Method for secure data exchange between two devices | |
EP1104607A1 (en) | Method and device for authenticating with symmetrical algorithm | |
FR2689264A1 (en) | Authentication method performed between an integrated circuit card and a terminal unit and system provided for this purpose. | |
WO2009130088A1 (en) | Terminal for strong authentication of a user | |
EP0756398B1 (en) | System and method for communicating encrypted messages using RSA with modular reduction to provide fast decryption | |
EP1119940B1 (en) | Countermeasure method in an electronic component using a secret key cryptographic algorithm | |
WO2020260136A1 (en) | Method and system for generating encryption keys for transaction or connection data | |
EP1119939B1 (en) | Countermeasure method in an electronic component using a secret key cryptographic algorithm | |
CA2613884C (en) | Method for providing a secured communication between a user and an entity | |
EP3035583A1 (en) | Communication device and system, data-processing method and method for secure data exchange | |
EP1125394B1 (en) | Countermeasure method in an electronic component using a secret key cryptographic algorithm | |
EP1180260B1 (en) | Countermeasure method in an electronic component using a dynamic secret key cryptographic algorithm | |
WO2003055134A9 (en) | Cryptographic method for distributing load among several entities and devices therefor | |
FR2830147A1 (en) | Confidential message electronic security with secret identification protocol code having verification process using polynomial formed from release polynomial/second polynomial and zero release where correspondence not found. | |
EP3842970B1 (en) | Method for checking the password of a dongle, associated computer program, dongle and user terminal | |
FR2830146A1 (en) | Implementation of cryptography algorithms in an electronic chip card or component whereby a value for use in the encryption algorithm is first selected in such a manner that differential power attacks are frustrated | |
FR3086417A1 (en) | CRYPTOGRAPHIC METHOD FOR SECURE COMPARISON OF TWO SECRET DATA X AND Y | |
WO2010106042A1 (en) | Method for generating security data, and corresponding device and computer program | |
EP4246880A1 (en) | Protecting a secret key | |
EP4396716A1 (en) | Method for providing a computer-implemented service in a blockchain, and corresponding blockchain network node and computer program | |
WO2021110518A1 (en) | Method for cogenerating a shared cryptographic material, devices, system and corresponding computer program | |
WO2002003338A1 (en) | Method and system for limiting the possibility of transforming data designed to constitute, in particular pre-payment tokens | |
WO2008081151A2 (en) | Method for signing an anonymous and correlatable list | |
WO2008017765A1 (en) | Public key cryptographic system and method | |
WO2003023606A1 (en) | Method of calculating the exponentiation in a group and the application thereof for user authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20010319 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
17Q | First examination report despatched |
Effective date: 20040504 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GEMALTO SA |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
RTI1 | Title (correction) |
Free format text: METHOD FOR AUTHENTICATING WITH SYMMETRICAL ALGORITHM |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20110414 |