FR2865086A1 - Ciphered message converting device for use in cryptographic system, has message establishing unit producing deciphered message from auxiliary message, and difference between ciphered message and result of conversion of auxiliary message - Google Patents

Abstract

The device has a key establishing unit (14) establishing an auxiliary public key that combines with a private key to form keys of an asymmetric encryption system. Message difference establishing unit (16) creates a difference between a ciphered message and a result of conversion of an auxiliary message using the public key. A message establishing unit (18) produces a deciphered message from the difference and the auxiliary message. Independent claims are also included for the following: (A) a message converting process (B) a computer program having program codes for executing a message converting method.

Description

Device and method for converting a first message to a second

  The present invention relates to asymmetric cryptographic systems, particularly asymmetric cryptographic systems protected from error-related attacks.

  It has recently been noted that DFA (Differential Fault Analysis) attacks very effectively attack cryptographic systems. In RSA systems that use the Chinese Remainder Theorem (TRC) for modular elevation at power, it has been shown in particular that a single "incorrect" output due to DFA attack to "discover" the secret key, for example when calculating a signature. On the other hand, in the case of the RSA algorithm, the modular power rise is preferably calculated using the TRC since high computational efficiency can be obtained particularly for large modules. The RSA algorithm that is used to encrypt messages or decrypt messages or to calculate a signature is described in its application with or without TRC in A's "Handbook of Applied Cryptography". Menezes et al., CRC Press, 1996. While in order to effectively compute the modular elevation at non-TRC power, computational units are needed whose width is at least as large as the modulus, in the case of TRC RSA algorithm a calculation is possible using a calculation unit whose number of elementary cells is predefined, whose length is thus predefined, and in which the module (and therefore the key) is almost twice as much long as the computing unit. This is particularly important for RSA applications since here as the length of the key increases one is better protected from so-called "brute force attacks" in which the possibilities are tried out. after others.

  A DFA attack is based on the idea of exposing the cryptographic chip to an extreme situation while executing a cryptographic computation, so that the result of the cryptographic chip is erroneous. Such a measure consists, for example, in exposing the chip as it calculates to a high mechanical stress, to a strong electromagnetic radiation or to a succession of optical pulses, etc. in such a way that, for example, contents of the chip register become false or that grids inside the chip no longer fulfill their specific function but another one; it follows that the result is false.

  We have shown that such a false result was certainly false but that there is still so much information on the secret that is the subject of the algorithm, such as the encryption key in the case of a system. Symmetric cryptography or the private key in the case of an asymmetric cryptographic system makes it possible to conduct an efficient DFA attack.

  Defensive measures against such a DFA attack consist in the simplest case to execute twice each cryptographic calculation: the result of the first cryptographic calculation is then compared to the (identical) result of the second cryptographic calculation. An inquiry is carried out according to this comparison: an output is provided to the case (desired) where the two results are identical while an output is prevented in the case where the two results are different or at least one alarm message appears. The heart of this defensive measure is therefore to prevent any escape in the case of suspicion of an error, so that an attacker will not get a chip exit if he has conducted a DFA attack and therefore can not draw conclusions about the secret that is the subject of the algorithm.

  The previous defensive measure against DFA attacks is problematic in that it assumes that the chip does not make the same mistake by performing the calculation twice. Such an attack would not be recognized.

  Other measures include equipping the cryptographic chip with voltage sensors, radiation sensors, temperature sensors, etc. to be able to directly detect any external attacks on the chip so that you can then prevent an exit if an attack is detected.

  As the attack scenarios and the number of sensors connected to them are very different, it is not always possible to make such a defensive measure or only partly.

  Yet other defensive measures consist in observing or comparing intermediate results with each other within a cryptographic algorithm (quite long). There are often dependencies inside an algorithm that already require a certain number of intermediate results before the output that must have a certain relationship regardless of the data to be encrypted or the key. If we establish that the intermediate results that must have a certain relation when the algorithm is running correctly do not have this relation, we can conclude that an attack is in progress. In this case, we execute again an "if" connection, that is to say a conditional jump: we consequently realize an exit if the interrogation gives the expected result whereas, if the result differs Forecasts, output is blocked or error messages, interrupts, etc. for example, warn an operating system that a DFA attack is (probably) in progress.

  DFA attacks on cryptographic systems, such as RSA systems, on symmetric systems such as DES, AES, etc., are avoided. and on other elliptic curve cryptography systems in that one way or another the accuracy is checked and that in the case of an error the emission of a mes-sage is prevented badly encrypted or an incorrect signature, for example a memory card. The problem with this defensive measure, however, is the "if" connection. If an attacker was able to disrupt this decisive check of the error, so the conditional jump, a badly encrypted message or an erroneous "signature" would be issued and the attacker would thus carry out a DFA attack.

  The object of the present invention is to provide a better design for converting a first message into a second message in the sense of a signature or decryption, this design being more secure against DFA attacks.

  This is achieved by a device for converting a first message to a second message using an asymmetric cryptographic system which includes a public key, a private key, a first cryptographic operation that can be performed using the private key. and a second cryptographic operation obtainable using the public key, the first message being defi ne in a first group of numbers, characterized by: - an installation for converting the first message to a second auxiliary message using the first cryptographic operation, the private key and an auxiliary parameter (t), so that the second auxiliary message is defined in a second group of numbers, an installation for establishing a public auxiliary key, the facility facility being designed to establish the public auxiliary key in such a way that it forms, together with the private key in a third group of n shadows which is defined by the auxiliary parameter, a pair of keys of the asymmetric encryption system, an installation for establishing a difference from the first message and a result of a conversion of the second auxiliary message using the second cryptographic operation and the public auxiliary key by referring to the third group of numbers, and an installation for calculating the second message using the difference and the second auxiliary message and by a method for converting a first message to a second message using an asymmetric system of cryptography which comprises a public key, a private key, a first cryptographic operation that can be performed using the private key and a second cryptographic operation that can be performed using the public key, the first message being defined in a first group of numbers, characterized in that it comprises the following steps: converting the first message into a second auxiliary message using the first cryptographic operation, the private key and an auxiliary parameter (t), so that the second auxiliary message is defined in a second group of numbers, establish a public auxiliary key, the establishment facility being designed to establish the public auxiliary key such that, together with the private key in a third group of numbers which are defined by the auxiliary parameter, it forms a key pair of the asymmetric encryption system, establishing a difference from the first message and a result from a conversion of the second auxiliary message using the second cryptographic operation and the public auxiliary key by referring to the third group of numbers, and calculating the second message using the difference and the second auxiliary mes-sage or by a computer program featuring u n program code for executing the method according to the invention when the computer program runs on a computer.

  To perform a conversion, for example to produce a signature or message decrypted from an encrypted message, according to the invention, so during a cryptographic operation that uses the private key of the asymmetric cryptosystem, a first message is converted into a second auxiliary message, the second auxiliary message being for example a signature. According to the invention, however, the first message is not directly converted into the second message but precisely into the second auxiliary message, the second auxiliary message being distinguished from the second message actually sought, therefore from the signature, in that the second auxiliary message is a signature that is defined with respect to another group of numbers than the first (original) message. The second auxiliary message is now somehow reconverted, so for example using a verification algorithm in which the public key is used. However, the public key used is not the original public key but the public key that corresponds to the original private key in a third number space, that is to say in a third group of numbers, and which must first be calculated or searched for in a memory. The result of this verification calculation is therefore in a third group of numbers. The original message is furthermore also transformed into the third group of numbers, namely by a transformation rule which reproduces the original group of numbers, and therefore the first, into the third group of numbers. We now calculate a difference in this third group of numbers.

  If there was a DFA attack during the calculation operation, the values of the "difference partners" are different. If, on the other hand, there has been no DFA attack (or other error), the difference partners are equal and the difference itself is 0. Then, using this difference, the signature actually sought is calculated. namely the second message, from the second auxiliary message which is already the desired signature but which is still in another space of numbers. The result of the difference is taken into account for this final calculation, ie in such a way that if there has been no attack or error, the difference which is then 0 has no effect on the final calculation, disregarding the transformation in the group of numbers that is recommended to execute. If, on the other hand, there has been a DFA attack or any other calculation error, the final calculation is done in such a way that the difference which is then other than 0 strongly influences the result.

  The same calculation rule is preferably used here as is also used for a cryptographic operation. To take the example of the known RSA algorithm, it is an elevation to a power; it is then quite obvious that the numbers will be considerably modified if the difference serves as an exponent in the case where the difference is other than 0 since the exponential function here has a particularly high gradient.

  If, on the other hand, the cryptographic system is an asymmetrical system of elliptic curve cryptography, the operation used to calculate the second message from the second auxiliary message is a multiplication, namely the multiplication of a point situated on the elliptic curve by a parameter.

  The invention allows the exact result, so to speak, "automatically" therefore without a "if" loop in the case where there is no attack and yet obtain in case of attack a strongly modified result which is at the same time encrypted time if the operation to compute the second message from the second auxiliary message is in turn interpreted as a digit. The key to eventually "encrypting" the error possibly caused by an attack, however, depends on the attack itself, so many imponderables and it is not stored anywhere, so neither on the smart card and elsewhere. That's why this key can not be discovered by an attacker. An attacker will indeed produce an exit during a DFA attack. This output is however encrypted by a key that is no longer available and is therefore useless to the aggressor.

  According to the invention, a computation is carried out in several groups of numbers, therefore for the example of the RSA cryptography system, in different residual classes of different modules or, in the example of elliptic curve cryptography, in different elliptic curves. The first group of numbers is then an elliptic curve on a first parameter. The second group of numbers is an elliptic curve on a second parameter different from the first parameter and the third group of numbers is an elliptic curve on a third parameter which is in turn preferably different from the first and the second parameter.

  The design according to the invention is further based on the discovery that there are closed paths in a system whose groups of numbers are different, thus different elliptic curves or different residual classes. For example, a signature calculation from a group of numbers to the next group of numbers and a subsequent verification operation to a next group of numbers is useful in the sense that we obtain an original message which, however, now exists in the last, so the third, group of numbers. By transforming the original message from the first group of numbers into the third group of numbers, a transformed message is obtained which can then be compared to the message calculated by the signature / verification to obtain a difference.

  According to the invention, this difference is however not exploited by means of an "if" condition, but it is used to retransform the original computed signature in the first group, which however exists only in the second group of numbers. If no attack has taken place, we get the signature. If on the other hand there was an attack, this last step causes a significant "encryption" of the second auxiliary message, which would render it meaningless for an aggressor.

  It is therefore necessary to carry out according to the invention different steps, namely the signature, the verification, the transformation of the message within or on different groups of numbers, so that an aggressor should act differently on each of these steps by a DFA attack, which is not possible. If a chip is attacked for example by irradiating it with a very intense light, because the calculation operations during the three steps which make it possible to obtain the necessary difference are different, it is unlikely that the chip irradiated with light reacts. always in the same way, so that it always makes the same mistake, in such a way that mistakes can cancel each other out or that we can not recognize them. This is the case, for example, when two difference partners are influenced in the same way by the attack and therefore the difference of these two difference partners is zero. The difference equal to zero, however, indicates that no error has occurred, so that the attack will be successful, so that an exit will not be prevented.

  For the various operations, we also need different values from the memories, so that here too for the DFA attack to be successful, one attack should have different effects depending on the operation. is executed.

  As already mentioned, in the anti-DFA design according to the invention there is also no "if" connection. Instead, we always produce a result regardless of whether an attack has taken place or not. The result is only relevant if no attack has taken place. If, on the other hand, an attack has taken place, the result will not give the error desired by the attacker, but will typically provide this error in a highly encrypted version which the attacker can not do anything about.

  Since the different steps are executed in different number spaces and an "if" loop is avoided, the design according to the invention makes DFA attacks inoperative since one attack should operate differently at different levels. calculation steps and completely avoiding "if" connections sensitive to defined attacks.

  In the following, detailed examples of embodiments of the present invention will be explained in detail with reference to the accompanying drawings.

  FIG. 1 shows in block diagram form the device according to the invention for converting a first message into a second message, FIG. 2 is a synoptic table for comparing two asymmetric cryptographic systems, namely the RSA cryptography system and the elliptic curve cryptography system which can both be used as an example in the method according to the invention, and FIG. 3 is a diagram of groups of numbers to illustrate how one goes from a group of numbers to the other when the first message is converted to the second auxiliary message, how the difference is calculated and how the second message is ultimately calculated using the difference and the second auxiliary message.

  Figure 1 shows a device for converting a first message to a second message. The device according to the invention uses an asymmetric cryptographic system which comprises a public key, a private key, a first cryptographic operation that can be performed using the private key and a second cryptographic operation that can be carried out using the public key. Depending on the use case, the first cryptographic operation that can be performed using the private key is a signature operation or a decryption operation. Depending on whether the first cryptographic operation achievable using the private key is a signature operation or a decryption operation, the first message also represents different things. In the case where the first cryptographic operation achievable using the private key is the signature operation, the first message is an unencrypted message, therefore a clear text message, which must be signed.

  If, on the other hand, the first cryptographic operation that can be performed using the private key is a decryption or decryption operation, the first message is an encrypted message, therefore an encrypted text message, and the second message is a decrypted message, so a message in clear text.

  In the case of an asymmetrical cryptographic system, two cases must be distinguished, namely the production of the signature which makes it possible to obtain a digital signature for a document and the decryption of the message. The private key called "e" in the context of the RSA cryptography system is involved in producing the signature to obtain the digital signature. During the verification, however, only the public key is needed, so there is no need for security measures here. When encrypting using an asymmetric crypto- graphy system, the only public key is used, so here again it is not necessary to take security measures since the public key, such as indicates his name, is not secret anyway. It follows that it is not necessary to take security measures against DFA, precisely during encryption.

  But it is otherwise if an encrypted message (encrypted) in an asymmetric cryptographic system must be decrypted, so be processed using the private key of the recipient to whom the message is intended.

  In this context, the first message is therefore a message in plain text, for example when producing a digital signature using an asymmetric algorithm.

  The first message, however, can also be an encrypted message, for example when messages are decrypted in an asymmetrical cryptographic system in which the private key is used for decryption.

  Figure 1 shows an installation for providing an auxiliary parameter bank t designated 10 in Figure 1. The plant 10 is coupled to an installation 12 for converting the first message to a second auxiliary message. The installation 12 is adapted to operate using the first cryptography operation and the private key and the auxiliary parameter t, so that the second auxiliary message is obtained in a second group of numbers, while the first message, therefore an unencrypted message in the case of a signature or an encrypted message in the case of a decryption as seen in Figure 1, is obtained in the first group of numbers.

  The device according to the invention as shown in Figure 1 further comprises a facility 14 for establishing a public auxiliary key; the facility 14 for establishing the public auxiliary key is then designed to establish the public auxiliary key such that, together with the private key in a third group of numbers which is defined by an auxiliary parameter, it forms a pair of The keys of the chif-3o system brake asymmetrically. In other words, the installation 14 is adapted to establish a public key which, with respect to the new (therefore the third) number system, therefore the third group of numbers (new or just defined) , together with the original private key, represents a pair of keys for the asymmetric cryptographic system. The public auxiliary key established by the installation 14 as well as the first message and also the auxiliary parameter t and still the second auxiliary message are routed to an installation 16. The installation 16 is designed to establish a difference from the first message and a result from the conversion of the second auxiliary message using the second cryptographic operation and the auxiliary key, this difference being established by reference to a third group of numbers, as also seen in FIG.

  The difference is 0 if there has been no attack or error. However, the difference is not 0 if, for example, errors are due to DFA attacks.

  The difference as well as the second auxiliary message as established by the installation 12 are routed to an installation 18 which establishes the second message, therefore the value actually sought, using the difference and the second auxiliary message.

  The design according to the invention can be used for asymmetric systems of any cryptography. In the following, the design in accordance with the invention is explained using the RSA cryptography system (left column in FIG. 2) and using the elliptic curve cryptography system (right column). in Figure 2) as an example for the sake of clarity.

  The RSA algorithm is an excellent example of an asymmetric cryptographic system or a private key cryptosystem.

  The RSA algorithm can be used for signature or verification purposes on the one hand and encryption or decryption on the other. The RSA signature algorithm as an example of an asymmetric cryptographic system is for example described in A.'s Handbook of Applied Cryptography.

  Menezes et al., CRC Press, 1996, Chapter 11.3. The RSA signature scheme consists of two steps. Each entity must first produce a public key and a corresponding private key for itself. For this purpose, two prime numbers p and q are chosen which preferably have the same size. Then the product n = pq and the phi function of Euler c = (t-1) (q-1) are calculated. Then we choose a random integer e which satisfies 1 <_ e <_ (D, so that the greatest common divisor of e and D is equal to 1. Then we use the extended Euler algorithm to compute the unambiguous integer, where d also verifies d, is greater than 1 and less than 'D, and where d further verifies: ed = 1 (mod (D), the public key of the entity is then the integer e ( and the module n or N), but the private key of the entity is d.

  After an entity has produced a key pair for itself, it can sign a message. The entity calculates for this purpose a modular elevation to a power on the message or on an integer that is uniquely derived from the message; when modular scaling to power, the message is the base, the private key is the exponent and the module is the value n according to which the key pair was calculated. We then obtain the signature for the message in a residual class or in a group of numbers which is defined by the value n or N. To check the signature A (and if possible also to restore the message m), the other entity must first obtain the public key provided for example by the signing entity. Then we calculate a modular elevation to a power, namely in such a way that the base is the signature, the exponent the public key and the module n the same as that used to produce the signature. Then we check if the result obtained by the modular elevation to a power is in a given quantity MR. If this is not the case, the signature is rejected. But if this condition is fulfilled, the message m is again obtained from the result of the elevation to a power performed in verification, namely by the inverse function of the function which was used to produce from the message the value entry for the signature.

  In another solution, the signature may accompany the document itself, so that to perform the verification it is sufficient to compare the attached document typically in clear text and the result obtained from the elevation to a power achieved in verification.

  In RSA encryption, before it can work an entity must also produce a key pair from a public key and a private key (referring to a module N, so in a group of numbers defined). The key is produced exactly as in the case of the RSA signature. For RSA encryption, the entity that wants to encrypt its mes-sages must obtain the public key of the entity that is to receive the encrypted message. After it has obtained the public key, a modular elevation is executed at a power: the base is then the message to be encrypted, the exponent is the public key of the target entity and the module of the modular elevation to a power is the N module that is part of the public key of the target entity.

  Messages encrypted in this way are then forwarded to the target entity. The target entity will then perform an elevation to a power again using its secret key. The basis of raising to a power for decryption or decryption is the encrypted message. The exponent is the private key of the decrypting entity and the module is the reference number of which the public key e and the private key d have been calculated.

  A DFA attack is typically directed against secret messages or secret information. The secret secret message is the private key, so that typically a DFA attack is always worthwhile if an entity performs a cryptographic operation, so in the case of the RSA an elevation to a power in which the private key takes part. This is on the one hand the signature operation and on the other hand the deciphering operation as understood by the explanation above.

  In the following we explain the design according to the invention using the RSA signature with reference to Figure 2, left column. In Fig. 2, a variable block first presents an overview of the variables which form the basis of the calculation or which are the result of the calculation.

  The input parameters (In) are m, d, e and N; m represents the message to be signed, d represents the private key, e represents the public key and N represents the module, hence the product of two prime numbers p and q that were calculated to produce the RSA cipher.

  The output parameter (Out) is the value s of the signature.

  According to the invention, as already shown with the help of Figure 1, installation 10, we first choose an integer t 32 bits, preferably small, and then calculate a signature. Contrary to the usual calculation of the signature, the signature is however not cal- culated in the first group of numbers, so in the residual class by referring to the module N, but in a second group of numbers, so io in the residual class of the module obtained from the product Nt. In this regard, reference is made to a block 22 in FIG. 2. To convert the first mes-sage into a second auxiliary message, the first cryptographic operation is thus used using the private key, the elevation to a power therefore has m for base and d for exponent; the conversion in the second group of numbers is then carried out in such a way that the reduction does not take place in the residual class of the module N as in the equation of the block 20 but that a reduction is made in the residual class of the new module, so the product Nt: it follows that the second auxiliary message is defined in the second group of numbers.

  Block 24 represents the manner of using the public auxiliary key and. The auxiliary key is calculated exactly the same way that RSA encryption is usually calculated, the only difference being that the public key is not chosen and then the private key is computed, as is usually the case with the RSA key. but the private key d is already predefined. This private key d corresponds to the original private key in the first group of numbers. On the other hand, by using now, instead of the private key d as in the state of the art, the extended Euclidean algorithm, the public key is calculated and so as to satisfy the equation represented in block 24 in FIG. 2. It is further pointed out that, unlike the public key e in block 20, the public auxiliary key and does not apply referring to the first group of numbers but is now defined by itself. referring to a third group of numbers since the extended Euclidean algorithm is used in such a way that one satisfies the equation given in block 24 and from which one has on the right side, instead of Euclidean function cl) of the module N, the function cD of Euler of the new module t, therefore of the module to which one refers to define the third group of numbers.

  A block 26 in FIG. 2 represents which equation must perform the installation 16 in order to establish the difference in calculating the difference by referring to the third group of numbers, therefore to the group which is defined by the parameter t. For this purpose, the original message m is used first, ie the clear text message to be signed. Then the second auxiliary message s, therefore the signature which has been calculated in block 22 in the example shown in FIG. 2, is further subjected to the second cryptography operation, therefore to the rise to a power, but no not to rise to a power using a private key but to rise to a power using the public auxiliary key and calculated in block 24.

  In a first embodiment of the present invention, the difference of these two values is firstly calculated and only then is it reduced in a modular manner, the parameter t serving as a module. This gives the difference in the third group of numbers, so in the residual class which is defined by t as a module. Instead, the difference can also be calculated as the second equation in block 26 in FIG. 2. The original message m given in the first group of numbers can first be transformed into the third group of numbers. transforming it into the residual class of the module t which defines the third group of numbers. The verification operation is furthermore completely carried out using the public auxiliary key and therefore by the second cryptographic operation and by the modular reduction which then takes place, the parameter t being the module.

  Block 26 in Figure 2 shows that the difference must be 0, so that the first term and second term must be identical, if there were no errors or attacks that triggered an error. . If on the other hand there has been an attack the difference will not be 0. This is because the attack takes place for example at the step where the second auxiliary message is calculated, therefore at block 22 in FIG. 2, or that the attack took place when the public auxiliary key was calculated in block 24 or the attack took place directly when calculating the difference.

  To ultimately calculate the second message actually sought, therefore the signature s, use the function as shown in block 28 in Figure 2 for the recommended embodiment shown in Figure 2. The modular reduction which refers to the module N serves to retransform in the first group of numbers the second auxiliary message which is defined with reference to the second group of numbers (using the Nt module). In addition, the difference f is used. This characteristic has the effect that there is no need for "if" connection which instead represents a point of attack in the state of the art. The reason is that the function that uses the difference will not modify the second auxiliary message if the difference f is equal to 0. If, on the other hand, the difference is not equal to 0, the second auxiliary message will be very strongly modified. since the difference is in the exponent as shown by block 28 in FIG.

  By using the difference and the second auxiliary message, the installation 18 for calculating the second message preferably uses the same cryptography operation, therefore the rise to a power, since typically a calculation unit is well adapted to this operation and an exponential calculation where a value serves as an exponent reacts very strongly to ex-posers. The exponent is influenced by the difference. If, for example, the difference is only relatively small, raising to one power will still very strongly modify the second auxiliary message, which has the same effect on the aggressor as if the second auxiliary message were encrypted, but using a key (f + 1) which is nowhere memorized, transmitted or otherwise recorded, but which is actually used to execute the calculation in block 28; however, it is uninteresting and is not memorized or "deleted".

  In preferred embodiments of the present invention, as already stated, the parameter t is a small integer which is typically less than 128 bits, eg, 64 or better 32 bits. As a result, the second group of numbers, so the group of numbers that is defined by the module consisting of the product of N by t, does not become too large. The choice of a small t further serves so that the third group of numbers, so the residual class by referring to the parameter t as a module, is relatively small, so that the public auxiliary key or the difference that are already additional calculations can be calculated by controlling their complexity.

  To increase efficiency, the t parameter can also be predefined, although this reduces the security against attacks. By presetting the parameter t, however, it is also possible to preset the public auxiliary key and the Euler cD (t) phi function for a private key that is also predefined.

  Another solution is to allow t to be chosen from a limited number of candidates for selection and the Euler phi function for the limited number of candidates for selection is stored in the processor, for example in the smart card it - even (preferably encrypted) to improve the efficiency of the DFA design according to the invention. If, for example, t is randomly selected from the restricted group of selection candidates, thus based on a physical or pseudo-random number, then a sufficiently secure DFA protection can be obtained while at the same time considerably reducing the complexity of the defensive measures by relation to the case where all the numbers t are possible and where one can not compute in advance the function phi of Euler; moreover one can not calculate in advance the public auxiliary key and even if different private keys are allowed.

  If, on the other hand, a cryptographic processor is uniquely designed according to the present invention for a single private key and there is only a limited number of candidates for selection for the parameter t, it is possible to memorize the corresponding public auxiliary key by associating it with each candidate to the selection t without explicitly calculating the phi function of Euler. In this case, the facility 14 for establishing the public auxiliary key is designed to access a memory using the parameter or parameter-dependent information to call the corresponding public auxiliary key to the memory without the installation. 14 of Figure 1 must execute itself any logic and / or arithmetic calculation whatsoever.

  It is further noted that the facility 18 for calculating the second message may use arbitrary functions to account for the difference. One could also multiply the auxiliary signature by (f + 1). The difference is also taken into account in that the auxiliary message is not modified if the difference has a predefined value, namely 0, while the second auxiliary message is modified if the difference deviates from this predefined value. .

  Referring now to Figure 2, right column, there is shown another example of the present invention, namely the design according to the invention for an elliptic curve cryptography system. Block 30 again represents the input and output parameters that are sought. For this purpose, we assume an elliptic curve E, ie an elliptic curve on the parameter p. We also assume a point P on the elliptic curve, the point P being of order r. We also assume a private key m. The elliptic curve E on p (E (Z / p)) represents the first group of numbers. The first message represents the point P located on the elliptic curve on p of order r. The signature is the product of the private key m by the point P on the elliptic curve E (Z / p). Comparing the block 20 and the block 30, we see that the rise to a power in the case of the RSA becomes a multiplication in the case of elliptic curves. The modular reduction that takes place for the RSA by referring to a module (mod N) is furthermore taken into account for elliptic curves in that the multiplication of m by p is performed on the predefined special elliptic curve.

  A block 32 in FIG. 2 represents the functionalities that the installation 12 performs to transform the first message (P) into a second auxiliary message (Q). For this purpose, the first cryptography operation is used, ie the multiplication, namely that of the private key m and the message (of the point P on the elliptic curve). The second auxiliary message however exists with reference to the second group of numbers, as shown in Figure 2 block 32 with reference to the elliptic curve on pt. It is recommended for the present invention that the parameter t be a prime number which is furthermore a relatively small number as well as in the case of RSA; it has for example less than 128 digits and preferably has 32 bits.

  A block 34 in FIG. 2 represents what operations the installation performs to establish the public auxiliary key. The public auxiliary key is designated m; nv in Fig. 2, block 34, and is calculated as shown, i.e., m-mod rt; rt y represents the order of the point P, therefore the message, on the new elliptic curve E (Z / t), the new elliptic curve being defined on the parameter t and, in the terminology of the present application, it represents the third group of numbers. For the purposes of the present application, mn denotes the public auxiliary key which is set up in such a way that, together with the private key and therefore with m in the third group of numbers which is defined by the auxiliary parameter, it forms a pair of keys of the asymmetric encryption system.

  A block 36 in FIG. 2 represents what are the functionalities that the installation now performs to establish the difference R. In block 36, the first term of the first equation represents the verification while the point P in the block equation 36 is the original message which now is not on the elliptic curves E (Z / p) but on the elliptic curve E (Z / t), where t is the parameter. The difference thus exists by referring to the third group of numbers, namely as the point on the elliptic curve on t.

  In the present invention according to the preferred embodiment shown in FIG. 2, the point R which represents the difference is on the elliptic curve over t in projected coordinates, that is, R = (x: y : z). Just as in the case of the RSA at block 26, the difference is R = 0, so at least the x and y coordinates are equal to 0 if during the entire calculation there were no problems that caused an error, like for example a DFA attack. As can be seen by the block 38, the installation 18 for calculating the second message using the difference and the second auxiliary message for example calculates only a sum io from the first two coordinates x, y of the point R to obtain a new parameter k. This parameter k is added to the value 1 and then the sum k + 1 is added again to the point Q, namely on the elliptic curve E (Z / p). It can be seen that if the difference is equal to 0, so that the coordinates of the point R are equal to 0, the parameter k is also equal to 0, so that the operation in block 38 is a trivial operation, namely the multiplication by the value "1", which obviously does not change the second auxiliary message.

  As in block 28 for example RSA, we simply obtain in block 38 that the second auxiliary message, actually given on the elliptic curve E (Z (pt)), is now given on the elliptic curve E ( Z / p), therefore in the first group of numbers for which the signature was originally sought.

  Referring to Figure 3, the following shows the main design on which the present invention is based. For this purpose, the three groups of numbers are schematically represented. The first group of numbers 40 is the group which from the outside is transparent to the user. In this first group of numbers, the cryptographic system has a given private key. The module or elliptic curve that defines the first group of numbers is transparent from the outside. This is not the case for the second and third groups of numbers. The second group of numbers differs from the first group in that in the example of RSA the modulus is larger, therefore equal to the product Nt, whereas, in the example of the elliptic curves, the elliptic curve E is not defined on p but on the product pt. The third group of numbers differs from the first group and the second group in that it is defined by referring to the module t or that the elliptic curve is defined on t. The first group of numbers is therefore certainly larger than the third group of numbers but it is smaller than the second group of numbers. In other words, there is no direct conversion from the first group to the second group or from the third group to the first group, as shown by the arrows 46 and 47. As shown by an arrow 48, a signature operation with the help of the parameter, however, it is possible to convert the first group into a second group, however, the first message is not referred to but refers to the signature of the second message. As can be seen in FIG. 3, however, the signature is not defined in the first group of numbers but in the second group of numbers, so it is also called second auxiliary message in the present mande.

  The results of a second verification step designated 50 in FIG. 3 and a third simple transformation step designated 52 in FIG. 3 are discriminated 54 by facility 16 to establish the difference ; the formation of the difference no longer takes place in the first or in the second group of numbers but in the third group of numbers, therefore in the group defined by the (smaller) parameter t. As can also be seen in FIG. 3, the result of this formation of the difference 54 will then be taken into account when the second message is calculated from the second auxiliary message during a step 56, as represented by the block 54 to the right of step 56.

  FIG. 3 represents a diagram which presents a composite path of steps 48, 50, 52 which is also designated by 1, 2, 3. In other words, the result of step 52, therefore the transformation of the first message from the first group of numbers in the third group of numbers must be equal to the result of steps 1 and 2 (49, 50) if there has been no attack. Other paths are also possible in the diagram of FIG. 3: from the second auxiliary message, the second auxiliary message is transformed by modular reduction using the module t in the third group of numbers as indicated by an arrow 60 to arrive at a signature in the third group of numbers. The signature in the third group of numbers could also lead to the third group of numbers, first by modular reduction using N (arrow 62) and then by modular reduction using the module t (arrow 64). The second auxiliary message that was originally defined in the second group of numbers would then be transformed by the functionality of the facility to form the difference first in the third group of numbers and then be decrypted (in the case of an encryption) directly into the third group of numbers in order to obtain the original message, but in the third group of numbers. A broken arrow 66 in FIG. 3 represents the use of the public key directly in the third group of numbers.

  The design according to the invention is particularly suitable for dealing with DFA attacks, in that it is certainly desirable to finally obtain the second message, therefore for example the signature, in the first group of numbers but that the first message is converted. in another group of numbers using a signature operation, namely in the second group, and that the second auxiliary message is converted into a third group of numbers to produce a difference between the original message which has however also been converted into the third group of numbers. This difference is then used to convert the second auxiliary message to the second desired message.

  It is pointed out that in this way, as shown in FIG. 3, the functionality is exactly calculated by turns as shown by the full arrow 70, but this solid arrow 70 is not followed here. The invention thus makes it possible on the one hand to do without an "if" connection to obtain a DFA defense and, on the other hand, to calculate the second message "by detours" to make calculations in different groups of numbers and to finally get the difference 54. The cal-culs that lead to the difference 54 are however different; it follows that it is very likely that one and the same attack will produce different calculation errors, so that in case of attack we obtain a difference which is not equal to 0. If on the other hand there is has an attack such that the first message, for example on the path of the arrow 70, is subjected to a signature and is then checked in the opposite direction to the arrow 70 to then form a difference from the first original message and from the message obtained by the verification, the same operation is used for the forward calculation and for the return calculation; it follows that there could be a probability here that one and the same attack also causes the same error in the calculation on the outward and on the return calculation, so that we obtain a difference equal to 0, which would mean that the DFA attack would not be recognized. This is remedied according to the invention since different calculation steps are used to perform steps 48, 50 and 52; As a result, a single DFA attack will also cause different errors, so that during an attack you always get a difference that is not equal to 0.

  Depending on the situation, the method according to the invention and intended to convert a message can be installed in hardware form or in software form. The installation may be performed on a digital recording medium, in particular on a floppy disk or a CD-ROM, by means of electronically readable control signals which could interact with a programmable computer system so as to execute the process. In general, the invention therefore also consists of a computer programming product provided with a program code stored on a machine-readable medium and intended to execute the process according to the invention for converting a first message into a message. second message when the computer programming product is running on a computer. In other words, the invention may also take the form of a computer program provided with a program code for executing the method for converting the first message to the second message when the product computer programming runs on a computer. According to a preferred embodiment of the invention, the first group of numbers, the second group of numbers and the third group of numbers are defined in such a way that a message of the first group is not reproduced in the second group without cryptography operation, there is a reproduction of a message of the second group in the first group, there is a reproduction of a message of the first group in the third group without cryptographic operation, and there is no reproduction of a third group message in the second group without cryptographic operation.

Claims (2)

26 Claims   A device for converting a first message to a second message using an asymmetric cryptographic system, which includes a public key, a private key, a first cryptographic operation that can be performed using the private key and a second cryptographic operation feasible using the public key, the first message being defined in a first group of numbers (40), characterized by: an installation (12) for converting the first message to a second auxiliary message using the first operation of cryptography, the private key and an auxiliary parameter (t), so that the second auxiliary message is defined in a second group of numbers (42), an installation (14) for establishing a public auxiliary key, the installation (14) of establishment being designed to establish the public auxiliary key in such a way that it forms, together with the private key in a third group of names res (44) which is defined by the auxiliary parameter, a pair of keys of the asymmetric encryption system, - an installation (16) for establishing a difference from the first mes-sage and a result of a conversion of the second auxiliary message using the second cryptographic operation and the public auxiliary key with reference to the third group of numbers, and an installation (44) for calculating the second message using the difference and the second auxiliary message.   2. Device according to claim 1, characterized in that the first message is an unencrypted message, the second message is a signature of the unencrypted message, the first cryptography operation is a signature operation and the second cryptography operation is a verification operation.   3. Device according to claim 1, characterized in that the first message is an encrypted message and the second message is a decrypted version of the first message, and wherein the first cryptography operation is a decryption operation and the second cryptography operation is an encryption operation.   4. Device according to one of the preceding claims, characterized in that the asymmetrical cryptographic system is an RSA cryptographic system, the first group of numbers (40) is a residual class with reference to a module (N). the second group of numbers (42) is a residual class referring to the module multiplied by the auxiliary parameter, and the third group of numbers (44) is a residual class referring to the auxiliary parameter as a module.   5. Device according to claim 4, characterized in that it further has an installation (10) to provide the auxiliary parameter, the facility (10) being designed so that the auxiliary parameter provided is a whole number less than the module.   6. Device according to claim 5, characterized in that the integer has 128 digits or less than 128 digits.   7. Device according to one of claims 4 to 6, characterized in that the first cryptographic operation is an increase to a power of the first message using the private key, and the second cryptographic operation is an elevation. to a power of the second message using the public key.   8. Device according to one of claims 4 to 7, characterized in that the installation (12) conversion is designed to perform the following operation: s = md mod Nt, where s represents the second message, m represents the first message, d represents the private key and N represents the module, t represents the auxiliary parameter and mod represents a modular reduction. i0   9. Device according to one of claims 4 to 8, characterized in that the installation (14) for establishing the public auxiliary key is designed to calculate the public auxiliary key so as to satisfy the following sui-vante: etd = 1 mod cD (t), where and is the public auxiliary key, d is the private key, mod is the modular reduction, D (t) is the phi function of Euler of the auxiliary parameter t and t is the auxiliary parameter.   10. Device according to one of claims 4 to 9, characterized in that the installation (16) for establishing the difference is designed to establish the difference according to the following equation: f = (m-set) mod where f represents the difference, m represents the first message, s represents the second auxiliary message, and represents the public auxiliary key, mod represents the modular reduction and t is the auxiliary parameter.   11. Device according to one of claims 4 to 10, characterized in that the facility (18) for calculating the second message is designed to perform the following operation: so = st 'mod N, where so is the second message, s is the second auxiliary message, f is the difference, mod is the modular reduction and N is the module that defi ne the first group of numbers (40).   12. Device according to one of the preceding claims, characterized in that the installation (18) calculation is designed to calculate the second message so that it is defined in the first group of numbers (42).   13. Device according to one of the preceding claims, characterized in that the first group of numbers comprises numbers greater than the third group of numbers and numbers less than the second group of numbers.   14. Device according to one of the preceding claims, characterized in that the installation (18) for calculating the second message is designed to subject the second auxiliary message to a function and a parameter, a neutral element being defined for the function, and the parameter combined with the difference gives the neutral element, when the conversion facility (12), facility (14), facility (16) or facility (18) did not make any errors, and the combined parameter with the difference does not give the neutral element when there was an error.   15. Device according to claim 14, characterized in that the function is identical to the first and / or the second cryptographic operation.   16. Device according to one of claims 1 to 3, characterized in that the asymmetrical cryptographic system is. an elliptic curve cryptography system, the first group (40) is an elliptic curve over a number (p), the second group (42) is an elliptic curve over a number (p) multiplied by the auxiliary parameter (t), the third group (44) is an elliptic curve on the auxiliary parameter (t).   17. Device according to claim 16, characterized in that there is further an installation (10), to provide the auxiliary parameter, which provides the auxiliary parameter so that it is a prime number.   18. Device according to claim 17, characterized in that the prime number has 64 digits or less.   19. Device according to one of claims 16 to 18, characterized in that the first cryptographic operation represents a multiplication of a point on an elliptic curve using the private key, the second cryptographic operation represents a multiplication of a point on an elliptic curve using the public key, and the point on the elliptic curve represents the first message.   20. Device according to one of claims 16 to 19, characterized in that the first message is a point on the elliptic curve over the number and the second message is another point on the elliptic curve over the number.   21. Device according to one of claims 16 to 20, characterized in that the installation (12) conversion is designed to perform the following operation: Q = mP on E (Z / pt), where Q is the second auxiliary message, m is the private key, P is the mes-sage, p is a number and t is the auxiliary parameter.   22. Device according to one of claims 16 to 22, characterized in that the installation (14) for establishing the public auxiliary key is designed to calculate the following equation: 2865086 34 min, = m- 'mod rt, where rt is an order of a point P located on the elliptic curve on the parameter t, mod represents a modular reduction, m- 'is an inverted private key and min is the public auxiliary key.   23. Device according to one of claims 4 to 9, characterized in that the installation (16) for establishing the difference is designed to calculate the following equation: R = m; nvQ P on E (Z / t) where R represents the difference and at the same time a point on the elliptic curve E (Z / t), m; nv is the public auxiliary key, Q is the second auxiliary message, P is the first message and t is the parameter auxiliary.   24. Device according to one of claims 16 to 23, characterized in that the facility (18) for calculating the second message is designed to calculate an auxiliary parameter which is equal to a sum of a first and a second projective coordinates of the difference and the computing facility (18) is designed to execute the following equation: S: = (k + 1) Q, where S is the second message, k is the auxiliary parameter and Q is the second auxiliary message.   25. Device according to claim 24, characterized in that the computing device (18) is designed to compute the second message as a point on the elliptic curve on the number p. Device according to one of the preceding claims, characterized in that the first group of numbers, the second group of numbers and the third group of numbers are defined in such a way that a message of the first group is not reproduced in the second group without cryptographic operation, in that there is a reproduction of a message of the second group in the first group, in that there is a reproduction of a message of the first group in the third group without operation of cryptography, and in that there is no reproduction of a message of the third group in the second group without cryptographic operation.   A method for converting a first message to a second message using an asymmetric cryptographic system that includes a public key, a private key, a first cryptographic operation that can be performed using the private key, and a second cryptographic operation that is using the public key, the first message being defined in a first group of numbers (40), characterized in that it comprises the following steps: converting (12) the first message into a second auxiliary message by using the first cryptographic operation, the private key and an auxiliary parameter (t), so that the second auxiliary message is defined in a second group of numbers (42), establish (14) a public auxiliary key, the installation ( 14) being designed to establish the public auxiliary key such that, together with the private key in a third group of numbers (44) which is t defined by the auxiliary parameter, it forms a pair of keys of the asymmetric encryption system, establish (16) a difference from the first message and a result from a conversion of the second auxiliary message using the second operation of cryptography and the public auxiliary key by referring to the third group of numbers, and calculating (44) the second message using the difference and the second auxiliary message.   A computer program comprising program code for performing the method of claim 27 when the computer program is running on a computer.