FR2984646A1 - Method for processing cryptographic data, involves randomly choosing derivative key from initial key to complement bit of initial key, and implementing derivation process based on selected key - Google Patents

Abstract

The method involves randomly choosing a derivative key from an initial key (K) to complement a bit of the initial key (E4), and implementing a derivation process based on the selected key. A non-linear operation is applied by reading in a lookup table, where the non-linear operation is applied to a particular byte, and the reading is performed at the lookup table determined by the given byte. The derivative key is applied (E8) to message data by an exclusive OR operation. An independent claim is also included for a device for processing cryptographic data.

Description

The invention relates to a data processing method and an associated device. Data processing methods, especially those involving cryptographic computations, are being attacked by malicious people who seek to obtain confidential data, such as secret cryptographic keys. A known type of attack, called "safe-error erase", consists in forcing to 0 (respectively force to 1) a bit of the cryptographic key during the implementation of the algorithm concerned ( when the physical implementation makes this operation possible) and to observe if the result of the algorithm is identical or different from the result obtained (for example during another implementation of the algorithm) without alteration of the key. understands that, if the result is identical, it is that the relevant bit of the cryptographic key is 0 (respectively 1), whereas if the result is different, the concerned bit is necessarily 1 (respectively 0).

By repeating this operation for all the bits of the cryptographic key, one can thus totally determine its value. In order to counter this type of attack in the context of the DES algorithm, it has been proposed to apply the algorithm either to the message M to be encrypted with the K key normally used, or to the message complemented M with the complemented key k the choice between these two possibilities being made randomly. It is recalled that complementing a data consists in modifying the value of each of its bits (i.e. to set to 0 all the bits equal to 1 and to set all the bits equal to 0). Thus, the attacker can not know at each implementation of the algorithm if the key actually used is K or K. This countermeasure is particularly simple to use. to implement in the case of the DES algorithm since it is enough, to find the result of the algorithm with the normal values (not complemented), to complement the result obtained by the use of complemented data: DES (M , K) = DES (M, K) This property is however not true in the case of the AES algorithm In this context, the invention proposes a cryptographic data processing method, including a derivation process at least one key derived from an initial key, said process comprising at least one non-linear operation (for example of the type SubWord in the case of the AES algorithm) with respect to an operation of or exclusive, characterized in what he understands the following steps: - random selection of a key from the initial key and the 1-bit-bit complement of the initial key; implementation of the derivation process on the basis of the chosen key. It is thus proposed to randomly use, at the input of the derivation process, either the usual key or its 1 bit-to-bit complement, although the process includes a non-linear operation. This provides protection against the attacks mentioned above. In practice, the non-linear operation is for example implemented by reading in a correspondence table. It can further be provided in this case that, the nonlinear operation being applied to a given byte, said reading is performed at an input of the correspondence table determined according to the given byte 25 and the choice randomly performed. The operation is thus similar whatever the choice made, which makes it possible to guard against attacks by auxiliary channels. On the other hand, when the derivation process includes a result generating process when the selected key is the initial key and the 1 bit bitwise complement of the result when the selected key is the 1 bit bitwise complement of the initial key, and that the derivation process comprises a combination by an operation of or exclusive of a byte obtained by said processing and a byte of the selected key, the derivation process may comprise an operation, prior to said combination, of masking of at least one byte combined. This avoids finding, at a time in the process, a value that is constant (due to a double application of the complement to 1) regardless of the random choice made and that could therefore be the target of attacks. The method includes, for example, a step of applying the derived key to message data by means of an exclusive operation. Said treatment may indeed be an AES type algorithm.

The method proposed here is typically implemented by an electronic circuit, for example a microprocessor, with the advantages associated with this type of implementation; alternatively, it could be a specific application integrated circuit. The invention also proposes a data processing device able to implement a derivation process of at least one key derived from an initial key, said process comprising at least one non-linear operation with respect to a transaction operation. or exclusive, characterized in that it comprises means configured to choose a key randomly from the initial key and the complement to 1 bit by bit of the initial key and means configured to implement the derivation process on the base of the chosen key. It is then possible to envisage means configured to apply the non-linear operation to a given byte by reading in a correspondence table at an input of the correspondence table determined according to the given byte and the choice made, this avoids attacks by auxiliary channels as already explained. Moreover, when the derivation process comprises a processing generating a result when the chosen key is the initial key and the complement to 1 bit by bit of the result when the chosen key is the complement to 1 bit by bit of the initial key and that the derivation process comprises a combination by an operation of or exclusive of a byte obtained by said processing and a byte of the chosen key, it is conceivable to use means configured to mask, prior to said combination, the at least one byte combined with the advantage mentioned above for this masking. Other features and advantages of the invention will become apparent in the light of the description which follows, made with reference to the accompanying drawings in which: - Figure 1 shows an example of a device capable of implementing the invention; FIG. 2 represents the main steps of a method implemented by the device of FIG. 1 and in accordance with the teachings of the invention; FIG. 3 represents an implementation that can be envisaged for the initialization step of FIG. 2; FIG. 4 represents an example of key derivation process according to the teachings of the invention; FIG. 5 represents an exemplary correspondence table used in the process of FIG. 4; FIG. 6 represents a possible solution for carrying out an exclusive or operation provided for in the process of FIG. 4.

FIG. 1 represents the main elements of a device able to implement the method proposed by the invention. It is a data processing device which comprises a microprocessor 2 connected (through suitable buses) on the one hand to a rewritable memory 4 (typically of the EEPROM type) and to a random access memory. Figure 1 is for example a microcomputer. Alternatively, it could be another type of electronic device, for example secure, such as a microcircuit card. The rewritable memory 4 contains in particular instructions of a computer program PROG which, when executed by the microprocessor 2, allow the implementation of the methods proposed by the invention, such as that described below.

The computer program PROG could alternatively be stored on another data medium (for example a hard disk), possibly removable (for example an optical disk or a removable memory). In this case, the computer program PROG can possibly be first transferred to the RAM 6 before it is executed by the microprocessor 2. When it is executed by the microprocessor 2, the computer program PROG implements a method cryptographic data processing which notably involves data to be processed.

The data to be processed (in particular the data M representing the processed message) are represented within the device of FIG. 1 (and in particular of the random access memory 6) by digital words each formed of several bits; here, for example, a representation of the data in the form of bytes is used.

The random access memory 6 stores the processed variables and data, in particular those manipulated by the methods described below. The data processing device, and precisely the microprocessor 2 that it incorporates, can exchange data with external devices by means of a communication interface 8.

1 shows the transmission of an input data x received from an external device (not shown) and transmitted from the communication interface 8 to the microprocessor 2. Similarly, the transmission is shown in FIG. an output data y of the microprocessor 2 to the communication interface 8 to an external device. This output data is derived from a data processing by the microprocessor 10, generally on the input data x, using a secret data K internal to the system, for example a private key. Although, for the illustration, the input data and the output data appear on two different arrows, the physical means that allow the communication between the microprocessor 2 and the interface 8 may be made by unique means, for example a serial communication port or a bus.

In the methods described hereinafter, a message M to which the AES algorithm is to be applied is part of the input data x, while the output data y comprises the encrypted message C, the result of the application to the message M of the AES algorithm using the cryptographic key K.

In a variant, the microprocessor 2 - non-volatile memory 4 - random access memory 6 may be replaced by a specific application circuit which then comprises means for implementing the various steps of the data processing method. More generally, the processing device is an integrated circuit.

The data processing device according to the invention may also be a microcircuit card. In this case, the communication interface 8 is produced by means of the contacts of the microcircuit card or of an antenna housed in the card body. This microcircuit card is, for example, in accordance with the ISO 7816 standard and provided with a card. secure microcontroller which includes the microprocessor (or CPU) 2 and the RAM 6. The input data x are for example APDU commands, and the output data y APDU responses. Alternatively, the data processing device may be a USB key, a document or a paper information carrier having in one of its sheets a microcircuit associated with contactless communication means. This is preferably a portable or pocket electronic entity. The device is for example secure. For example, the device comprises means capable of protecting it against attacks aimed at fraudulently obtaining the secret data it stores (for example, a cryptographic key) such as fault attacks and / or by hidden channel analysis (in English, "side channel attacks"). In particular, the device complies with FIPS or common criteria.

In the rest of the sequence, the operation of "or exclusive", or XOR, will be noted by means of the operator e, and the hexadecimal representation of a number will be written elsewhere.

Thus hFF corresponds to 255, that is to say 11111111 in binary representation, and the operation 0 hFF (ie realization of an exclusive or with the value 11111111 in binary) corresponds to the determination of the complement to 1 bit by bit: for any byte X , X 0 hFF = X. This notation is used in the following, even when the first operand (X in the preceding paragraph) comprises several bytes, it being understood that the operation 0 hFF then applies to each byte of the data concerned.

FIG. 2 represents the main steps of a method of implementing an AES algorithm according to the teachings of the invention. This method aims to apply the AES algorithm to a message M using a cryptographic key K, while being protected against attacks on this key K presented in the introduction.

This method starts at a step E2 at which variables A and B (of length one byte each) are initialized as described now with reference to FIG. 3. This initialization of the variables A and B begins with the random draw determination of the variable A at step E30.

The variable B is then initialized to the value A 9 hFF (step E32). A bit b (step E34) is then determined by random draw. If b is 0 (according to a test in step E36), the value of the variable A is written in this same variable A (step E38), whereas if b is equal to 1, the value of the variable B is written in the variable A.

Note that this initialization process is symmetrical (hence the interest of rewriting the value of the variable A in the same variable A in step E38) and an attacker will not be able to determine from the outside if the The method is in the case where b is 0 or in the case where b is 1. It also follows from these different steps that: - if b is 0, the sum A 9 B (used in the following) is hFF and apply l operation 0 A 0 B to a variable therefore amounts to complementing this variable; if b is 1, the sum A 9 B is h 00 and applying the operation 0 A 0 B to a variable will leave this variable unchanged. Step E42 consists of returning to these conditions at the main stages of FIG. 2, in particular step E3. In step E3, a variable m is determined by random draw and this value is applied to the message M to be processed by means of an "exclusive" operation (ie M m) in order to mask the message. E4, a variable of index i is initialized to 0, and the operation C, A 0 B is applied to each of the bytes of the cryptographic key K and the result is stored in a variable C_1 (consequently on several bytes) As explained above, the variable C_1 can therefore be equal to the key K (where b is equal to 1) or to the complemented key K (where b is 0). to the derivation of the key C, from the key Co according to a method described below with reference to FIG.

As explained in more detail below, this method is designed so that the input use of a complemented value (for example Ki where Ki is the key conventionally derived according to the AES algorithm) results in a value complemented by output (eg K.1). Thus, if the variable C_1 is equal to the cryptographic key K (where b is 1), each variable Ci calculated at this step will be equal to the key Ki conventionally derived according to the algorithm AES. On the other hand, if the variable C_1 is equal to the complemented cryptographic key K (where b is 0), each variable Ci calculated at this stage will be equal to the complement Ki (i.e. K, e hFF) of the corresponding key K.

Once the key C, derived (that this key is equal to the key K, of the algorithm AES or its complemented value), one applies in step E8 this key C, the data M treated by means of an operation XOR (or exclusive), that is to say that one calculates M e C; ; the value obtained is memorized in the variable M in order to apply thereafter the processes (without therefore preserving the previous value of the variable). In step E10, a masked box S (in English "S box") is then applied, using the random mask m determined in step E9, as described, for example, in the article "Secure Multiplicative Masking". of Power Functions "by L. Genelle, E. Prouff and M. Quisquater, Applied Cryptography and Network Security 2010. However, the input of the box S is used with the value M eAeB (the data M being masked following the operation of step E3). Thus: in the case where b is 0, the successive application (by means of an operation XOR 0) of the variable Ci, in this case equal to K, e hFF, and the value A 0 B (in box input S), equal in this case to hFF, amounts to applying K, (since hFF hFF = h00); in the case where b is 1, A CD B = h 00 and the successive application of the variable C 1, equal in this case to K 1, and the value AB (at the input of box S) therefore also amounts to applying As a result, in all cases, the data processed by the masked box S are the (masked) data usually processed by this box S, and the data provided in the AES algorithm at the output of box S are thus obtained at the output of box S. this step. Step E12 is then tested if the variable of index i is equal to 9. If not, step E14 is performed in the linear diffusion operations provided by the AES algorithm, conventionally known as "ShiftRows" and "MixColumns". ". These operations are performed here in a conventional manner and will therefore not be detailed. Step E16 described below is then carried out. If yes in step E12, proceed directly to step E16. Step E16 consists in incrementing the variable of index i. It is then tested in step E18 whether the variable of index i is strictly greater than 9. If not, it loops back to step E6 to process the next iteration of the AES algorithm. If so, we leave the loop to perform the final steps provided by the AES algorithm.

In particular, step E20 is carried out at the derivation of the key Clo in the same manner as was done for the other keys C in step E6, by means of the method described below with reference to FIG. The key C10 may therefore be equal to the derived key K10 provided by the algorithm AES (where b is equal to 1), or to its complement K10 0 hFF (where b is 0). In step E22, the key C10 is then applied to the previously processed data item M, in this case coming from box S at the iteration i = 9. As seen above, the box output data S is that provided by the AES algorithm. Therefore, when the key C10 is equal to the derived key K10 provided by the algorithm AES, the result is obtained in step E22 (and in the case where b is 1) the encrypted message C corresponding to the application of the AES algorithm and cryptographic key K input data M. On the other hand, when the key C10 is equal to the complement of the derived key, ie K10 hFF, the encrypted message C hFF is obtained in step E22, ie the complement of the message C (case where b is 0). The operation e A 0.- ') B already mentioned (step E24) is then applied, for example, to the result of step E22, which makes it possible to find in all cases the encrypted message C at the output (since A 0 B is worth h00 in the case where b is 1 and hFF in the case where b is 0). Figure 4 illustrates a key derivation process according to the teachings of the invention. As will become apparent from the following explanation and already mentioned above, this process is designed to generate a key Ki + 1 from a key Ki according to what is provided in the AES scheme (case where b is 1 and Ci = Ki), but also to generate the corresponding complemented key K1 + 1 G hFF when the key it receives at the input has been complemented and is therefore Ki 0 hFF (case where b is 0 and Ci = Ki hFF). In this context, it will be indicated in the following that a treatment T retains the property of complementarity if for any byte x: T (x e hFF) = T (x) hFF. As just indicated, the process of Figure 4 is designed to retain this property as explained now. In step E50, the RotWord operation conventionally used for each of the bytes of the key C, received as input, is first applied. This operation is linear with respect to the operation of "or exclusive" e and no particular treatment is necessary to preserve the property of complementarity: RotWord (k, 9 hFF) = RotWord (k,) 9 hFF, where ki is successively each of the bytes of the key K, then a function 6 or a function 6 'according to the value of b (ie depending on whether the key K complement) to each of the bytes resulting from the step E50: when b is equal to 1, the function 6 equal to the conventionally used SubWord function is applied; when b is 0, the function 6 'is applied which at any x byte associates : G '(x) = hFF 9 SubWord (xe hFF) In order to maintain the interest of the possible (random) use of complemented values, the application of the function a' does not directly use the function SubWord or 6, as this would involve returning to the normal value of the key being used (ie years complement) due to the application of operation e hFF. It is therefore proposed to carry out step E52 by means of two distinct look-up tables, a first correspondence table comprising the set of G (x) values for x varying from h00 to hFF. and a second lookup table comprising the set of values G '(x) for x varying from h00 to hFF, as shown in FIG. 5. Furthermore, before avoiding the auxiliary channel attacks 30 (also known as of "Sicle Channel Attacks"), it is proposed that the first table and the second table be juxtaposed so as to form a single table of 512 entries, the first 256 entries corresponding for example to the first table (values of G) and the 256 last entries corresponding then to the second table (values of e '). Thus, step E52 can be performed in practice by reading in this unique table at the input j + b * 256 where j is the result of step E50 and Ti is the complement of b. Therefore, when b is 1, we read the value G (j), that is SubWord (j), which corresponds to the conventional processing provided by the algorithm AES, whereas when b is 0, we read the value d ( j), ie hFF 0 SubWord (j 0 hFF), and thus preserves the desired complementarity property.

Then, in step E54, an "exclusive" operation e with the value Rcon is applied to each of the bytes resulting from step E52, in accordance with the AES algorithm, which is linear with respect to FIG. operation of "exclusive or" 0 and no particular action is necessary to maintain the property of complementarity at this stage.

Finally, step E56 is performed, to which is applied to each of the bytes of the key C, received as input an operation of "or exclusive" 0 with the corresponding value resulting from the step E54 (result of the application of the steps E50 , E52 and E54 to the relevant byte of the key C,), and possibly also with a byte obtained previously during the present step E56 (byte obtained in the column preceding that of the byte concerned as represented in FIG. , be processed four bytes before the byte concerned) in order to obtain the different bytes of the key C, + 1 as provided by the algorithm AES In the case where the complemented key is being derived (case where b is 0), the two values X, Y to be combined by this operation are the conventional values at this stage according to the AES algorithm, each however being complemented (notably because the steps E50, E52 and E54 retain the property of complementarity as explained above) It is therefore proposed, in order to implement step E56, to determine a mask p. by random draw and to add (in the sense of the operation 0) this mask to one of the values to be combined (for example with the value X) before combination, as represented in FIG. 6. Indeed, without this masking, we would end up by combining the two values complemented by the usual value for the AES algorithm at this stage and we would therefore lose the advantage of using, at random, complemented values in the calculations. Note that this masking can be achieved not only in the case where b is 0, but also in the case where b is 1, which allows to apply the same treatment in both cases. As a variant, this masking could be used only in the cases where b is 1. In order to find the desired value (not masked), the mask is applied again after combination, by adding to it (in the sense of the operation 0) the value hFF in the case where b is 0 in order to obtain in this case a complemented output value, as provided in the present embodiment. For example, it is proposed to perform this operation by applying the value i.teAeB 15 after combining (that is to say XO Ft 8 Y) as represented in FIG. 6, which makes it possible to obtain the result searched regardless of the value of b. The embodiment which has just been described is only one possible example of implementation of the invention, which is not limited thereto. In particular, in implementations of the AES algorithm where the successively derived keys are not stored and the processed message is masked, it is conceivable to design the derivation process so that it generates the key Ki +, conventionally derived according to the AES algorithm at this stage, that the derivation process is performed on the basis of the key K, or its complement to 1 bit bit Ki.

To do this, it is sufficient not to seek the complement when necessary (where b is 0 above) at the end of the derivation process: in this case, it is sufficient to unmask the result of the combination (step E56) by the value p. (instead of using the value iLt C ^ A 0 B as expected in Figure 6).

In addition, the case where the input message M is not complemented has been presented above. However, it is possible as a variant to optionally supplement the message (that is to say for example to perform the operation 0 A 0 B so that the message is complemented when b is 0), in the case where the process key derivation is in accordance with FIG. 4 (generation of K ,,, or of K, + 1 depending on the value of b) or in the case where the derivation process systematically generates K1 + 1 according to the variant which has just been to be mentioned.

Claims (10)

REVENDICATIONS1. A method for cryptographic processing of data, comprising a process of deriving at least one derived key (Co) from an initial key (K), said process comprising at least one non-linear operation (E52) with respect to an operation or exclusive, characterized in that it comprises the following steps: random selection (E2, E4) of a key (C_1) from the initial key (K) and the complement of 1 bit by bit (K ) the initial key; implementing the derivation process on the basis of the selected key (C-1). 2. Cryptographic processing method according to claim 1, characterized in that the non-linear operation (E52) is implemented by reading in a correspondence table. 3. A cryptographic processing method according to claim 2, characterized in that, the non-linear operation (E52) being applied to a given byte (j), said reading is performed at an input of the determined correspondence table. according to the given byte (j) and the random choice made (b). 4. Cryptographic processing method according to one of claims 1 to 3, characterized in that the derivation process comprises a treatment (E50; E52; E54) generating a result when the key chosen is the initial key and the complement to 1 bitwise of the result when the selected key is the 1-bit-bit complement of the initial key, in that the derivation process comprises a combination by an operation of or exclusive of a byte (X) obtained by said processing and one byte (Y) of the selected key and in that the derivation process comprises an operation, prior to said combination, of masking (ii) at least one of the combined bytes (X; Y). 5. Cryptographic processing method according to one of claims 1 to 4, characterized in that it comprises a step (E8) of applying the derived key to message data by means of an operation or exclusive. 6. Cryptographic processing method according to one of claims 1 to 5, characterized in that said processing is an AES type algorithm. 7. Cryptographic processing method according to claim 6, characterized in that the non-linear operation is a SubWord type operation. Data processing device capable of implementing a derivation process of at least one derived key (Co) from an initial key (K), said process comprising at least one non-linear operation (E52) by to an operation of or exclusive operation (CD), characterized in that it comprises: - means configured to choose (E2, E4) a key (C_1) randomly from the initial key (K) and the complement to 1 bitwise (K) of the initial key; means configured to implement the derivation process on the basis of the chosen key (C-1). 9. Data processing device according to claim 8, characterized in that it comprises means configured to apply the non-linear operation to a given byte by reading in a correspondence table at an input of the data table. match determined according to the given byte (j) and the choice made (b). Data processing apparatus according to claim 8 or 9, characterized in that the derivation process comprises a process (E50; E52; E54) generating a result when the selected key is the initial key and the 1-bit complement. bitwise of the result when the selected key is the 1-bit-bit complement of the initial key and the derivation process comprising a combination by an operation of or exclusive of a byte (X) obtained by said processing and a byte (Y) of the selected key, it comprises means configured to mask, prior to said combination, at least one of the combined bytes (X, Y).