GB0307197D0 - Side channel attack prevention in data processing apparatus - Google Patents

Side channel attack prevention in data processing apparatus

Info

Publication number
GB0307197D0
GB0307197D0 GB0307197A GB0307197A GB0307197D0 GB 0307197 D0 GB0307197 D0 GB 0307197D0 GB 0307197 A GB0307197 A GB 0307197A GB 0307197 A GB0307197 A GB 0307197A GB 0307197 D0 GB0307197 D0 GB 0307197D0
Authority
GB
United Kingdom
Prior art keywords
data processing
base
mod
multiplying
exponent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0307197A
Other versions
GB2399904A (en
GB2399904B (en
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sharp Corp
Original Assignee
Sharp Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sharp Corp filed Critical Sharp Corp
Priority to GB0307197A priority Critical patent/GB2399904B/en
Publication of GB0307197D0 publication Critical patent/GB0307197D0/en
Priority to JP2004097245A priority patent/JP2004304800A/en
Publication of GB2399904A publication Critical patent/GB2399904A/en
Application granted granted Critical
Publication of GB2399904B publication Critical patent/GB2399904B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/723Modular exponentiation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7233Masking, e.g. (A**e)+r mod n
    • G06F2207/7247Modulo masking, e.g. A**e mod (n*r)
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7257Random modification not requiring correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

A data processing unit is provided that performs a modular exponentiation operation of the form m<d> mod N, having base (or plaintext) m, exponent d and modulus N. The data processing unit has a base blinding unit that modifies the base before the exponentiation operation such that the output of the modulus operation is unaffected. This is done by generating an integer k, multiplying k by N and adding this result to the base m. This has the effect of randomising the time that the encryption process takes such that the amount of useful side channel information leaked is reduced. The integer k could be generated by a random number generator so as to make the blinding random. Also the exponent blinding could be used, by multiplying the exponent d by the Euler totient function of N. The modulus could also be blinded, by multiplying N by an integer j to give W, then performing the modular exponentiation operation as (m<d> mod W) mod N. The operation can be part of an RSA cryptographic algorithm. The embodiment given is as used on a smart card.
GB0307197A 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus Expired - Fee Related GB2399904B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0307197A GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus
JP2004097245A JP2004304800A (en) 2003-03-28 2004-03-29 Protection of side channel for prevention of attack in data processing device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0307197A GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus

Publications (3)

Publication Number Publication Date
GB0307197D0 true GB0307197D0 (en) 2003-04-30
GB2399904A GB2399904A (en) 2004-09-29
GB2399904B GB2399904B (en) 2005-08-17

Family

ID=9955744

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0307197A Expired - Fee Related GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus

Country Status (2)

Country Link
JP (1) JP2004304800A (en)
GB (1) GB2399904B (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2888690A1 (en) * 2005-07-13 2007-01-19 Gemplus Sa CRYPTOGRAPHIC PROCESS FOR THE SECURE IMPLEMENTATION OF AN EXPONENTIATION AND ASSOCIATED COMPONENT
FR2898199A1 (en) * 2006-03-02 2007-09-07 Gemplus Sa METHOD OF SECURING THE EXECUTION OF A FOLLOWING LOGICALLY ENCHANCED STEPS
KR100940445B1 (en) 2007-11-20 2010-02-10 한국전자통신연구원 Apparatus for verifying hardware side channel
FR2926651B1 (en) * 2008-01-23 2010-05-21 Inside Contactless COUNTERMEASURE METHOD AND DEVICES FOR ASYMMETRIC CRYPTOGRAPHY
CA2752750A1 (en) 2009-02-27 2010-09-02 Certicom Corp. System and method for performing exponentiation in a cryptographic system
EP2365659B1 (en) * 2010-03-01 2017-04-12 Inside Secure Method to test the resistance of an integrated circuit to a side channel attack
DE102010064578B3 (en) * 2010-08-12 2015-12-10 Infineon Technologies Ag Cryptography processor, smart card and method of calculating a result of exponentiation
DE102010039273B4 (en) * 2010-08-12 2014-12-04 Infineon Technologies Ag Cryptography processor, smart card and method of calculating a result of exponentiation
US10594471B2 (en) 2015-03-20 2020-03-17 Cryptography Research, Inc. Multiplicative blinding for cryptographic operations
AT517983B1 (en) * 2015-11-18 2018-11-15 Siemens Ag Oesterreich Protection of a computer system against side channel attacks
FR3055437A1 (en) * 2016-08-23 2018-03-02 Stmicroelectronics (Rousset) Sas PROTECTION OF A MODULAR EXPONENTIATION CALCULATION
FR3055436A1 (en) 2016-08-23 2018-03-02 Stmicroelectronics (Rousset) Sas PROTECTION OF A MODULAR CALCULATION
CN109039590A (en) * 2017-06-09 2018-12-18 深圳九磊科技有限公司 Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack
FR3069671A1 (en) 2017-07-25 2019-02-01 Stmicroelectronics (Rousset) Sas PROTECTION OF AN ITERATIVE CALCULATION AGAINST HORIZONTAL ATTACKS
JP7155173B2 (en) * 2017-10-18 2022-10-18 クリプトグラフィ リサーチ, インコーポレイテッド Protecting Modular Inversion Operations from External Observation Attacks
EP3579493A1 (en) 2018-06-08 2019-12-11 STMicroelectronics (Rousset) SAS Protection of an iterative calculation
EP3579492A1 (en) 2018-06-08 2019-12-11 STMicroelectronics (Rousset) SAS Protection of an iterative calculation
FR3094522B1 (en) 2019-03-29 2021-11-19 St Microelectronics Rousset Protection of an iterative calculation
CN110730072B (en) * 2019-10-22 2023-02-03 天津津航计算技术研究所 Side channel attack resisting method for RSA password application

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks
US6304658B1 (en) * 1998-01-02 2001-10-16 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus

Also Published As

Publication number Publication date
GB2399904A (en) 2004-09-29
JP2004304800A (en) 2004-10-28
GB2399904B (en) 2005-08-17

Similar Documents

Publication Publication Date Title
GB2399904B (en) Side channel attack prevention in data processing apparatus
US7162033B1 (en) Countermeasure procedures in an electronic component implementing an elliptical curve type public key encryption algorithm
KR100720726B1 (en) Security system using ??? algorithm and method thereof
JP2001324925A5 (en)
US20080240443A1 (en) Method and apparatus for securely processing secret data
JP7123959B2 (en) Elliptic curve point multiplication device and method
WO1998024205A1 (en) 32n + d bit key encryption-decryption system using chaos
US6914986B2 (en) Countermeasure method in an electronic component using a public key cryptography algorithm on an elliptic curve
KR20150107784A (en) Cryptography method comprising an operation of multiplication by a scalar or an exponentiation
EP1248409A3 (en) Attack-resistant cryptographic method and apparatus
US9680647B2 (en) Method of using a token in cryptography
US8102998B2 (en) Method for elliptic curve scalar multiplication using parameterized projective coordinates
US7286666B1 (en) Countermeasure method in an electric component implementing an elliptical curve type public key cryptography algorithm
US20020021803A1 (en) Cryptographic identification and digital signature method using efficient elliptic curve
JP2009500710A (en) Apparatus and method for protecting a data processing device against attack or analysis
DE50108011D1 (en) CRYPTOGRAPHIC PROCESS AND CRYPTOGRAPHIC DEVICE
JP4626148B2 (en) Calculation method of power-residue calculation in decryption or signature creation
JP2005195829A5 (en)
US20050152539A1 (en) Method of protecting cryptographic operations from side channel attacks
KR101990861B1 (en) Non-modular multiplier, method for non-modular multiplication and computational device
Shams et al. Cryptosystem an Implementation of RSA using Verilog
RU2071180C1 (en) Public-key method for message encryption and device which implements said method
Sakai et al. Simple power analysis on fast modular reduction with NIST recommended elliptic curves
JP2006217193A (en) Encryption processor and encryption processing method
JPH11296075A (en) Message encoding method and deciphering device

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20160328