GB2399904B - Side channel attack prevention in data processing apparatus - Google Patents

Side channel attack prevention in data processing apparatus

Info

Publication number
GB2399904B
GB2399904B GB0307197A GB0307197A GB2399904B GB 2399904 B GB2399904 B GB 2399904B GB 0307197 A GB0307197 A GB 0307197A GB 0307197 A GB0307197 A GB 0307197A GB 2399904 B GB2399904 B GB 2399904B
Authority
GB
United Kingdom
Prior art keywords
base
data processing
operation
mod
multiplying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
GB0307197A
Other versions
GB0307197D0 (en
GB2399904A (en
Inventor
John Patrick Nonweiler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sharp Corp
Original Assignee
Sharp Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sharp Corp filed Critical Sharp Corp
Priority to GB0307197A priority Critical patent/GB2399904B/en
Publication of GB0307197D0 publication Critical patent/GB0307197D0/en
Publication of GB2399904A publication Critical patent/GB2399904A/en
Application granted granted Critical
Publication of GB2399904B publication Critical patent/GB2399904B/en
Application status is Expired - Fee Related legal-status Critical
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/723Modular exponentiation
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7233Masking, e.g. (A**e)+r mod n
    • G06F2207/7247Modulo masking, e.g. A**e mod (n*r)
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7257Random modification not requiring correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Abstract

A data processing unit is provided that performs a modular exponentiation operation of the form m<d> mod N, having base (or plaintext) m, exponent d and modulus N. The data processing unit has a base blinding unit that modifies the base before the exponentiation operation such that the output of the modulus operation is unaffected. This is done by generating an integer k, multiplying k by N and adding this result to the base m. This has the effect of randomising the time that the encryption process takes such that the amount of useful side channel information leaked is reduced. The integer k could be generated by a random number generator so as to make the blinding random. Also the exponent blinding could be used, by multiplying the exponent d by the Euler totient function of N. The modulus could also be blinded, by multiplying N by an integer j to give W, then performing the modular exponentiation operation as (m<d> mod W) mod N. The operation can be part of an RSA cryptographic algorithm. The embodiment given is as used on a smart card.
GB0307197A 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus Expired - Fee Related GB2399904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0307197A GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0307197A GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus
JP2004097245A JP2004304800A (en) 2003-03-28 2004-03-29 Protection of side channel for prevention of attack in data processing device

Publications (3)

Publication Number Publication Date
GB0307197D0 GB0307197D0 (en) 2003-04-30
GB2399904A GB2399904A (en) 2004-09-29
GB2399904B true GB2399904B (en) 2005-08-17

Family

ID=9955744

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0307197A Expired - Fee Related GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus

Country Status (2)

Country Link
JP (1) JP2004304800A (en)
GB (1) GB2399904B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2888690A1 (en) * 2005-07-13 2007-01-19 Gemplus Sa Cryptographic method for the secure implementation of exponentiation and component therefor
FR2898199A1 (en) * 2006-03-02 2007-09-07 Gemplus Sa Method of securing the execution of a following logically enchanced steps
KR100940445B1 (en) 2007-11-20 2010-02-10 한국전자통신연구원 Apparatus for verifying hardware side channel
FR2926651B1 (en) * 2008-01-23 2010-05-21 Inside Contactless Countermeasure method and devices for asymmetric cryptography
US8577028B2 (en) 2009-02-27 2013-11-05 Certicom Corp. System and method for performing exponentiation in a cryptographic system
EP2365659B1 (en) * 2010-03-01 2017-04-12 Inside Secure Method to test the resistance of an integrated circuit to a side channel attack
DE102010064578B3 (en) * 2010-08-12 2015-12-10 Infineon Technologies Ag Cryptography processor, smart card and method of calculating a result of exponentiation
DE102010039273B4 (en) * 2010-08-12 2014-12-04 Infineon Technologies Ag Cryptography processor, smart card and method of calculating a result of exponentiation
AT517983B1 (en) * 2015-11-18 2018-11-15 Siemens Ag Oesterreich Protection of a computer system against side channel attacks
FR3055436A1 (en) 2016-08-23 2018-03-02 St Microelectronics Rousset Protection of a modular calculation
FR3055437A1 (en) * 2016-08-23 2018-03-02 St Microelectronics Rousset Protection of a modular exponentiation calculation

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035782A1 (en) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks
WO1999035782A1 (en) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Finding a small root of a univariate modular equation Coppersmith D Proceedings, Advances in Cryptology - EUROCRYPT '96, Saragossa, Sphttp://dsns.csie.nctu.edu.tw/ research/crypto/HTML/PDF/E96/155.PDF *
Universal padding schemes for RSA Coron J et al. 22nd Annual International Cryptology Conference 18-22 Aug. 2002 . Proceedings (Lecture Notes in Computer Science Vol.2442), pages 226 - 241 ISBN 3-540-44050-X http://www.gemplus.com/smart/r_d/publications/pdf/CJNP02pd.pdf *

Also Published As

Publication number Publication date
GB0307197D0 (en) 2003-04-30
GB2399904A (en) 2004-09-29
JP2004304800A (en) 2004-10-28

Similar Documents

Publication Publication Date Title
US5271061A (en) Method and apparatus for public key exchange in a cryptographic system
Costello et al. Efficient algorithms for supersingular isogeny Diffie-Hellman
US5799088A (en) Non-deterministic public key encrypton system
US5159632A (en) Method and apparatus for public key exchange in a cryptographic system
DE69929251T2 (en) Encryption system with a key of changing length
JP4671571B2 (en) Secret information processing device and memory for storing secret information processing program
EP1262037B1 (en) Portable data carrier provided with access protection by dividing up codes
Jurišic et al. Elliptic curves and cryptography
CA2267721C (en) Scheme for fast realization of encryption, decryption and authentication
AU719462B2 (en) Cyclotomic polynomial construction of discrete logarithm cryptosystems over finite fields
EP2197149A1 (en) Device and method for processing data
Fan et al. An updated survey on secure ECC implementations: Attacks, countermeasures and cost
US7853012B2 (en) Authentication system executing an elliptic curve digital signature cryptographic process
US6298135B1 (en) Method of preventing power analysis attacks on microelectronic assemblies
TW410310B (en) A method for generating pseudo-random numbers
Vanstone Next generation security for wireless: elliptic curve cryptography
US20070177721A1 (en) Tamper-proof elliptic encryption with private key
GB2321741A (en) Verification of electronic transactions
JP5412274B2 (en) Protection from side channel attacks
US20050078821A1 (en) Security system using RSA algorithm and method thereof
US7065788B2 (en) Encryption operating apparatus and method having side-channel attack resistance
US7483533B2 (en) Elliptic polynomial cryptography with multi x-coordinates embedding
HK1129005A1 (en) Secure modular exponentiation with leak minimization for smartcards and other cryptosystems
EP1133099A3 (en) Method and apparatus for symmetric-key encryption
KR100938030B1 (en) Method for testing probable prime numbers for cryptographic programs

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20160328