JP2000083019A - Cryptograph processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve secrecy and security by providing a CPU, a RAM, a ROM, a cryptograph computing element, a random number generator and external interfaces, generating keys to be used for enciphering/decoding internally and continuing to output a public key externally but to keep a secret key secret internally. SOLUTION: A CPU, a RAM, a ROM, a cryptograph computing element, a random generator, a secret key data holding part, external I/F parts 102 to 108 and a clock generating part are provided in an cryptograph processor 101 of a same semiconductor element. Inside this processor, the CPU 102 generates keys to be used for enciphering/decoding by using the cryptograph computing element 105 etc., according to a storage program for the ROM 104, outputs a public key externally but keeps a secret key secret internally. Also, inside the processor, the clock generating part generates a clock by using a PLL etc., to prevent the effects of outer noise and the random number generator 106 generates a complete random number that is not a pseudo. Thus, information to be kept secret is prevented from being outputted and the security is improved.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION The configuration, manufacture, and
It relates to a security improvement method.

[0002]

2. Description of the Related Art Although a cryptographic operation itself can be processed by using a general-purpose information processing device, it is difficult for a general-purpose information processing device to keep secret a key used for encryption. In addition, a random number for generating a secret key is substituted with a pseudo random number.

[0003]

When a general-purpose information processing device in which a CPU, a memory, a cryptographic operation unit, and the like are composed of a plurality of semiconductor elements is used, there is a problem that it is difficult to conceal a secret key used for encryption. is there. This is because the cryptographic processing device is composed of a plurality of semiconductor elements, and secret information such as a secret key passes through signal lines between the semiconductor elements. Therefore, information can be easily obtained by observing the signal lines. This is to leak.

When noise is applied to a clock signal supplied to a semiconductor device, there is a problem that internal logic malfunctions.

[0005] In the random number generation for generating a secret key, the conventional pseudo random number generation method outputs the same numerical value in the same order when the seeds of the random numbers are the same, which is not suitable for high security random numbers. There is.

When an external storage device is connected to a semiconductor element for performing cryptographic processing, it is possible to infer the processing being performed inside the semiconductor element by observing a signal line connecting the semiconductor element and the external storage device. There is a problem that becomes possible.

[0007]

In order to prevent secret information such as a secret key from being output to an external signal line, a cryptographic processing in which a CPU, a memory, a cryptographic operation unit, and a random number generator are integrated in the same semiconductor element is used. Device.

Further, the key is generated in the semiconductor device,
This is a cryptographic processing device that outputs only the public key to the outside of the semiconductor element.

PLL for noise from clock signal
This is a cryptographic processing device that internally generates a clock by using such a method and does not directly use an external clock input.

In order to generate a complete random number instead of a pseudo random number, a cryptographic processing apparatus in which a random number generator using noise such as a constant voltage diode or a Zener diode is integrated in the same semiconductor element.

In order to connect the external storage element to the semiconductor element for performing the encryption process, all the information stored in the external storage element is transferred to the storage device in the semiconductor element, and thereafter, the information is stored in the storage device in the semiconductor element. This is a cryptographic processing device that performs cryptographic processing using only information.

Further, there is provided a cryptographic processing apparatus in which the arrangement of data lines of a bus inside a semiconductor element and the arrangement of data lines connected to an external storage device are exchanged to make it difficult to analyze information in the external storage device.

Further, the present invention is an encryption processing apparatus for encrypting information in an external storage device and decrypting and using the information in a semiconductor device.

[0014]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment of the present invention is shown in FIGS.
Will be described.

FIG. 1 is a block diagram schematically showing the configuration of the cryptographic processing apparatus of the present invention.

On a single semiconductor device (101), a CPU
Each functional block of (102), RAM (103), ROM (104), cryptographic operation unit (105), random number generator (106), secret key data holding unit (107), and external I / F (108) is integrated. The following configuration is adopted. The cryptographic operation unit (105) is mainly composed of a remainder operation unit (110), and performs multi-bit remainder operation, addition / subtraction, and logical operation at high speed.

Each block is connected by an internal bus (109), but is connected to the outside of the semiconductor only through an external I / F (108), and is directly connected to an internal bus from the external bus (111) of the semiconductor element (101). The bus (109) cannot be driven. External I / F for inside and outside of semiconductor
Completely independent via (108).

Further, a clock generator (112) such as a PLL is provided in the semiconductor element, and a clock used in the semiconductor is also generated in the semiconductor, and a clock supplied from outside the clock supply line (113) is not used directly in the semiconductor. .

When it is necessary to match the timing with the outside due to data transfer with the outside, etc., the external clock supply line (1
The clock supplied in 14) is used only for the external I / F (108) and is not supplied to other blocks.

As a result, even when noise or the like is applied to the external clock, it is possible to prevent the internal blocks from malfunctioning. Even if noise is applied to the reference clock supply line (115) of the PLL operation, only the PLL is unlocked. By keeping the fluctuation range of the oscillation frequency of the PLL within the operation range of each block, the internal Block malfunction can be prevented.

The algorithm of the encryption process is ROM (104)
Is stored as a program in the
(102) is executed, and the encryption process proceeds. The RAM (103) serves as a temporary storage device during the encryption process.
Is used.

By adopting such a configuration, even if a signal line is observed from outside the semiconductor, no internal information is output, so that it is possible to construct a highly secure encryption device.

The encryption processing device of the present invention generates a key required for encryption by itself. When using a public key cryptosystem based on a remainder operation, it is necessary to generate a public key and a secret key unique to the present cryptographic processing apparatus. To do so, it is necessary to generate two prime numbers p and q having a predetermined bit length.

In order to obtain a prime number, first, an odd random number having a predetermined bit length is generated (202). A remainder operation or the like is performed using the random number to determine whether or not the number is a prime number (203). If it is not a prime number, 2 is added to obtain the next odd number, and the prime number is determined. By repeating such processing, two prime numbers p and q are obtained. Next, the product m =
Find p * q. The product m (205) becomes one of the public keys and is used also in the semiconductor element. Also, when r is a positive integer other than 0, the value n = (p-1) * obtained from the prime numbers p and q
(q-1) * r + 1 is calculated, and a (206), b (20
7), and either a or b is used as a public key (210) and the other is used as a secret key (209). For example, m and b are used as public keys (210), and a is used as a secret key (209). Once m, a, and b are determined, p and q become unnecessary. However, if p, q and b are known, a can easily be obtained, so that p and q are kept secret or discarded when m, a and b are determined.

The secret key (209) is stored in the secret key data holding unit (208) and used as a key for the encryption / decryption processing (211).

Since the ciphertext that can be decrypted by the present cryptographic processing apparatus is encrypted with the public key (210) unique to the present cryptographic processing apparatus, the ciphertext is converted using the secret key a (209) and m. Decrypt.

When creating a ciphertext that can be decrypted only by a specific partner, a public key m ', b' (214) unique to that partner.
The public key setting unit (215) of the cryptographic processing device (201)
And the plaintext is converted into a ciphertext using m 'and b'.

The plaintext encrypted with the secret key unique to the cryptographic processing device of the present invention can be decrypted only with the public key unique to the cryptographic processing device of the present invention. Can be proved to be encrypted.

If a plaintext can be obtained by decrypting with the public key of the other party, it can be confirmed that the other party has encrypted the plaintext.

As described above, both the secret key and the partner's public key are used for encryption and decryption.

In the cryptographic processing apparatus of the present invention, the semiconductor device (2
01), the public key (210) is output, but the secret key (209) is not output.

Here, the public key cryptosystem based on the remainder operation has been described as an example, but any public key cryptosystem that generates a secret key and a public key based on a random number can be processed by the cryptographic processing device of the present invention. .

As described above, by keeping the secret key generated within the semiconductor itself only inside the semiconductor, high security can be ensured.

A second embodiment of the present invention will be described with reference to FIG.

FIG. 3 shows a configuration of a random number generator for generating a random number from a random physical phenomenon.

The random number generator (301) generates a random number based on noise of a constant voltage diode or a zener diode. FIG. 3 shows the generation circuit.

FIG. 3 includes a low-pass filter (304) composed of a constant voltage diode (301), a resistor (302) and a capacitor (303), a comparator (305), and a flip-flop (306).

The constant voltage diode (301) generates noise like the signal waveform (307). This noise is
This is a physical phenomenon caused by avalanche breakdown occurring at random. When this noise passes through a low-pass filter (304), it takes a value close to the average value of the signal waveform (307) as shown in a signal waveform (308). By inputting these two signals to the comparator (305), the signal waveform (309)
Can be converted into a binary signal having a random pulse width. This signal is further synchronized with a reference clock in the semiconductor device by a flip-flop (306) to obtain a random bit signal waveform (310).

A random number is obtained by inputting this random bit string into the shift register with only necessary bits or measuring the number of pulses per unit time.

As a result, it is possible to obtain an unreproducible random number without any seed in generating the random number.

Further, an average value (308) of the noise-containing signal (307) is obtained by the low-pass filter (304), and the average value is compared with the noise-containing signal to obtain the voltage of the constant voltage diode as a temperature or the like. Therefore, it is possible to configure a random number generator that does not affect the random number generation even if a voltage fluctuation or the like occurs due to.

A third embodiment of the present invention will be described with reference to FIG.

FIG. 4 shows a configuration in which the secret key data holding unit is composed of a battery-backed SRAM.

The semiconductor element (401) of the present invention is provided with a main power supply (403) for the internal ethics block (402) and a power supply (405) dedicated to the secret key data holding unit (404). Main power supply (403) and data retention power supply (405)
Is the SRAM (4) via the diode (406) (407).
04) as the power supply (408). The same power supply (408) is also used as a power supply for the SRAM control circuit (409). The gate (410) is connected to the initialization signal (411) used in the internal logic block and the main power supply (40).
3) until the power is supplied to the main power supply (403) and the initialization of the internal ethics block is completed.
All signals to the SRAM (404) are fixed so as to be invalid. As a result, even in a state where power is supplied to a part of the semiconductor and power supply to other parts is stopped, unnecessary leakage current and the like can be eliminated. , Or malfunctions at a voltage lower than the operation guarantee, the effect can be cut off.

When the gate (410) outputs "L", the gate (412) outputs "L" and the address signal line (41)
No matter what the voltage of 3), it does not change. Further, the gate (415) also outputs "L" to increase the output impedance of the buffer (416), so that the data signal line (418)
No leakage current flows. The gate (42)
0) also outputs "L", and the data signal line (42)
Whatever the voltage of 3), it is not transmitted to the data signal line (419). Further, the gate (424) outputs "H" to invalidate the control signal (426) and stops the operation of the SRAM.

Gate (410) (412) (415)
The input signals (413), (417), (4)
23) Since the leakage current flowing through (422) and (425) can be suppressed very small, the internal logic block (40
Even if the power supply to 2) is stopped, the data holding power supply (4
The power of 05) does not leak. As a result, the power consumed from the data holding power supply (405) can be minimized, and the backup battery (428)
Life can be extended.

When power is supplied from the main power supply (403) and the initialization of the internal logic block is completed, the gate (41)
0) outputs "H". Then, the gate (412)
The data on the address signal line (413) is transmitted to the address signal line (414). The gate (415) enables the buffer (416) when the SRAM read signal (417) is valid, and transmits the data of the data signal line (419) to the data signal line (418). The gate (420) is connected to the buffer (421) when the SRAM write signal (422) is valid.
Is valid and the data of the data signal line (423) is transmitted to the data signal line (419). The gate (424) transmits the data of the control signal line (425) to the control signal line (426). Thereby, the SRAM (404) can be normally accessed.

Further, various sensors are provided in a case such as a housing for accommodating the present cryptographic processing apparatus (401), and a data holding power supply (405) supplied from a battery (428) based on signals from these sensors. ) For controlling the abnormality (42)
7) is provided. When the disassembly or disassembly of the case is detected, the power supply to the SRAM (404) is stopped, and the secret key is lost.

Further, when the power is supplied from the main power supply (403), the abnormality detector (427) operates and the power supply from the data holding power supply (405) is cut off. Since power is supplied from (403) to the SRAM (404), an abnormality detection signal (429) is input to the internal logic block (402) to notify the abnormality and limit or stop the operation.

In the semiconductor element (401), the power supply to the SRAM may be integrated, but the power from the main power supply and the battery is
The power supply to the SRAM (404) may be cut off when the abnormality is integrated in the abnormality detector (427) and the abnormality is detected in any case.

Thus, even if the device is disassembled, the secret key does not leak out of the semiconductor element.

A fourth embodiment of the present invention will be described with reference to FIGS.

FIG. 5 shows an external storage element control circuit (505) and an external storage element address bus (505) so that a storage element (510) can be provided outside the semiconductor element (501) which is the cryptographic processing apparatus of the present invention. 511), external storage element data bus (512), external storage element access signal (513)
b), a configuration in which an external storage element write signal (514b) is provided. An address signal (503) and a data signal (504) in the logical block (502) inside the cryptographic processing apparatus.
Is input to the external storage element control circuit (505), and the output buffer (50) is supplied to the external storage element address bus (511).
6), to the external storage element data bus (512),
The connection is made through the input / output buffer (507).

An output buffer (506) having a control line for increasing the output impedance is used, and the control line is connected to an external storage element access signal (513a) to access the storage element (510). Only the address is output to the outside of the semiconductor element (501).

The logical product of the write control signal (514a) and the external storage element access signal (513a) is gated (509) in the output buffer of the input / output buffer (507).
Is input and the data is output to the outside of the semiconductor element (501) only when accessing and writing to the external storage element.

The data conversion unit (508) rearranges the bits of the data bus, making it difficult to analyze data exchanged with the external storage element.

Further, the data in the external storage element (510) is not accessed as needed when necessary.
First, all data is transferred to a storage element such as a RAM inside the semiconductor element (501), which is the cryptographic processing apparatus of the present invention, and thereafter processing is performed only inside the semiconductor element.

As a result, even if the external storage element address bus (511) and the external storage element data bus (512) are observed, it becomes impossible to estimate the internal encryption processing operation.

FIG. 6 shows a data conversion unit in FIG. 5 in which a specific bit is inverted instead of rearranging bits. The data conversion unit (608) is provided with an exclusive OR gate (615) for the data bus width and for each bit input / output. The register (616) determines whether to invert the data of each data line. ).

Further, a combination of the two may be performed, or a more advanced encryption process may be performed.

[0061]

According to the cryptographic processing apparatus of the present invention, since the secret key generated inside the semiconductor is kept secret in the semiconductor element, the security and security are high. The internal operation clock is also generated in the semiconductor, and the internal logic does not malfunction even when noise or the like is applied to the clock supplied from the outside, so that confidentiality and security are high. In addition, by obtaining a random number, which is the base data for key generation, from a random number generator using physical phenomena, the accuracy of the random number increases, and it becomes more difficult to guess the secret key, so that confidentiality and security are high. . In addition, the data to be kept secret such as a secret key is stored in a battery-backed SRAM, and if an abnormality is detected, the backup power supply is turned off, the data to be kept secret is erased, and the data such as the secret key should be kept secret. High confidentiality and security to prevent data leakage. Also, all cryptographic processes are closed and processed only within the semiconductor,
Since information on the progress of encryption processing is not output to the address bus or data bus, which is a key to internal operations, it is necessary to infer the encryption processing performed internally even when observing signals outside the semiconductor. Is difficult, so security and security are high.

[Brief description of the drawings]

FIG. 1 is a diagram showing a cryptographic processing device according to a first embodiment of the present invention.

FIG. 2 is a diagram showing key generation and encryption processing operations according to the first embodiment of the present invention.

FIG. 3 is a diagram showing a random number generator according to a second embodiment of the present invention.

FIG. 4 is a diagram showing a secret key holding unit according to a third embodiment of the present invention.

FIG. 5 is a diagram showing a first external storage element control circuit according to a fourth embodiment of the present invention.

FIG. 6 is a diagram showing a second external storage element control circuit according to a fourth embodiment of the present invention.

[Description of Signs] 101, 201, 401, 501, 601 Semiconductor element 102 CPU 103 RAM 104 ROM 105 Cryptographic operation unit 106 Random number generator 107 Secret key data holding unit 108 External I / F 109 ... Internal bus 110 ... Remainder arithmetic unit 111 ... External bus 112 ... Clock generator 113 ... Clock supply line 114 ... External clock supply line 115 ... Reference clock supply line 202 ... Odd number random number generation 203 ... Primary number determination 204 ... Key generation 205 … M 206… a 207… b 208… private key data holding unit 209… private key a 210… public key m, b 211… encryption / decryption processing 212… plaintext 213… ciphertext 214… the other party's public key m ′, b '215: public key setting unit 301: constant voltage diode 302 ... resistor 303 ... capacitor 304 ... low pass filter 305 ... comparator 306 ... flip-flop 307 ... noise signal waveform 308 ... noise average value signal waveform 309 ... random pulse signal waveform 310 ... Random bit signal waveform 402, 502, 602 ... internal logic block 403 ... Power supply 404: Private key data holding unit, SRAM 405: Power supply for data holding 406,407 ... Tide 408 ... SRAM power supply 409 ... SRAM control circuit 410, 412, 415, 420, 424, 509, 609 ... Gate 411 ... Initialization signal 413,414 ... Address signal lines 416,421 ... Buffer 417 ... SRAM read signal 418,419,423 ... Data signal line 422 ... SRAM write signal 425,426 ... Control signal 427 ... Battery detector 428 ... Battery 429 ... Abnormal detection signal 503,603 ... Address signal 504,604 ... Data signal 505, 605: External storage element control circuit 506, 606: Output buffer 507, 607: Input / output buffer 508, 608: Data converter 510, 610: External storage element 511, 611: External storage element address bus 512, 612: External Storage element data bus 513a, 513b, 613a, 613b ... External storage element access signal 514a, 514b, 614a, 614b ... External storage element write signal 615 ... EX-OR gate 616 ... Register

Claims (15)

[Claims] 1. A semiconductor device comprising: a CPU; a RAM;
A cryptographic processing device comprising a ROM, a cryptographic operation unit, a random number generator, and an external interface. 2. The encryption processing device according to claim 1, wherein a key used for encryption / decryption is generated in a semiconductor device. 3. A cryptographic processing apparatus capable of processing public key cryptography, wherein, among the generated keys, the public key is output outside the semiconductor element, and the secret key is kept secret in the semiconductor element. Item 3. The encryption processing device according to Item 2. 4. Encryption processing for encryption / decryption is performed using a key generated in a semiconductor device, and exchange of data with the outside at the time of encryption processing of main data includes only plaintext and ciphertext. 4. The cryptographic processing device according to claim 3, wherein: 5. The cryptographic processing apparatus according to claim 1, wherein a clock signal generator such as a PLL is provided in the same semiconductor element, and an external clock is not used directly. . 6. A storage device for holding information such as a secret key to be concealed in a semiconductor device.
The cryptographic processing device according to the above. 7. The cryptographic processing apparatus according to claim 6, wherein a battery-backed SRAM is used to hold information such as a secret key to be kept secret. 8. The cryptographic processing apparatus according to claim 2, wherein a random number obtained from a random physical phenomenon is used to generate a key used for encryption. 9. The cryptographic processing apparatus according to claim 1, further comprising an interface for connecting a storage element outside the semiconductor element. 10. The cipher according to claim 9, wherein the memory bus connected to the storage element outside the semiconductor element is connected to the memory bus inside the semiconductor element via an external memory bus control circuit. Processing equipment. 11. The cryptographic processing device according to claim 9, wherein the capacity of the storage element inside the semiconductor device of the present invention is larger than the capacity of the external storage element. 12. A storage device in a semiconductor device, wherein all data in an external memory device is first read into the storage device in the semiconductor device, and thereafter, only the storage device in the semiconductor device operates. The cryptographic processing apparatus according to claim 9, 10 or 11, wherein the storage device accesses only once at first. 13. The cryptographic processing apparatus according to claim 10, further comprising an external memory bus control circuit that does not transmit a signal on a bus inside the semiconductor to an external memory bus except when accessing an external storage device. 14. The cryptographic processing apparatus according to claim 9, wherein the arrangement of data on the bus inside the semiconductor chip and the arrangement of data on the external memory bus are different. 15. The cryptographic processing apparatus according to claim 9, wherein the encrypted data in the external storage device is decrypted by an external memory bus control circuit.