JP2005020735A - Side channel attack prevention in data processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data processing method which calculates a multiple k of a data item P using a repetitive b<SP>w</SP>related window algorithm. <P>SOLUTION: A data processing method to calculate the multiple k of a data item P which uses a left-to-right "double and addition" type algorithm of a repetitive binary notation with a window size of 2 is provided. An option of the data item which includes at least one multiple of P is provided. In a specific repetition of the algorithm, the multiple of P required for the repetition to be used in a part of the "addition" of the algorithm is decided. Then, the multiple is selected from the option depending on a necessary multiple, and an adjustment indicator is set depending on a relation between a necessary multiple and the selected multiple. In a repetition followed, the necessary multiple is decided depending on the adjust indicator from a previous repetition. A multiplier used in a part of the "double" of the algorithm is 4. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to prevention of side channel attacks in a data processing apparatus, for example, a smart card using a cryptographic algorithm to keep data secret.

  FIG. 1 of the accompanying drawings is a block diagram showing the main parts of a typical smart card known as an integrated circuit card (ICC). A smart card 1 in FIG. 1 includes a memory unit 3, a central processing unit (CPU) 5, an input / output (I / O) unit 7, and a processing unit 9. The CPU 5 performs bidirectional communication with the memory unit 3, the I / O unit 7, and the processing device 9. These parts are usually contained within one integrated circuit embedded in the smart card 1. The smart card 1 may be a contact type or a non-contact type.

  The smart card 1 can communicate with external devices via the POWER and CLK channels to receive the necessary power and clock signal CLK (although some smart cards have an internal power supply or clock source) Data can be communicated to and from the smart card 1 by communicating with an external device via the I / O channel. Such communication is performed either by electrical signals through contact pins of the contact card or by electromagnetic inductive, capacitive or optical coupling of the non-contact card.

  Smart cards find many uses when the security and integrity of the data stored on the card and the data communicated to or from the card is of paramount importance. For example, a smart card can serve as an identity card used to prove the identity of the cardholder. The smart card can also be used as a medical card that stores the entire medical history of the person. Furthermore, the smart card can be used as a credit / debit bank card that allows offline transactions. For this reason, smart cards typically have encryption / decryption capabilities so that sensitive data can be encrypted before leaving the card via the I / O channel.

  In the smart card 1 shown in FIG. 1, such encryption is performed by the processing device 9. For example, when the data stored in the memory unit 3 needs to communicate with an external request device via an I / O channel, this data is requested from the memory unit 3 by the CPU 5 and is processed as the input data DIN by the processing device 9. Sent to. The processing device 9 encrypts the input data DIN and generates encrypted output data DOUT. DOUT is returned to the CPU 5, transferred to the I / O unit 7, and then transmitted to an external request device via the I / O channel.

  Any suitable encryption model can be used in the processor 9 to perform the encryption. Examples of encryption algorithms used in smart cards include data encryption standards (DES), triple DES, advanced encryption standards (AES), high-speed data encryption algorithms (FEAL), and international data encryption algorithms (IDEA). There is a symmetric (or secret) key cipher. Alternatively, the use of asymmetric (or public) key encryption algorithms such as the Rivest-Shamir-Addressman (RSA) algorithm and the Rabin encryption scheme is also possible.

FIG. 2 of the accompanying drawings is a block diagram illustrating a conventional encryption model that represents both public and private key cryptosystems. In this model, the two parties, X and Y, attempt to conduct a private communication over the public channel 13 using cryptography. Party X uses encryption unit E to encrypt plaintext T using encryption key K _X (a public key in the asymmetric encryption model and a secret key in the symmetric encryption model), A ciphertext C to be communicated to the party Y via the public channel 13 is generated. Party Y by using the secret key K _Y corresponding to the decoding unit D and the key K _X, and decrypts the ciphertext C, and reproduce the original plaintext T.

However, a third party Z eavesdrops on a private exchange between X and Y by monitoring the public channel 13. Third party Z knows all the details about the cryptographic algorithm used, except for the secret key K _X , has many ciphertext samples, and has several plaintext and ciphertext pairs ( As well as plaintext obtained from either party X or party Y by some other means). The information collected in this way is then subjected to computational aggregation cryptographic analysis to decrypt the used cipher and determine the secret key used to generate or decrypt the ciphertext.

  However, modern encryption techniques have been developed to be more resistant to such conventional attacks based on computational analysis of the power collected by conventional methods. Therefore, the use of other information sources that are less obvious based on the physical implementation of the encryption system has recently attracted attention.

  In practice, a cryptographic system is implemented in a physical device that interacts with and is affected by the environment. Electronic devices such as pagers and smart cards consume power, emit radiation, and react to temperature changes and electromagnetic fields while operating. These physical interactions can be manipulated and monitored by a third party such as Z to provide useful information in cryptographic analysis. The conventional encryption model shown in FIG. 2 does not consider the physical side effects of using encryption in the real world, and the more realistic model is a “side channel” as shown in FIG. 3 of the accompanying drawings. Can be explained using the concept of Side channels are a source of information specific to physical implementations, and attacks using such information are called “side channel attacks”.

  For example, the amount of time it takes to calculate a cryptographic function depends not only on what the function does, but also on what input passes through. In addition to the message to be encrypted, the encryption function typically takes a secret key as input, so the value of the secret key can affect the timing characteristics that are publicly observable. Such an attack based on timing side channel information has been proposed in an article named Non-Patent Document 1. This document outlines a cryptographic analysis method that allows an attacker to analyze a measure of the time taken to calculate several RSA signatures and infer the secret key of the signed entity.

  In addition, the electronic device draws current from the power source during operation. The amount of current drawn by the electronic device, ie, power consumption, varies as the logic gate (usually CMOS) switches during the operation of the encryption algorithm. Power consumption is useful to the enemy because it correlates with the calculations being performed. One of the most threatening types of side channel attacks based on power analysis is a type called differential power analysis (DPA) proposed in Non-Patent Document 2.

  Another form of side channel attack is based on intentionally introducing errors into the encryption system and then monitoring the effects caused by the errors. In Non-Patent Document 3, Boneh, DeMillo and Lipton introduce an error-based side channel attack based on observation of errors induced in hardware device leak information for the implemented encryption algorithm. By exposing the encryption device to ionization or microwave radiation, an error can be introduced into a random bit position in one of the registers that can be used to factor out the coefficients of the RSA public key encryption algorithm. Bihim and Shamir proposed in Non-Patent Document 4 a channel attack based on an error called failure difference analysis (DFA). This attack is effective against symmetric or secret key cryptosystems such as DES. DFA can use less than 200 ciphertexts (no plaintext) to find the last DES round key, and even reveal the structure of an unknown cryptosystem implemented on a smart card. The best non-side channel attacks on DES require slightly less than 64 terabytes of plaintext and ciphertext encrypted with one key.

  Such side channel attacks can be applied to a wide variety of data processing devices to reveal confidential information about the physical implementation of the device. As such side-channel attacks have become more sophisticated, such techniques can be achieved by reducing the information leaked into the side channel as much as possible, making it more difficult to introduce errors and detecting attempted attacks. It is important to address common challenges and protect data processing devices such as smart cards from the attack.

Assume that party X encrypts message m using the RSA algorithm, and party Y receives and decrypts it. The party X first obtains the public key (N, e) of the party Y, and based on this, the message m to be encrypted is expressed as an integer [0: N−1]. Thereafter, the party X encrypts the message m and generates a ciphertext c using the following algorithm.
c = m ^e mod N
Using standard square and multiplication techniques described in more detail below, this algorithm is equivalent to multiplying m by m times m and expressing the solution in modulo N.

  In order to restore the plaintext m from c, the party Y performs the following algorithm using its private key d.

m = c ^d mod N
Therefore, this decryption operation uses the same modular exponentiation format as the encryption operation.

  The method used by party Y to generate the public key (N, e) and the corresponding private key d is as follows. Two large prime numbers, p and q, are selected and the product N = pq is calculated. N forms a public key coefficient. The value e from the public key is selected to be smaller than N and relatively prime to (p−1) (q−1). This means that e and (p-1) (q-1) have no common divisor other than 1. The value of d is seen so that (ed-1) can be multiplied by (p-1) (q-1). Factors p and q may be discarded or kept with a strong secret key (d, p, q). Further details can be found, for example, in Non-Patent Document 5.

As an alternative to using the public key (N, e) for keeping the transmitted data secret and then using the corresponding private key d for subsequent decryption, the private key d is a message in the form of a message m. It can alternatively be used to encrypt, so that the receiving party can be assured that the message m is both genuine and not tampered with. In this way, party Y can create a digital signature s using his private key d by using s = m ^d mod N. Party Y may then send both m and s to party Y. To verify the signature, party X calculates m = s ^e mod N using party Y's public key (N, e) and checks that the original message m has been restored.

Exponentiation operation m ^d, as shown in the following pseudo code, using the "square and multiply" method, may be performed. Where d _i is the i-th binary digit of d.

a = 1
for i = n down to 0
a = a * a
if (d _i == 1) then a = a * m
return a
In order to improve efficiency, in such an algorithm, when mod N of the overall result reduces all intermediate calculations mod N, the multiplication operation is “a = (a * m) mod N”, and the square operation is In general, a = (a * a) mod N.

  Therefore, encryption and authentication are performed without sharing a secret key. Each uses only the other public key or its own private key. Anyone can send an encrypted message or verify a signed message, but only those who have the correct private key can decrypt or sign the message.

The Chinese Remainder Theorem (CRT) version of RSA is similar and yields the same results:
s = ( ^md mod p + p * (p ⁻¹ mod q) * ( ^md mod q− ^md mod p)) mod p * q.

The secret key of this algorithm is (d, p, q). However, (p * q) is equal to the public key coefficient N. In CRT version, speed efficiency ^(m d mod p) ^is calculated as ^{(m d mod p-1 mod} q), (m d mod q) is calculated as ^{(m d mod q-1 mod} q). Thus, two separate power arithmetic operations are performed.

  In order to make it more difficult to perform side channel attacks against the RSA algorithm, it is useful to add randomness to the calculation as much as possible. This is at a low level, for example, randomizing the timing of operations, adding dummy operations at random intervals, or possibly randomly selecting from multiple different ways of calculating intermediate steps Can be done. Alternatively, masking can be added to the input of an algorithm such as RSA so that the inputs and calculations are random, but the output remains accurate. Applicant's co-pending UK Patent Application No. 0307197.4 is one of the bases, exponents, and coefficients that impersonate the value of a blinded property in a manner that does not affect the results. Blinding "is disclosed. In the applicant's co-pending UK patent application 0305596.9, the results of two identical but not parallel calculations are compared to allow the inserted error to be detected.

  Public key systems use the nature of operations using large finite groups. In many methods, such as SPEKE, Diffie-Hellman, ElGamal, and DSS, security is directly dependent on the relative difficulty of performing two group operations: exponentiation and discrete logarithmic computation. The power method operation is easier to calculate than the discrete logarithm calculation which is the reverse operation. Using integer modular multiplication in a commonly used group, only discrete logarithmic calculations are difficult when the coefficients are very large. This effectively makes the power method a “one-way” function. However, since large power methods are expensive, it is important to find a group that operates efficiently.

  Elliptic curve encryption techniques may provide a version of a public key method that may provide a comparable level of security with a faster, smaller key. The advantage of using an elliptic curve is derived from using different kinds of mathematical groups for public key operations. The elliptic curve discrete logarithm problem is difficult to some extent, unlike the discrete logarithm calculation in a normal group. An implementation can take advantage of this difference to provide both a faster speed and a reduced key size for a certain level of security. SPEKE, Diffie-Hellman, and many other public key methods will work with elliptic curves, or any suitable group, to utilize the best of the available implementations. Can be adjusted to.

  Next, a brief outline of the elliptic curve will be described below, but further information on elliptic curve encryption can also be found in Non-Patent Document 6 and Non-Patent Document 7.

FIG. 4 of the accompanying drawings shows a simple elliptic curve defined by the equation y ² + y = x ³ −x ² . Since the dotted grid lines in the horizontal and vertical directions represent integer values of the X coordinate and the Y coordinate, respectively, the intersections of the grid lines are a pair of integer (x, y) coordinates. The ellipse intersects a finite number of (x, y) intersections, which are marked with dots in FIG.

  An “addition” operator is defined to join any two points to specify the third position, and this “addition” operator for these points forms a mathematical finite group. The elliptic curve in FIG. 4 defines a group of five points. This is not practical for encryption purposes, but is useful for showing how point operations work with elliptic curves.

  Using the fact that all straight lines passing through this curve intersect this curve at exactly three points, the rule for adding two points u and v is as follows: (I) Draw a straight line through u and v to find the third intersection point w. Then, (ii) Draw a perpendicular line through w to find another intersection point z. The sum u + v = z.

  In order for this rule to hold, an extra imaginary point O (called the origin), that is, a point at infinity needs to be defined. O can be thought of as an infinitely high “top”, where all the normals are supposed to converge. Point O is also defined as being on a curve, although it does not have a specific (x, y) coordinate. Therefore, the curves shown in FIG. 4 are (0,0) (1, -1), (1,0) (0, -1), and O, that is, {a, b, c, d, O}. Pass through.

  Furthermore, a tangent that touches at a point is said to intersect that point twice (a tangent is the limit when two points on the curve approach each other). Therefore, in the curve shown in FIG. 4, the line passing through a and b passes through the “third point” b, and this line is represented by [a, b, b].

  Using further rules as defined above, the sum of a + b first finds that b is the third intersection point by subtracting tangents [a, b, b] through points a and b, It is then determined by drawing a normal [O, c, b] through b and finding another intersection, c. Therefore, a + b = c.

  Similarly, a + a = b. This is because c is obtained by [a, a, c] (tangent to the curve at point a) and b is obtained by [O, c, b]. By using an imaginary perpendicular [O, O, O], there may be a + d = O, c + b = O, etc. for all points added to the mirror image. Since a + d = O and c + b = O, naturally, a = −d and c = −b.

  A scalar multiplication at a point is simply a repeated addition of the point itself. Since a + a = b and a + b = c, naturally, 3a = c. Point O is a group identification element. This is because for any v, v + O = v. Adding the point O is similar to multiplying 1 in a normal integer group under the multiplication mod p.

  FIG. 21 is a diagram showing another example of an elliptic curve providing a further example of addition and doubling of elliptic curve points and the concept of negative elliptic curve points. Using the same rules as above, FIG. 21 shows that R = P + Q; U = −R (U + R = O); T = P + P = 2. P; and S = −T (S + T═O).

  The addition operation in the elliptic curve corresponds to modular multiplication in the common public key encryption system, and the multiple addition corresponds to the modular power method.

  Thus, an elliptic curve can be thought of as a special set of points with certain algebraic properties. This includes a computable definition of a specific “point operation”, such as the above addition operation, which takes as input one (or more) points of a curve and returns one point of a curve. . Points can be represented as tuples with coordinate ordering. Coordinates are elements of the underlying mathematical field (eg, point P = <x, y> or P = <x, y, z>). The field may be an integer operation modulo a large prime number, or an operation on a vector of small integers that is considered a coefficient of a polynomial modulo a fixed polynomial, or Any other representation that can be computed by the CPU or coprocessor. Point operations are defined as field operations on point coordinates.

  If P, Q and R are arbitrary points on a fixed elliptic curve, the points can be added as described above (notation: P + Q), and this addition operation converts the set of curve points into an abelian group. . The “curve group order” is simply the number of points in the curve. A special point on the curve written O acts as zero in the addition operation. That is, P + O = O + P = P. Since the zero point is outside the normal tuple space, it usually has a special representation. The addition is combinable (P + (Q + R) = (P + Q) + R) and can be exchanged (P + Q = Q + P). Subtraction is defined in the usual way. When P + Q = R, P−R = Q. The symbol -Q is a simplified notation for OQ. The point -Q is usually a trivial calculation, and P-Q is usually calculated as P + (-Q).

  The point P + P is 2. Can be written P, and this is called point doubling. This can be generalized as “point multiplication”, so for integer k, k. P is equal to the sum of k copies of the point P (and (−k) .P = k. (− P)). Usually it is guaranteed that k is less than the number of points on the curve. O. P = O, k. P + m. P = (k + m). Note that P.

  Adding a point to itself, i.e., doubling a point, may have a very different calculation (in a field operation) than a general addition (or subtraction) of unequal points. That is, the algorithm for normal addition to equal points fails. Similarly, subtracting a point from itself (generating O) has a very different algorithm, and operations using O points have a different algorithm.

  In elliptic curve encryption (ECC), a point P on the curve is “multiplied” by a secret integer k to produce a new point k. P is obtained. Point k. P can be calculated by doubling (D) and adding (A) the points in a sequence that depends on the binary representation of k. The integer k is typically about 200 bits long, so it is important to use an efficient implementation of multiplication.

  In one of the left-to-right algorithms, O is stored in the accumulator R, and k bits from high to low (left to right means high to low bits. Yes, one at a time. When the 0 bit is reached, a D (double) operation, ie R: = 2. Perform R. Otherwise, it reaches 1 bit and performs D and A (addition) operations, ie R: = (2.R) + P. It is then repeated with the next bit until all bits are reached. At that point, R is k. P is included. This algorithm is closely related to the “square and multiply” technique described above in connection with the power operation, but is not a “square and multiply” method but a “double and add” method. This is because of the correspondence between the addition operation in the elliptic curve and the modular multiplication, and the relation between the multiple addition in the elliptic curve and the modular power method.

For example, suppose k is binary 1000011 (ie, decimal 35). The sequence of operations is as follows:
Bit identifier: 6 5 4 3 2 1
k bits: 1 0 0 0 1 1
Arithmetic: DA D D D DA DA
The basic “double and add” method is shown in FIG. 5 of the accompanying drawings. FIG. 5 takes an integer k and a point p as inputs and takes the product k. The pseudo code of the function “pointmulti” that returns P is shown.

  In FIG. 5 and the following description and drawings, the following notation is used. When x and y are integers, x ^ y represents x to the power of y. Let x be a binary number. The number of bits in x is the length of x and is represented by | x |. The i-th bit of x is denoted x_i (subscript i to x). The least significant bit is x_0, and the most significant bit is x_ {n-1}. However, n = | x |.

  For convenience, the function “B” is defined to take a continuous subsequence from a binary number and convert it to an unsigned integer. The function B (x, s, t) (n> s> = t> = 0) represents the sum of integer values (from i = s to t) of (x_i * 2 ^ (it)).

  For example, when x is a binary number 100011 (35 in decimal), | x | = 6; x_5 = 1; x_4 = x_3 = x_2 = 0; x_1 = x_0 = 1. B (x, 3,1) = 1, which is an unsigned binary value of subsequence “001”. B (x, 5,4) = 2, which is the unsigned binary value of subsequence “10”.

  FIG. 6 of the accompanying drawings shows a walk-through of the algorithm of FIG. 5 for k = 35 (binary 100011). The point register R is initially set to the value O, ie the zero point, and the variable i is set to | k |. The dummy addition will be described below.

  If k has n bits (thus k <2 ^ n), the basic “double and add” algorithm is an n double (D) operation and an average (n / 2) addition (A) operation, 3n Requires a total of / 2 operations and storage of 2 points (P and R).

  The value k may be a secret amount that an attacker wants to obtain using time and money (see Non-Patent Document 8, for example). For example, in a secure implementation in a smart card, k is generated on the card and never goes out of the card. In some cases, k is randomly generated and used only once for each encryption operation (eg, ECDSA signature generation). If an attacker can get even a few bits of k at a time, it can be enough information to crack the card and steal its identity, ie the secret key (Non-Patent Document 9, Non-Patent Document 9, (See Patent Literature 10, Non-Patent Literature 11, and Non-Patent Literature 12).

  As described above, a device performing ECC multiplication can be monitored in several ways, for example by accurately timing the computation, monitoring the power supply of the device, by an attacker seeking information about the multiplier k. Or by observing electromagnetic radiation. These and other methods (or combinations thereof) are referred to as “side channel attacks”. This happens because, on most platforms, the actual power used by the device depends on the operation that the device is performing and the value that the device is performing. Making all operations use the same power is expensive, especially in small low power devices such as smart cards, and other methods need to be found to hide the operations.

  If the point doubling (D) power or radiation trace is different from the point addition (A) power trace, the attacker traces the D and A sequence and reads the value of k. This is called SPA (simple power analysis). If no measures are taken to hide the algorithm, the algorithm is probably not secure. Making it difficult for an attacker to distinguish between point subtraction and point addition is easy because the field operations are mathematically similar. However, it is easy for an attacker to distinguish between D and A (since field operations are quite different). Also, adding or doubling the zero point (O) of the curve is very different from adding a general point. In ECC implementations, the A operation cannot be used to perform point doubling. The operations are different and the two operands of the A operation need to be different.

A variation of the basic “double and add” method is to perform both D and A operations on each bit. If the bit is 0, A is only a dummy operation because no further addition is actually required. One possibility is to dummy add P to some other point Q and ignore the result. This reduces the SPA problem if the dummy operation can be properly hidden, i.e., can appear to be an actual operation from a power trace perspective. The main problems with this are the storage of the three points (P, Q, R) where the above is required, and 2. This is slow because the | k | operation requires two operations at each bit. These dummy operations are shown in FIG. In FIG. 6, the steps for bits 5, 4 and 3 require a dummy addition.
Paul Kocher et al., “Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS and Other Systems”, CRYPTO '96. Kocher et al., “Differential Power Analysis”, CRYPTO'99 By Boneh, DeMillo and Lipton, "The the Importance of Checking Cryptographic Protocols for Faults", 1997 Bihim and Shamir, “Differential Fault Analysis of Secret Key Cryptosystems”, CRYPTO '97, By Menezes, "Handbook of Applied Cryptography" A. By Menezes, "Elliptic Curve public Key Cryptosystems" Kluwer Academic Publishers 1993 Ian Blake, Gadiel Seroussi, Nigel Smart, "Elliptic Curves in Cryptography", London Mathematic Society Lecturer, Notes, Notes, LMS, 256, CMS “Public Key Cryptography for the final services industry: Elliptic Curve Digital Signature Algorithm (ECDSA), 19” N. P. Smart and N.M. Howgrave, “Lattice attacks on digital signature schemes” Graham, Designs, Codes and Cryptography, 23 (3): 283-290, August 2001. http: // www. cs. bris. ac. uk / Tools / Reports / Abstracts / 2001-smart. html P. Nguyen and I. E. Shparlinski, "The insult of the elliptical curve, Digital Signature Algorithm with partial knowledge," Preprint, 2000, 1-20, 2000. http: // siteser. nj. nec. com / article / nguyen00insurity. html

It is an object of the present invention to provide a data processing method for calculating a multiple k of a data item P using an iterative ^bw related window algorithm. Here, b is the base of multiple k and w is the window size. Another object of the present invention is to provide an effective and secure point calculation used for elliptic curve cryptography.

According to a first aspect of the present invention, there is provided a data processing method for calculating a multiple k of a data item P using an iterative b ^w related window algorithm, wherein b is a base of the multiple k, w is the window size and the method provides a choice of data items containing at least one multiple of P, and for a particular iteration of the algorithm, determines the multiple of P required for that iteration; Using a multiple selected from the option depending on the required multiple, setting an adjustment indicator depending on the relationship between the required multiple and the selected multiple, and in subsequent iterations from the previous iteration. Determining the required multiple as a function of the adjustment indicator.

  The method may include retrieving the selected multiple from a multiple storage location if it is available, and calculating the selected multiple otherwise. The newly calculated multiple can be stored in the multiple storage location for subsequent retrieval. At least one multiple within the option may be precomputed and the at least one precomputed multiple may be stored in the multiple storage location for subsequent retrieval. Preferably, all the multiples in the option are available from the multiple storage locations and no multiple calculations are required between iterations. Thus, any multiple that requires computation is preferably precomputed, and all multiples in the option are preferably stored for retrieval during the iteration. The multiple storage locations may include a separate area for the data item P. For example, data item P may be temporarily stored in a register used to pass arguments to the data processing method, and other multiples may be stored in a separate area of storage location, for example, a data item array.

The options preferably do not include all the multiples that can be determined to be necessary in the iteration. For example, multiples of said choices include may be less than b ^w pieces. Multiples the choices include the, 0.75 * ^{b w} pieces may be less than. The choice preferably contains at least 0.5 * ^{b w} pieces of multiples. The option may include 0.5 * b ^w multiples rounded up to the nearest integer multiple.

  The options may include alternating multiples, for example only odd multiples. The option preferably does not include a zero multiple.

  The adjustment indicator may be configurable to indicate one of a finite set of relationships between the required multiple and the selected multiple, and the required multiple is not available from the option In other cases, other multiples are preferably selected from the options depending on the available relationship indicators in the set. Preferably, the multiple of the multiples in the option and the set of relational indicators are sufficient to allow a normal calculation of any multiple k of P.

  If the required multiple is not available from the option, the closest available multiple from the option can be selected. If more than one multiple is close to equal, a higher multiple may be selected. Alternatively, if the required multiple is not available from the option, the next highest multiple available from the option can be selected.

The adjustment indicator may be set to indicate a correction multiple equal to the required multiple minus the selected multiple. The required multiple in the subsequent iteration may be determined by scaling the correction multiple by b ^w and adding to the value of the multiple k in the window considered in that iteration.

  The options may include only positive multiples, but conceptually it may also be considered to include corresponding negative multiples. If it is determined that the required multiple is negative or less than the smallest positive multiple in the option, a multiple is selected from the option by considering the notional negative multiple of the option Can be done. If the multiple selected from the option is one of the conceptual negative multiples, the corresponding positive multiple from the option is used instead of performing an addition operation using the negative multiple. Can be used to perform a subtraction operation.

  Applying final adjustments based on adjustment indicators set in the final iteration may be included. The operations involving one or more data item multiples are of three types: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero, not equal and non-reciprocal data item multiples, And (c) a multiple of zero data items. It can be classified into one of any operations involving P, and the sequence of operation classification in the final step is preferably independent of the adjustment indicator set in the final iteration.

The iterative b ^w related window algorithm may be a left-to-right “multiply and add b” type algorithm, where the multiplier used in the “multiply b” portion of the algorithm is b ^w And the required multiple is the multiple used in the “add” portion of the algorithm. If the base b is 2, then the iterative b ^w related window algorithm is a “double and add” type algorithm, and the multiplier used in the “double” portion of the algorithm is 2 ^w .

  The multiple k can be a signed binary value, and in the first iteration, the first bit of k is negatively weighted when determining the required multiple. Alternatively, the first bit of k may be truncated and an adjustment indicator may be set in the first iteration to compensate.

  The operations involving one or more data item multiples are of three types: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero, not equal and non-reciprocal data item multiples, And (c) a multiple of zero data items. It can be classified into one of arbitrary operations related to P, and the sequence of operation classification is preferably independent of the value of k. For example, an iteration may include w doubling operations and one adding / subtracting operation, each contributing to a result generated independent of the value of k. In this case, no dummy operation is required. The zero multiple data item, i.e. P is used, or 0. It is preferable that the calculation for obtaining P is not performed. It is also preferred that no addition operation equal to the doubling operation is performed.

  Further multiples of data item Q, m, can also be calculated during the iterative algorithm, using two separate adjustment indicators, one for each ongoing multiplication, yielding the result (kP + mQ) To do.

  The adjustment indicator is preferably applied in the iteration immediately after the iteration in which the indicator is set.

  An example of the data item P is an elliptic curve point. The method of the first aspect of the present invention forms a step in an encrypted data processing method that encrypts or decrypts data.

  The method of the first aspect comprises k. Used for processing only part of the calculation of P, k. Other algorithms can be used to process other parts of the calculation of P. For example, a certain number of windows or iterations may be performed according to an embodiment of the present invention, and later windows or iterations may be performed according to conventional methods. Alternatively, the method according to the first aspect may be used at each iteration. It is also possible to use different window sizes in different iterations. The sequence of calculations performed in the iterations may also be different for each iteration. These and other means apparent to those skilled in the art can further help make the attack more difficult to succeed.

According to a second aspect of the present invention, there is provided a data processing apparatus for calculating a multiple k of a data item P using an iterative b ^w related window algorithm, wherein b is a base of the multiple k, w is the window size, and the apparatus determines a data item providing means for providing a choice of data items including at least one multiple of P, and, for a particular iteration of the algorithm, a multiple of P required for that iteration Determining means, selecting means for selecting a multiple from the choice depending on the required multiple, and setting for setting an adjustment indicator depending on the relationship between the required multiple and the selected multiple And an apparatus is provided, wherein the determining means is operable in subsequent iterations to determine the required multiple depending on the adjustment indicator from a previous iteration. It is.

According to a third aspect of the present invention, there is provided a data processing method for calculating a power index d of a data item M using an iterative b ^w related window algorithm, where b is a base of the power index d, w is the window size, and the method provides a choice of data items containing at least one exponent of M, and for a particular iteration of the algorithm, determines the exponent M to be required for that iteration; Using a power index from the option depending on the power index required, setting an adjustment indicator depending on the relationship between the power index required and the power index selected, and subsequent iterations And determining the required exponent depending on the adjustment indicator from a previous iteration.

The iterative b ^w related window algorithm may be a left-to-right “b raised to multiply” type algorithm, and the exponent to be used in the “b raised” portion of the algorithm is b ^w Yes, the exponent to be needed is the exponent to be used in the “multiplication” part of the algorithm. If b is equal to 2, the iterative b ^w- related window algorithm is a “square and multiply” type algorithm, and the exponent to be used in the “square” part of the algorithm is 2 ^w .

According to a fourth aspect of the present invention, there is provided a data processing apparatus for calculating a power index d of a data item M using an iterative b ^w related window algorithm, where b is a base of the power index d, w is the window size, and the apparatus provides a data item providing means for providing a choice of data items including at least one exponent of M, and, for a particular iteration of the algorithm, the exponent M to be required for that iteration. A determination means for determining, a selection means for selecting a power index from the options depending on the power index to be needed, and an adjustment depending on the relationship between the power index to be selected and the power index to be selected Setting means for setting an indicator, wherein the determining means determines, in subsequent iterations, the index to be required depending on the adjustment indicator from the previous iteration. An apparatus is provided that is operable.

According to a fifth aspect of the present invention, there is provided a method for increasing resistance to a power side channel attack against a data processing device that calculates a multiple k of a data item P using an iterative b ^w related window algorithm, wherein b is , The base of the multiple k, w is the window size, and includes a step according to the first aspect of the invention.

According to a sixth aspect of the present invention, there is provided a method for increasing resistance to a power side channel attack against a data processing device that calculates an exponent d of a data item M using an iterative b ^w related window algorithm, comprising: b Is the base of the exponent d, w is the window size, and a method is provided comprising the step according to the third aspect of the invention.

  According to a seventh aspect of the present invention, there is provided a smart card including the data processing device according to the second aspect or the fourth aspect of the present invention.

  According to an eighth aspect of the present invention, when loaded into a data processing device, the device is an apparatus according to the second or fourth aspect of the present invention or a smart card according to the seventh aspect of the present invention. An operating program is provided.

  According to a ninth aspect of the present invention, which is executed on a data processing device, causing the device to perform a method according to the first, third, fifth or sixth aspects of the present invention. An operating program is provided.

  The operating program may be held on a carrier medium, which may be a transmission medium or a storage medium.

In accordance with the present invention, a data processing method for calculating a multiple k of a data item P using an iterative b ^w related window algorithm, where b is the base of the multiple k and w is the window size The method provides a choice of data items comprising at least one multiple of P and, for a particular iteration of the algorithm, determines the multiple of P required for that iteration and depends on the required multiple Using a multiple selected from the options and setting an adjustment indicator depending on the relationship between the required multiple and the selected multiple, and in subsequent iterations depending on the adjustment indicator from the previous iteration And determining the required multiple, thereby achieving the above objective.

  The selected multiple may be further retrieved from a multiple storage location if available, and if not, calculating the selected multiple.

  The method may further include storing the newly calculated multiple in the multiple storage location for subsequent retrieval.

  Precomputing at least one multiple in the option may be further included and storing the at least one precomputed multiple in the multiple storage location for subsequent retrieval.

  All the multiples in the option may be available from the multiple storage locations.

  The multiple storage locations may include a separate area holding the data item P.

  The options may include all multiples that can be determined to be necessary in the iteration.

Multiples the choices include may be less than b ^w pieces.

Multiples the choices include the, 0.75 * ^{b w} pieces may be less than.

The choices may include at least 0.5 * ^{b w} pieces of multiples.

The choices are rounded up to the nearest integer number of multiples may contain 0.5 * b ^w pieces of multiples.

  The options may include alternating multiples.

  The options may include only odd multiples.

  The option may not include a multiple of zero.

  The adjustment indicator can be set to indicate one of a finite set of relationships between the required multiple and the selected multiple, and if the required multiple is not available from the option, the Other multiples may be selected from the options depending on the available relationship indicators in the set.

  The multiple of the multiples in the option and the set of relationship indicators may be sufficient to allow normal computation of any multiple k of P.

  If the required multiple is not available from the option, the nearest multiple available from the option is selected, or if more than one multiple is close to equal, the higher of the closest multiples is selected May be.

  If the required multiple is not available from the option, the next highest multiple available from the option may be selected.

  The adjustment indicator may be set to indicate a correction multiple equal to the required multiple minus the selected multiple.

The required multiple in the subsequent iteration may be determined by scaling the correction multiple by b ^w and adding to the value of the multiple k in the window considered in that iteration.

  The options include only positive multiples, but conceptually it may also be considered to include corresponding negative multiples.

  If it is determined that the required multiple is negative or less than the smallest positive multiple in the option, a multiple is selected from the option by considering the notional negative multiple of the option May be.

  If the multiple selected from the option is one of the conceptual negative multiples, a subtraction operation may be performed using the corresponding positive multiple from the option.

  The method may further include applying a final adjustment based on the adjustment indicator set in the final iteration.

  There are three types of operations involving one or more data item multiples: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero and unequal data, non-reciprocal item multiples, And (c) a multiple of zero data items. It can be classified into one of any operations involving P, and the sequence of operation classification in the final step may be independent of the adjustment indicator set in the final iteration.

The iterative b ^w related window algorithm is a left-to-right “multiply and add b” type algorithm, used in the “multiply b” portion of the algorithm The multiplier to be used is b ^w and the required multiple may be the multiple used in the “addition” part of the algorithm.

b may be equal to 2, and the iterative b ^w related window algorithm may be a “double and add” type algorithm, and the multiplier used in the “double” portion of the algorithm may be 2 ^w .

  k is a signed binary value, and in the first iteration, the first bit of k may be negatively weighted when determining the required multiple.

  k is a signed binary value, and may further include the step of setting an adjustment indicator in the first iteration to truncate and compensate for the first bit of k.

  The operations involving one or more data item multiples are of three types: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero, not equal and non-reciprocal data item multiples, And (c) a multiple of zero data items. It may be classified into one of arbitrary operations related to P, and the sequence of operation classification may be independent of the value of k.

  The operations involving one or more data item multiples are of three types: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero, not equal and non-reciprocal data item multiples, And (c) a multiple of zero data items. Can be classified into one of any operations involving P, the sequence of operation classification is independent of the value of k, and the iteration includes w doubling operations and 1 adding / subtracting operation , Each of which may contribute to a result generated independent of the value of k.

  The zero multiple data item, i.e. P is used, or 0. The calculation for obtaining P may not be performed.

  An addition operation equal to the doubling operation may not be performed.

  A further multiple m of the data item Q is also calculated during the iterative algorithm to produce a result (kP + mQ) by using two separate adjustment indicators, one for each ongoing multiplication. May be.

  The adjustment indicator may be applied in the iteration immediately after the iteration in which the indicator is set.

  The data item P may be an elliptic curve point.

  It may be a step in an encrypted data processing method for encrypting or decrypting data.

In accordance with the present invention, a data processing apparatus that calculates a multiple k of a data item P using an iterative b ^w related window algorithm, where b is the base of the multiple k and w is the window size The apparatus provides a data item providing means for providing a choice of data items including at least one multiple of P; and a determining means for determining, for a particular iteration of the algorithm, a multiple of P required for that iteration; Selecting means for selecting a multiple from the options depending on the required multiple; and setting means for setting an adjustment indicator depending on the relationship between the required multiple and the selected multiple; An apparatus is provided, wherein the determining means is operable in subsequent iterations to determine the required multiple depending on the adjustment indicator from the previous iteration, whereby The above objective is achieved.

In accordance with the present invention, a data processing method for calculating a power index d of a data item M using an iterative b ^w related window algorithm, where b is the base of the power index d and w is the window size The method provides a choice of data items comprising at least one power exponent of M, and for a particular iteration of the algorithm, determines the exponent M to be required for that iteration, and Depending on the index to be selected from the options and setting the adjustment indicator depending on the relationship between the required index and the selected index, and in subsequent iterations, And determining the required power depending on the adjustment indicator from the iteration of the method, thereby achieving the above objective .

The iterative b ^w- related window algorithm is an algorithm of the type “b raised and multiplied” from left to right, and the exponent to be used in the “b raised” part of the algorithm is b ^w The exponent to be required may be the exponent to be used in the “multiplication” part of the algorithm.

b is equal to 2, and the iterative b ^w related window algorithm may be a “square and multiply” type algorithm, and the exponent to be used in the “square” portion of the algorithm may be 2 ^w .

In accordance with the present invention, a data processing apparatus that computes a power index d of a data item M using an iterative b ^w related window algorithm, where b is the base of the power index d and w is the window size The apparatus provides a data item providing means for providing a choice of data items comprising at least one power exponent of M, and for a particular iteration of the algorithm, a determining means for determining the exponent M to be required for that iteration; Selection means for selecting a power index from the options depending on the power index required, and setting means for setting an adjustment indicator depending on the relationship between the power index required and the power index selected And the determining means is operable to determine the required exponent in subsequent iterations depending on the adjustment indicator from the previous iteration. An apparatus is provided to achieve the above objective.

A method of increasing resistance to power side channel attacks against a data processing device that calculates a multiple k of a data item P using an iterative b ^w related window algorithm, where b is the base of the multiple k and w May be the window size.

A method of increasing resistance to power side channel attacks against a data processing device that calculates a power index d of a data item M using an iterative b ^w- related window algorithm, where b is the base of the power index d , W is the window size, and may further include the steps of any one of claims 39-41.

  The present invention provides a method for increasing the resistance to power side channel attacks on a data processing device substantially as described with reference to FIGS. 9-20, thereby achieving the above objective. .

  According to the present invention, a smart card including a suitable processing device is provided, whereby the above object is achieved.

  According to the present invention, there is provided an operating program which, when loaded into a data processing device, makes the device any one of the suitable devices or the suitable smart card, whereby the above object is achieved. Achieved.

  The present invention provides an operating program that, when executed on a data processing device, causes the device to perform any one of the appropriate prior methods, thereby achieving the above objectives.

  It may be held on a carrier medium.

  The carrier medium may be a transmission medium.

  The carrier medium may be a storage medium.

Thus, according to the present invention, there is provided a data processing method for calculating a multiple k of a data item P using an iterative ^bw related window algorithm. Here, b is the base of multiple k and w is the window size. This provides an effective and secure point calculation used for elliptic curve cryptography.

  For illustration, reference is made to the accompanying drawings.

  Prior to a detailed description of embodiments of the present invention, a number of previously conceived methods that alleviate the problems associated with the efficiency and security of the elliptic curve point multiplication algorithm described above will be described. The following description is limited to considering three types of operations.

“D”: doubling a non-zero point; Written P,
“A”: addition or subtraction of points that are not zero, not equal, and not reciprocal, written as P + Q or P−Q,
“Z”: any operation including zero, for example, P + O, O + P, OP, P−O, PP, P + (− P) or 2. O.

  Assume that an attacker cannot distinguish between any two D operations. Similarly, it is assumed that an attacker cannot distinguish any two A operations.

  However, if no attention is paid, a step that looks like an A step, eg, “R: = P + Q”, is actually a D step, either or both of P and Q, if P = Q. Is zero or Q = (− P), it can be changed to a Z operation.

  In each step, it is also relevant to consider how the device selects the next operation. If the decision process uses an amount of time or power that depends on k, an attacker may obtain information by observing the gap between curve operations. In practice, this problem can be addressed by careful coding (in either software or hardware state machines), as can be achieved by one skilled in the art.

  Other schemes that reduce the chances of a successful SPA attack can be used. For example, random power noise may be added, processor instructions may be randomly delayed, or power consumption may be made the same by manufacturing various balanced circuits (WO 99/67766 “Balanced cytographic”). See "computational methods and apparatus for leak minimization in smartcards and other cryptosystems"). However, these methods are generally expensive when implemented completely on a small, low-power device because they reduce performance, increase circuit size, or increase the average power consumed. In practice, a combined method is used. Several attempts are made to equalize power, randomize execution, and provide a carefully balanced algorithm such as the invention described herein. Embodiments of the invention are described below, but can be used with these other methods.

  There are also more advanced attacks, such as DPA (Power Differential Attack). This attack works by capturing and statistically analyzing several power traces ("Resistance aginist Differential Power for Elliptic Curve Cryptosystems", Jean-Sebastian Coron / http. /393443.html). Such attacks are usually defended by adding a random factor to the computation, so that no two perform the same algorithm (US-A-2002029346 “Method and apparel for minimizing differential power attacks on. See "Processors"). For example, k. In order to calculate P (where k is a secret), a random number r is first generated, and then (k−r) P. + R. P is calculated and the same answer is returned, but two essentially random multipliers are used. Randomness can also be incorporated into point representations and point operations. Embodiments of the present invention are independent of these methods and may be used with these methods, as described below.

  One method for making the basic elliptic curve point multiplication method more efficient is to use the “w bit window method” in which k w bits of k are processed at a time. Such an algorithm is shown in FIG. 7 as the function “window_pointmulti”. “Window_pointmulti” takes an integer k and an elliptic curve point P as inputs, as in the basic “pointmulti” function described above with reference to FIG. Returns P as output. In this basic window method, a multiple of P is pre-calculated from 0 to (2 ^ w) -1 and stored in the table T. That is, T [i] = i. P. For example, to process the w bits of the k j-1 to jw windows, the bits are processed as w-bit integers. That is, v = B (k, j−1, j−w). In each loop, the doubling operation R: = 2. R is performed w times to obtain (2 ^ w) times the original R, and R: = R + T [v]. This requires (2 ^ w) -2+ (1+ (1 / w)) | k | point operations (pre-calculation 2.P, 3.P etc. take (2 ^ w) -2 operations, Each loop body is composed of w D operations and one A operation, and there is | k | / w iteration), 1+ (2 ^ w) points (2 ^ w points in table T and 1 Register R), which is expensive in terms of space. In order to prevent O from being added to R (when v = 0) and information is inadvertently leaked, the basic addition R + T [v] can be any kind of dummy operation when v = 0 (for example, , Performing an addition where the result is not used). In this case, it is not necessary to store the point O in the table T.

  FIG. 8 shows an example of the execution of the window method of FIG. 7 for the case where k = 35 (binary number 100011). The point register R is initially set to the value O, ie the zero point, and the variable i is set to | k | / w = 3 (the number of windows obtained by dividing the binary value of k) and 0 Multiples of P calculated in advance up to (2 ^ w) -1 are stored in the table T. A dummy operation is required when processing a 2-bit middle window.

The window method described above with reference to FIGS. 7 and 8 is an example of an iterative ^bw- related window algorithm. Here, b is the base of multiple k and w is the window size. Specifically, the method of FIG. 7 is an iterative left-to-right binary “double and add” window algorithm. This is described, for example, in “A survey of fast expansion methods” (DM Gordon, Journal of Algorithms 27, pp. 129-146). 7 and 8, the base b is 2 (binary) and the algorithm is an iterative binary window algorithm, or a left-to-right doubling and adding algorithm.

  Another group of methods includes recording k bits. For example, Boot's algorithm re-expresses k as a square, but allows the coefficients to be +1, 0, and -1 (typically, binary numbers do not use -1). Booth's algorithm (and similar similar algorithms) replaces one dense string with an almost zero string and then one -1 and one +1. Since 0 corresponds only to D operations (1 corresponds to D and addition, -1 corresponds to D and subtraction), this is more efficient (2 storage and 4. | k | / 3 operations), this can be shown to be the most likely scheme of this type. However, this still leaks power consumption and the 0 bits can be distinguished from the +1 and -1 bits in the re-encoded sequence. This is a significant amount of information for the attacker, requires dummy operations, and the efficiency drops to the same extent as the basic algorithm.

  Another type of solution is based on the so-called “Montgomery Ladder” (see WO 00/25204 “Power signature attach resistant cryptography”). This method increases its speed by simplifying the addition of two points where the difference is known at each step. It can be used for the non-adjacent form of k as well (see “An overview of Elliptic Curve Cryptography” (Lopez and Dahab et al., http://sitesee.nj.nec.com/333366.html)).

  Other variations using randomized addition are described in “Randomized signed-scalar multiplication of ECC to resist power attacks” (Jae Cheol Ha, Sang Jae Mon 25, SES Je It is disclosed. The disclosed algorithm requires a good source of random numbers.

  Point k. P + m. It may be necessary to calculate Q. Here, k and m are integers, and P and Q are points. By iterating along both k and m at the same time, a “cross product” window method can be applied. Scaling R by 2w is common to both single multiples (kP and mQ) and does not need to be repeated. In each iteration, several multiples of P and several multiples of Q need to be added, which need to be precomputed with approximately 2 ^ (w + 1) stores. This speed is approximately 2 ^ (w + 1) (pre-calculation). This is the speed obtained by adding (1 + 2 / w) calculation.

  For further efficiency, all sums (i.P + j.Q) are precomputed for all i and j in the range 0 to (2 ^ w) -1 (with a storage cost of about 2 ^ (2w) points. Yes, one of these is added at each iteration. The speed is roughly 2 ^ (2w) (pre-calculation). (1 + 1 / w) The speed obtained by adding the calculation.

  This scheme can be extended to any number of terms. That is, k1. P1 + k2. P2 +. . . + Kn. Pn.

  FIG. 9 shows a data processing apparatus according to an embodiment of the present invention. This apparatus includes an initialization unit 20, a prior adjustment multiple calculation unit 22, an adjustment calculation unit 24, a multiple prior calculation unit 26, a necessary multiple calculation unit 28, a multiple storage unit 30, and a multiple selection unit 32. The calculation unit 34 and the decrement unit 36 are included.

  Hereinafter, the operation of the data processing apparatus will be described with reference to FIGS. FIG. 11 is the same as FIG. 10, but the method is shown in flowchart form. Similar to the method described with reference to FIGS. 5 and 7, the data processing apparatus of FIG. 10 calculates a multiple k of the point P. In this embodiment, an algorithm is used that is closely related to the left-to-right window doubling and adding algorithm described above with reference to FIG. In this embodiment, the window size w is 2, and a specific example is shown in FIG. 12 for the case where k = 35 in decimal or 100011 in binary.

  Prior to execution of the main loop or iteration, the initialization unit 20 declares local storage and initializes certain variables. The accumulator register R is initialized to store the zero point O, the adjustment indicator “carry forward” is initialized to 0, and the loop counter i is initialized to | k | / 2. Here, | k | is the number of bits in k (length). The multiple k is assumed to be unsigned and an even number of bits in this embodiment. If k has an odd number of bits, it needs to be padded with leading zeros so that | k | can be divided by two. The multiple pre-calculation unit 26 pre-calculates the multiple 3P, and stores both the pre-calculated multiple 3P and the point P in the multiple storage unit 30. These initialization steps are denoted by reference numeral S1 in FIG. In the example shown in FIG. 12, k = 1000011 and i is initialized to 3.

  Thereafter, the processing operation enters a loop stage and the following steps are performed. The pre-adjustment multiple calculator 22 calculates a basic multiple of the loop i, which is just B (k, 2i-1, 2i-2) or (2k_ {2i-1} -k_ {2i -2}). This is the same multiple used in the basic window method described with reference to FIG. In the example shown in FIG. 12, the basic multiple is determined to be 2 in the first loop with i = 3.

  Unlike the basic windowing method, the adjustment calculator 24 determines the adjustments made to the basic multiples based on the “carry forward” values from previous iterations (if any). If the window width is 2, the adjustment is calculated as 4 * carryover. This is zero for the first iteration. Thereafter, the required multiple calculator 28 determines the multiple required for the iteration by adding the basic multiple from the pre-adjustment multiple calculator 22 to the adjustment from the adjustment calculator 24, and thus this embodiment. The required multiple is determined to be 4 * carryover + (2k_ {2i-1} -k_ {2i-2}). This is shown in the first line of step S2-2 in FIG. In the example of FIG. 12, the multiple required for the first loop is 2P.

  Thereafter, the multiple selection unit 32 determines whether a necessary multiple is available from the multiple storage unit 26. In this example, the multiple 2P is not available and the next largest available multiple 3P is selected from the multiple store 26 for use. The adjustment indicator “carry forward” is set to −1 to indicate the difference between the required multiple and the selected multiple (−P), and the selected multiple MUL is sent to the calculator 34. Since the selected multiple of the signal OPR is also positive (due to the adjustment performed by the adjustment calculation unit 24, the A (addition) operation may actually be a subtraction operation, as will be described below. ), Sent to the calculation unit 34 to indicate that an addition operation is necessary. Thereafter, the calculation unit 34 uses the value of the accumulator R in the same manner as the basic window method, but using the selected multiple MUL instead of the required multiple, and performs a D (double) operation and an A (addition). ) Calculate. These steps shown in FIG. 10 are indicated by reference symbol S2-1 and various cases of reference symbol S2-2 (case “2” for the first iteration in FIG. 12). In the example of FIG. 12, the accumulator R has a value 3P after the first iteration, and the adjustment indicator “carry forward” is −1. Thereafter, the decrement unit 36 decrements the loop counter i, and the process continues to the next iteration.

  In the next iteration, the required multiple is determined based on the adjustment indicator “carry forward” from the previous iteration, as described below with reference to the example of FIG. In the second loop, the basic multiple from the pre-adjustment multiple calculator 22 is 0 (2K — 3 + k — 2), and the multiple from the adjustment calculator 24 is −4 (4 * carry forward), so the necessary The multiple is determined to be −4P by the required multiple determination unit 28. The group of multiples in the multiple storage unit 30 includes only positive multiples P and 3P, but may also include corresponding negative multiples, -P and -3P. Using the same rule as in the first iteration, the next largest multiple in the storage is −3P, and −3P or the positive multiple 3P is selected by the multiple selection unit 32 and calculated as the signal MUL. Sent to the unit 34. At this time, the OPR signal is set to indicate that a subtraction operation is required (since the required multiple is negative). The adjustment indicator “carry forward” is also set to −1 to indicate the difference between the required multiple of −P and the selected multiple. Instead of adding the negative multiple -3P in the A (addition) step, the positive multiple 3P is subtracted as indicated by the OPR signal. This is indicated in FIG. 10 by the case “−4”. From the previous iteration before the subtraction operation, with two Ds (doubling operations) operating on the accumulator R, the accumulator R has the end of the second iteration with "carry forward" set to -1. Holds the value 9P.

  In the final iteration, the required multiple is calculated depending on the adjacent indicator “carry forward” from the second iteration. In the third loop, the basic multiple from the pre-adjustment multiple calculator 22 is 3, the multiple from the adjustment calculator 24 is -4, and the required multiple is -P by the required multiple determiner. Determined to be. As described above, the group of values in the multiple pre-calculator 26 can be considered to include positive multiples P and 3P, and corresponding negative multiples, -P and -3P. Thus, the required multiple -P is available from the storage 30 and -P or the positive multiple P is selected by the multiple selection 32 and the OPR signal indicates that a subtraction operation is required. In the state set as described above, the signal MUL is sent to the calculation unit 34. The adjustment indicator “carry forward” is set to 0 to indicate that there is no difference between the required multiple and the selected multiple. Rather than adding the negative multiple -P in the A (addition) step, the positive multiple P is subtracted as indicated by the OPR signal. This is shown as “−1” in FIG. With two Ds (doubling operations) operating on the accumulator R from the previous iteration before the subtraction operation, the accumulator R has the end of the second iteration with “carry forward” set to zero. Holds the value 35P.

  After the third iteration, since the “carry forward” is zero, no further adjustment is necessary and the accumulator R holds the correct final value 35P, which can be returned in return step S4. However, for other values of k, there can be non-zero values of “carry forward” to be adjusted, which is done by the final step S3 of FIG. The final step is to efficiently perform R: = R−P when carryover is −1, but whether or not to perform such an operation is to inadvertently leak information about k. Can be. Thus, regardless of what the “carry-over” value is after the final normal iteration, doubling and two “additions” are performed, so that the final resistance shown in FIG. Preferably a step is included. A new point 2P is calculated in the final step, but can be used because storage of the old 3P is no longer needed. Thus, the final step (if i = 0) is intended to subtract P from R if “carry forward” is not zero. There are many ways to do this safely against SPA. The method of FIG. 10 reuses the space used to store 3P and stores 2P instead. Alternatively, the final loop iteration (if i = 1) may be changed to make this adjustment.

  All the multiples in the storage were precomputed in the above embodiment, but determine which multiples should be in the group available for selection, but do not precompute these multiples Is also possible. Instead, if the multiple selection unit 32 determines that there are no multiples in the group in the storage unit 30, the multiples that can be stored in the storage unit 30 for later use by the pre-calculation unit 26 A request is made to calculate. This possibility is indicated by a dotted line between the multiple selection unit 32 and the pre-calculation unit 26 in FIG.

  During the operation of the above-described embodiment, the profile of one loop iteration is (in the past, unless the doubling operation is optimized around the first round in all cases except the first loop when the profile is ZZA. DDA) (using determined operational classification). This will not cause any problems. Because it is independent of k and P, all traces show two such Z operations and no information is revealed.

  FIG. 13 illustrates a method for embodying the present invention in the general case where the window size is w> = 2. FIG. 14 shows the method of FIG. 13 in the form of a flowchart. Before it is started, the size of k (number of bits) is rounded up to a multiple of w bits by pre-pending 0 bits. In this embodiment, an array “T” is used as the storage, and T: P, 3. P, 5. P, 7. P,. . . ((2 ^ w) -1). Only odd multiples of P are stored up to the window size of P. Thus, the required storage is about half that required for the basic w-bit window method. The first element of T has index 0, and T [j] is (2j + 1) .j for j in the range 0-2 ^ (w-1) -1. Equal to P. Initially, the loop counter i is set to (| k | / w). Since w is assumed to divide | k | as described above, this gives the total number. Register R is scaled by 2 ^ w at the beginning of each loop by performing "R: = 2.R" w times. The carry forward indicator allows a multiple of P stored in R to become “too large” after any step. The carry-over indicator in each iteration has a weight of (2 ^ w) since w bits are considered at a time. Of course, one carry bit may be used, with a bit value of 1 representing a carry of -1 and a bit value of 0 representing no carry.

  Thus, the case statement switches with the value “v” and is defined as (2 ^ w) * carryover + B (k, w * i−1, w * i−w). Depending on the value of v, there may be (2 ^ w + 1). When v is an odd number, “R: = R + v.P; carry-over = 0” is performed. When v is an even number, “R: = R + (v + 1) .P; carryover = 1” is performed. In any case, the required multiple of P is an odd number, and that multiple or its negative multiple is stored somewhere in the table T. When m is negative, R: = R + m. To do P, this is R: = R-(-m). Replaced with P.

  Thus, it can be seen that the data processing method embodying the present invention calculates a multiple k of the points (more generally data items) P using an iterative m-related window algorithm. Here, m is the base of multiple k. The group of data items includes at least one multiple of P and is stored in, for example, the storage unit 30 illustrated in FIG. For a particular iteration of the algorithm, the multiple of P required for that iteration is determined and the multiple is selected from the group depending on the required multiple to be used in that iteration. The adjustment indicator is set depending on the relationship between the required multiple and the selected multiple. In subsequent iterations, the required multiple is determined depending on the adjustment indicator from the previous iteration.

  The case selection needs to be made in such a way that the attacker cannot determine which branch is selected at each step, and other defenses may be needed to hide this selection. This is a general problem and the solution is obvious to those skilled in the art. Typically, it is easier to achieve in hardware implementation than in software implementation. This is because the control state machine runs in parallel with the computation and its radiation is hidden naturally. This selection only depends on a few bits (several bits of k and several carryover bits). It is also possible in one cycle to calculate the tests for all branches in parallel (in hardware) and use the demultiplexer to execute the (unique) branches that passed the test. The symmetry and speed of this implementation makes it very difficult to get some information about the selection itself from the power trace.

  In software, implementation depends on CPU instruction set details and platform architecture. One technique is to perform calculations without conditional operations that do not use intermediate values. The result of the calculation is related to the number of branches required and can be used in a table lookup in one branch instruction. For example, the case where x is an odd number and an even number are distinguished in a state in which they are resistant to SPA.

target [2]: = [Even, Odd];
int y: = x &1; / ^* y is 0 if x is even, 1 ^* / if x is odd
goto (target [y]);
Even:. . . / ^{* If} x is an even number ^* /
Odd:. . . / ^{* If} x is an odd number, ^* /
A further illustration of the operation of an embodiment of the present invention is shown in FIG. 15 for the case where w = 3. Only odd multiples of P up to a maximum value of 7 (in the case of a binary bit window of 3) are included in the group, ie, P, 3P, 5P, 7P, which in FIG. It is shown by the outline with the surrounding solid line. This group is also considered conceptually to include the corresponding negative multiples -P, -3P, -5P and -7P, as indicated above, which are indicated by the dashed outline surrounding these multiples. ing. Missing even multiples including OP are indicated by a blank square surrounded by a dashed outline. If the required multiple is determined to be -6, i.e., a number that is not available in the group, then the next largest multiple -5 is selected from the group along with the carry forward indicator-1. This is because the selected multiple is one larger and needs to be corrected in the next iteration. A doubling (D) operation is performed twice at the beginning of the next iteration, and this carryover is converted to a -8P (-2 ^ 3 * P) adjustment in the next iteration. A positive multiple of 5P is selected from this group and subtracted from the accumulator value. Similarly, if the required multiple is determined to be an OP that is not available in this group, the next largest multiple 1 is selected from this group along with the carry forward indicator-1. This is because the selected multiple is one larger and needs to be corrected in the next iteration. If the required multiple is determined to be 5P available in this group, the multiple is selected from this group with carry forward indicator 0 because no adjustment is required in the next iteration.

  The scheme shown in FIG. 15 is not the only scheme that is possible when w = 3. FIG. 16 shows a further example of multiples appropriate for this group. In FIG. 16, multiples 2P, 6P, 10P and 14P are preselected to be included in this group, rather than odd multiples P, 3P, 5P and 7P. As the multiple is further expanded, the carry-over indicator needs to allow for more flexible adjustments. Therefore, the scheme shown in FIG. 16 requires that the carry-over is not selected from {-1, 0} but from {-2, -1, 0, 1}. These carry values are carried over to the next iteration as {−16P, −8P, 0P, + 8P}. 0P. . . Along with the basic multiple of 7P, this allows the required multiple of -16P. . . + 15P is obtained. Based on the required multiple within that range, select from the available multiples in the group {-14P, -10P, -6P, -2P, 2P, 6P, 10P, and 14P}, the same set { Possible carryover indicators in -2, -1, 0, 1} are obtained. Thus, in the subsequent iterations, if the required multiple is not available, a full adjustment can also be made using other possible carry forwards in the set {-2, -1, 0, 1}. The cost in space is the same as in the example of FIG. 15 (four precomputed values), but the completion step is slightly more complicated here because there are four different carryover states to complete and unify. Yes (but is still readily determinable for those skilled in the art).

  As in the example shown in FIG. 15, it is also possible to pre-calculate and store even multiples 2P, 4P, 6P, and 8P instead of pre-computing and storing odd multiples. If an odd multiple is required, the next higher even multiple is selected and corrected in the next iteration as before with the carry-in indicator-1. If a zero multiple 0P is required, a dummy addition can be performed as in the basic window method. The reason for selecting a larger multiple and making a negative adjustment in subsequent iterations, rather than selecting one smaller multiple and adjusting upwards, is as follows. Usually, for w = 3, the range 0P. . . A basic multiple in 7P may be required. Considering carry-over of either 0P or -8P, this is -8P. . . There can be a range of + 7P. Therefore, the precomputed multiple 0P. . . 7P, and its negative number -7P. . . Although 0P can be used, there is a possibility that the carry-over of -P may be delayed to obtain -8P. If the carryover is 0P or + 8P, the range that needs to be covered is 0P. . . 15P. Using a negative value of the precomputed value effectively doubles this range. In some situations, it is possible to use a multiple that is less than half the number of multiples used in the basic window method, if appropriate adjustment steps are taken.

  In summary, embodiments of the present invention that use a binary implementation of k may allow pre-computation and storage of multiples of approximately half of the multiples that may be required for basic windowing. In some embodiments, additions and subtractions are used to provide another operation that is sufficient to handle a window (in the case of 2 ^ w), and an extra “carry forward” representation is needed in the next window. Used to indicate regulation. In some embodiments, only odd multiples of P up to (2 ^ w) -1 are stored. In each of the w-bit windows, R is first scaled by 2 ^ w (by performing w D operations) and either adding or subtracting one of the odd multiples (2 ^ W possible actions are obtained, all of which are SPA indistinguishable A operations). If an odd multiple (eg, v.P) is required, then v. P (pre-computed) is simply added or subtracted depending on whether v is positive or negative (respectively). If an even multiple of P (eg, v.P) is required, (v + 1). P is added instead (may lead to a subtraction operation if v + 1 is negative) and this needs to be corrected in the next window (by subtracting the extra (2 ^ w) .P after scaling) In order to indicate this, the “carry forward flag” is set to −1. Otherwise, the carry forward flag is zero. Therefore, the multiple v. Added to R in any window. P is calculated as v = (2 ^ w) * carry-over + “value that the normal window method would add”.

  In the general case where the window width is w, the storage requirement of the embodiment shown in FIG. 13 is 2 ^ (w−1) points (in the case of binary k) and stores points of the order of 2 ^ w. Approximately half of the corresponding basic windowing requirements.

  This embodiment requires (2 ^ (w-1) + (1+ (1 / w)) | k | +2 point arithmetic (3.P, 5.P ... pre-computation is 2 ^ (W-1) Take a -1 point operation, each loop body consists of w D operations and one A operation, there are | k | / w iterations, the suggested final step is a 3 point operation Therefore, this embodiment of the present invention requires ((2 ^ w) −2+ (1+ (1 / w)) | k | point operations because there is less precomputation of multiples of P. Faster) than the basic window method.

  The sequence of point operation classifications (ie, “A”, “D”, or “Z”) in embodiments of the present invention can be made completely independent of k, and any dummy operation (result is calculated). Can be eliminated). This makes embodiments of the present invention particularly suitable for implementations that are resistant to SPA.

  In the first iteration, w “doubling” operations are included in classification Z (since R is O), but these operations can be omitted for efficiency. Even if it is not omitted, in any case, since it occurs in the same way for all k, information about k is not inadvertently leaked.

  After the first iteration, R will never be O (except for the few degenerate cases where k is approximately equal to 0 modulo the order of the curve group. R may be O at a later stage of computation. In practice, this does not happen, and in any case k can be checked to be “appropriate” before making this calculation). This means that there is no D or A operation degenerated in the Z operation. This makes embodiments of the present invention particularly suitable for SPA prevention.

  Similarly, R will not be an odd multiple of P following the “R: = (2 ^ w) .R” step in the first iteration (if R = O). Thus, when only odd multiples are used for a preselected group, there is no A operation that degenerates to a D or Z operation (eg, when R is equal to P or -P at this point). This makes embodiments of the present invention particularly suitable for SPA prevention.

  In some embodiments, all conditional storage occurs at the same location (ie, all in register R). Therefore, there is no power information on the address bus to observe storage. However, there may be data leaked by observing the carry-over flag or the source address of the operands (P, 3P, 5P ...) (though very unlikely). This possible leak is invisible to the SPA if other (hardware) protection measures are taken.

  Since this countermeasure is deterministic, no random number is required to implement it. Therefore, it is also resistant to attacks that attempt to disable or bias the random number generator.

  2. When w = 2 It is only necessary to precalculate and store P, and no other multiples (other than P itself) are required. An accumulator is needed for this result anyway, and its P is not changed from the input parameters, so the overhead can be considered as only one point. Thus, 3P or P itself can be added or subtracted from R at any time, and the four operations are indistinguishable in SPA.

When w = 2, the method embodying the present invention uses only 2 + 3 | k | / 2 + 3 point arithmetic. (The 3P pre-computation requires two operations. Each loop body consists of two D operations and one A operation, and there are | k | / 2 iterations. The suggested final step is 3 operations are taken.)
Pre-computation takes less time compared to loop iterations (eg, k may have 160 bits). This case statement is negligible compared to point operations. Thus, the main advantages of embodiments of the present invention can be seen in turn as (1) SPA prevention (2) space and (3) speed. Some of the benefits of SPA prevention can be achieved by performing calculations as needed, without actually precalculating and storing multiples. Thus, the benefits of SPA prevention are independent of space and speed benefits. Embodiments of the present invention have particular advantages when applied to smart cards. This is because smart cards need to be secure, but at the same time the benefits of combining improved SPA prevention and reduced space requirements are particularly beneficial as resources to achieve this are limited. It is.

  Embodiments of the present invention are provided, for example, in the field of elliptic curve cryptography on secure devices. Secure devices in this context include hardware modules attached to normal computing systems, secure chips such as smart card chips, stand-alone devices that perform cryptographic functions in hostile environments, and parts of set-top boxes Or part of a digital rights management device. Particularly suitable for devices where resources (memory and power) are limited and security against side channel attacks is extremely important.

  The spatial advantage achieved by embodiments of the present invention is achieved even when multiples greater than half the number of multiples required in the basic window method are precomputed and stored. For example, if w = 3, the values of P, 2P, 3P, 5P, 6P, 7P (ie all except 0P and 4P) may be precomputed and stored. In each loop, there can be a simple check to see if the required multiple is pre-stored, if it is not pre-stored (for O and 4P), the next largest (P and 5P) is selected And the carry-over indicator is set to the difference (-1 in both cases).

Embodiments of the invention also apply to bottoms other than two. For example, if k = 7135 in decimal notation and the window is w = 2, k = (71) (35). For example, if all P multiples other than 71P are pre-stored, two iterations are performed as follows. Iteration 1: R = 0 * 10 * 10 + 72P = 72P, carryover is -1 (71P is not available) Iteration 2: R = 72P * 10 * 10 + (35 + [-1 * 10 * 10]) P = 7200P-65P = 7135P, carry over is 0 (65P is available)
Embodiments of the present invention can also be extended to the determination of (kP + mQ). Two separate carry-over indicators are maintained, one for each multiplication in progress. After scaling R, the useful A-step of the embodiment of the present invention is twice, once for k windows (using k carry over, +/− P, +/− 3P,...) For m windows. Applied once (using m rollover, +/− Q, +/− 3Q,...). This is a total of about 2 ^ w storage (half of the basic window method) and almost 2 ^ w + | k |. (1 + 2 / w) operations (less than the basic window method because there are few prior calculations).

  This can be optimized by precomputing and storing the various combinations of multiples that may be needed (in the same way that can be used in the basic window method). If w = 2, this is simply P + Q, P-Q, 3P + Q, 3P-Q, P + 3Q, P-3Q, 3P + 3Q, 3P-3Q. Note that -P-Q or QP is obtained by subtracting P + Q or P-Q, respectively, and need not be stored. The only storage required is 2 ^ (2w-1), ie half of the basic windowing storage. The speed is approximately 2 ^ (2w-1) (pre-calculation). (1 + 1 / w) operation is added.

  This can be generalized to any number of terms if sufficient storage is available.

  It would be useful if P could be multiplied by a signed binary value k. In this case, the most significant bit of k is considered to have an explicit negative sign. This is a standard way of representing signed binary values. This change can be incorporated into an embodiment of the present invention by changing the calculation of “v” in the first loop iteration to provide a negative weight for the first bit, Since it is always 0 in the iteration, treating the window as a signed number does not take v out of the range from-(2 ^ w) to (2 ^ w) -1, so the algorithm Works the same as

  Alternatively, if the size n = | k | of padding before padding is one greater than a multiple of w, the carry-over flag may initially be set to −k_ {n−1} instead of zero, Following the (unsigned) version after discarding the first bit.

  Certain embodiments of the present invention may be implemented in hardware or software, or combinations thereof, and the technical advantages outlined above are provided in all such cases. FIG. 17 illustrates certain parts of the processing between hardware and software in a smart card or other secure platform that has memory for at least input / output, CPU, and some program storage and workspace. Shows four different ways of assigning responsibilities. There may be a cryptographic coprocessor, an arithmetic coprocessor, or no coprocessor. In one embodiment, shown in (a), the coprocessor performs the entire method embodying the present invention. In another embodiment shown in (b), the coprocessor can perform point doubling and point addition (possibly point subtraction), and the CPU handles the outer loop (bit k); According to a method embodying the present invention, a request is made to the coprocessor to perform operations in the sequence. In another embodiment, shown in (c), the coprocessor performs only field arithmetic operations. The CPU performs an outer loop according to the method embodying the present invention and requests the coprocessor to perform the specific field operations required by the point operations. In another embodiment shown in (d), there is no coprocessor and the CPU executes all functions according to a method embodying the method of the present invention.

  An operating program embodying the present invention may be stored on a computer readable medium, but may be implemented in a signal such as a downloadable data signal provided by an internet website, for example. The appended claims are construed to include the computer program itself, the computer program as a record on a medium, or the computer program as a signal, or any other form of computer program.

  The following is an example of an algorithm using ECC point multiplication where the multiplier (k) is secret. ElGamal cryptography (SPA prevention is important because operations need to be kept secret) uses point multiplication for decryption. ElGamal digital signatures (SPA prevention is important because operations need to be kept secret) use point multiplication for message signatures. The same applies to ECCDSA. Elliptic curve Diffie-Hellman key exchange uses ECC point multiplication to match the symmetric key (again, SPA prevention is important).

  Point multiplication in an elliptic curve is similar to an integer modular power method. However, point doubling and point addition correspond to modular square and modular multiplication, respectively. Thus, the methods and apparatus embodying the invention described above can be easily modified for modular power (eg, as used in public key cryptosystem RSA).

  FIG. 18 is a block diagram showing a further embodiment of the present invention. The members of FIG. 18 that exactly correspond to the members in FIG. 9 are labeled with similar reference numbers (eg, 20 and 20 ′) and how the teachings of the embodiment of FIG. It will be clear to those skilled in the art which to apply. For example, when calculating (M ^ d mod N), the method used is equivalent and the above description relating to FIG. 9 applies, but P is replaced with M and k is replaced with d. , A + B is replaced with A * B mod N, A−B is replaced with A * (1 / B mod N), and R is initialized to 1. Therefore, the detailed description of FIG. 18 is omitted.

  FIG. 19 is a flowchart showing the operation of the embodiment of FIG. 18 when the window width is 2. FIG. 20 is a diagram illustrating the operation of the method of FIG. 19 for an example where d = 35. The description with respect to these two figures corresponds to the description with respect to FIGS. 10 and 12, respectively, and therefore a detailed description of these figures is omitted. Embodiments of the present invention are equally applicable only to the calculation of (M ^ d), i.e., the power method, and not to modular power. In this case, all mod statements can be ignored, as is done in FIGS.

Since division is not as efficient as multiplication, various reciprocals can be precomputed, and multipliers are used instead of divisors when necessary. Therefore, (1 / M mod N), (1 / M ³ mod N),. . . (1 / (M ^{(2 ^ w) -1} ) mod N) is precalculated and stored. With such reciprocal precomputation, this method is almost as efficient as the normal window method. However, there is no need for dummy multiplication operations. In the elliptic curve embodiment, subtraction is as efficient as addition and there is no need to pre-compute negative multiples.

  Some of the final steps are not valid in this application because of the slow division. Therefore, we do not want to calculate ½P mod N which needs to execute “R: = R−2P”. This statement can be replaced by “R: = R−P; R: = R−P”, which corresponds to two modular multiplications (the reciprocal 1 / P is pre-calculated to give two multiplication operations). Calculation of 1 / 2P mod N is difficult because 2P is an even number and the standard method fails.

  Modular multiplication is often implemented using Montgomery multiplication rather than regular modular multiplication, transforming the Montgomery space. This is also possible by using embodiments of the present invention.

  It has been mentioned above that points on an elliptic curve can be represented as an ordered tuple of coordinates. These coordinates are elements of the underlying mathematical field, may be integer operations modulo large prime numbers, or vectors of small integers that are considered as coefficients of polynomials modulo fixed polynomials Or any other expression that can be calculated by the CPU or coprocessor. The effectiveness of embodiments of the present invention is independent of the choice of field or the curve defined in that field.

As mentioned above, although this invention has been illustrated using preferable embodiment of this invention, this invention should not be limited and limited to this embodiment. It is understood that the scope of the present invention should be construed only by the claims. It is understood that those skilled in the art can implement an equivalent range based on the description of the present invention and the common general technical knowledge from the description of specific preferred embodiments of the present invention. Patents, patent applications, and documents cited herein should be incorporated by reference in their entirety, as if the contents themselves were specifically described herein. Understood.
(Summary)
The present invention provides a data processing method for calculating a multiple k of a data item P using an iterative binary left-to-right “double and add” type algorithm with a window size of two. A choice of data items is provided that includes at least one multiple of P (S1). In a particular iteration of the algorithm, the multiple of P required for that iteration to be used in the “addition” part of the algorithm is determined (S2-2). Thereafter, a multiple is selected from the choices depending on the required multiple, and an adjustment indicator is set depending on the relationship between the required multiple and the selected multiple (S2-2). In subsequent iterations, the required multiple is determined depending on the adjustment indicator from the previous iteration (S2-2). The multiplier (S2-1) used in the “doubling” part of the algorithm is 4. This method is applicable to other bases of k and other window sizes.

FIG. 1 is a block diagram showing the main parts of a typical smart card. FIG. 2 is an exemplary block diagram used to describe a conventional encryption model. FIG. 3 is an exemplary block diagram used to describe an encryption model including a side channel. FIG. 4 is a diagram illustrating a simple elliptic curve used to illustrate the concept of an elliptic curve. FIG. 5 is a diagram illustrating a basic “double and add” algorithm for elliptic curve point multiplication. FIG. 6 is a diagram showing an example of the calculation of the algorithm shown in FIG. FIG. 7 is a diagram showing a basic window method for performing elliptic curve point multiplication when window size> = 2. FIG. 8 is a diagram illustrating an example of the calculation of the method illustrated in FIG. FIG. 9 is a block diagram illustrating a data processing apparatus according to an embodiment of the present invention. FIG. 10 is a diagram illustrating a method of performing elliptic curve point multiplication according to an embodiment of the present invention when the window size is 2. FIG. FIG. 11 shows the method of FIG. 10 in the form of a flowchart. FIG. 12 is a diagram illustrating an example of the calculation of the method illustrated in FIGS. 10 and 11. FIG. 13 is a diagram illustrating a method for performing elliptic curve point multiplication according to an embodiment of the present invention when window size> = 2. FIG. 14 shows the method of FIG. 13 in the form of a flowchart. FIG. 15 is an exemplary diagram illustrating an example of multiple selection and use of a carry forward indicator in an embodiment of the present invention. FIG. 16 is an exemplary diagram illustrating another example of multiple selection and use of a carry forward indicator in an embodiment of the present invention. FIG. 17 is a block diagram used to illustrate process assignments in different embodiments of the invention. FIG. 18 is a block diagram showing a data processing apparatus according to another embodiment of the present invention. FIG. 19 is a diagram illustrating a method of performing a power method according to an embodiment of the present invention when window size> = 2. FIG. 20 is a diagram illustrating an example of the calculation of the method illustrated in FIG. FIG. 21 is a diagram showing another example of an elliptic curve used for explaining elliptic curve point addition and doubling, and a negative elliptic curve point.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Smart card 20 Initialization part 22 Prior adjustment multiple calculation part 24 Adjustment calculation part 26 Multiple prior calculation part 28 Required multiple determination part 30 Multiple storage part 32 Multiple selection part 34 Calculation part 36 Decrement part

Claims (53)

A data processing method for calculating a multiple k of a data item P using an iterative b ^w related window algorithm, where b is a base of the multiple k, w is a window size, and the method is ,
Providing a choice of data items including at least one multiple of P;
For a particular iteration of the algorithm, determine the multiple of P required for that iteration, use a multiple selected from the options depending on the required multiple, and the relationship between the required multiple and the selected multiple Depending on the setting of the adjustment indicator;
Determining in a subsequent iteration the required multiple depending on the adjustment indicator from the previous iteration.   The method of claim 1, further comprising retrieving the selected multiple from a multiple storage location if available, and otherwise calculating the selected multiple.   3. The method of claim 2, further comprising storing a newly calculated multiple in the multiple storage location for subsequent retrieval.   3. The method further comprising: precomputing at least one multiple in the option; and storing the at least one precomputed multiple in the multiple storage location for subsequent retrieval. 3. The method according to 3.   The method according to claim 2, 3 or 4, wherein all the multiples in the option are available from the multiple storage locations.   The method according to any one of claims 2 to 5, wherein the multiple storage locations include a separate area holding the data item P.   7. A method according to any one of the preceding claims, wherein the options do not include all of the multiples that can be determined to be necessary in the iterations. The method of claim 7, wherein the option contains less than b ^w multiples. Multiples the choices include is less than 0.75 * ^{b w} pieces, The method of claim 8. The options include at least 0.5 * ^{b w} pieces of multiple The method of claim 9. The choices are rounded up to the nearest integer number of multiples, including 0.5 * b ^w pieces of multiple The method of claim 10.   12. A method according to any one of claims 6 to 11, wherein the options include alternating multiples.   13. A method according to any one of claims 6 to 12, wherein the options include only odd multiples.   14. A method according to any one of claims 6 to 13, wherein the option does not include a multiple of zero.   The adjustment indicator can be set to indicate one of a finite set of relationships between the required multiple and the selected multiple, and if the required multiple is not available from the option, the 15. A method as claimed in any one of claims 6 to 14, wherein other multiples are selected from the choices depending on the available relationship indicators in the set.   The method of claim 15, wherein the multiples in the option and the set of relationship indicators are a sufficient number to allow a normal calculation of any multiple k of P.   If the required multiple is not available from the option, the nearest multiple available from the option is selected, or if more than one multiple is close to equal, the higher of the closest multiples is selected The method according to any one of claims 6 to 16, wherein:   17. A method according to any one of claims 6 to 16, wherein if the required multiple is not available from the option, the next highest multiple available from the option is selected.   19. A method according to any one of the preceding claims, wherein the adjustment indicator is set to indicate a correction multiple equal to the required multiple minus the selected multiple. The required multiple in the subsequent iteration is determined by scaling the correction multiple by b ^w and adding to the value of the multiple k in the window considered in that iteration. the method of.   21. A method as claimed in any one of the preceding claims, wherein the options include only positive multiples, but conceptually also include corresponding negative multiples.   If it is determined that the required multiple is negative or less than the smallest positive multiple in the option, a multiple is selected from the option by considering the notional negative multiple of the option 24. The method of claim 21, wherein:   23. A subtraction operation is performed using a corresponding positive multiple from the option if the multiple selected from the option is one of the conceptual negative multiples. The method described.   24. The method of claim 1-23, further comprising applying a final adjustment based on an adjustment indicator set in the final iteration.   There are three types of operations involving one or more data item multiples: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero and unequal data, non-reciprocal item multiples, And (c) a multiple of zero data items. 25. The method of claim 24, wherein the method can be classified into one of any operations involving P, and the sequence of operation classification in the final step is independent of the adjustment indicator set in the final iteration. The iterative b ^w related window algorithm is a left-to-right “multiply and add b” type algorithm, used in the “multiply b” portion of the algorithm multiplier is b ^w, the required multiple is a multiple to be used in the "add" part of the algorithm, the method according to any one of claims 1 to 25 for. 27. The method of claim 26, wherein b is equal to 2, and the iterative b ^w- related window algorithm is a “double and add” type algorithm, and the multiplier used in the “double” portion of the algorithm is 2 ^w . Method.   28. The method of claim 27, wherein k is a signed binary value, and in the first iteration, the first bit of k is negatively weighted when determining the required multiple.   28. The method of claim 27, wherein k is a signed binary value and further comprises setting an adjustment indicator in the first iteration to truncate and compensate for the first bit of k.   The operations involving one or more data item multiples are of three types: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero, not equal and non-reciprocal data item multiples, And (c) a multiple of zero data items. 30. A method as claimed in any one of claims 1 to 29, which can be classified into one of any operations involving P, the sequence of operation classification being independent of the value of k.   The operations involving one or more data item multiples are of three types: (a) doubling a non-zero data item multiple, (b) adding or subtracting non-zero, not equal and non-reciprocal data item multiples, And (c) a multiple of zero data items. Can be classified into one of any operations involving P, the sequence of operation classification is independent of the value of k, and the iteration includes w doubling operations and 1 adding / subtracting operation 30, each contributing to a result generated independently of the value of k.   The zero multiple data item, i.e. P is used, or 0. 32. A method according to any one of claims 1 to 31, wherein the operation to obtain P is not performed.   The method according to claim 1, wherein an addition operation equal to a doubling operation is not performed.   A further multiple m of the data item Q is also calculated during the iterative algorithm to produce a result (kP + mQ) by using two separate adjustment indicators, one for each ongoing multiplication. The method according to any one of claims 1 to 33.   35. A method according to any one of claims 1 to 34, wherein the adjustment indicator is applied in the iteration immediately following the iteration in which the indicator is set.   36. A method according to any one of claims 1 to 35, wherein the data item P is an elliptic curve point.   37. A method according to any one of the preceding claims, wherein the method is a step in an encrypted data processing method for encrypting or decrypting data. A data processing device that calculates a multiple k of a data item P using an iterative b ^w- related window algorithm, where b is the base of the multiple k, w is the window size, and the device ,
Data item providing means for providing a choice of data items including at least one multiple of P;
Determining means for determining, for a particular iteration of the algorithm, a multiple of P required for that iteration;
A selection means for selecting a multiple from the options depending on the required multiple;
Setting means for setting an adjustment indicator depending on the relationship between the required multiple and the selected multiple;
The apparatus, wherein the determining means is operable in subsequent iterations to determine the required multiple depending on the adjustment indicator from a previous iteration. A data processing method for calculating an exponent d of a data item M using an iterative b ^w- related window algorithm, where b is the base of the exponent d and w is the window size, ,
Providing a choice of data items comprising at least one power exponent of M;
For a particular iteration of the algorithm, determine the exponent M to be required for that iteration, use the exponent to be selected from the options depending on the exponent to be required, and select the required exponent and the selected Depending on the relationship between the exponent and setting the adjustment indicator;
Determining in a subsequent iteration the exponent that is required depending on the adjustment indicator from a previous iteration. The iterative b ^w- related window algorithm is an algorithm of the type “b raised and multiplied” from left to right, and the exponent to be used in the “b raised” part of the algorithm is b ^w 40. The method of claim 39, wherein the exponent to be needed is an exponent to be used in the "multiplication" portion of the algorithm. 41. The method of claim 40, wherein b is equal to 2, and the iterative b ^w- related window algorithm is a “square and multiply” type algorithm, and the exponent to be used in the “square” portion of the algorithm is 2 ^w. the method of. A data processing device that computes the power index d of a data item M using an iterative b ^w- related window algorithm, where b is the base of the power index d, w is the window size, and the device ,
Data item providing means for providing a choice of data items including at least one exponent of M;
For a particular iteration of the algorithm, a determining means for determining the exponent M to be required for that iteration;
A selection means for selecting a power index from the options depending on the power index required;
A setting means for setting an adjustment indicator depending on the relationship between the required power index and the selected power index, the determination means in the subsequent iteration the adjustment from the previous iteration. An apparatus operable to determine the required exponent depending on an indicator. A method of increasing resistance to power side channel attacks against a data processing device that calculates a multiple k of a data item P using an iterative b ^w related window algorithm, where b is the base of the multiple k and w A window size, comprising the steps of any one of claims 1-37. A method of increasing resistance to power side channel attacks against a data processing device that calculates a power index d of a data item M using an iterative b ^w- related window algorithm, where b is the base of the power index d , W is a window size, further comprising the step of any one of claims 39-41.   A data processing apparatus substantially as described with reference to FIGS.   A data processing method substantially as described with reference to FIGS.   A method of substantially increasing the resistance to a power side channel attack on a data processing device as described with reference to FIGS.   46. A smart card comprising the data processing device according to any one of claims 38, 42 and 45.   49. An operating program that, when loaded into a data processing device, makes the device an apparatus according to any one of claims 38, 42 and 45 or a smart card according to claim 48.   48. An operating program that, when executed on a data processing device, causes the device to perform the method of any one of claims 1-37, 39-41, 43, 44, 46 and 47.   51. An operating program according to claim 49 or 50, held on a carrier medium.   52. The operating program of claim 51, wherein the carrier medium is a transmission medium.   52. The operating program of claim 51, wherein the carrier medium is a storage medium.

Images