JP2007251483A - Encryption apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption apparatus with immunity to the differential power analysis (DPA) that is one of attack methods applied to encryption algorithms such as the DES and the AES. <P>SOLUTION: The encryption apparatus reads input data from a first memory and inputs the input data to a cache mechanism on the basis of addresses generated by address generating apparatuses (apparatuses A and B) for replacing addresses accessing first and second memories (memories A and B) at random, the cache mechanism inputs the input data to an encryption processing unit, the encryption processing unit encrypts the input data, output data outputted from the encryption processing unit are given to the cache mechanism, and the output data are read from the cache mechanism and written in the second memory. The processing above is applied repetitively to all addresses. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention is an encryption having resistance to differential power analysis (DPA), which is one of attack methods of standard encryption algorithms such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard). It relates to the device.

  Conventionally, as one of attack methods for the above-described standard encryption algorithms such as DES and AES, a cryptographic analysis method called DPA is known as disclosed in Non-Patent Document 1, for example.

  The DPA samples several thousand sets of data including a ciphertext generated by the cryptographic processing device and power consumption in the cryptographic processing device when generating the ciphertext, and performs statistical processing based on the data Therefore, it is an attack that is extremely difficult to counter. In DPA, when performing the above statistical processing, internal data appearing in the cryptographic processing device is estimated from the ciphertext that is the output of the cryptographic processing device.

  As a conventional technique for avoiding this, the “Masking Method” (fixed mask value method) disclosed in Patent Document 1 and “Duplication Method” disclosed in Non-Patent Document 2 are well known. Further, as a conventional technique for avoiding DPA, as disclosed in Patent Document 2, a method for changing the internal circuit each time encryption is performed and making statistical analysis of power consumption difficult is known. ing.

JP 2002-366029 A Japanese Patent Laid-Open No. 13-268071 Paul Kocher, Joshua Jaffe, Benjamin Jun, “Differential Power Analysis”, [online], Cryptography Research, Inc., [Search February 27, 2006], Internet <URL: http://www.cryptography.com/ resources / whitepapers / DPA.pdf> “Standardization Research and Development on Tamper Resistance, Demonstration Experiment Report Part 2”, p. 54-78, “Chapter 3 3.3 Software Implementation of DPA Countermeasures by Goubin et al.” [Online], March 2004, Foundation Japan Standards Association, Information Technology Standardization Research Center, Toshiba Corporation [Search February 27, 2006], Internet <URL: http://www.jsa.or.jp/domestic/instac/committe/H15report/ report-contents / 01_06_02.PDF>

  However, “Masking Method” in Patent Document 1 and “Duplication Method” in Non-Patent Document 2 cannot be implemented unless the cryptographic algorithm implemented by the cryptographic processing apparatus is well known. In particular, regarding the “Duplication Method”, it cannot be guaranteed whether there is an implementation method depending on the encryption algorithm. In addition, both technologies cannot be implemented unless the inside of the existing cryptographic processing apparatus is changed, and existing assets cannot be used effectively.

  Further, with respect to Patent Document 2, since it takes time to rewrite the circuit, the time required for the encryption process becomes very long as a result, which is not practical.

  An object of the present invention is to solve the problems based on the prior art and to provide an encryption apparatus having resistance against DPA which is one of attack methods of encryption algorithms such as DES and AES.

To achieve the above object, the present invention encrypts input data and outputs encrypted output data, and
When input data that has not been encrypted by the cryptographic processing device is input, the input data is input to the cryptographic processing device, and the input data is associated with output data input from the cryptographic processing device. A cache mechanism for holding the input data that is already encrypted by the cryptographic processing device and outputting the output data that is already retained without inputting the input data to the cryptographic processing device;
A random number generator for generating random data;
Storing input data to be input to the cache mechanism, and storing the random number data generated by the random number generator as dummy data of the insufficient input data when the input data is less than a predetermined number of words 1 memory,
A second memory for storing output data output from the cache mechanism;
An address generation device for performing a process of randomly replacing addresses for accessing the first and second memories over all addresses of the first and second memories based on random number data input from the random number generator; With
Based on an address generated by the address generation device, input data is read from the first memory and input to the cache mechanism, and input data is input from the cache mechanism to the encryption processing device, and the encryption processing device And encrypting the input data, inputting the output data output from the cryptographic processing device to the cache mechanism, reading the output data from the cache mechanism, and writing the data to the second memory for all addresses The present invention provides an encryption device that is repeatedly performed.

  Here, when the cache mechanism determines that the input data is dummy data by comparing the address input from the address generation device and the number of the input data, the input data corresponds to the input data. It is preferable not to hold the output data.

  Further, when the input data is larger than the predetermined number of words, all the input data is divided into a plurality of blocks composed of the input data having a predetermined number of words, and the above encryption process is repeated for each block. Preferably it is done.

  According to the present invention, it is possible to take measures against DPA without knowing the cryptographic algorithm of the cryptographic processing device. Moreover, since it is not necessary to change the inside of the existing cryptographic processing apparatus, the existing design assets can be used effectively. In addition, since it is not necessary to rewrite the circuit, it is possible to take DPA countermeasures without increasing the processing time when encrypting a certain number of pieces of input data.

  Hereinafter, an encryption apparatus according to the present invention will be described in detail based on a preferred embodiment shown in the accompanying drawings.

  FIG. 1 is a block schematic diagram showing an embodiment of a configuration of an encryption apparatus according to the present invention. The encryption device 10 shown in the figure includes a first memory (memory A) 12, a second memory (memory B) 14, a cryptographic processing device 16, a cache mechanism 18, a random number generator 20, 1 device (device A) 22, a second device (device B) 24, and a control device (CPU: central processing unit) 26.

  The first memory 12 is a semiconductor storage device that stores input data before encryption input to the cache mechanism 18. The second memory 14 is a semiconductor memory device that stores output data after encryption output from the cache mechanism 18. In the present embodiment, the maximum number of data that can be stored in the first and second memories 12 and 14, where N is the number of input data to be encrypted (number of words of input data) stored in the first memory 12. Assume that (the maximum number of words that can be stored) is N ′ = 1024 (N ≦ N ′).

  Subsequently, the cryptographic processing device 16 encrypts input data input from the cache mechanism 18 based on a standard cryptographic algorithm such as DES and AES, and outputs the encrypted output data to the cache mechanism 18.

  The cache mechanism (including the cache memory and the cache controller) 18 is configured so that the encryption processing device 16 encrypts the input data so that the encryption processing device 16 does not encrypt the input data having the same value repeatedly. The input data input from the first memory 12 and the output data input from the cryptographic processor 16 (output data corresponding to the input data) are stored in association with each other.

  Here, if the cache mechanism 18 is not provided, when the same value is included in the input data, there is a possibility that a clue regarding how to change the order described later may be given to the attacker. That is, when the same value is included in the ciphertext (the output of the encryption apparatus 10), if N timings with similar power consumption patterns are found, the data was processed at that timing. Will be known.

  In other words, by providing the cache mechanism 18, it is possible to prevent the attacker from giving a clue about how to change the order. Further, by providing the cache mechanism 18, it is possible to prevent the encryption processing device 16 from repeatedly encrypting input data having the same value. Further, by providing the cache mechanism 18, an effect of shortening the processing time can be obtained.

  The random number generator 20 generates random number data R. When the number N of input data stored in the first memory 12 is smaller than the maximum number of data N ′ (= 1024), the shortage of (N′−N) (word) input data as dummy data The random number data R is stored in the first memory 12. The random number data R is also used when the second device 24 converts the address generated by the first device 22, as will be described later.

  The first device 22 reads input data from the first memory 12, generates an address ADR 1 used when writing output data to the second memory 14, writes input data to the cache mechanism 18, and writes data to the cache mechanism 18 Processing such as issuing an encryption start command and reading output data from the cache mechanism 18 is performed. The first device 22 accesses the first memory 12 in ascending order of addresses, that is, in the order of addresses 0 to 1023.

  Note that the first device 22 may be configured to access the first memory 12 in descending order of addresses, that is, in the order of addresses 1023 to 0.

  The second device 24 converts the address ADR1 input from the first device 22 into the address ADR2 based on the random number data R input from the random number generator 20. In other words, when the address ADR1 changes from 0 to 1023, the second device 24 performs processing to change the order. That is, the address ADR2 includes all the addresses 0 to 1023 one by one when the address ADR1 changes from 0 to 1023, although the order is different.

  These first and second devices 22 and 24 constitute an address generation device of the present invention. An address generation apparatus according to the present invention accesses (reads and writes) addresses in the first and second memories over all addresses in the first and second memories based on random number data input from a random number generator. The specific configuration is not limited as long as the process of randomly replacing the is performed.

  The control device 26 writes N pieces of input data to the first memory 12, reads (N′−N) pieces of random number data R from the random number generator 20, and inputs dummy data of the input data to the first memory 12. Read out one random number data R from the random number generator 20, input it to the second device 24, instruct the first device 22 to start the encryption process, etc. Perform motion control.

  The first and second memories 12 and 14, the cache mechanism 18, the random number generator 20, the second device 24, and the control device 26 are connected to each other via a system bus 28. The first device 22 is connected to the second device 24, and is connected to the system bus 28 via the second device 24. Similarly, the cryptographic processing device 16 is connected to the cache mechanism 18 and is connected to the system bus 28 via the cache mechanism 18.

  Next, the operation of the encryption device 10 will be described.

  When performing encryption processing, the control device 26 writes N pieces of input data to be encrypted to the first memory 12 in ascending order from address 0. That is, input data is written in the first memory 12 up to addresses 0 to (N-1).

  Here, when N <N ′ (N ′ = 1024), the control device 26 reads (N′−N) random number data R from the random number generator 20 and uses the read random number data R as input data. Are written in the first memory 12 from address N to address (N'-1) in ascending order. That is, the maximum data number N ′ input data (including dummy data) is written in the first memory 12.

  Subsequently, the control device 26 reads one random number data R from the random number generator 20 and writes it into the second device 24. Further, the control device 26 writes the maximum data number N ′ to the first and second devices 22 and 24 and writes the input data number N to the cache mechanism 18.

  Note that the number of random number data R written to the second device 24 is not limited to one, and two or more random number data R may be written. In this case, the plurality of random number data R may be used by sequentially exchanging them, or the plurality of random number data R may be used in combination.

  Thereafter, the control device 26 issues a process start command to the first device 22. In response to this, the first device 22 initializes an address ADR1 that is an internal variable to 0, and outputs this address ADR1 to the second device 24.

  When the second device 24 receives the address ADR1 from the first device 22, the second device 24 converts the address ADR1 into the address ADR2 based on the random number data R written from the control device 26. As described above, the address ADR2 includes the values 0 to 1023 one by one when the address ADR1 changes from 0 to 1023 (the order of the addresses ADR1 is changed). The address ADR2 output from the second device 24 is input to the first and second memories 12 and 14 and the cache mechanism 18.

  Subsequently, an input data read command is issued from the first device 22 to the first memory 12, and the input data stored in the address ADR2 is read from the first memory 12. Thereafter, input data read from the first memory 12 is input to the cache mechanism 18 by the first device 22, and an encryption start command is issued from the first device 22 to the cache mechanism 18.

  When input data that has not been encrypted by the cryptographic processing device 16 is input, the cache mechanism 18 inputs the input data to the cryptographic processing device 16 and outputs the input data and the output data ( And output data corresponding to the input data). On the other hand, when input data that has already been encrypted by the cryptographic processing device 16 is input, the input data is not input to the cryptographic processing device 16 and output data that is already held (output data corresponding to the input data) Is output.

  When the cache mechanism 18 compares the address ADR2 with the number N of input data to be encrypted and determines that the input data is dummy data (that is, when the address ADR2 ≧ N), this input Does not hold data and corresponding output data. The reason is that the output data obtained by encrypting the dummy data is not used as the ciphertext output from the encryption device 10, but for the purpose of shortening the processing time, the dummy data and the output data are held. It is also good.

  Subsequently, an output data read command is issued from the first device 22 to the cache mechanism 18, and output data corresponding to the input data is read from the cache mechanism 18. Thereafter, the output data read from the cache mechanism 18 is input to the second memory 14 by the first device 22, and a write command for output data is issued from the first device 22 to the second memory 14. Is done.

  As described above, the address ADR2 output from the second device 24 is input to the second memory 14. Accordingly, the output data is written to the address ADR2 of the second memory 14. That is, the output data obtained by encrypting the input data stored in each address of the first memory 12 by the cryptographic processing device 16 is stored in the same address of the second memory 14.

  Subsequently, in the first device 22, the address ADR1 is incremented by one (ADR1 = ADR1 + 1). Thereafter, the encryption process is repeated until the address ADR1 reaches 1023 which is the first and second maximum data numbers N′−1.

  When the number N of input data is larger than 1024, the total number N of input data is divided into a plurality of blocks composed of 1024 input data, and the above encryption process is repeated for each block.

  In the encryption device 10, the input data group to be encrypted is changed in order by the first and second devices 22 and 24 (address generation device), and sequentially encrypted by the encryption processing device 16. . Regarding encryption processing of input data having the same value, there is no effect even if the processing order is changed. Therefore, the encryption apparatus 10 includes a cache mechanism 18 so that the same input data is not subjected to encryption processing more than once. Yes.

  When encrypting input data less than a certain number (predetermined number of words) to ensure safety even when the number of data to be encrypted is small, dummy data is added to the input data group to be processed. Insertion can be performed on a sufficient number of input data. As the number of words of the input data increases, the safety increases. However, since the processing time increases, it is preferable to appropriately determine in consideration of the safety level.

  As described above, the encryption apparatus 10 can take measures against DPA without knowing the encryption algorithm of the encryption processing apparatus. Moreover, since it is not necessary to change the inside of the existing cryptographic processing apparatus, the existing design assets can be used effectively. In addition, since it is not necessary to rewrite the circuit, it is possible to take DPA countermeasures without increasing the processing time when encrypting a certain number of pieces of input data.

  The first and second memories 12 and 14, the cryptographic processing device 16, the cache mechanism 18, the random number generator 20, the first and second devices (address generation devices) 22 and 24, and the specifics of the control device 26 The configuration is not limited at all, and any of various configurations that perform the same function can be used. Further, the first and second memories 12 and 14 can be constituted by one semiconductor memory device.

The present invention is basically as described above.
Although the encryption apparatus of the present invention has been described in detail above, the present invention is not limited to the above-described embodiment, and various modifications and changes may be made without departing from the spirit of the present invention. is there.

It is the block schematic diagram of one Embodiment showing the structure of the encryption apparatus of this invention.

Explanation of symbols

10 Encryption Device 12 First Memory (Memory A)
14 Second memory (memory B)
16 Cryptographic processing device 18 Cache mechanism 20 Random number generator 22 First device (device A)
24 Second device (device B)
26 Control device (CPU: central processing unit)
28 System bus

Claims (3)

An encryption processor that encrypts input data and outputs the output data after encryption;
When input data that has not been encrypted by the cryptographic processing device is input, the input data is input to the cryptographic processing device, and the input data is associated with output data input from the cryptographic processing device. A cache mechanism for holding the input data that is already encrypted by the cryptographic processing device and outputting the output data that is already retained without inputting the input data to the cryptographic processing device;
A random number generator for generating random data;
Storing input data to be input to the cache mechanism, and storing the random number data generated by the random number generator as dummy data of the insufficient input data when the input data is less than a predetermined number of words 1 memory,
A second memory for storing output data output from the cache mechanism;
An address generation device for performing a process of randomly replacing addresses for accessing the first and second memories over all addresses of the first and second memories based on random number data input from the random number generator; With
Based on an address generated by the address generation device, input data is read from the first memory and input to the cache mechanism, and input data is input from the cache mechanism to the encryption processing device, and the encryption processing device And encrypting the input data, inputting the output data output from the cryptographic processing device to the cache mechanism, reading the output data from the cache mechanism, and writing the data to the second memory for all addresses An encryption device that is repeatedly performed.   When the cache mechanism determines that the input data is dummy data by comparing the address input from the address generator and the number of the input data, the input data and the output data corresponding thereto The encryption device according to claim 1, wherein the encryption device does not hold the password.   When the input data is larger than a predetermined number of words, all the input data is divided into a plurality of blocks composed of the input data of a predetermined number of words, and the encryption process is repeatedly performed for each of the blocks. The encryption device according to claim 1, wherein:

Images