JP2007316491A - Exponentiation arithmetic unit, decoding apparatus, and signature creating apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the following problem: the conventional method for blocking the attack of simple power analysis by adding dummy multiplication to eliminate the differences in existence of multiplication by the bit of a power value of a private key (d) cannot block an attack (a BigMac attack) wherein the multipliers in a dummy multiplication and in a non-dummy multiplication are analyzed. <P>SOLUTION: An exponentiation arithmetic unit comprises an input/output section, a private key storing section, a counter storing section, a counter initializing section, a counter updating section, a first counter judging section, a second counter judging section, a bit judging section, a multiplication section, a squaring section, an intermediate value storing section, a multiplier storing section, a random number storing section, a multiplier initializing section, a multiplier updating section, a randomness removing section, and a random number updating section. By updating the multiplier while raising it, distinction between a dummy multiplication and a non-dummy multiplication is made difficult. Thus, a BigMac attack can be blocked. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a cryptographic device that is safe against an attack method that analyzes a cryptographic key embedded in a cryptographic module by measuring power consumption when performing cryptographic processing.

  2. Description of the Related Art In recent years, various cryptanalysis methods have been devised in which a cryptographic module implemented by hardware or software analyzes a cryptographic key by using sub-information when performing cryptographic processing as a clue. For example, in an analysis method called a timing attack, an encryption key is analyzed by taking advantage of the fact that the time required for encryption processing by the encryption module varies slightly depending on the value of the encryption key used for encryption processing. That is, in the timing attack, the encryption key is decrypted by using the sub-information called the processing time when performing the encryption process. Among such cryptanalysis methods, cryptanalysis methods that perform cryptanalysis using the power consumption at the time of cryptographic processing as sub-information are Simple Power Analysis (Simple Power Analysis Attack) and Differential Power Analysis (Differential Power Analysis Attack). Various methods have been devised. These cryptanalysis methods can be analyzed even for actual products in which cryptography such as an IC card is mounted, due to the background that high-performance measuring instruments are available at low cost in recent years. It has been reported. In the following description, the power consumption of the cryptographic module during the cryptographic processing as described above, that is, the decryption method for analyzing the cryptographic key using the power waveform as a clue is collectively referred to as “power analysis attack”. . Non-Patent Document 1 is detailed for timing attacks, and Non-Patent Document 2 is detailed for power analysis attacks.

  Hereinafter, a simple power analysis attack on the RSA encryption will be described. Regarding the RSA encryption, Non-Patent Document 3 is detailed.

[Simple power analysis attack of RSA encryption]
In the decryption process of the RSA cipher, c ^ d mod n is calculated for a product n of prime numbers p and q, a ciphertext c that is a positive integer less than n, and a secret key d that is a positive integer. As this calculation method, for example, the binary method on page 9 of Non-Patent Document 4 is known. Hereinafter, the binary method will be described. d = d0 + d1 × 2 + d2 × 2 ^ 2 +. . . + D ^ (len-1) × 2 ^ (len-1), i = 0, 1,. . . , Len-1 with di = 0 or 1. Here, len indicates the number of bits of d, “×” indicates multiplication of an integer, and x ^ y indicates x to the power of y.

(Binary method)
Step S801: i ← len-2, z ← c
Step S802: z ← z ^ 2 mod n
Step S803: Check whether di is 1. When di = 1, z ← z × c mod n.

  Step S804: i ← i-1. Check if i is negative. Output z if negative. Otherwise, go to step S802.

  In the above method, steps S802, S803, and S804 are repeatedly calculated as a loop. In this loop, for di (i = 1, 2,..., Len−1), when di = 1, z is multiplied by 2 and c, and when di = 0, Only perform z multiplication. n is a large number, for example, an integer of 1024 bits. Usually, the multiplication by 2 can be performed more quickly than the multiplication, so that the processing efficiency can be improved. In that case, the processing is different between 2 multiplication and multiplication, so the power waveforms are different.

  Therefore, by measuring the power waveform, it is possible to analyze the order of operations of double multiplication and multiplication. Further, the value of di can be obtained from the order using the fact that the processing in the loop differs depending on di. In summary, the following steps enable a simple power analysis attack.

(Binary method simple power analysis attack)
Step S901: The ciphertext c is decrypted and the power waveform in the process is measured.

  Step S902: The order of the multiplication and multiplication operations is obtained from the power waveform.

  Step S903: The bit di (i = 1, 2,..., Len−1) is obtained from the above order.

[Simple power analysis attack countermeasures for conventional RSA encryption]
The above simple power analysis attack utilizes the fact that multiplication is performed only when di = 1 in step S803 of the binary method. Therefore, when di = 0, multiplication by multiplying 1 by z does not change the result. However, by performing multiplication even when di = 0, two multiplications and the operation order of multiplication are values of d. A countermeasure method for a simple power analysis attack that does not depend on the system has been devised (see Non-Patent Document 1).
Paul Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Neal Koblitz, editor, CRYPTO '96, LNCS 1109, Springer-Verlag, 1996, pp. 104-113. P. Kocher, J. et al. Ja_e, and B.B. Jun, “Di_eriental Power Analysis,” Advances in Cryptology—CRYPTO '99, LNCS, 1666, Springer-Verlag, 1999, pp. 388-397. Tatsuaki Okamoto, Hiroshi Yamamoto, "Contemporary Cryptography", Industrial Books (1997) H. Cohen, “A Course in Computational Algebraic Number Theory”, GTM 138, Springer-Verlag, 1996, p9. C. D. Walter, “Sliding windows succums to Big Mac Attack”, CHES2001, LNCS2162, Springer-Verlag, 2001, pp. 13-28. 286-299. Kaninaga, Watanabe, Endo, Okouchi, “Attack by RSA encryption power analysis method and countermeasures”, IEICE, Vol. J88-A, no. 5, pp. 606-615, 2005

  In the RSA encryption simple power analysis attack countermeasure described above, multiplication is performed by multiplying c when di = 1 and 1 when di = 0. An attack (referred to as BigMac attack) for analyzing whether di is 0 or 1 by using this fact has been devised (see Non-Patent Document 5). When this attack is used, there is a problem that the value of d is analyzed even if the above-described simple power analysis attack countermeasure is taken.

  An object of the present invention is to provide a decryption device that decrypts an RSA cipher so as not to reduce security due to a BigMac attack.

  In order to achieve the above object, the invention according to claim 1 is a power calculation device that inputs target data and outputs a power calculation result of the target data with secret information that is a secret number as a power value, An input / output unit that receives an input of the target data and outputs a power operation result of the target data, a secret information storage unit that stores the secret information, an intermediate value storage unit that stores an intermediate value, and the secret information On the other hand, a secret information determination unit for determination, a multiplier storage unit for storing a plurality of multipliers, a multiplication unit for performing multiplication of the intermediate value and the multiplier, and a two multiplication unit for performing double multiplication of the intermediate value And a multiplier update unit that updates the multiplier, and the multiplier used in the multiplier is based on a determination result of the secret information determination unit from a plurality of the multipliers stored in the multiplier storage unit To choose And features.

  The power operation device may further include a counter storage unit that stores a counter, a counter update unit that updates a counter value, and a counter determination unit that determines a counter value. The information determination unit makes a determination based on a value of the counter, and the multiplier update unit updates the multiplier based on a determination result of the counter determination unit.

  The power operation device may further include a random number storage unit that stores a random number, and a randomness removal unit that removes the influence of the random number from the intermediate value, and the multiplier includes at least the random number. Characterized based on.

  The invention according to claim 4 is characterized in that the random number is calculated in advance and stored in the random number storage unit, and the random number removal unit multiplies the intermediate value by a random number removed in advance. To do.

  The invention according to claim 5 is characterized in that the power arithmetic apparatus further comprises a random number updating unit for updating the random number.

  In the invention according to claim 6, the multiplier storage unit stores the two multipliers X_0 and X_1, and the multiplier update unit calculates a result of squaring the multiplier X_0 with respect to the multipliers X_0 and X_1. An update multiplier X_0 ′ for X_0 is set, and a result of multiplying the target data and the update multiplier X_0 is set as an update multiplier X_1 ′ for the multiplier X_1, and the respective update multipliers X_0 ′ and X_1 ′ are stored in the multiplier storage unit. It is characterized by.

  The invention according to claim 7 is a decryption device that inputs a ciphertext and outputs a result of a power operation of the ciphertext having a secret value that is a secret number as a power value as a decrypted text, wherein the ciphertext input An input / output unit that outputs the decrypted text, a secret information storage unit that stores the secret information, an intermediate value storage unit that stores an intermediate value, and a secret information determination unit that determines the secret information A multiplier storage for storing a plurality of multipliers, a multiplier for performing multiplication of the intermediate value and the multiplier, a multiplier for executing multiplication of the intermediate value, and a multiplier update for updating the multiplier And the multiplier used in the multiplier is selected from a plurality of multipliers stored in the multiplier storage based on a determination result of the secret information determination unit.

  The invention according to claim 8 is a signature generation apparatus for inputting signature target data and outputting a power operation result of the signature target data with the secret information being a secret number as a power value as signature data, wherein the signature target An input / output unit that receives data input and outputs the signature data; a secret information storage unit that stores the secret information; an intermediate value storage unit that stores an intermediate value; and secret information that is determined for the secret information A determination unit; a multiplier storage unit that stores a plurality of multipliers; a multiplication unit that performs multiplication of the intermediate value and the multiplier; a double multiplication unit that performs multiplication of the intermediate value; and the multiplier is updated. A multiplier updating unit that selects the multiplier used by the multiplication unit from a plurality of multipliers stored in the multiplier storage unit based on a determination result of the secret information determination unit. To do.

  The invention according to claim 9 is a power calculation method for inputting the target data and outputting a power calculation result of the target data with the secret information that is a secret number as a power value, and receiving the input of the target data, An input / output step for outputting a power operation result of the target data, a secret information storage step for storing the secret information, an intermediate value storage step for storing an intermediate value, and a secret information determination step for determining the secret information A multiplier storage step for storing a plurality of multipliers, a multiplication step for executing multiplication of the intermediate value and the multiplier, a double multiplication step for executing double multiplication of the intermediate value, and a multiplier for updating the multiplier The multiplier used in the multiplier is stored in the multiplier storage step based on the determination result of the secret information determination step. And selecting from a plurality of said multiplier.

  The invention according to claim 10 is a program to be executed by a power arithmetic device that inputs target data and outputs a power calculation result of the target data with secret information that is a secret number as a power value. An input / output step for receiving an input and outputting a power operation result of the target data; a secret information storing step for storing the secret information; an intermediate value storing step for storing an intermediate value; and determining the secret information A secret information determination step, a multiplier storage step for storing a plurality of multipliers, a multiplication step for executing multiplication of the intermediate value and the multiplier, a double multiplication step for executing double multiplication of the intermediate value, and the multiplier A multiplier update step for updating the multiplier, and the multiplier used in the multiplier is based on a determination result of the secret information determination step. And selecting from a plurality of said multiplier is stored in step.

  The invention according to claim 11 is a medium in which the program according to claim 10 is recorded.

  The invention according to claim 12 is an integrated circuit of a power operation device that inputs target data and outputs a power operation result of the target data with secret information that is a secret number as a power value. An input / output unit that outputs a power operation result of the target data, a secret information storage unit that stores the secret information, an intermediate value storage unit that stores an intermediate value, and a secret that is determined for the secret information An information determination unit; a multiplier storage unit that stores a plurality of multipliers; a multiplication unit that performs multiplication of the intermediate value and the multiplier; a double multiplication unit that performs multiplication of the intermediate value; and the multiplier A multiplier updating unit for updating, and the multiplier used in the multiplication unit is selected from the plurality of multipliers stored in the multiplier storage unit based on a determination result of the secret information determination unit. And

  According to these configurations, it is possible to prevent the safety from being lowered by the BigMac attack, and the value thereof is great.

(Embodiment 1)
FIG. 1 is a diagram showing a configuration of a power arithmetic apparatus 1000 according to the first embodiment of the present invention. This apparatus inputs target data X, which is target data to be exponentiated, and outputs an input / output unit 1010 that outputs a power result of the target data, a secret key storage unit 1020 that stores a secret key d, and a counter count. A counter storage unit 1030; a counter initialization unit 1040 that initializes the counter count; a counter update unit 1050 that updates the value of the counter count; a first counter determination unit 1060 that determines the value of the counter count; A second counter determination unit 1070 that determines a counter count value different from the counter determination unit 1060 of FIG. 1, a bit determination unit 1080 that determines a bit value of d, a multiplication unit 1090 that performs multiplication, and a double multiplication 2 multiplication unit 1100 that performs the calculation, and intermediate value storage unit 1 that stores the results of the multiplication unit 1090 and the 2 multiplication unit 1100 10, a multiplier storage unit 1120 that stores a multiplier used in the multiplication unit 1090, a random number storage unit 1130 that stores a random number and a randomness elimination number described later, and a multiplier stored in the multiplier storage unit 1120. Multiplier initialization unit 1140, multiplier update unit 1150 that updates the multiplier stored in multiplier storage unit 1120, and randomness removal that removes the effects of random numbers using the random number removal number stored in random number storage unit 1130 Unit 1160 and a random number update unit 1170 that updates the random number and the random number removal number. The power arithmetic apparatus 1000 is input as target data, and outputs a power calculation result with the secret key d of the target data as a power value.

<About scenes used by the power arithmetic unit 1000>
This apparatus is used, for example, in the decryption of the RSA encryption method and the signature creation of the RSA signature method. Hereinafter, the RSA encryption method and the RSA signature method will be described.

RSA encryption method (1) Key generation The public key and secret key are calculated as follows.

  • Select large prime numbers p and q at random and calculate the product n = p × q.

  Calculate the least common multiple L = LCM (p−1, q−1) of (p−1) and (q−1).

  A random natural number e that is relatively prime to L and smaller than L is selected at random.

1 ≦ e ≦ L−1, GCD (e, L) = 1
Here, GCD (e, L) indicates the greatest common divisor of e and L.

  Calculate d satisfying e × d = 1 mod L. Since GCD (e, L) = 1, such d always exists. Thus, the obtained integer e and integer n are public keys. The integer d is a secret key. Here, x mod y indicates a remainder obtained by dividing x by y.

(2) Generation of Ciphertext Using the integer e and the integer n that are public keys, the ciphertext c is calculated by performing a cryptographic operation on the plaintext m.

c = m ^ e mod n
In this specification, the operator ^ indicates a power. For example, A ^ x indicates that x is multiplied by x when x> 0.

(3) Generation of decrypted text The decrypted text m ′ is calculated by performing a decryption operation on the cipher text c using the integer d which is a secret key.

m ′ = c ^ d mod n
In addition,
m ′ = c ^ d mod n
= (M ^ e) ^ d mod n
= M ^ (e * d mod L) mod n
= M ^ 1 mod n
= M mod n
Therefore, the decrypted text m ′ matches the plain text m.

  The power arithmetic apparatus 1000 is used at the place where c ′ to m ′ are calculated in the generation of the decrypted text. At this time, m '= c ^ d mod n is calculated in the exponentiation operation apparatus 1000 using c as the target data and the secret key d.

  The RSA encryption is described in detail on pages 110 to 113 of Non-Patent Document 3.

RSA signature method (1) Key generation The key generation method is the same as the RSA encryption method.

(2) Signature generation For the message data D, the signature data S is calculated as follows.

  First, the hash value h = Hash (D) of the message data D is calculated using the hash function Hash.

  Next, the signature data S is calculated by multiplying the hash value h to the d power by using the integer d which is a secret key.

S = h ^ d mod n
(3) Signature verification Whether the signature data S is the correct signature of the message data D is verified as follows.

  Check whether Hash (D) and S ^ e mod n are equal. If they are equal, the signature data S is accepted as a correct signature. If they are not equal, the signature data S is rejected as an incorrect signature.

  The power arithmetic apparatus 1000 is used at a place where S is calculated from h in the signature generation described above. At this time, S = h ^ d mod n is calculated using the secret key d in the power arithmetic apparatus 1000 with the target data as h.

  The RSA signature is described in detail on pages 175 to 176 of Non-Patent Document 3.

<About each part of the exponentiation arithmetic unit 1000>
The input / output unit 1010 receives input of the target data X, and stores the target data in the intermediate value storage unit 1110 as the intermediate value Z. The input / output unit 1010 further outputs a power operation result of the target data X.

  The secret key storage unit 1020 stores d, which is a secret key. For example, d is a 512-bit integer.

  The counter storage unit 1030 stores a counter count.

  The counter initialization unit 1040 sets the counter count to lnd-1. Here, lend is the bit size of the secret key d. For example, lend = 512.

  The counter update unit 1050 decrements the counter count stored in the counter storage unit 1030 (subtracts 1).

  The first counter determination unit 1060 determines whether the value of the counter count stored in the counter storage unit 1030 is zero.

  The second counter determination unit 1070 determines whether the value of the counter count stored in the counter storage unit 1030 is divisible by 8, that is, whether it is a multiple of 8.

  The bit determination unit 1080 determines whether the value of the count bit of the secret key d stored in the secret key storage unit 1020 is 0 or 1 with respect to the counter count stored in the counter storage unit 1030 To do. Here, the count bit of the secret key d indicates the order when counting in order from the lower bits. However, the least significant bit is the 0th bit.

  The multiplication unit 1090 multiplies the intermediate value Z stored in the intermediate value storage unit 1110 by the multiplier value X_0 or the multiplier value X_1 stored in the multiplier storage unit 1120, and the multiplication result is the intermediate value storage unit 1110. To store. Specifically, when multiplying the intermediate value Z and the multiplier value X_0, Z ← Z × X_0 mod n is executed. Here, n is a product of large prime numbers p and q in the RSA encryption, and ← means that the calculation result on the right is substituted into the left variable.

  The 2 multiplication unit 1100 squares the intermediate value Z stored in the intermediate value storage unit 1110 and stores the squared result in the intermediate value storage unit 1110. Specifically, Z ← Z ^ 2 mod n is executed.

  The intermediate value storage unit 1110 stores the intermediate value Z of the power operation.

  The multiplier storage unit 1120 stores the multipliers X_0 and X_1 used by the multiplication unit 1090.

  The random number storage unit 1130 stores a random number R and a randomness removal number U. It is assumed that the random number R and the randomness removal number U are given in advance.

  Multiplier initialization unit 1140 initializes multipliers X_0 and X_1 stored in multiplier storage unit 1120. Specifically, for the target data X, X_0 ← R mod n and X_1 ← X × X_0 mod n are set using the random number R stored in the random number storage unit 1130. Here, ← means that the right result is assigned to the left variable.

  The multiplier update unit 1150 updates the multipliers X_0 and X_1 stored in the multiplier storage unit 1120. Specifically, X_0 ← X_0 ^ 2 mod n, X_1 ← X × X_0 mod n.

  The random number removal unit 1160 multiplies the intermediate value Z stored in the intermediate value storage unit 1110 by the random number removal number U in order to remove the influence of the random number R multiplied by the multipliers X_0 and X_1, and outputs the intermediate result. Store in the value storage unit 1110. That is, Z ← Z × U mod n is executed. Here, U = R ^ u mod n, and u = (1 + 2 + 2 + ^ 2 + 2 ^ 3 + 2 ^ 4 + 2 ^ 5 + 2 ^ 6 + 2 ^ 7) × (2 ^ 504 + 2 × 2 ^ 496 + 2 ^ 2 × 2 ^ 488 +... + 2 ^ 63). However, this u is a value when the secret key d is a 512-bit integer and the multiplier is updated every 8 bits, and the size of the secret key d may increase or the timing for updating the multiplier may change. For example, the value of u also changes.

  The random number update unit 1170 updates the random number and the randomness removal number U stored in the random number storage unit 1130. Specifically, R ← R ^ 2 mod n and U ← U ^ 2 mod n are executed on the random number R stored in the random number storage unit 1130.

<Operation of power arithmetic apparatus 1000>
The power calculation apparatus 1000 is input as the target data X, and outputs a power calculation result with the secret key d of the target data X as a power value. FIG. 2 shows a flowchart of the power arithmetic apparatus 1000. Hereinafter, the operation of the power arithmetic apparatus 1000 will be described.

  Step S101: The input / output unit 1010 receives input of the target data X and stores it as an intermediate value Z in the intermediate value storage unit 1110.

  Step S102: The multiplier initialization unit 1140 uses the target data X to initialize multipliers X_0 and X_1 stored in the multiplier storage unit 1120.

  Step S103: The counter initialization unit 1040 initializes the counter count. Specifically, the counter count is set to lend-1.

  Step S104: The 2 multiplication unit 1100 squares the intermediate value Z stored in the intermediate value storage unit 1110 and stores the result in the intermediate value storage unit 1110.

  Step S105: The bit determination unit 1080 determines the bit of the secret key d. If the bit is 0, go to the next step S106. If it is 1, go to step S107.

  Step S106: The multiplication unit 1090 multiplies the intermediate value Z stored in the intermediate value storage unit 1110 by the multiplier X_0 stored in the multiplier storage unit 1120, and stores the result in the intermediate value storage unit 1110. Go to step S108.

  Step S107: The multiplication unit 1090 multiplies the intermediate value Z stored in the intermediate value storage unit 1110 by the multiplier X_1 stored in the multiplier storage unit 1120, and stores the result in the intermediate value storage unit 1110.

  Step S108: The first counter determination unit 1060 determines the counter count stored in the counter storage unit 1030. If the counter count is 0, go to step S112. Otherwise, go to the next step S109.

  Step S109: The second counter determination unit 1070 determines the counter count stored in the counter storage unit 1030. If the determination result is affirmative (counter count is divisible by 8), go to the next step S110. Otherwise, go to step S111.

  Step S110: The multiplier update unit 1150 updates the multipliers X_0 and X_1 stored in the multiplier storage unit 1120.

  Step S111: The counter update unit 1050 updates the counter count stored in the counter storage unit 1030. Go to step S104.

  Step S112: The randomness removal unit 1160 multiplies the intermediate value Z stored in the intermediate value storage unit 1110 by the random number removal number U stored in the random number storage unit 1130, and the result is the intermediate value storage unit 1110. To store.

  Step S113: The input / output unit 1010 outputs the intermediate value Z stored in the intermediate value storage unit 1110 (as a power calculation result).

  Step S114: The random number update unit 1170 updates the random number R and the randomness removal number U stored in the random number storage unit 1130. End.

<Effect of Embodiment 1>
In the first embodiment, multipliers X_0 and X_1 for multiplying intermediate value Z are updated in multiplier update section 1150 for each 8-bit block of d. By doing so, the multiplier is different for each block, and it is possible to prevent the BigMac attack for obtaining the secret key d by analyzing what the multiplier is. This will be described in detail below.

  FIG. 3 shows processing for the secret key d of the power arithmetic apparatus 1000 according to the first embodiment, classification of multipliers by the attacker, and bit estimation of d. In the block 1, when the bit of d is 0, X_0 = X_01 is multiplied by the intermediate value Z, and when it is 1, X_1 = X_11 is multiplied. In block 2, since X_0 is updated from X_01 to X_02 and X_1 is updated from X_11 to X_12, when the bit of d is 0, X_0 = X_02, and when X = 1, X_1 = X_12 is multiplied. Here, the attacker can classify the waveforms into groups a1 and b1 having different multipliers in block 1 and groups a2 and b2 having different multipliers in block 2 from the power consumption waveform. However, the attacker does not know which of the groups a1 and b1 corresponds to the bit d 0 or 1 and which of the groups a2 or b2 corresponds to the bit 0 0 or 1 in each block. Assuming that either group corresponds to a bit of d corresponding to 0 (or 1), it is necessary to check whether it is correct. There are two patterns for a1 and b1 corresponding to bits 0 and 1 of d, and there are two patterns for a2 and b2 corresponding to bits 0 and 1 of d, so there are 2 × 2 = 4 combinations of each. . Therefore, the attacker must try four ways. Here, if the number of blocks is NB, the attacker needs to try 2 ^ NB. When NB is increased, it takes time for the attacker to try, and the safety against the BigMac attack increases. For example, when the secret key d is a 512-bit integer, since there are 512/8 = 64 8-bit blocks, the security (time taken by the attacker) is 2 ^ 64, which is high. In this way, the BigMac attack can be prevented.

  In addition, by updating the random number R in the random number update unit 1170, it is possible to prevent a differential power analysis attack that analyzes using the fact that the power waveform is biased by using the same random number R by the target data X. Become.

(Embodiment 2)
FIG. 4 is a diagram showing a configuration of a power arithmetic apparatus 2000 as the second embodiment according to the present invention. This apparatus includes an input / output unit 1010, a secret key storage unit 1020, a counter storage unit 1030, a counter update unit 1050, a first counter determination unit 1060, and a second counter determination similar to those in the first embodiment. Unit 1070, 2 multiplication unit 1100, intermediate value storage unit 1110, random number update unit 1170, counter initialization unit 2040 different from the first embodiment, multiplier selection unit 2080, multiplication unit 2090, and multiplier storage unit 2120, a random number storage unit 2130, a multiplier initialization unit 2140, a multiplier update unit 2150, and a randomness removal unit 2160. This apparatus inputs as target data, and outputs a power operation result with the secret key d of the target data as a power value.

  The power arithmetic apparatus 2000 is used in, for example, decryption of the RSA encryption scheme and signature creation of the RSA signature scheme, as with the power arithmetic apparatus 1000 of the first embodiment.

<Regarding Each Unit of Power Calculation Device 2000>
The counter initialization unit 2040 sets the counter count to b. Here, b is (the smallest integer equal to or greater than len / sw) −1, sw is a positive integer, and len is the bit size of the secret key d. For example, len = 512. In the following, for simplicity, it is assumed that sw = 4. In addition, sw may be 2, 3 or 5 or more.

  The multiplier selection unit 2080 selects a multiplier X_i stored in the multiplier storage unit 2120 using a value of divided secret information d_count (to be described later) for the counter count stored in the counter storage unit 1030 as an index i (i = d_count). .

  Multiplication unit 2090 multiplies intermediate value Z stored in intermediate value storage unit 1110 by multiplier X_i selected by multiplier selection unit 2080 and stores the multiplication result in intermediate value storage unit 1110. Specifically, Z ← Z × X_i mod n is executed. Here, n is a product of large prime numbers p and q in the RSA encryption, and ← means that the calculation result on the right is substituted into the left variable.

  The multiplier storage unit 2120 includes multipliers X_0, X_1,. . . , X_15 are stored. Note that X_0 to X_15 are stored because sw = 4. For general sw, the multiplier storage unit 2120 has multipliers X_0, X_1,. . . , X_ (2 ^ sw-1).

  The random number storage unit 2130 stores a random number R and a randomness removal number U. It is assumed that the random number R and the randomness removal number U are given in advance.

  The multiplier initialization unit 2140 includes multipliers X_0, X_1,. . . , X_15 is initialized. Specifically, using the random number R stored in the random number storage unit 2130, X_0 ← R mod n, X_1 ← X × X_0 mod n, X_2 ← X × X_1 mod n,. . . , X — 15 ← X × X — 14 mod n (= X ^ 15 × R mod n). Here, ← means that the right result is assigned to the left variable.

  The multiplier update unit 2150 includes multipliers X_0, X_1,. . . , X_15 is updated. Specifically, X — 0 ← X — 0 ^ 2 mod n, X — 1 ← X × X — 0 mod n, X — 2 ← X × X — 1 mod n,. . . , X — 15 ← X × X — 14 mod n.

  The randomness removing unit 2160 is a multiplier X_0, X_1,. . . In order to remove the influence of the random number R multiplied by X_15, the random number elimination number U is multiplied by the intermediate value Z stored in the intermediate value storage unit 1110, and the result is stored in the intermediate value storage unit 1110. That is, Z ← Z × U mod n is executed. Here, U = R ^ u mod n, and u = (1 + 2 ^ 4 + 2 ^ 8 + 2 ^ 12 + 2 ^ 16 + 2 ^ 20 + 2 ^ 24 + 2 ^ 28) × (2 ^ 480 + 2 × 2 ^ 448 + 2 ^ 2 × 416 +... + 2 ^ 15). However, this u is a value when the secret key d is a 512-bit integer and the multiplier is updated every time the counter is reduced by 8, and the timing when the size of the secret key d increases or the multiplier is updated. If u changes, the value of u also changes.

<Operation of power arithmetic unit 2000>
The power calculation device 2000 is input as the target data X, and outputs a power calculation result with the secret key d of the target data X as a power value. FIG. 5 shows a flowchart of the power arithmetic apparatus 2000. In the following, the operation of the power arithmetic apparatus 2000 is shown.

  Step S201: The input / output unit 1010 accepts input of the target data X and stores it as an intermediate value Z in the intermediate value storage unit 1110.

  Step S202: The multiplier initialization unit 2140 uses the target data X to store the multipliers X_0, X_1,. . . , X_15 is initialized.

  Step S203: The counter initialization unit 2040 initializes the counter count. Specifically, the counter count is set to b.

  Step S204: The 2 multiplication unit 1100 squares the intermediate value Z stored in the intermediate value storage unit 1110, and stores the result in the intermediate value storage unit 1110. By repeating this three more times, the intermediate value Z before step 204 is raised to the 16th power.

  Step S205: The multiplier selection unit 2080 selects the multiplier X_i stored in the multiplier storage unit 2120.

  Step S206: The multiplication unit 2090 multiplies the intermediate value Z stored in the intermediate value storage unit 1110 by the multiplier X_i selected by the multiplier selection unit 2080, and stores the result in the intermediate value storage unit 1110.

  Step S207: The first counter determination unit 1060 determines the counter count stored in the counter storage unit 1030. If the counter count is 0, go to step S211. Otherwise, go to the next step S208.

  Step S208: The second counter determination unit 1070 determines the counter count stored in the counter storage unit 1030. If the determination result is affirmative (counter count is divisible by 8), the process proceeds to the next step S209. Otherwise, go to step S210.

  Step S209: The multiplier update unit 2150 receives the multipliers X_0, X_1,. . . , X_15 is updated.

  Step S210: The counter update unit 1050 updates the counter count stored in the counter storage unit 1030. Go to step S204.

  Step S211: The randomness removal unit 2160 multiplies the intermediate value Z stored in the intermediate value storage unit 1110 by the random number removal number U stored in the random number storage unit 2130, and the result is the intermediate value storage unit 1110. To store.

  Step S212: The input / output unit 1010 outputs the intermediate value Z stored in the intermediate value storage unit 1110 (as a power calculation result).

  Step S213: The random number update unit 1170 updates the random number R and the randomness removal number U stored in the random number storage unit 1130. End.

<Effect of Embodiment 2>
In the second embodiment, multipliers X_0, X_1,... For multiplying intermediate value Z by multiplier update unit 2150 for each block of 8 × 4 = 32 bits. . . , X_15 is updated. By doing so, the multiplier differs for each block as in the first embodiment, and it is possible to prevent the BigMac attack for obtaining the secret key d by analyzing what the multiplier is.

(Modification)
The embodiment described above is an example of the implementation of the present invention, and the present invention is not limited to this embodiment, and can be implemented in various modes without departing from the scope of the present invention. is there. For example, the present invention includes the following cases.

  (1) The bit size of the secret key d in Embodiments 1 and 2 is not limited to 512. It may be 1024 or 2048. In addition, the exponentiation unit 1000 calculates X ^ d mod n, dp = d mod p-1, dq = d mod q-1, X ^ dp mod p and X ^ dq mod q are calculated, X ^ d mod n may be calculated by using the Chinese remainder theorem. Here, the power arithmetic unit 1000 may be used when calculating X ^ dp mod p and X ^ dq mod q. In this case, for example, when calculating X ^ dp mod p, the power arithmetic apparatus 1000 is implemented with mod n used in the multiplier 1090 or the like as mod p.

  (2) The present invention may calculate the scalar multiple of the points of the elliptic curve instead of calculating the power. In that case, multiplication performed by the power arithmetic apparatus 1000 is elliptic addition, and double multiplication is elliptic doubling. Also, “Sh” corresponds to “Scalar”.

  (3) Although the second counter determination unit 1070 in Embodiments 1 and 2 determines whether the counter is divisible by 8, the present invention is not limited to this. For example, it may be determined whether or not it is divisible by 4. In this case, in the first embodiment, u = (1 + 2 + 2 + ^ 2 + 2 ^ 3) * (2 ^ 508 + 2 * 2 ^ 504 + 2 ^ 2 * 2 ^ 500 +... + 2 ^ 127), and in the second embodiment, u = ( 1 + 2 ^ 4 + 2 ^ 8 + 2 ^ 12) * (2 ^ 496 + 2 * 2 ^ 484 + 2 ^ 2 * 2 ^ 468 +... + 2 ^ 31). Further, a table including a plurality of positive integers may be held, and it may be determined whether the table is a positive integer stored in the table. Note that the positive integers included in this table are not limited to regular ones such as multiples of 8, but may be those having no regularity. Also in these cases, u changes depending on the value of the positive integer.

  (4) The multiplier X_0 is squared in the multiplier updating unit 1150 in the first embodiment and the multiplier updating unit 2150 in the second embodiment, but the present invention is not limited to this. For example, it may be cubed. In this case, in the first embodiment, u = (1 + 2 + 2 ^ 2 + 2 ^ 3 + 2 ^ 4 + 2 ^ 5 + 2 ^ 6 + 2 ^ 7) × (2 ^ 504 + 3 × 2 ^ 496 + 3 ^ 2 × 2 ^ 488 +... + 3 ^ 63), implementation In the first form, u = (1 + 2 ^ 4 + 2 ^ 8 + 2 ^ 12 + 2 ^ 16 + 2 ^ 20 + 2 ^ 24 + 2 ^ 28) × (2 ^ 480 + 3 × 2 ^ 448 + 3 ^ 2 × 2 ^ 416 +... + 3 ^ 15). However, in this case, the second counter determination unit 1070 determines whether the counter is divisible by 8.

  (5) In the random number updating unit 1170 in the first and second embodiments, the random number R is updated by squaring, but the present invention is not limited to this. For example, it may be cubed. Alternatively, a fixed value may be stored in advance, and the random number R may be updated by multiplying the random number R by this. Further, the random number update unit 1170 is included in the power arithmetic apparatus 1000 to prevent the differential power analysis attack, and when the differential power analysis attack countermeasure is taken in addition to this, the random number update unit 1170 may be omitted.

  (6) The present invention may be an RSA encryption decryption apparatus or an RSA signature generation apparatus that uses the RSA encryption, instead of a power operation apparatus. Further, the information security device may execute an exponentiation operation with the secret information as a power value. For example, it may be a decryption device for ElGamal encryption or a signature generation device for a DSA signature.

  (7) Each of the above devices is specifically a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or hard disk unit. Each device achieves its functions by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.

  (8) A part or all of the components constituting each of the above devices may be configured by one system LSI (Large Scale Integration). The system LSI is a super multifunctional LSI manufactured by integrating a plurality of components on one chip, and specifically, a computer system including a microprocessor, a ROM, a RAM, and the like. . A computer program is stored in the RAM. The system LSI achieves its functions by the microprocessor operating according to the computer program.

  (9) A part or all of the constituent elements constituting each of the above devices may be constituted by an IC card or a single module that can be attached to and detached from each device. The IC card or the module is a computer system including a microprocessor, a ROM, a RAM, and the like. The IC card or the module may include the super multifunctional LSI described above. The IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.

  (10) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.

  (11) Further, the present invention provides a computer-readable recording medium such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray). -Ray Disc), or recorded in a semiconductor memory or the like. Further, the digital signal may be recorded on these recording media.

  (12) In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.

  (13) The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program. .

  (14) Another computer system which is independent by recording and transferring the program or the digital signal on the recording medium or by transferring the program or the digital signal via the network or the like. May be implemented.

  (15) The above embodiment and the above modifications may be combined.

  According to these configurations, it is possible to prevent the safety from being lowered due to the BigMac attack.

The block diagram which shows the structure of the exponentiation calculating apparatus 1000 as one embodiment based on this invention The flowchart which shows the process of the exponentiation calculating apparatus 1000 The figure which shows the process with respect to the secret key d of the power arithmetic unit 1000, the classification of the multiplier by an attacker, and the bit estimation of d The block diagram which shows the structure of the exponentiation calculating apparatus 2000 as one embodiment based on this invention The flowchart which shows the process of the exponentiation calculating apparatus 2000

Explanation of symbols

1000, 2000 Power arithmetic unit 1010 Input / output unit 1020 Secret key storage unit 1030 Counter storage unit 1040, 2040 Counter initialization unit 1050 Counter update unit 1060 First counter determination unit 1070 Second counter determination unit 1080 Bit determination unit 1090, 2090 Multiplying unit 1100 2 Multiplying unit 1110 Intermediate value storing unit 1120, 2120 Multiplier storing unit 1130, 2130 Random number storing unit 1140, 2140 Multiplier initialization unit 1150, 2150 Multiplier updating unit 1160, 2160 Randomness removing unit 1170 Random number updating unit 2080 Multiplier Select part

Claims (12)

A power calculation device that inputs target data and outputs a power calculation result of the target data with secret information that is a secret number as a power value,
An input / output unit that accepts input of the target data and outputs a result of a power operation of the target data;
A secret information storage unit for storing the secret information;
An intermediate value storage for storing intermediate values;
A secret information determination unit for determining the secret information;
A multiplier storage for storing a plurality of multipliers;
A multiplication unit that performs multiplication of the intermediate value and the multiplier;
A two-multiplying unit that performs two multiplications of the intermediate value;
A multiplier update unit for updating the multiplier,
The multiplier used in the multiplication unit is selected from a plurality of multipliers stored in the multiplier storage unit based on a determination result of the secret information determination unit. The power arithmetic device further includes:
A counter storage for storing the counter;
A counter update unit for updating the value of the counter;
A counter determination unit for determining the value of the counter,
The secret information determination unit determines based on the value of the counter,
The power calculator according to claim 1, wherein the multiplier update unit updates the multiplier based on a determination result of the counter determination unit. The power arithmetic device further includes:
A random number storage for storing random numbers;
A random number removing unit that removes the influence of the random number from the intermediate value,
The power multiplier according to claim 1, wherein the multiplier is based on at least the random number. The random number is calculated in advance and stored in the random number storage unit,
The power arithmetic apparatus according to claim 3, wherein the randomness removing unit multiplies the intermediate value by a preliminarily calculated randomness removal number. The power arithmetic device further includes:
The power arithmetic apparatus according to claim 4, further comprising a random number update unit that updates the random number. The multiplier storage unit stores the two multipliers X_0 and X_1,
The multiplier update unit sets a result obtained by squaring the multiplier X_0 to the multipliers X_0 and X_1 as an update multiplier X_0 ′ for the multiplier X_0, and a result obtained by multiplying the target data by the update multiplier X_0 for the multiplier X_1. The power multiplier according to any one of claims 1 to 5, wherein an update multiplier X_1 'is used, and each of the update multipliers X_0' and X_1 'is stored in the multiplier storage unit. A decryption device that inputs a ciphertext and outputs a power operation result of the ciphertext with a secret value that is a secret number as a power value, as a decrypted text,
An input / output unit that receives input of the ciphertext and outputs the decrypted text;
A secret information storage unit for storing the secret information;
An intermediate value storage for storing intermediate values;
A secret information determination unit for determining the secret information;
A multiplier storage for storing a plurality of multipliers;
A multiplication unit that performs multiplication of the intermediate value and the multiplier;
A two-multiplying unit that performs two multiplications of the intermediate value;
A multiplier update unit for updating the multiplier,
The decoding device according to claim 1, wherein the multiplier used in the multiplication unit is selected from the plurality of multipliers stored in the multiplier case unit based on a determination result of the secret information determination unit. A signature generation device that inputs signature target data and outputs a result of exponentiation operation of the signature target data with secret information that is a secret number as a power value, as signature data,
An input / output unit that accepts input of the signature target data and outputs the signature data;
A secret information storage unit for storing the secret information;
An intermediate value storage for storing intermediate values;
A secret information determination unit for determining the secret information;
A multiplier storage for storing a plurality of multipliers;
A multiplication unit that performs multiplication of the intermediate value and the multiplier;
A two-multiplying unit that performs two multiplications of the intermediate value;
A multiplier update unit for updating the multiplier,
The multiplier used in the multiplication unit is selected from a plurality of the multipliers stored in the multiplier storage unit based on the determination result of the secret information determination unit. A power calculation method for inputting target data and outputting a power calculation result of the target data with secret information that is a secret number as a power value,
An input / output step for receiving an input of the target data and outputting a power operation result of the target data;
A secret information storing step for storing the secret information;
An intermediate value storing step for storing the intermediate value;
A secret information determination step for determining the secret information;
A multiplier storage step for storing a plurality of multipliers;
A multiplication step for performing multiplication of the intermediate value and the multiplier;
A two-multiplication step for performing two multiplications of the intermediate values;
A multiplier update step of updating the multiplier,
The multiplier used in the multiplier is selected from the plurality of multipliers stored in the multiplier storage step based on the determination result of the secret information determination step. A program that inputs target data and causes a power calculator to output a power calculation result of the target data with secret information that is a secret number as a power value,
An input / output step for receiving an input of the target data and outputting a power operation result of the target data;
A secret information storing step for storing the secret information;
An intermediate value storing step for storing the intermediate value;
A secret information determination step for determining the secret information;
A multiplier storage step for storing a plurality of multipliers;
A multiplication step for performing multiplication of the intermediate value and the multiplier;
A two-multiplication step for performing two multiplications of the intermediate values;
A multiplier update step of updating the multiplier,
The multiplier used in the multiplier is selected from the plurality of multipliers stored in the multiplier storage step based on the determination result of the secret information determination step. A medium on which the program according to claim 10 is recorded. An integrated circuit of a power calculation device that inputs target data and outputs a power calculation result of the target data with secret information that is a secret number as a power value,
An input / output unit that accepts input of the target data and outputs a result of a power operation of the target data;
A secret information storage unit for storing the secret information;
An intermediate value storage for storing intermediate values;
A secret information determination unit for determining the secret information;
A multiplier storage for storing a plurality of multipliers;
A multiplication unit that performs multiplication of the intermediate value and the multiplier;
A two-multiplying unit that performs two multiplications of the intermediate value;
A multiplier update unit for updating the multiplier,
The integrated circuit according to claim 1, wherein the multiplier used in the multiplier is selected from a plurality of multipliers stored in the multiplier storage based on a determination result of the secret information determination unit.

Images