JP2010008883A - Arithmetic device for cipher, arithmetic method for cipher, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an arithmetic device for cipher that has resistance to simple electric power analysis of selection document type of (n-1) input type, and has high arithmetic efficiency. <P>SOLUTION: An input section 11 inputs a message M as the base of modulo exponentiation calculation, private power (d), and modulus (n). A preprocessing section 12 multiplies the message M itself to determine conversion data. An arithmetic section 2 for cipher sets the conversion data as an arithmetic object, and performs the modulo exponentiation calculation under the modulus (n) by right-face arithmetic procedure based on the power (d) except the lowest bit. A post-processing section 13 performs modulo multiplication calculation of the arithmetic result and the message M under the modulus (n) when LSB of the (d) is 1, and performs the same modulo multiplication calculation as a dummy calculation when the LSB of the (d) is 0. An output section 14 outputs, as a final result, the arithmetic result of the post-processing section 13 (when the LSB of the (d) is 1) or the arithmetic result of the arithmetic section 2 for cipher (when the LSB of the (d) is 0). <P>COPYRIGHT: (C)2010,JPO&amp;INPIT

Description

  The present invention relates to a cryptographic calculation device, a cryptographic calculation method, and a program for performing cryptographic calculations such as power-residue calculation and scalar multiplication on an elliptic curve.

  A small device represented by an IC card is portable and is used for authentication of a user who is the core of information security, authentication of payment data, and the like. The encryption function mounted on the LSI on the IC card is generally provided with a tamper resistance measure and is mounted so that the secret key stored in the LSI does not leak. As a tamper resistant measure, a technique is known that protects against side channel attacks such as power analysis that makes it easy to estimate a secret key by observing fluctuations in power consumption of an LSI by means of computation.

  Public key cryptography such as RSA cryptography and elliptic curve cryptography is configured using a basic operation called exponentiation remainder computation or scalar multiplication on an elliptic curve. As a countermeasure against power analysis attacks against these basic operations, a regular operation method that does not depend on the secret key pattern is effective for attacks called simple power analysis (SPA). Are known. As a power-residue operation (or scalar multiplication) that is resistant to such SPA attacks, there are an Add-and-Double-Always method (Non-patent Document 1) and a Montgomery Ladder method (Non-Patent Document 2).

  However, recently, a new attack technique for a power-residue calculation with a conventional SPA tolerance has been found. For example, Non-Patent Document 3 shows a SPA of a selected document type. In particular, it is a simple method of giving (n-1) to the input with n as the modulus for the right-pointing binary type Add-and-Double-Always calculation method, which is well-known as a countermeasure against SPA in RSA encryption and elliptic curve encryption. It has been shown that conventional SPA measures are broken.

  Further, the inventors' investigation has revealed that the SPA countermeasure can be nullified by the (n-1) input SPA of Yen et al. For the Montgomery ladder method.

As a general and powerful countermeasure against the SPA of the selected document type, there is an application of a message blinding method that performs an operation by applying a random mask to an input message. However, the countermeasure method has a problem that an inverse element calculation with a low calculation cost is necessary, and a problem that the calculation cost may be twice as high as that of a normal power calculation.
JSCoron, “Resistance against differential power analysis for elliptic curve”, CHES '99. M.Joye and S.-M. Yen, “The Montgomery Powering Ladder”, CHES 2002. S.-M. Yen et al., “Power Analysis by Exploiting Chosen Message and Internal Collisions”, Mycrypt 2005.

  It has been found that, in the implementation module of the RSA encryption or elliptic curve encryption, the conventional countermeasure calculation method is invalidated by the SPA attack of the selected document type. Among the selected document type power analysis attacks, there are (n-1) input type SPA and its extended attack that can estimate many bit patterns of a secret key with only one execution waveform of cryptographic processing for a certain input. Especially a threat. However, there is no known countermeasure calculation method for these threats.

  The present invention has been made in consideration of the above circumstances, and has realized an efficient countermeasure calculation method for (n-1) input SPA and its extended attack technique in right-pointing type binary power multiplication and Montgomery ladder arithmetic. It is an object to provide a cryptographic computing device, a cryptographic computing method, and a program.

  The present invention is a cryptographic operation device that performs a specific cryptographic operation using a right-pointed operation procedure, which is a procedure for calculating from a higher bit to a lower bit of a secret parameter consisting of a binary number, An input unit for inputting data to be subjected to cryptographic calculation, the secret parameter used for the calculation, and other parameters used for the calculation, and performing specific conversion on the data to convert the data The pre-processing unit for obtaining the conversion data, the whole or part of the secret parameter, and the other parameter, and the right-type calculation procedure using the whole or part of the secret parameter. , Performing the cryptographic computation and obtaining the computation result, and the data and the secret parameter based on the computation result obtained by the cryptographic computation portion A post-processing unit that performs post-processing for obtaining the computation result of the cryptographic computation when all and the other parameters are input, and the computation result obtained by the cryptographic computation unit or the post-processing unit And an output unit that outputs the calculation result as a final calculation result.

  According to the present invention, it is possible to realize an efficient countermeasure calculation method for (n-1) input SPA and its extended attack technique in right-pointing binary power multiplication and Montgomery ladder arithmetic.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  First, prior to the description of the cryptographic operation device according to the present embodiment, the selective input SPA considered in the present embodiment will be described. The cryptographic operations handled below are power-residue calculations and scalar multiplication on elliptic curves.

  The power-residue calculation procedure is largely divided into a right-handed operation procedure (a calculation procedure that advances the calculation from the high-order bit of the exponent to the low-order bit), and a left-type calculation procedure (a calculation from the low-order bit of the exponent to the high-order bit) Calculation procedure). Among these, the selection input type SPA considered in the present embodiment is a threat in the power-residue calculation of the right-direction type calculation procedure.

  The right-handed modular exponentiation has the advantage that it can be expanded to the w-bit window method in which exponents are processed in units of w (plural) bits, and the storage amount of calculation results during computation may be reduced. Many scenes are used for implementation. Specific examples of the right-handed modular exponentiation method include the right-pointing binary method and the Montgomery ladder method.

  The right-facing binary method has a processing branch of remainder multiplication by exponent bits in the implementation as it is, and is therefore weak to normal SPA, and in many cases, a procedure in which dummy processing is added in consideration of SPA countermeasures is used. In the following description, the selective input type SPA shown in Non-Patent Document 3 will be described by taking the right-pointing binary method considering SPA countermeasures as an example.

  The selective input type SPA of Non-Patent Document 3 is a very threatening attack that makes it possible to estimate almost all exponent bits except specific bits from the execution waveform of one or two exponentiation remainder calculations. In Non-Patent Document 3, two types of (n-1) are input to (modulus n), (-1) input SPA, and (x, -x) input SPA is input with one set of x and -x. It is shown.

  First, a case where (−1) input SPA is applied to the right-facing binary method will be described.

  FIG. 14 shows an example of calculation progress in this case.

In this case, every time an exponent bit is processed by 1 bit, the square remainder process and the multiplication remainder process are repeated.
1 * 1 mod n,
(-1) * (-1) mod n,
1 * (-1) mod n
In addition, the square remainder processing unit executes either 1 * 1 mod n or (−1) * (− 1) mod n.

  Here, paying attention to the relation between the operation content of the square remainder processing unit at a certain bit d (i) and the value of the bit d (i-1) processed one time before, the above-mentioned square remainder processing unit It can be seen that which operation is executed depends on whether the bit d (i−1) processed immediately before is 0 or 1. That is, if it is known which one of 1 * 1 mod n or (−1) * (− 1) mod n is executed in a square remainder processing unit for a certain bit d (i), the previous bit d (i− Whether 1) is 0 or 1 can be specified.

  Since the square remainder process occurs at regular timing, all the bit patterns except for the LSB of the index d are found as long as the two types of waveforms can be distinguished by SPA.

  In fact, the result of confirming by experiment that these two types of waveforms can be distinguished has been reported, and (-1) a countermeasure for the input SPA is essential.

  As a countermeasure against this attack, it is checked whether or not the input is (−1). If so, according to 0/1 of the LSB of the exponent, as a power residue result (without actually proceeding with the calculation) This can be dealt with by outputting 0/1. However, Non-Patent Document 3 also presents (-1) input SPA that is an extension of (-1) input SPA.

  Next, a case where (x, −x) input SPA is applied to the rightward binary method will be described.

  FIG. 15 shows an example of the calculation process in this case.

  In this case, when the calculation process at the input x is compared with the calculation process at the input (−x), the result at the (−x) input in the multiplication remainder processing unit is always the calculation result at the x input ( It can be seen that the value is multiplied by -1).

  Therefore, focusing on the square remainder processing unit, the same calculation is performed when x is input and when (−x) is input when the bit d (i−1) processed immediately before is 0. From this property, it can be seen that the bit pattern of the exponent excluding the LSB can be found by comparing two waveforms while paying attention to the square remainder processing in SPA.

  Next, a case where (-1) input SPA is applied to Montgomery-Ladder algorithm will be described.

  The Montgomery Ladder algorithm is as follows.

  (1) A pair of (Li, Ri) is obtained as an intermediate result of processing from the higher bits of the exponent d = [d (m-1), .., di, .., d1, d0] _2 to di. It is done. Here, Di = [d / 2 ^ i] (where [x] represents the maximum integer less than or equal to x), Li = M ^ Di (mod n), Ri = M ^ (Di + 1 ) (mod n). The initial value is (Lm, Rm) = (M ^ 0, M ^ 1) = (1, M).

  (2) The calculation shown in FIG. 16 is executed according to the exponent bit d (i−1) of interest. Here, L0 gives the final result.

  In the above algorithm, Li is the original intermediate result and Ri is the auxiliary intermediate value. When attention is paid to the exponent part by paying attention to the difference between the exponent parts being 1, one is always odd and the other is even.

  When (-1) is given as an input M, (-1) ^ (2k) = 1, (-1) ^ (2k + 1) =-1, and Li and Ri are set to an even number and an odd number of exponents. Accordingly, only 1 or (-1) pairs can be taken.

Therefore, the pattern that appears when calculating Li and Ri is
1 * 1,
(-1) * (-1),
1 * (-1),
(-1) * 1
These patterns are only four types, and these patterns are easily discriminated by SPA.

  Of these, focusing on the case where calculation of (-1) * (-1) appears, D (i + 1) is an even number and Di is an odd number (that is, d (i + 1) = 0 and di = 1) And D (i + 1) is an odd number and Di is an even number (that is, d (i + 1) = 1 and di = 0). This indicates that the index value can be sequentially determined by SPA in order from the top of the power index.

  FIG. 17 shows an example of calculation progress when (-1) input SPA is applied to the Montgomery-Ladder algorithm.

  In the example of FIG. 17, the calculation of (-1) * (-1) mod n is in the fifth, third, and first calculations from the lower order, and these bits are the one higher order bit. All bits except for the LSB can be estimated by utilizing the fact that 0/1 is inverted.

  Next, a case where the (x, −x) input SPA is applied to the Montgomery ladder algorithm will be described.

  FIG. 18 shows an example of calculation progress in this case.

  In this case, paying attention to the exponent of the value stored in the intermediate register in the Montgomery-Ladder algorithm, one is always an odd number and the other is an even number. Therefore, at the time of (−x) input, the calculation result of L * R mod n Is always -x ^ y mod n.

  Therefore, when the calculation result of R ← L * R mod n and L ← L * R mod n is compared with the calculation at the same timing when x is input, the result is always the result of sign inversion.

  When 0 or 1 continues as an exponent bit, the calculation of L ← L * L mod n and R ← R * R mod n is repeated, and only in that case, exactly the same operation as when x is input Can be seen at the same time.

  From this property, it can be seen that the bit pattern of the exponent can be determined by analyzing the difference between the two waveforms when x is input and when (−x) is input by SPA.

  As described above, in the right-pointing binary type algorithm or Montgomery ladder algorithm which has been considered to be resistant to SPA, the secret exponent pattern is obtained by (-1) input SPA or (x, -x) input SPA. It became clear that there is a high possibility that

  Hereinafter, in the present embodiment, a cryptographic operation device according to the present embodiment having resistance against these selective input SPAs will be described.

  FIG. 1 shows an example of the configuration of the cryptographic operation device of this embodiment.

  As shown in FIG. 1, the cryptographic operation device of this embodiment includes an attack invalidation processing unit 1 and a cryptographic calculation unit 2.

  The cryptographic calculation unit 2 performs an existing predetermined cryptographic calculation. The predetermined cryptographic operation is, for example, power residue calculation or scalar multiplication on an elliptic curve.

  The attack invalidation processing unit 1 performs a process for invalidating the attack in order to provide the cryptographic computing device with resistance against the selected document type SPA attack.

  The attack invalidation processing unit 1 includes an input unit 11, a preprocessing unit 12, a postprocessing unit 13, and an output unit 14.

For example, there are variations as to whether the attack invalidation processing unit 1 and the cryptographic operation unit 2 are configured by hardware or software.
(1) The attack invalidation processing unit 1 and the cryptographic operation unit 2 are all configured by hardware.
(2) The attack invalidation processing unit 1 and the cryptographic operation unit 2 are all configured by software.
(3) The attack invalidation processing unit 1 is configured by software (firmware), and the cryptographic operation unit 2 is configured by hardware.

  Note that since the cryptographic computation unit 2 may be an existing one, the attack invalidation processing unit 1 is newly added to the existing cryptographic computation unit 2 to realize the cryptographic computation device of the present embodiment. It is possible.

  FIG. 2 shows an example of the operation procedure of the cryptographic operation device of this embodiment.

  In step S1, the input unit 11 receives the data to be subjected to the cryptographic operation (message M in the case of exponentiation remainder calculation, P in the case of scalar multiplication on an elliptic curve), and a secret parameter d = [d (m-1), .., di, .., d1, d0] _2 (where [] _2 means binary expansion) and other parameters used for the calculation are input.

  When the predetermined cryptographic operation is power residue calculation, d is a (secret) exponent, and the exponent n of power residue calculation corresponds to the other parameters. Further, when the predetermined cryptographic operation is scalar multiplication on an elliptic curve, d is a (secret) scalar value, and the elliptic curve domain parameter E corresponds to the other parameters.

  The input unit 11 may input the data by any method. For example, it may be input from an input device, a communication device, a memory device, or the like, or may be input from another process.

  In step S2, the preprocessing unit 12 includes a process of performing predetermined conversion on the data to be calculated to generate conversion data in order to invalidate the attack (for the cryptographic calculation unit 2). Process. More specifically, as will be described later, with regard to the conversion of the data to be calculated, when the predetermined cryptographic operation is a power-residue calculation, for example, M ′ ← M ^ 2 mod n is performed, If the cryptographic operation is scalar multiplication on an elliptic curve, for example, P ′ ← 2 * P is performed. The generated conversion data (for example, M ′ or P ′) is given to the cryptographic operation unit 2.

  More specifically, as will be described later, all or a part of the input d (for example, d ′ = [d (m−1),.., Di,... d1] _2) is given to the cryptographic operation unit 2. Further, the input other parameters are given to the cryptographic operation unit 2. Furthermore, information other than these may be given to the cryptographic operation unit 2.

  In step S3, the cryptographic operation unit 2 obtains the generated converted data (for example, M ′ or P ′), all or some bits of the secret parameter d ′, and other parameters. The predetermined cryptographic operation is performed as an input.

  The calculation result obtained by the cryptographic calculation unit 2 is not the final calculation result to be obtained (or may be the final calculation result depending on conditions).

  In step S4, the post-processing unit 13 generates a final calculation result based on the calculation result of the cryptographic calculation unit 2. More specifically, as described later, when the predetermined cryptographic operation is a power-residue calculation, for example, S ← S * M mod n (the calculation result of the cryptographic operation unit 2 is further multiplied by M) When the predetermined cryptographic operation is scalar multiplication on an elliptic curve, for example, Q ← Q + P (addition of P to the calculation result of the cryptographic operation unit 2) is performed. In this case, as will be described in more detail later, depending on a predetermined cryptographic operation, a dummy operation may be performed in order to invalidate the attack.

  In step S5, the output unit 14 outputs the calculation result obtained by the post-processing unit 13 (the calculation result obtained by the cryptographic operation unit 2 according to the conditions). For example, when the predetermined cryptographic operation is power-residue calculation, S = M ^ d mod n is output, and when the predetermined cryptographic operation is scalar multiplication on an elliptic curve, Q = d * P is output.

  The output unit 14 may output the final calculation result by any method. For example, the data may be output to an output device, a communication device, a memory device, or the like, or may be output to another process.

  Hereinafter, a more specific configuration example of the cryptographic operation device will be described.

  In the first to third embodiments described below, power-residue calculation is taken as an example of cryptographic operations, and the fourth and fifth embodiments are scalars on an elliptic curve as cryptographic operations. This is an example of multiplication.

<Power residue calculation>
FIG. 3 shows a configuration example in which FIG. 1 is described for “power residue calculation”.

  In the first to third embodiments, the cryptographic calculation device is referred to as a “power residue calculation device”, and the cryptographic calculation unit is referred to as a “power residue calculation unit”.

(First embodiment)
A power residue calculation apparatus according to the first embodiment of the present invention will be described. In the present embodiment, three calculation procedure examples of power-residue calculation are shown.

  First, an example in which the (-1) input SPA attack and the (x, -x) input SPA attack can be invalidated with respect to the power-residue calculation by the rightward binary type arithmetic will be described.

  FIG. 4 shows an example of the calculation procedure of the power-residue calculation in this case.

  First, in step S10, the input unit 11 determines that the message M, which is the base of the power-residue calculation, and the secret power exponent d = [d (m−1), .., di, .., d1, d0] _2 , Input the modulus n.

  In step S11, the preprocessing unit 12 performs a square remainder calculation (M ^ 2 mod n) on M, and sets the calculation result as M '.

  Based on the above M ′, d ′ (d ′ = [d / 2]) excluding the least significant bit out of the input d is a power exponent, and the input n is a modulus, and they are attack invalidation processing units 1 is given to the power residue calculation unit 2.

  In step S12, the power-residue calculating unit 2 performs (right-facing) power-residue calculation (M ′ ^ d ′ mod n) based on them, and obtains the calculation result S.

  This S is returned from the exponentiation remainder calculation unit 2 to the attack invalidation processing unit 1.

  In step S13, the post-processing unit 13 checks whether or not the least significant bit (LSB) d0 of the input d is 1. If d0 is 1, the process proceeds to step S14, where the post-processing unit 13 The calculation results S and M are multiplied by a modulus n (S * M mod n), and S is updated with the calculation results. This (after update) S becomes the final power residue calculation result (M ^ d mod n).

  On the other hand, if d0 is 0, the process proceeds to step S15, and the post-processing unit 13 performs the same calculation (S * M mod n) as step S14 as a dummy process, and the result is the original output. Save in a different area S ′. In this case, S obtained by the power-residue calculation unit 2 becomes the final power-residue calculation result (M ^ d mod n).

  In step S16, the output unit 14 outputs the power residue calculation result S = M ^ d mod n.

  In the above calculation procedure example, the dummy process in step S15 is added for the purpose of preventing 0/1 discrimination of the LSB of the power exponent d by a timing attack, but in the cryptographic operation, the LSB of the power exponent is 1. In some cases, it is known in advance from the nature of the cryptographic algorithm. Therefore, when it is not necessary to protect the 0/1 discrimination of the LSB of the exponent from the side channel attack, the dummy process in step S15 may be omitted.

  As a method of exchanging S between the power residue calculation unit 2 and the attack invalidation processing unit 1, S is stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1. S may be transferred between the power-residue calculation unit 2 and the attack invalidation processing unit 1, and the storage location of S may be set between the power-residue calculation unit 2 and the attack invalidation processing unit 1. The indicated pointer may be transferred.

  Now, according to this calculation procedure example, M ′ obtained in step S11 is always x ^ 2 when x is input and when −x is input. Therefore, at the time of power calculation in step S12, the same calculation is always performed for both inputs x and -x, and different processing is performed depending on the sign in the processing after step S13. For this reason, only the LSB of the exponent d can be identified by the (x, -x) input SPA, and the other bits cannot be discriminated. Also, (-1) the input SPA can protect the exponent bits excluding the LSB of the exponent d from the same property.

  Next, an example in which the (−1) input SPA attack and the (x, −x) input SPA attack can be invalidated with respect to the power-residue calculation by the Montgomery ladder algorithm will be described.

  FIG. 5 shows an example of the calculation procedure of the power-residue calculation in this case.

  First, in step S20, the input unit 11 determines that M is a base of power-residue calculation and a secret power exponent d = [d (m-1), .., di, .., d1, d0] _2, Enter the modulus n.

  In step S21, the preprocessing unit 12 calculates a square remainder of M, and sets the calculation result (M ^ 2 mod n) as M '.

  Based on the above M ', the input d is a power exponent, and the input n is a modulus, and these are given from the attack invalidation processing unit 1 to the power residue calculation unit 2.

  In step S22, the power-residue calculating unit 2 sets an index i representing an index bit to be referred to m, sets 1 to the intermediate register L, and sets a given M ′ to the intermediate register R.

  Thereafter, in the processing loop from step S23 to step S27, the power-residue calculating unit 2 performs a power calculation corresponding to the exponents from the exponent bits d (m−1) to d1.

  In step S23, the index i is decremented, and in step S24, it is checked whether i is greater than zero.

  If i is larger than 0, it is checked in step S25 whether the exponent bit di is 1. If di is 1, the process proceeds to step S26, where L ← L * R mod n and R ← R * R mod. If n is calculated and di is 0, the process proceeds to step S27, and R ← L * R mod n and L ← L * L mod n are calculated. And it returns to step S23 and moves to the next processing loop.

  As a result of repeating the above processing loop, if i = 0 in step S23, i is not greater than 0 in step S24, so that the processing loop is exited and the process branches to step S28.

  Here, the calculation by the power-residue calculating unit 2 ends, and (R, L) at this time is returned from the power-residue calculating unit 2 to the attack invalidation processing unit 1.

  In step S28, the post-processing unit 13 checks whether or not the least significant bit (LSB) d0 of the input d is 1. If d0 is 1, the process proceeds to step S29, where the post-processing unit 13 The calculation results L and M are subjected to multiplication remainder calculation (L * M mod n) by modulus n, and L is updated with this calculation result. This (updated) L becomes the final power residue calculation result (M ^ d mod n).

  On the other hand, if d0 is 0, the process proceeds to step S30, and the post-processing unit 13 performs the same calculation (L * M mod n) as step S29 as a dummy process, and the result is the original output. Save in a different area R (other areas may be used). In this case, L obtained by the power-residue calculating unit 2 is the final power-residue calculation result (M ^ d mod n).

  In step S31, the output unit 14 outputs the power residue calculation result L = M ^ d mod n.

  As a method of exchanging L between the power residue calculation unit 2 and the attack invalidation processing unit 1, L is stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1. Alternatively, L may be transferred between the power-residue calculation unit 2 and the attack invalidation processing unit 1, and the storage location of L may be set between the power-residue calculation unit 2 and the attack invalidation processing unit 1. The indicated pointer may be transferred. When L is stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1, R is also stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1. You may do it.

  In the above, d = [d (m-1), .., di, .., d1, d0] _2 is given from the attack invalidation processing unit 1 to the power residue calculation unit 2, but instead, , D ′ (d ′ = [d / 2]) excluding the least significant bit may be given (in this case, i = m−1 in step S22 and i becomes negative in step S24). If it becomes, it is good to come out of the processing loop).

  Next, an example in which the (−1) input SPA attack and the (x, −x) input SPA attack for the power-residue calculation by the rightward binary type algorithm can be invalidated will be described.

  FIG. 6 shows an example of the calculation procedure of the power-residue calculation in this case.

  First, in step S40, the input unit 11 determines that M is the base of the modular exponentiation and the secret power exponent d = [d (m-1), .., di, .., d1, d0] _2, Enter the modulus n.

  In step S41, the preprocessing unit 12 performs a square remainder calculation (M ^ 2 mod n) on M, and sets the calculation result as M '.

  Based on the above M ', the input d is a power exponent, and the input n is a modulus, and these are given from the attack invalidation processing unit 1 to the power residue calculation unit 2.

  In step S42, the power-residue calculating unit 2 sets an index i representing an index bit to be referred to m, and sets 1 to the intermediate register S.

  Thereafter, in the processing loop from step S43 to step S48, the power-residue calculating unit 2 performs a power calculation corresponding to the exponents from the exponent bits d (m−1) to d1.

  In step S43, the index i is decremented. In step S44, it is checked whether i is larger than zero.

  If i is larger than 0, the process proceeds to step S45, S is squared remainder calculation (S ^ 2 mod n), S is updated with the calculation result, and then the exponent bit di is 1 in step S46. If di is 1, the process proceeds to step S47 and S ← S * M ′ mod n is calculated. If di is 0, the process proceeds to step S48 and S ′ ← S * M 'mod n is calculated. Here, S ′ is a register for storing the result of dummy processing. And it returns to step S43 and moves to the next processing loop.

  As a result of the repetition of the above processing loop, if i = 0 in step S43, i is not greater than 0 in step S44, so that the processing loop is exited and the process branches to step S49.

  Here, the calculation by the power-residue calculating unit 2 ends, and S at this time is returned from the power-residue calculating unit 2 to the attack invalidation processing unit 1.

  In step S49, the post-processing unit 13 checks whether or not the least significant bit (LSB) d0 of the input d is 1. If d0 is 1, the process proceeds to step S50, where the post-processing unit 13 The calculation results S and M are multiplied by a modulus n (S * M mod n), and S is updated with the calculation results. This (after update) S becomes the final power residue calculation result (M ^ d mod n).

  On the other hand, if d0 is 0, the process proceeds to step S51 where the post-processing unit 13 performs the same calculation (S * M mod n) as in step S50 as a dummy process, and the result is the original output. Save in a different area S ′. In this case, S obtained by the power-residue calculation unit 2 becomes the final power-residue calculation result (M ^ d mod n).

  In step S52, the output unit 14 outputs the power residue calculation result S = M ^ d mod n.

  As a method of exchanging S between the power residue calculation unit 2 and the attack invalidation processing unit 1, S is stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1. S may be transferred between the power-residue calculation unit 2 and the attack invalidation processing unit 1, and the storage location of S may be set between the power-residue calculation unit 2 and the attack invalidation processing unit 1. The indicated pointer may be transferred. When S is stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1, S ′ is also stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1. You may remember.

  In the above, d = [d (m-1), .., di, .., d1, d0] _2 is given from the attack invalidation processing unit 1 to the power residue calculation unit 2, but instead, , D ′ (d ′ = [d / 2]) excluding the least significant bit may be given (in this case, i = m−1 in step S32 and i becomes negative in step S34). If it becomes, it is good to come out of the processing loop).

  ADVANTAGE OF THE INVENTION According to this invention, the (n-1) attack which becomes a threat can be nullified by the selective input type SPA with respect to RSA encryption or elliptic curve encryption. In addition, there is almost no increase in the amount of processing by the calculation method by this countermeasure. Further, as an extension of the (n-1) attack, a pair of inputs x and -x is given, and the attack that estimates the secret exponent from the difference in the internal state by analyzing the difference between the power waveforms can be invalidated. it can.

(Second Embodiment)
A power residue calculation apparatus according to the second embodiment of the present invention will be described.

  Here, (-1) an attack that expands the input SPA and countermeasures will be described.

  (-1) is a square root of 1 (order 2) which is a unit element related to multiplication. Sj is an intermediate value obtained by processing powers from the top to dj of exponent d = [d (m−1),..., Dj,. And If Dj = [d (m−1),..., Dj] _2, Sj = M ^ Dj mod n. Therefore, when (-1) which is a value of order 2 is input as M, Sj = 1 (when dj = 0), Sj = −, depending on 0/1 of dj which is the least significant bit of Dj. 1 (when dj = 1). Thereafter, the process moves to exponent d (j-1) bit processing, Sj ^ 2 mod n is calculated first, and there are only two types of processing depending on the value of dj. Yes.

  If this principle is expanded, an attack with an element of order 2 ^ t (t is an integer of 1 or more) as an input can be considered. The element of order 2 ^ t may or may not exist depending on the order λ (number of elements) of the multiplicative group. Actually, when λ mod 2 ^ t is 0, there is an element of order 2 ^ t, and when λ is known, it can be obtained by a polynomial time algorithm.

For example, when an element α of order 2 ^ 2 = 4 is input to a power-right binary calculation method, an intermediate value Sj (= M ^ Dj mod n) obtained by processing from the most significant digit of the exponent d to dj bits is expressed as Dj mod It depends on the value of (2 ^ 2) (that is, 2 bits of d (j + 1) and dj). That is,
When [d (j + 1), dj] = [0, 0], Sj = 1,
When [d (j + 1), dj] = [0, 1], Sj = α,
When [d (j + 1), dj] = [1, 0], Sj = α ^ 2 = −1,
When [d (j + 1), dj] = [1, 1], Sj = α ^ 3 = −α
It becomes.

Next, it moves to the processing of the adjacent d (j−1) bits, and in the first squaring process,
In the case of [d (j + 1), dj] = [0, 0], 1 ^ 2 mod n = 1 is calculated,
When [d (j + 1), dj] = [0, 1], α ^ 2 mod n = −1 is calculated,
When [d (j + 1), dj] = [1, 0], calculation of (−1) ^ 2 mod n = 1 is performed.
When [d (j + 1), dj] = [1, 1], the calculation of (−α) ^ 2 = −1 is performed.

In the next multiplication,
When [d (j + 1), dj] = [0, 0], 1 × α mod n is calculated,
In the case of [d (j + 1), dj] = [1, 0], 1 × α mod n is calculated,
In the case of [d (j + 1), dj] = [0, 1], (−1) × α mod n is calculated,
When [d (j + 1), dj] = [1, 1], calculation of (−1) × α mod n is performed.

  Thus, only four types of calculations appear in the square processing unit and two types of calculation appear in the multiplication processing unit, and these calculations depend on two bits of the exponent bits [d (j + 1), dj], Therefore, there is a high possibility that an attack will be facilitated by SPA.

  The SPA using the element α of order 4 can be applied to a power calculation by a w-bit window method (for example, a 2-bit window method). Assuming that an intermediate result obtained by processing up to the dj bits of the exponent by the 2-bit window method is Sj, the value of Sj also becomes the same value as described above depending on the two bits of the exponent [d (j + 1), dj]. Thereafter, the process proceeds to 2-bit processing of exponents d (j-1) and d (j-2), and the first squaring processing is the same branch as described above.

In the subsequent square process,
In the case of [d (j + 1), dj] = [0, 0], 1 ^ 2 mod n is calculated,
In the case of [d (j + 1), dj] = [1, 0], 1 ^ 2 mod n is calculated,
In the case of [d (j + 1), dj] = [0, 1], (−1) ^ 2 mod n is calculated,
When [d (j + 1), dj] = [1, 1], calculation of (−1) ^ 2 mod n is performed.

After this, depending on the value of the exponent [d (j-1), d (j-2)],
In the case of [0,0], a 1 × 1 calculation is performed,
In the case of [0, 1], 1 × α is calculated,
In the case of [1, 0], 1 × (−1) calculation is performed,
In the case of [1, 1], 1 × (−α) is calculated.

  As described above, in the square process that is performed twice, four processes are performed in the first square process and two processes are performed in the next square process, depending on the value of [d (j + 1), dj]. . In the multiplication process, four processes are performed depending on the value of [d (j−1), d (j−2)].

  A similar attack can be applied to the case where the element of order 2 ^ t is used as an input.

  Hereinafter, an example will be described in which SPA that uses an element of order 2 ^ t as an input can be invalidated.

  FIG. 7 shows an example of the calculation procedure of the power-residue calculation in this case.

  First, in step S60, the input unit 11 determines that M is a base of power-residue calculation and a secret power exponent d = [d (m−1), .., di, .., d1, d0] _2, Enter the modulus n.

  In step S61, the preprocessing unit 12 repeats the square remainder calculation with respect to M t times (M ^ (2 ^ t) mod n), and sets the result as M '.

  Next, the value obtained by subtracting t bits from the least significant bit of the input d (the portion from the most significant bit to the (t + 1) th bit from the least significant bit) d ′ (d ′ = [d / (2 ^ t)] = [d (m-1), .., dt]) is a power exponent and the input n is used as a modulus to calculate the exponentiation remainder calculation unit 2 from the attack invalidation processing unit 1 Given to.

  In step S62, the power-residue calculating unit 2 performs (right-facing) power-residue calculation (M ′ ^ d ′ mod n) based on them, and obtains the calculation result S1.

  This S1 is returned from the exponentiation remainder calculation unit 2 to the attack invalidation processing unit 1.

  In step S63, the post-processing unit 13 bases the inputted M and takes the t bits from the LSB out of the inputted d (the portion from the t-th bit to the least significant bit) dL = [d ( t-1),..., d0] are exponents and the input n is a modulus to perform power-residue calculation (M ^ dL mod n) and obtain the calculation result S2. The power-residue calculation in step S63 can use any power calculation method for both the right-facing type and the left-facing type.

  The power residue calculation in step S63 may be executed by the power residue calculation unit 2. In this case, first, the input M is the base, the value dL = [d (t−1),..., D0] obtained by extracting t bits from the LSB out of the input d is the exponent, and the input n is As a method, they are given from the attack invalidation processing unit 1 to the power residue calculation unit 2. The power-residue calculating unit 2 performs power-residue calculation (M ^ dL mod n) based on them, and obtains the calculation result S2. This S2 is returned from the exponentiation remainder calculation unit 2 to the attack invalidation processing unit 1.

  In step S64, the post-processing unit 13 obtains a final result S by performing a modular multiplication (S ← S1 × S2 mod n) on the two values S1 and S2.

  In step S65, the output unit 14 outputs the power residue calculation result S = M ^ d mod n.

Here, the validity of the above calculation is decomposed into d = d '* (2 ^ t) + dL,
S = M ^ d
= M ^ (d '* (2 ^ t) + dL)
= {(M ^ (2 ^ t)) ^ d '} × (M ^ dL)
= (M '^ d') × (M ^ dL) mod n
This can be confirmed.

  In this calculation procedure, M ′ = 1 with respect to an input of order 2 ^ t ′ (t ′ ≦ t) by the processing in step S61. Even if such an input is given, step S62 is performed. In the right power calculation of, no processing branch occurs. From this, it is possible to invalidate SPA using an input of order 2 ^ t '.

  The power residue calculation in step S62 and the power residue calculation in step S63 may be performed in the reverse order.

  Further, instead of causing the power residue calculation unit 2 to execute both the power residue calculation in steps S62 and S63, for example, the power residue calculation unit 3 is provided in addition to the power residue calculation unit 2 as shown in FIG. It is also possible to cause the power residue calculation unit 2 to execute the remainder calculation and to cause the power residue calculation unit 3 to execute the power residue calculation in step S63. In this case, the power residue calculation in step S62 and the power residue calculation in step S63 may be executed simultaneously.

  Further, (M ′, d ′, n) required for the power residue calculation in step S62 and (M, dL, n) required for the power residue calculation in step S63 are the power residue from the attack invalidation processing unit 1. You may give to the calculation part 2 sequentially, and may give simultaneously.

  The power residue calculation result S1 in step S62 and the power residue calculation result S2 in step S63 may be sequentially given from the power remainder calculation unit 2 to the attack invalidation processing unit 1 or may be given simultaneously. .

  As a method for exchanging S1 and S2 between the power residue calculation unit 2 and the attack invalidation processing unit 1, a storage area in which S1 and S2 are shared by the power residue calculation unit 2 and the attack invalidation processing unit 1 Or S1 and S2 may be transferred between the power-residue calculation unit 2 and the attack invalidation processing unit 1, or between the power-residue calculation unit 2 and the attack invalidation processing unit 1. The pointer indicating the storage location of S1 and S2 may be transferred.

  Note that this embodiment can be applied to the right-pointing binary method and the Montgomery ladder method.

  According to the present invention, it is also possible to invalidate an attack that uses a higher-order root of (n−1) (element of order 2 ^ t) as an input.

(Third embodiment)
A modular exponentiation apparatus according to the third embodiment of the present invention will be described.

  Here, the target selective input SPA is two attacks of (−1) input and (x, −x) input. The point of this countermeasure operation is that the input set is equally divided into a positive group Gp and a negative group Gn. One of the inputs x and -x belongs to Gp, and the other belongs to Gn. Further, (-1) belongs to Gn, and 1 belongs to Gp.

  In this way, the input set is divided, and for the input belonging to Gp, the power-residue calculation is performed as usual. After obtaining, a power calculation is performed on y, and finally, the sign inversion process is performed according to the odd / even power exponent (in the case of an odd number) or the sign inversion process is not performed ( If even).

That is,
S = y ^ d
= {(-1) * (-y)} ^ d
= (-1) ^ d × (-y) ^ d mod n
Take advantage of the property.

  At this time, the (x, −x) input SPA is invalidated because the same calculation is performed on the power part regardless of which input is given. Further, (-1) the input SPA is also inverted because the sign is inverted and a power of 1 is performed, so that a characteristic branch of intermediate data does not appear and is invalidated.

  FIG. 9 shows an example of the calculation procedure of the power-residue calculation in this case.

  First, in step S70, the input unit 11 sets M, which is the base of power-residue calculation, and a secret power exponent d = [d (m-1), .., di, .., d1, d0] _2, Enter the modulus n.

  In step S <b> 71, the preprocessing unit 12 calculates a sign bit sgn for the input M.

  Here, if sgn = 1, the input M belongs to a negative number group Gn, and if sgn = 0, it means that M belongs to a positive number group Gp.

  For example, the following two types of code bit calculation methods are available.

  The first method is Gp = {0,1,2, ..., (n-1) / 2}, Gn = {(n + 1) / 2, (n + 3) / 2, ..., n −2, n−1}, and the magnitude of the input M and (n−1) / 2 are compared. If M> (n-1) / 2, sgn = 1, otherwise sgn = 0.

  In the second method, Gp = {x | x = 0 or LSB of x = 1}, Gn = {x | x ≠ 0 and LSB of x = 0}. This group division uses the property that the LSBs of both x and −x are not equal to 0 or 1, except for x = 0, and LSB = 0 of (n−1). In this method, except for the case of x = 0, a value obtained by inverting the LSB of the input x is set as a code sgn.

  In step S72, if the code sgn = 1 obtained above, the preprocessing unit 12 proceeds to step S73 and calculates M ′ (M ′ ← −M mod n) by inverting the sign of the input M. .

  Then, they are given from the attack invalidation processing unit 1 to the power-residue calculating unit 2 with the above M ′ as the base, the input d as the exponent, and the input n as the modulus.

  In step S74, the power-residue calculating unit 2 performs power-residue calculation (M ′ ^ d mod n) based on them, and obtains the calculation result S.

  This S is returned from the exponentiation remainder calculation unit 2 to the attack invalidation processing unit 1.

  In step S75, the post-processing unit 13 obtains (−1) ^ d as the processing of the sign bit and performs a calculation ((−1) ^ d × S mod n) by multiplying the above S by the calculation result. Update. This (after update) S becomes the final power residue calculation result (M ^ d mod n).

  On the other hand, if the code sgn = 0 obtained above in step S72, the preprocessing unit 12 does not calculate M '.

  Then, they are given from the attack invalidation processing unit 1 to the power residue calculation unit 2 with the input M as the base, the input d as the exponent, and the input n as the modulus.

  In step S76, the power-residue calculating unit 2 performs a power-residue calculation (M ^ d mod n) based on them, and obtains the calculation result S. This S becomes the final power residue calculation result (M ^ d mod n). When the code sgn = 0, the post-processing unit 13 does not perform the S update calculation.

  In step 77, the output unit 14 outputs the power residue calculation result S = M ^ d mod n.

  Step S73 can be calculated by subtraction of M ′ = n−M, and step S75 performs S = n−S subtraction when d is an odd number as described above, and otherwise. May output S without doing anything.

  As a method of exchanging S between the power residue calculation unit 2 and the attack invalidation processing unit 1, S is stored in a storage area shared by the power residue calculation unit 2 and the attack invalidation processing unit 1. S may be transferred between the power-residue calculation unit 2 and the attack invalidation processing unit 1, and the storage location of S may be set between the power-residue calculation unit 2 and the attack invalidation processing unit 1. The indicated pointer may be transferred.

  Note that this embodiment can be applied to the right-pointing binary method and the Montgomery ladder method.

  As described above, in the first to third embodiments, the calculation method has been described for the power-residue calculation in the modulus n. However, when the modulus n is a product of a plurality of prime numbers, n is a relatively prime factor. In many cases, an operation is performed in which a power residue calculation is performed with each factor as a modulus, and a power residue calculation result with a plurality of factors is combined by a Chinese remainder theorem. In this case, the calculation method of each embodiment can be applied to the modular exponentiation calculation with individual factors.

  For example, these arithmetic methods can be used as a countermeasure calculation method of the selective input SPA for a decryption operation using the Chinese remainder theorem in RSA cryptography.

  In this case, for example, in the modular multiplication unit of the first, second, or third embodiment, the modulus n is decomposed into relatively prime factors (when the modulus n is a product of a plurality of prime numbers that are relatively prime). , Using the pre-processing unit, the cryptographic operation unit, and the post-processing unit as the modulo of each factor, respectively, to determine the final calculation result, and the obtained plurality of final calculation results by the Chinese remainder theorem What is necessary is just to provide the process part to synthesize | combine.

<Scalar multiplication on elliptic curve>
Many of the calculation algorithms shown here can also be applied to scalar multiplication on an elliptic curve. Specifically, the methods shown as the first and second embodiments are effective for the selective input SPA in scalar multiplication on an elliptic curve when used as follows.

  First, power multiplication M ^ d mod p on a finite field (such as RSA cipher) and scalar multiplication dP (over E / Fq) on an elliptic curve correspond as follows. That is, the multiplication (a * b mod p) on the finite field (Z / pZ) corresponds to the addition (A + B over E / Fq) on the elliptic curve (E / Fq), and the original on the finite field The d-th power corresponds to the original d times on the elliptic curve.

  The attack considered in the first embodiment is an attack that uses as input an element P_2 of order 2 in the finite commutative group E (Fq) formed by elements of the elliptic curve on the finite field Fq, and an element Y and an element P_2 + Y. This is equivalent to an attack that inputs two points.

  Similarly, the attack considered in the second embodiment corresponds to an attack that uses an element P_ {2 ^ t} of order 2 ^ t (t> 1) as an input.

  The element P_2 of order 2 on the elliptic curve is 2 * P_2 = O (O represents the point at infinity), and the element P_ {2 ^ t} of order 2 ^ t is (2 ^ t) * P_ {2 ^ t} = O.

  Assuming that the element P_2 of order 2 is an input point for scalar multiplication to the right, the point doubling process is performed by either 2 * P_2 (= O) or 2 * O (= O). Repeated according to the bit pattern. Even when the element of order 2 ^ t is used as an input point, the point doubling process is limited to 2 ^ t, and they are performed depending on the t-bit intermediate bit pattern of continuous scalar values. Therefore, it is easy to determine the scalar value in SPA.

  Further, when scalar multiplication is performed using Y as an arbitrary point and a point (P_2 + Y) as an input, 2 * (kY) (= (2k) * Y) or 2 * (kY + P_2) in the doubling process Either (= (2k) * Y) is performed. Here, the former calculation is performed when k is an even number, and the latter calculation is performed when k is an odd number. Since k corresponds to the value from the MSB to the intermediate bit of the scalar value processed so far due to the nature of the rightward calculation method, the above two types correspond to 0/1 of the intermediate bit of the scalar value. Calculation is performed.

  Further, if Y is input in the same scalar multiplication, it is noted that calculation of 2 * (kY) is performed in doubling, and the power waveform when point Y and point (Y + P_2) are input. From this difference, it can be seen that the scalar value can be estimated.

  Hereinafter, a configuration example of the cryptographic operation device when scalar multiplication on an elliptic curve is used as the cryptographic calculation will be described.

  FIG. 10 shows a configuration example in which FIG. 1 is described for “scalar multiplication on an elliptic curve”.

  In the fourth and fifth embodiments, the cryptographic operation device is referred to as “scalar multiplication device (on elliptic curve)”, and the cryptographic operation unit is referred to as “scalar multiplication unit (on elliptic curve)”.

(Fourth embodiment)
First, an example in which an attack can be invalidated by applying the first embodiment to scalar multiplication in elliptic curve cryptography will be described.

  FIG. 11 shows an example of a procedure for scalar multiplication on the elliptic curve in this case.

  By this procedure, the original P_2 input SPA of order 2 and the 2-point input SPA of (Y, P_2 + Y) can be invalidated.

  First, in step S80, the input unit 11 sets a point P to be subjected to scalar multiplication and a secret scalar value d = [d (m-1), .., di, .., d1, d0] _2. The domain parameter E of the elliptic curve is input.

  Here, the domain parameter of the elliptic curve refers to a parameter group of the elliptic curve that defines the scalar multiplication, such as the elliptic curve definition body, the coefficient of the elliptic curve, the order of the elliptic curve, and the base point.

  In step S81, the preprocessing unit 12 doubles P (2 * P), and sets the calculation result as P ′.

  The above P ′ is the target of scalar multiplication, d ′ (d ′ = [d / 2]) excluding the least significant bit of the input d is the scalar value, and the input E is the elliptic curve As domain parameters, they are given from the attack invalidation processing unit 1 to the scalar multiplication unit 2.

  In step S82, the scalar multiplication unit 2 performs (right-facing) scalar multiplication (d '* P') based on them, and obtains the calculation result Q.

  This Q is returned from the scalar multiplication unit 2 to the attack invalidation processing unit 1.

  In step S83, the post-processing unit 13 checks whether or not the least significant bit (LSB) d0 of the input d is 1. If d0 is 1, the process proceeds to step S84, where the post-processing unit 13 Point addition (Q + P) is made between the calculation results Q and P, and Q is updated with this calculation result. This (updated) Q is the final scalar multiplication result (d * P).

  On the other hand, when d0 is 0, the process proceeds to step S85, and the post-processing unit 13 performs the same calculation (Q + P) as step S84 as a dummy process, and the result is an area different from the original output. Save to Q '. In this case, Q obtained by the scalar multiplication unit 2 becomes the final power residue calculation result (d * P).

  In step S86, the output unit 14 outputs the scalar multiplication result Q = d * P.

  As a method of exchanging Q between the scalar multiplication unit 2 and the attack invalidation processing unit 1, Q is stored in a storage area shared by the scalar multiplication unit 2 and the attack invalidation processing unit 1. Alternatively, Q may be transferred between the scalar multiplication unit 2 and the attack invalidation processing unit 1, or the storage location of the Q between the scalar multiplication unit 2 and the attack invalidation processing unit 1 The indicated pointer may be transferred.

  Note that this embodiment can be applied to the right-pointing binary method and the Montgomery ladder method.

(Fifth embodiment)
Next, an example in which the attack can be invalidated by applying the second embodiment to scalar multiplication in elliptic curve cryptography will be described.

  FIG. 12 shows an example of a procedure for scalar multiplication on the elliptic curve in this case.

  First, in step S90, the input unit 11 determines that the point P to be subjected to scalar multiplication and the secret scalar value d = [d (m-1), .., di, .., d1, d0] _2. The domain parameter E of the elliptic curve is input.

  In step S91, the preprocessing unit 12 repeats the point doubling for the point P t times ((2 ^ t) * P), and sets the calculation result as P '.

  Next, the above P ′ is a target of scalar multiplication, and the value obtained by removing t bits from the least significant bits of the input d (part from the most significant bit to the (t + 1) th bit) ) D '(d' = [d / (2 ^ t)] = [d (m-1), .., dt]) is a scalar value, and the input E is an elliptic curve domain parameter. It is given from the invalidation processing unit 1 to the scalar multiplication unit 2.

  In step S92, the scalar multiplication unit 2 performs (right-facing) scalar multiplication (d '* P') based on them, and obtains the calculation result Q1.

  This Q1 is returned from the scalar multiplication unit 2 to the attack invalidation processing unit 1.

  In step S93, the post-processing unit 13 sets the input P to be subject to scalar multiplication, a value obtained by extracting t bits from the LSB of the input d (from the t bit to the least significant bit) Part) Scalar multiplication (dL * P) is performed by using dL = [d (t−1),..., D0] as a scalar value and the input E as a domain parameter of the elliptic curve, and a calculation result Q2 is obtained. In addition, the calculation of this step S93 can use any scalar multiplication method for the right-facing type and the left-facing type.

  The scalar multiplication in step S93 may be executed by the scalar multiplication unit 2. In this case, first, the input P is a target of scalar multiplication, and the value dL = [d (t−1),..., D0] obtained by extracting t bits from the LSB of the input d is a scalar. The value and input E are used as domain parameters of the elliptic curve, and are given from the attack invalidation processing unit 1 to the scalar multiplication unit 2. Then, the scalar multiplication unit 2 performs (right-facing) scalar multiplication (dL * P) based on them, and obtains the calculation result Q2. This Q2 is returned from the scalar multiplication unit 2 to the attack invalidation processing unit 1.

  In step S94, the post-processing unit 13 adds the two points Q1 and Q2 (Q1 + Q2) to obtain the final result Q.

  In step S95, the output unit 14 outputs the scalar multiplication result Q = d * P.

Here, the validity of the above calculation is decomposed into d = d '* (2 ^ t) + dL,
Q = d * P
= (d '* (2 ^ t) + dL) * P
= {(d '* (2 ^ t)) * P} + (dL) * P
= d '* P' + (dL) * P
This can be confirmed.

  Note that the scalar multiplication in step S92 and the scalar multiplication in step S93 may be executed in the reverse order.

  Further, instead of causing the scalar multiplication unit 2 to execute the scalar multiplication in steps S92 and S93, for example, as shown in FIG. 13, a scalar multiplication unit 3 is provided in addition to the scalar multiplication unit 2, and the scalar multiplication in step S92 is performed. The multiplication may be executed by the scalar multiplication unit 2 and the scalar multiplication of step S63 may be executed by the scalar multiplication unit 3. In this case, the scalar multiplication in step S9 and the scalar multiplication in step S93 may be executed simultaneously.

  Further, (P ′, d ′, E) necessary for the scalar multiplication in step S92 and (P, dL, E) necessary for the scalar multiplication in step S93 are scalar multiplications from the attack invalidation processing unit 1. You may give to the calculating part 2 sequentially, and may give simultaneously.

  Further, the result Q1 of the scalar multiplication in step S92 and the result Q2 of the scalar multiplication in step S93 may be sequentially given from the scalar multiplication unit 2 to the attack invalidation processing unit 1 or may be given simultaneously. .

  As a method for exchanging Q1 and Q2 between the scalar multiplication unit 2 and the attack invalidation processing unit 1, Q1 and Q2 are shared by the scalar multiplication unit 2 and the attack invalidation processing unit 1. Q1 and Q2 may be transferred between the scalar multiplication unit 2 and the attack invalidation processing unit 1, or between the scalar multiplication unit 2 and the attack invalidation processing unit 1. The pointer indicating the storage location of Q1 and Q2 may be transferred.

  Note that this embodiment can be applied to the right-pointing binary method and the Montgomery ladder method.

Each of the above functions can be realized even if it is described as software and processed by a computer having an appropriate mechanism.
The present embodiment can also be implemented as a program for causing a computer to execute a predetermined procedure, causing a computer to function as a predetermined means, or causing a computer to realize a predetermined function. In addition, the present invention can be implemented as a computer-readable recording medium on which the program is recorded.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of components disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

The figure which shows the structural example of the arithmetic unit for encryption concerning embodiment of this invention The flowchart which shows an example of the operation | movement procedure of the arithmetic unit for encryption concerning the embodiment The figure which shows the structural example of the arithmetic unit for encryption (power remainder calculation apparatus) which performs the power-residue calculation concerning the embodiment The flowchart which shows the 1st example of the process procedure of the power-residue calculation in the embodiment The flowchart which shows the 2nd example of the process procedure of the power-residue calculation in the embodiment The flowchart which shows the 3rd example of the process procedure of the power-residue calculation in the embodiment The flowchart which shows the 4th example of the process procedure of the power-residue calculation in the embodiment The figure which shows the other structural example of the arithmetic unit for encryption (power remainder calculation apparatus) which performs the power-residue calculation concerning the embodiment The flowchart which shows the 5th example of the power-residue calculation procedure in the embodiment The figure which shows the structural example of the arithmetic unit for encryption (scalar multiplication apparatus) which performs the scalar multiplication on the elliptic curve based on the embodiment The flowchart which shows the 1st example of the processing procedure of the scalar multiplication on the elliptic curve in the embodiment The flowchart which shows the 2nd example of the processing procedure of the scalar multiplication on the elliptic curve in the same embodiment The figure which shows the other structural example of the arithmetic unit for encryption (scalar multiplication apparatus) which performs the scalar multiplication on the elliptic curve based on the embodiment The figure for demonstrating the (-1) input SPA attack with respect to rightward binary arithmetic The figure for demonstrating the (x, -x) input SPA attack with respect to rightward binary arithmetic Illustration for explaining Montgomery Ladder algorithm The figure for demonstrating the (-1) input SPA attack with respect to Montgomery ladder algorithm Diagram for explaining (x, -x) input SPA attack for Montgomery Ladder algorithm

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Attack invalidation process part, 2, 3 ... Operation part for encryption (Power remainder calculation part, scalar multiplication part), 11 ... Input part, 12 ... Pre-processing part, 13 ... Post-processing part, 14 ... Output part

Claims (20)

A cryptographic calculation device that performs a specific cryptographic calculation using a right-pointed calculation procedure, which is a procedure for calculating from a high-order bit to a low-order bit of a secret parameter consisting of a binary number,
An input unit for inputting the data to be subjected to the operation for encryption, the secret parameter used for the operation, and other parameters used for the operation;
A pre-processing unit that performs specific conversion on the data to obtain conversion data;
Using the converted data, all or a part of the secret parameter, and the other parameter as input, performing the cryptographic operation according to the rightward operation procedure using all or a part of the secret parameter. A cryptographic computation unit for obtaining the computation result,
Based on the calculation result obtained by the cryptographic calculation unit, post-processing for obtaining the calculation result of the cryptographic calculation when the data, all of the secret parameters, and the other parameters are input. A post-processing section to perform,
An encryption operation apparatus comprising: an output unit that outputs the operation result obtained by the encryption operation unit or the operation result obtained by the post-processing unit as a final operation result. The predetermined cryptographic operation is a power residue calculation;
The data is a message M that is the base of the modular exponentiation,
The secret parameter is a power index d;
The other parameter is modulus n,
The cryptographic operation device according to claim 1, wherein the final calculation result is a power residue calculation result M ^ d mod n. The preprocessing unit squares the message M under the modulus n to obtain the conversion data,
The cryptographic operation unit performs the power-residue calculation according to the right-pointed operation procedure based on the power exponent d excluding the least significant bit under the modulus n, with the conversion data as an operation target,
The post-processing unit, when the least significant bit of the power exponent d is 1, performs a multiplication remainder calculation of the operation result of the cryptographic operation unit and the message M under the modulus n, and 3. The cryptographic computation device according to claim 2, wherein a final computation result is obtained. The post-processing unit performs the same operation as the case where the least significant bit of the power exponent d is 1 as a dummy calculation when the least significant bit of the power exponent d is 0,
4. The cryptographic computation device according to claim 3, wherein the computation result of the cryptographic computation unit is the final computation result. The pre-processing unit obtains the conversion data by repeating a square operation t times for the message M under modulus n,
The cryptographic operation unit operates on the converted data, and performs the first-direction operation procedure based on the power exponent d obtained by subtracting t bits from the least significant bit under the modulus n. Perform a power-residue calculation to obtain the first calculation result,
The post-processing unit uses the message M as a calculation target, and performs a second power residue by an arbitrary calculation procedure based on a power index d obtained by extracting t bits from the least significant bit under the modulus n. Perform the calculation to obtain the second calculation result,
The post-processing unit calculates the final calculation result by performing a multiplication remainder calculation of the first calculation result and the second calculation result under the modulus n. Cryptographic operation unit.   Instead of the post-processing unit performing a second power residue calculation to obtain the second calculation result, a cryptographic calculation unit provided separately from the cryptographic calculation unit or the cryptographic calculation unit is a second 6. The cryptographic operation device according to claim 5, wherein a power residue calculation is performed to obtain the second calculation result. Whether the message M belongs to a positive message space or a negative message space when the input message space is defined by dividing the input message space into a positive message space and a negative message space. If the message M belongs to a negative message space, the sign of the message M is inverted under the modulus n to obtain the converted data,
When the message M belongs to a negative message space, the cryptographic calculation unit uses the converted data as a calculation target, and performs a power-residue according to the rightward-type calculation procedure based on the power exponent d under the modulus n If the message M belongs to the positive message space, the power of the message M is calculated, and a power-residue calculation is performed under the modulus n by the right-pointed operation procedure based on the exponent d. ,
When the message M belongs to a negative message space, the post-processing unit performs a modular multiplication of (−1) ^ d and the operation result of the cryptographic operation unit under the modulus n, The cryptographic computation device according to claim 2, wherein the final computation result is obtained.   3. The cryptographic computation device according to claim 2, wherein when the data M belongs to a positive message space, the computation result of the cryptographic computation unit is the final computation result.   When the modulus n is a product of a plurality of prime numbers that are relatively prime, the modulus n is decomposed into relatively prime factors, and each factor is used as a modulus to use the preprocessing unit, the cryptographic operation unit, and the postprocessing unit. 9. The method according to claim 1, further comprising means for obtaining each final computation result and combining the obtained plurality of final computation results with a Chinese remainder theorem. Cryptographic operation unit. The predetermined cryptographic operation is a scalar multiplication on an elliptic curve,
The data is a point P that is subject to scalar multiplication,
The secret parameter is a secret scalar value d;
The other parameter is a domain parameter E of an elliptic curve,
2. The cryptographic operation device according to claim 1, wherein the final calculation result is a scalar multiplication result d * P on an elliptic curve. The preprocessing unit obtains the conversion data by doubling the point P under the domain parameter E of the elliptic curve,
The cryptographic operation unit operates on the conversion data, and performs an elliptic curve on the elliptic curve by the right-direction calculation procedure based on the scalar parameter d except for the least significant bit under the domain parameter E of the elliptic curve. Scalar multiplication of
When the least significant bit of the scalar value d is 1, the post-processing unit performs point addition of the calculation result of the cryptographic calculation unit and the point P under the domain parameter E of the elliptic curve. The cryptographic calculation device according to claim 10, wherein the final calculation result is obtained. When the least significant bit of the scalar value d is 0, the post-processing unit performs the same operation as the case where the least significant bit of the scalar value d is 1 as a dummy calculation,
12. The cryptographic computation device according to claim 11, wherein the computation result of the cryptographic computation unit is the final computation result. The preprocessing unit obtains the conversion data by repeating point doubling for the point P t times under the domain parameter E of the elliptic curve,
The cryptographic operation unit is configured to operate on the converted data, under the elliptic curve domain parameter E, according to the right-direction operation procedure based on the scalar value d obtained by removing t bits from the least significant bit. The scalar multiplication on the first elliptic curve is performed to obtain the first calculation result,
The post-processing unit uses the data as a calculation target, and performs a second calculation procedure based on an arbitrary calculation procedure based on a value obtained by extracting t bits from the least significant bit of the scalar value d under the domain parameter E of the elliptic curve. A scalar multiplication on the elliptic curve is obtained to obtain the second calculation result,
The post-processing unit performs point addition of the first calculation result and the second calculation result under the domain parameter E of the elliptic curve to obtain a final scalar multiplication result. Item 11. The cryptographic operation device according to Item 10.   Instead of the post-processing unit performing scalar multiplication on the second elliptic curve to obtain the second calculation result, the cryptographic calculation unit or the cryptographic calculation unit provided separately from the cryptographic calculation unit 14. The cryptographic operation device according to claim 13, wherein the second arithmetic result is obtained by performing scalar multiplication on the second elliptic curve.   The cryptographic operation unit according to claim 3, 4, 5, 6, 7 or 8, wherein the cryptographic operation unit performs a power-residue calculation by a right-pointing binary method or Montgomery ladder method. Arithmetic unit.   The cryptographic operation unit according to claim 11, 12, 13, or 14, wherein the cryptographic operation unit performs scalar multiplication on an elliptic curve by a right-pointing binary method or Montgomery ladder method. Arithmetic unit.   7. The cryptographic operation device according to claim 5, wherein the cryptographic operation unit performs a power-residue calculation by a right-pointing w-bit window method.   15. The cryptographic computation device according to claim 13 or 14, wherein the cryptographic computation unit performs scalar multiplication on an elliptic curve by a right-facing w-bit window method. A cryptographic calculation device that performs a specific cryptographic calculation using a right-pointed calculation procedure, which is a procedure for calculating from a high-order bit to a low-order bit of a secret parameter consisting of a binary number,
An input unit included in the cryptographic computation device inputs data to be subject to the cryptographic computation, the secret parameter used for the computation, and other parameters used for the computation;
A preprocessing unit included in the cryptographic operation device performs specific conversion on the data to obtain converted data;
The cryptographic calculation unit included in the cryptographic calculation device uses the conversion data, all or part of the secret parameter, and the other parameter as input, and uses all or part of the secret parameter. Performing the cryptographic computation by the right-facing computation procedure and obtaining the computation result;
When the post-processing unit included in the cryptographic computation device receives the data, all of the secret parameters, and the other parameters based on the computation result obtained by the cryptographic computation unit. Performing post-processing to obtain a computation result of the cryptographic computation;
The output unit included in the cryptographic computation device includes a step of outputting the computation result obtained by the cryptographic computation unit or the computation result obtained by the post-processing unit as a final computation result. An arithmetic unit for encryption. A program for causing a computer to function as a cryptographic operation device that performs a specific cryptographic operation using a right-pointing arithmetic procedure that is a procedure for proceeding calculation from an upper bit to a lower bit of a secret parameter consisting of a binary number. There,
An input unit included in the cryptographic computation device inputs data to be subject to the cryptographic computation, the secret parameter used for the computation, and other parameters used for the computation;
A preprocessing unit included in the cryptographic operation device performs specific conversion on the data to obtain converted data;
The cryptographic calculation unit included in the cryptographic calculation device uses the conversion data, all or part of the secret parameter, and the other parameter as input, and uses all or part of the secret parameter. Performing the cryptographic computation by the right-facing computation procedure and obtaining the computation result;
When the post-processing unit included in the cryptographic computation device receives the data, all of the secret parameters, and the other parameters based on the computation result obtained by the cryptographic computation unit. Performing post-processing to obtain a computation result of the cryptographic computation;
An output unit included in the cryptographic operation device causes the computer to execute a step of outputting the calculation result obtained by the cryptographic calculation unit or the calculation result obtained by the post-processing unit as a final calculation result. Program for.

Images