JP2014192793A - Cryptographic device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To obtain a tamper-proof cryptographic device in which the cryptographic time is shortened by a relatively simple configuration.SOLUTION: A CPU 31 and a cryptographic calculator 32 are single packaged in a cryptographic module. During a cryptographic processing period T10 when cryptographic processing for partial encryption target data PD1-PD5 is performed by the cryptographic calculator 32, the CPU 31 performs read-ahead processing for reading the partial encryption target data PD2-PD6 from a memory, and power consumption processing other than the read-ahead processing (read processing (preliminary processing) performed during an access ID reading period T31 and dummy processing performed during dummy processing periods DT31-DT33).

Description

  The present invention relates to a cryptographic device having tamper resistance during cryptographic processing and executing at high speed.

  In a system product having a cryptographic device, there is a high demand for reduction in power consumption and high performance, and it is designed to eliminate unnecessary processing as much as possible. As a result, an attacker who desires decryption without contact can easily determine that special processing is being performed on the system when the power consumption is abnormally high or the processing time is long.

  The above-mentioned adverse effects caused by the attackers include confidentiality due to timing attacks focused on the processing time by attackers and side-channel attacks such as power analysis attacks focused on power consumption when performing encryption / decryption processing. Information (such as a secret key) is analyzed.

  Moreover, although it is common to take countermeasures against hardware in response to side channel attacks, the countermeasures increase the circuit scale and cost.

  There is a cryptographic processing device disclosed in Patent Document 1 for countermeasures such as side channel attacks. This cryptographic processing apparatus performs dummy processing during encryption / decryption.

  There is a data processing device disclosed in Patent Document 2 for other countermeasures such as a side channel attack. This data processing apparatus delays the execution start time of encryption / decryption in order to make power consumption uniform.

  There is a semiconductor device disclosed in Patent Document 3 for other countermeasures such as a side channel attack. In this semiconductor device, data to be transmitted is encoded in a circuit block on the output side by a predetermined encoding method so that the amount of change in data becomes more uniform.

Japanese Patent Laid-Open No. 2004-212828 JP 2010-277327 A JP 2006-279868 A

  However, since the encryption processing device disclosed in Patent Literature 1 and the data processing device disclosed in Patent Literature 2 execute dummy processing during the encryption processing or delay the execution start time, the encryption processing speed There was a problem that was sacrificed.

  In addition, the semiconductor device disclosed in Patent Document 3 requires a high-capacity storage unit (memory block 14) for storing data after encryption / decryption for speeding up, leading to high costs. was there.

  The present invention has been made to solve the above-mentioned problems, and has as its object to increase the cryptographic processing time and to obtain a cryptographic device having tamper resistance with a relatively simple configuration.

  According to a first aspect of the present invention, there is provided a cryptographic apparatus comprising: a cryptographic operator that performs cryptographic processing on cryptographic target data to obtain encrypted data; and the cryptographic target data from an external memory unit that stores the cryptographic target data. And a cipher control unit that performs read data read processing and outputs the read encryption target data to the cryptographic operation unit, and the encryption target data is first, second, and second from the memory unit by the data read processing. Including the 1st to m-th partial encryption target data sequentially read out in the order of m-th (≧ 2), and the encryption control unit performs the i-th (i = 1 to (m−1)) In the data reading process of reading out the (i + 1) th partial encryption target data from the memory unit during the encryption processing period in which the encryption processing is performed on the partial encryption target data. And executes the read-ahead processing.

  A second aspect of the present invention is the encryption apparatus according to the first aspect, wherein a wiring provided between the cryptographic control unit and the cryptographic computing unit is concealed from the outside.

  A third aspect of the present invention is the encryption apparatus according to the first or second aspect, wherein the cryptographic control unit further executes power consumption processing other than the preceding read processing.

  The invention according to claim 4 is the encryption apparatus according to claim 3, wherein the memory unit further stores a plurality of read access information defining a read procedure in the preceding read process, and the power consumption process An access information read process that is executed before the read process and reads one piece of information from the plurality of read access information as the selected read access information from the memory unit, wherein the preceding read process indicates the selected read access information According to the reading procedure, the processing includes reading the (i + 1) th partial encryption target data.

  The invention according to claim 5 is the encryption device according to claim 3, wherein the memory unit further stores a plurality of instruction code information defining a read program for the preceding read process in the encryption control unit, The power consumption process includes an instruction code read process that is executed before the preceding read process and reads one information out of the plurality of instruction code information as a selected read instruction code information. It includes processing for executing a read program defined by the instruction code information.

  A sixth aspect of the present invention is the encryption device according to any one of the third to fifth aspects, wherein the power consumption process includes at least one dummy process unrelated to the preceding read process. And the at least one dummy process can change the contents of each partial encryption target data.

  A seventh aspect of the present invention is the encryption apparatus according to the sixth aspect, wherein the at least one dummy process includes a dummy process performed after the preceding read process.

  The invention according to claim 8 is the encryption apparatus according to any one of claims 3 to 7, wherein the encryption control unit performs the data read processing in all time zones of the encryption processing period. One of the power consumption processes is executed.

  In the cryptographic apparatus according to the first aspect of the present invention, during the cryptographic processing period for the i-th partial encryption target data by the cryptographic computing unit, the preceding read processing that consumes power by the cryptographic control unit is performed. For this reason, in addition to the power consumption due to the cryptographic processing by the cryptographic calculator, the time channel in which the power consumption due to the processing operation of the cryptographic control unit is taken into account during the cryptographic processing period, the side channel during the cryptographic processing by the cryptographic calculator Tamper resistance against attacks can be improved.

  In addition, during the execution time of the encryption process for the i-th partial encryption target data by the cryptographic operation unit, the encryption control unit executes a pre-read process for reading out the (i + 1) th partial encryption target data. For this reason, since the cryptographic operation unit can continuously execute the cryptographic processing on the first to mth partial encryption target data, the cryptographic processing can be speeded up.

  Furthermore, since the necessary configuration other than the cryptographic operation unit is a cryptographic control unit capable of executing the preceding read process, the cryptographic device can be realized with a relatively simple configuration.

It is a block diagram which shows the system configuration | structure containing the encryption module which is Embodiment 1 of this invention. FIG. 4 is an explanatory diagram showing, in a table format, data read processing contents in the cryptographic module according to the first embodiment. It is explanatory drawing (the 1) which shows typically the processing content of the encryption module of Embodiment 1 in the encryption calculation period. It is explanatory drawing (the 2) which shows typically the processing content of the encryption module of Embodiment 1 in the encryption calculation period. It is explanatory drawing which shows typically the power consumption change accompanying the processing operation of CPU in an encryption processing period. It is a block diagram which shows the system configuration | structure containing the encryption module which is Embodiment 2 of this invention. It is explanatory drawing (the 1) which shows typically the processing content of the encryption module of Embodiment 2 in the encryption calculation period. It is explanatory drawing (the 2) which shows typically the processing content of the encryption module of Embodiment 2 in the encryption calculation period.

<Embodiment 1>
(Constitution)
FIG. 1 is a block diagram showing a system configuration including an encryption module 30 (encryption device) according to Embodiment 1 of the present invention. As shown in the figure, the data processing system 51 includes a host unit 1, a memory controller unit 2, and a memory core unit 4.

  The host unit 1 has a SoC (System-on-a-Chip) 11 inside, and the memory controller unit 2 has a host I / F 21, a control unit 22, a cryptographic module 30, a selector 24, and a memory I / F 25 inside. doing. The memory core unit 4 has a memory 41 inside.

  A memory read request for requesting reading of encryption target data can be given from the host unit 1 to the control unit 22 via the host I / F 21.

  On the other hand, the memory 41 in the memory core unit 4 is a non-volatile memory, and stores content data D41 to be encrypted data and access ID data AI1 to AIn (read access information) described later.

  Hereinafter, each configuration of the memory controller unit 2 will be described. The control unit 22 performs overall control related to the memory controller unit 2.

  The cryptographic module 30 includes a CPU 31 and a cryptographic calculator 32. The cryptographic calculator 32 is a circuit block (IP (Intellectual Property)) that performs cryptographic calculation processing on the encryption target data transmitted by the CPU 31 and obtains encrypted data. In addition, there is no restriction | limiting in particular about the content of a cryptographic calculation process.

  Further, the cryptographic operation unit 32 includes a register capable of storing encryption target data (encrypted / decrypted data). A configuration in which a storage unit such as a RAM is arranged for the registers is also conceivable. Which of the register and the RAM is arranged is determined by, for example, a trade-off with cost.

  The CPU 31 controls the selector 24 to perform a data read process for reading the content data D41 from the memory 41 in the memory core unit 4 via the memory I / F 25 as encryption target data. Further, the CPU 31 performs a process of transmitting the read encryption target data to the cryptographic calculator 32 and receiving the encrypted data obtained from the cryptographic calculator 32.

  The cryptographic module 30 includes a CPU 31 and a cryptographic calculator 32 that are packaged (one chip). Therefore, the signal (data) exchange wiring between the CPU 31 and the cryptographic calculator 32 can be concealed from the outside.

  The selector 24 selects the CPU 31 as the access target of the memory 41 and provides a first data read route between the memories 41 to 31, or selects the control unit 22 as the access target of the memory 41 and selects the memory 41 to the control unit 22. A switching operation is performed for switching whether to provide a second data read route.

  The switching operation by the selector 24 is performed under the control of the CPU 31 during the period for executing the cryptographic operation processing by the cryptographic calculator 32, and the other general memory access period is performed under the control of the control unit 22.

(principle)
The present invention is a proposal of a software implementation method related to the processing of the CPU 31 in the cryptographic module 30 for improving the tamper resistance against side channel attacks during the cryptographic calculation processing by the cryptographic calculator 32 and improving the performance of the cryptographic processing. .

  Specifically, the cryptographic operation unit 32 and the CPU 31 are packaged as one cryptographic module 30, and the power consumption values in the cryptographic module 30 are equalized (varied) and controlled by the CPU 31 in the cryptographic module 30 (software control). High speed cryptographic processing is realized.

(Data read processing and cryptographic operation processing)
FIG. 2 is an explanatory diagram showing, in a tabular form, data read processing contents for reading the content data D41 stored in the memory 41 existing in the memory core unit 4 outside the memory controller unit 2 (encryption module 30).

  First, in step STEP0, the CPU 31 reads from the memory 41 the partial encryption target data PD1 that is the memory 41 at addresses 4000 to 41FFh. At this time, the cryptographic calculator 32 is not executing cryptographic calculation processing.

  In step STEP0, it is instructed by a memory read request given from the host unit 1 to the CPU 31 via the control unit 22 {SA (Start Address) = 4000h (encryption processing size = 200h), RS (Read Size). ; Read size) = C00h} is stored in an internal memory such as a register (not shown) in the CPU 31, and the content data D41 is read from the memory 41 in accordance with the above-described SA and RS.

  Therefore, in accordance with the above memory read request, the content data D41 stored in the addresses 4000 to 41FFh, 4200 to 43FFh, 4400 to 45FFh, 4600 to 47FFh, 4800 to 49FFh, and 4A00 to 4BFF of the memory 41 is each encrypted processing size 200h. The partial encryption target data PD1 to PD6 (first to sixth partial encryption target data) are sequentially read out by the CPU 31 and transmitted to the cryptographic computing unit 32, and then the cryptographic operation processing is performed on the partial encryption target data PD1 to PD6. become.

  In step STEP0, since the partial encryption target data PD1 is in the range up to the stage of input to the cryptographic calculator 32, the partial cryptographic target data PD1 is input to the cryptographic calculator 32, but the cryptographic calculator 32 is encrypted. Since arithmetic processing is not started, “−” is described in FIG.

  Next, in step STEP1, the cryptographic calculator 32 performs cryptographic calculation processing on the partial encryption target data PD1 (content data D41 of addresses 4000 to 41FFh) read by the CPU 31 in step STEP0, and the CPU 31 performs partial encryption target data PD2. Pre-reading processing of (content data D41 at addresses 4200 to 43FFh) is performed.

  Thereafter, similarly, in steps STEP2 to STEP5, the cryptographic calculator 32 performs cryptographic calculation processing on the partial encryption target data PD2 to PD4 read by the CPU 31 in steps STEP1 to STEP4, and the CPU 31 performs the partial encryption target data PD3 to PD5. The preceding read process is performed.

  In step STEP6, the cryptographic calculator 32 performs cryptographic calculation processing on the partial encryption target data PD6, and the encryption processing on the partial encryption target data PD1 to PD6 is completed. In step STEP6, since the preceding read process is not executed, it is desirable to intentionally perform the power consumption variation process as shown in FIG.

  As described above, the CPU 31 serving as the encryption control unit performs the partial encryption target data PD from the memory 41 during the execution time of the cryptographic operation processing on the partial encryption target data PDi (any of i = 1 to 5) by the encryption calculator. A preceding read process (data read process) for reading (i + 1) is performed in parallel.

  Therefore, compared with the normal encryption process, the encryption operation process is completed as the preparation (reading) of the next partial encryption object data PD (i + 1) is completed at the end of the encryption operation process of the partial encryption object data PDi. Then, it is not necessary to provide time for reading the next partial encryption target data.

  Therefore, with respect to the encryption processing for the partial encryption target data PD1 to PD6 by the encryption module 30, the time is shortened by (time for reading the partial encryption target data PD) × (for the number of preceding read processing times) (= 5 times). Processing speed can be increased.

(Processing content of CPU 31)
3 and 4 are explanatory diagrams schematically showing the processing contents of the cryptographic module 30 (the CPU 31 and the cryptographic calculator 32) according to the first embodiment.

  In the following, referring to FIG. 2, as shown in FIG. 2, the cipher operation unit 32 executes the cipher operation processing on each of the partial encryption target data PD1 to PD6 to obtain the partial encrypted data CD1 to CD6. Is used as an example to explain how power consumption is equalized or distributed. For convenience of explanation, the cryptographic operation unit 32 is capable of performing a collective cryptographic computation process on each of the partial encryption target data PD1 to PD6. That is, the cryptographic operation unit 32 has an internal storage unit such as a register for the data size of the partial encryption target data PD (the size depends on the key length or the like).

  First, encryption processing start ST0 from the control unit 22 is performed. At the start of encryption processing ST0, the control unit 22 makes a read request instructing, for example, {SA (Start Address) = 4000h (encryption processing size = 200h), RS (Read Size) = C00h}. This read request is made based on the above-described memory read request from the host unit 1.

  In accordance with the read request, the partial encryption target data PD1 to PD6 shown in FIG. 2 are read in units of partial encryption target data PDi (i = 1 to 6), and the cryptographic calculation processing is transmitted to the CPU 31.

  Then, the CPU 31 executes a switching process PR21 for changing the selector 24, thereby providing a first read route between the memory 41 and the CPU 31 via the memory I / F 25.

  Thereafter, the CPU 31 executes a read process R41 of the partial encryption target data PD1 with respect to the memory 41 via the memory I / F 25 to obtain partial encryption target data PD1. A period during which the CPU 31 reads the partial encryption target data PD1 from the memory 41 is an encryption target data reading period T21.

  Then, the CPU 31 transmits the partial encryption target data PD1 to the encryption calculator 32, whereby the partial encryption target data PD1 is input to the register of the encryption calculator 32 and the like.

  The above-described encryption process start ST0, process PR21, and preceding read process R41 correspond to the process of step STEP0 shown in FIG.

  Thereafter, the loop processing LP1 is entered. Since the cryptographic calculator 32 executes cryptographic calculation processing on the partial encryption target data PD1 immediately after receiving the partial encryption target data PD1, the encryption processing period T10 starts from the beginning of the loop processing LP1.

  In this cryptographic processing period T10, the CPU 31 will be described in detail later in order to equalize the power consumption of the cryptographic module 30, but various power consumption processes (PR22 to PR28, PR22 to PR28, in addition to the preceding read process RD42 of the partial encryption target data PD2). RD51) is executed.

  The CPU 31 immediately determines the access ID data AIj (j = 1 to n) selected as a read target from among the access ID data AI1 to AIn stored in the memory 41 immediately after the start of the loop process LP1. The process PR22 to be executed is executed.

  Thereafter, the CPU 31 determines a read wait time with a random number, and executes a process PR23 for performing a wait process (a dummy process described later) during the wait period.

  When the process PR23 is completed, the CPU 31 performs a read process RD51 (access information read process) of the access ID data AIj (determined by the process PR22), which is the selected read access information stored in the memory 41, and accesses the access ID from the memory 41. Read data AIj. The execution period of the read process RD51 is the access ID data read period T31.

  Thereafter, the CPU 31 executes a process PR24 for decoding the contents of the access ID data AIj, and subsequently performs a process PR25 for determining a memory access method designated by the access ID data AIj. Here, the memory access method determined by the process PR25 is referred to as “access method j”.

  Then, the CPU 31 determines a wait time until reading with a random number, and executes a process PR26 for performing a wait process (dummy process) for the wait time.

  When the process PR26 is finished, the CPU 31 executes the pre-read process R42 for the partial encryption target data PD2 by the read procedure according to the access method j to obtain the partial encryption target data PD2. A period during which the CPU 31 reads the partial encryption target data PD2 from the memory 41 is an encryption target data read period T22. Here, the partial encryption target data PD2 read in the read procedure by the access method j is set as partial encryption target data PD2x. Since the partial encryption target data PD2x is a data string obtained as a result of being read by the read procedure according to the access method j, it usually has different contents from the partial encryption target data PD2.

  Thereafter, the CPU 31 executes a process PR27 for changing the format of the partial encryption target data input to the cryptographic calculator 32. That is, a process of shaping the partial encryption target data PD2x into the original partial encryption target data PD2 is performed.

  For example, when the partial encryption target data PD2 is read sequentially in the reverse address order (example: 43FF to 4200h) during the preceding read process RD42, the address order (example: 4200 to 43FFh) is used in the process PR27. It is necessary to change the format.

  Furthermore, when the CPU 31 is in the cryptographic processing period T10 and has not received the cryptographic operation processing end signal RE1 from the cryptographic computing unit 32, the power consumption is varied during the Wait period until the processing end signal RE1 is received. A dummy process (Wait process) is performed as process PR28.

  Then, after receiving the processing end signal RE1 from the cryptographic operation unit 32, the CPU 31 ends the process PR28 and makes an encrypted data acquisition request RQ24 to the cryptographic operation unit 32.

  The cryptographic calculator 32 that has received the encrypted data acquisition request RQ24 transmits to the CPU 31 the partially encrypted data CD1 obtained by performing the cryptographic calculation process on the partial encryption target data PD1.

  On the other hand, the CPU 31 confirms the completion of reception of the partial encrypted data CD1 for one page size (200h), and performs a partial encryption target data reception completion process PR29 for transmitting the partial encrypted data CD1 to the control unit 22. When the process PR29 is completed, the partial encryption target data PD2, which is the next partial encryption target data PD read in the preceding read process RD42 and reformatted in the process PR27, is transmitted to the cryptographic computing unit 32, and the first loop process LP1 is performed. finish.

  The second loop process LP1 is a process mainly performed in parallel with the cryptographic calculation process for the partial encryption target data PD2 by the cryptographic calculator 32 and the preceding read process RD43 for the partial encryption target data PD3 by the CPU 31. The same as the first time.

  In the third to fifth loop processing LP1, the cipher operation processing on the partial encryption target data PD3 to PD5 by the cryptographic operation unit 32 and the preceding read processing RD44 to RD46 of the partial encryption target data PD4 to PD6 by the CPU 31 are performed in parallel. This processing is mainly performed, and each is performed in the same manner as the first time.

  When the fifth loop processing LP1 is completed, the loop processing LP1 is terminated, and the cryptographic calculator 32 performs cryptographic calculation processing (not shown) on the partial encryption target data PD6, and then transmits the encrypted data CD6 to the CPU 31.

  Thereafter, the CPU 31 changes to a second read route between the memory 41 and the control unit 22 via the memory I / F 25 by executing a process PR30 for changing (switching control) the selector 24.

  The CPU 31 performs processing PR31 for notifying the cryptographic operation unit 32 of the cryptographic processing end signal RE2 for notifying the cryptographic operation unit 32 that the acquisition of the partial encrypted data CD1 to CD6 for the partial encryption target data PD1 to PD6 has been completed. To finish.

(Access ID data)
The access ID data AIj that is read access information is a bit string that indicates an access method j that instructs the CPU 31 to read out the content data D41 (partial encryption target data PD).

  As the access method j, for example, sequential reading is performed in the order of addresses (example: 4000 to 41FFh), sequential reading is performed in the reverse address (example: 41FF to 4000h), and sequential reading is performed in order of addresses every other address (example: 4000). , 4002, 4004, ... 41FE, 4001, 4003, ... 41FFh) Read sequentially every other address in reverse address order (example: 41FF, 41FD, 41FB, ... 0001, 41FE, 41FC, ... 4000h), etc. Can be considered.

  In addition, if the bit string that becomes the access ID data AIj is set to a bit string that changes in potential between adjacent bits such as “101010...” In order to consume power consumption as the memory controller unit 2, the memory 41 to the memory I / I There is an effect that power consumption between F25 can be increased. For example, when the access ID data AIj is “AAh” (= “10101010”), the access method j can be set to read sequentially in the order of addresses.

  For convenience of explanation, the access ID data AIj is shown as one unit data. However, the access ID data AIj is composed of a data group composed of a plurality of data, and is specified from a combination of a plurality of data or a plurality of data. The access method j may be determined based on the contents of a small number of data.

(Operation of CPU 31)
The CPU 31 starts the operation by the encryption processing start ST0 obtained from the control unit 22 (see FIG. 2). At this timing, the CPU 31, SA (Start Address), and RS (Read Size) are held.

  When the CPU 31 finishes transmitting the partial encryption target data PD1, which is the first partial encryption target data, to the cryptographic operation unit 32, the CPU 31 performs the preceding read processing of the next partial encryption target data PD2 to PD5 in the loop process LP1. Other power consumption processing is performed.

  Power consumption processing is divided into the following two types. One is preliminary processing (access ID data AI read processing RD51 and related processing PR22, PR24, PR25, PR27) related to the preceding read processing. The other is a dummy process (process PR23, PR26, PR28) that is not related to the preceding read process.

  The contents to be preliminarily processed are already determined, but the contents to be dummy processed are arbitrary. For example, a dummy process having an arbitrary content can be executed during the Wait period of the process PR23, during the Wait period of the process PR26, and during the Wait period during which the power consumption variation process of the process PR28 is executed.

(Dummy processing)
Hereinafter, the dummy process performed by the CPU 31 will be described in detail. In order to vary the power consumption by the cryptographic module 30, dummy processing (Wait processing) during the Wait period is prepared in the following three patterns (listed in descending order of power consumption), and the CPU 31 performs a pre-reading process performed during the cryptographic processing period T10. In addition, the total time of the power consumption processing and the like can be arbitrarily changed.

(1) Dummy read processing to the memory 41 by the CPU 31;
(2) Execution of dummy calculation processing with the CPU 31 in an active state,
(3) The CPU 31 is set in the power saving mode and put in the sleep state.

  The data read from the memory 41 in the dummy reading process (1) is discarded without being saved on the CPU 31 side. In addition, the dummy operation process (2) includes a simple loop process that repeatedly executes a simple loop process. A dummy process is performed by generating random numbers on the CPU 31 side and executing these patterns (1) to (3) at random.

  At this time, the shortest time for the cryptographic calculation processing by the cryptographic calculator 32 is calculated in advance. This is because if the dummy processing period (Wait period) is too long, the start time of the cryptographic operation processing for the new partial encryption target data PD and the completion time for reading the new partial encryption target data PD are delayed. This is because the speed of the cryptographic operation processing by the cryptographic module 30 that is the object of the embodiment cannot be achieved.

  By appropriately executing the above-described three patterns of dummy processing during the above-described three wait periods, almost immediately after the cryptographic operation processing by the cryptographic operation unit 32 is completed, the preceding read processing from the memory 41 by the CPU 31 is completed, and a new It is possible to immediately transmit the partial encryption target data PD to the cryptographic operation unit 32. Conversely, by intentionally shortening the Wait period, even when the partial encryption target data PD having the same data amount and the same SA (Start Address (the same encryption processing size)) is subjected to the preceding read process, the encryption module 30 Variations in power consumption can be achieved.

  FIG. 5 is an explanatory diagram schematically showing a change in power consumption accompanying the processing operation of the CPU 31 during the cryptographic processing period T10. In the figure, a change in power consumption of the cryptographic module 30 during the loop process LP1 shown in FIGS. 3 and 4 is shown. The consumption voltage CV shows an outline of the change.

  The CPU 31 sets the dummy processing periods DT31 to DT33, the access ID data reading period T22, and the encryption target data reading period T23 with respect to the cryptographic processing period T10 of the cryptographic calculator 32, so that the CPU 31 has the entire time of the cryptographic processing period T10. Some power consumption processing is executed for the band.

  Note that, at the timing TM1 before the cryptographic processing period T10, both the CPU 31 and the cryptographic calculator 32 are in a standby state, so that the consumption voltage CV can be kept sufficiently low at the timing TM1.

  The dummy processing period DT31 set first corresponds mainly to the Wait period of the process PR23 (see FIG. 3). In FIG. 5, a dummy read process (Dummy Read) as the pattern (1) is executed as a dummy process executed in the dummy process period DT31. Therefore, at the timing TM2 in the dummy processing period DT31, the cryptographic operation unit 32 is executing the cryptographic operation processing, and the CPU 31 is executing the dummy processing (processing load: large). Therefore, the consumption voltage CV should be sufficiently increased. Can do.

  Further, at the timing TM3 when the dummy processing period DT31 switches to the next access ID reading period T31, the CPU 31 ends the dummy processing, the processing load is reduced, the consumption voltage CV is lowered, and then the access ID data AI is read. When RD51 (see FIG. 3) starts, the consumption voltage CV rises again.

  When the access ID read period T31 ends, the process proceeds to a dummy process period DT32. The dummy processing period DT32 mainly corresponds to the Wait period of the process PR26 (see FIG. 3). In FIG. 5, the dummy process executed in the dummy process period DT32 is operated in the CPU power saving mode (processing load: substantially “0”) as the pattern (3). Therefore, at the timing TM4 in the dummy processing period DT32, the consumption voltage of the CPU 31 is close to “0”, so that the consumption voltage CV greatly decreases.

  When the dummy processing period DT32 ends, the process proceeds to the encryption target data reading period T22. In the encryption target data reading period T22, the preceding reading process (processing load: large) by the CPU 31 is executed, so that the consumption voltage CV rises again at the timing TM5 of the encryption target data reading period T22. Thereafter, at timing TM6 when the encryption target data reading period T22 switches to the next dummy processing period DT33, the CPU 31 ends the preceding reading process, thereby reducing the processing load and reducing the consumption voltage CV.

  When the encryption target data reading period T22 ends, the process proceeds to a dummy processing period DT33. The dummy processing period DT33 mainly corresponds to a Wait period for executing the power consumption variation process of the process PR28 (see FIG. 4). As a dummy process executed during the dummy process period DT33, the CPU 31 executes a dummy calculation process (simple loop process; process load: medium) which is the pattern (2). Therefore, the consumption voltage of the CPU 31 slightly increases at the timing TM7 in the dummy processing period DT33.

  When the dummy processing period DT33 ends, the process proceeds to an encrypted data reception period T24. In this encrypted data reception period T24, the CPU 31 transmits the encrypted data acquisition request RQ24 to the cryptographic calculator 32, the partial cryptographic data CD1 (to CD5) from the cryptographic calculator 32 to the CPU 31, and the cryptographic calculation from the CPU 31. The next partial encryption target data PD2 (to PD5) is transmitted to the device 32. During this period, the cryptographic calculation process by the cryptographic calculator 32 is not executed, so the consumption voltage CV decreases, but it does not become “0” because the CPU 31 is operating.

(About power consumption processing)
In addition to the preceding read process, the power consumption process (preliminary process and dummy process) is actively performed for the cryptographic process period T10 during which the cryptographic operation unit 32 performs the cryptographic operation process. This is because even if the power consumption processing is performed at a timing other than the cryptographic processing period T10, there is only an effect that the power consumption is increased by a small amount compared to the power consumption during the cryptographic calculation processing by the cryptographic calculator 32.

  As described above, the dummy processes performed in the dummy process periods DT31 to DT33 are selected from the three patterns (1) to (3) and executed.

  By contriving the combination method of the above three patterns, it becomes possible to further confuse the attacker. That is, it is desirable to appropriately change the pattern of dummy processing to be performed in the dummy processing periods DT31 to DT33 using random numbers or the like. A method in which a dummy processing pattern selection order or the like is provided in advance in an internal memory (not shown) such as a ROM or RAM in the CPU 31 using a table or the like is a relatively simple process in terms of mounting. Examples of combination patterns for dummy processing are listed below.

  1. It is not the same as the combination of the three patterns (1) to (3) in the dummy processing periods DT31 to DT33 of the previous partial encryption target data. That is, the combination of the previous three patterns (1) to (3) is stored, and if it becomes the same, the tamper resistance can be improved by changing the combination.

  2. Don't use combinations with only the same pattern. That is, tamper resistance can be improved by not adopting a combination in which only one of the patterns (1) to (3) is continuously adopted.

  3. The CPU power saving mode of pattern (3) is used for as short a period as possible. That is, since the CPU power saving mode substantially consumes only the power of the cryptographic operation processing by the cryptographic operation unit 32, it can be set as short as possible to improve the tamper resistance. Therefore, it is important to determine the pattern so that the time period during which the dummy reading process of pattern (1) or the dummy calculation process of pattern (2) is executed increases.

  4). A combination pattern is previously stored in a table. An ideal pattern (a pattern that realizes steps 2 and 3 above in time) is stored in advance in an internal memory such as a ROM of the CPU 31, and a dummy process is performed by determining which pattern is used by a random number. This reduces the burden on the mounting surface of the CPU 31 for determining the combination pattern. Instead of determining with a random number, the above 1. It is conceivable to set the table to satisfy the above condition.

  As described above, ~ 4. The dummy process combination determination method described in the above section can be handled by firmware using an internal memory such as the ROM of the CPU 31, so that the implementer should be aware of these dummy processes to be performed in the dummy process periods DT31 to DT33. It is desirable to examine the contents.

  As shown in FIG. 3 and FIG. 4, the CPU 31 is in the active state mainly after the cipher operation start ST0 request obtained from the host unit 1 via the control unit 22 after the cipher operation by the cipher operation unit 32. Even if the attacker performs a side channel attack on the cryptographic module 30 according to the first embodiment, the analysis is difficult because the CPU 31 and the cryptographic calculator 32 operate in parallel. . Further, as described above, by changing the dummy processing content in the Wait period every time, it is possible to change the power consumption even when executing the cryptographic operation processing on the partial encryption target data PD having the same content.

(Effects etc.)
The CPU 31 (encryption control unit) in the encryption module 30 serving as the encryption apparatus according to the first embodiment performs encryption processing on the partial encryption target data PDi (i = 1 to (m−1), m = 6) by the encryption calculator 32. During the encryption processing period T10 to be executed, a preceding read process for reading the partial encryption target data PD (i + 1) from the memory 41 and a power consumption process (preliminary process and dummy process) other than the preceding read process are executed. Yes.

  In other words, in the cryptographic module 30 according to the first embodiment, the advance reading process and the power consumption process by the CPU 31 are performed in parallel during the cryptographic processing period T10 for the partial encryption target data PDi by the cryptographic computing unit 32. For this reason, in addition to the power consumption by the cryptographic operation processing by the cryptographic operation unit 32, the cryptographic module 30 is provided with a time zone in the cryptographic processing period T10 that takes into account the power consumption by the preceding read processing and power consumption processing of the CPU 31. It is possible to improve the tamper resistance against side channel attacks at the time of cryptographic operation processing.

  Even if only the preceding read process is executed with the above-described power consumption process omitted, a time zone in which the power consumed by the preceding read process is taken into account can be provided in the encryption processing period T10. Can be improved.

  Further, the CPU 31 is packaged with the cryptographic calculator 32 in the cryptographic module 30, and the cryptographic module 30 can perform the cryptographic calculation because the wiring for signal exchange between the CPU 31 and the cryptographic calculator 32 can be concealed from the outside. Further improvement in tamper resistance against side channel attacks during processing can be achieved. As an example of concealing the wiring between the CPU 31 and the cryptographic calculator 32 from the outside, in addition to the above-described one package, integration by a molding process or the like can be considered. Further, by arranging the CPU 31 and the cryptographic calculator 32 physically far from each other, the same effect (tamper resistance) as when the wiring is concealed from the outside can be exhibited.

  In addition, during the cryptographic processing period T10 by the cryptographic computing unit 32, the CPU 31 performs a pre-reading process for reading out the partial encryption target data PD (i + 1). For this reason, since the cryptographic operation unit 32 can continuously execute the cryptographic calculation processing on the partial encryption target data PD1 to PD6, the encryption processing can be speeded up.

  In addition to the cryptographic operation unit 32, the only necessary configuration is the CPU 31 that can execute the above-described advance reading process and power consumption process. Various power consumption processes executed by the CPU 31 include software such as executing a program. Since it can be realized by processing, the cryptographic module 30 can be realized with a relatively simple configuration.

  For example, it is sufficient for the cryptographic module 30 to be able to use the external memory 41, and it is not necessary to provide a large-capacity memory inside for speeding up.

  Furthermore, by changing the read procedure in the preceding read process for each partial encryption target data PDi by the access ID data AIj that is the selective read access information, the state of power consumption can be changed for each partial encryption target data PDi. Therefore, tamper resistance can be improved at the time of cryptographic calculation processing.

  Furthermore, since the processing contents of the dummy processing executed during the dummy processing periods DT31 to DT33 can be changed for each partial encryption target data PDi, the tamper resistance can be further improved.

  In addition, the dummy process is executed in the dummy process period DT33 after the preceding read process, and the power consumption process (dummy process) can be executed by the end of the encryption process period T10. Tamper resistance can be improved.

  As shown in FIG. 5, the CPU 31 provides periods (T22, DT31 to DT33, T31) for executing the preceding read process and the power consumption process in the entire time period of the encryption process period T10.

  At this time, by executing the dummy processing of the patterns (1) and (2) also in the dummy processing period DT32, the CPU 31 performs the preceding read processing and power consumption processing (above ( 3) Power consumption processing excluding the sleeve state) can be executed. As a result, the tamper resistance during the cryptographic operation process can be further improved by reliably avoiding the cryptographic operation process performed only by the cryptographic operation unit 32 during the cryptographic processing period T10.

  Note that, during the cryptographic calculation process by the cryptographic calculator 32 for the last partial encryption target data PD6, since the CPU 31 does not execute the preceding read process, it is desirable to perform all dummy processes during these periods.

<Embodiment 2>
(Constitution)
FIG. 6 is a block diagram showing a system configuration including an encryption module 30B (encryption device) according to Embodiment 2 of the present invention. As shown in the figure, the data processing system 52 includes a host unit 1, a memory controller unit 2, and a memory core unit 4 as in the data processing system 51 of the first embodiment.

  However, the memory 41 stores instruction code groups MC1 to MCn instead of the access ID data AI1 to AIn, and the CPU 31B in the cryptographic module 30B in the memory controller unit 2 performs processing corresponding to the instruction code groups MC1 to MCn. The possible point is different from the first embodiment.

  The instruction code group MCi (i = 1 to n) is an aggregate in which instruction codes to be executed by the CPU 31 are stored in the order of instruction execution. That is, the CPU 31 can execute the read program instructed by the instruction code group MCi by sequentially executing the instruction codes in the instruction code group MCi. That is, the instruction code group MCi is instruction code information that defines a read program for the preceding read process.

  Other configurations are the same as those of the encryption apparatus according to the first embodiment shown in FIG. 1, and thus the same reference numerals are given and description thereof is omitted as appropriate.

(Processing content of CPU 31)
7 and 8 are explanatory diagrams schematically showing the processing contents of the CPU 31 in the cryptographic module 30B of the second embodiment.

  Hereinafter, referring to FIG. 2, as shown in FIG. 2, an example is shown in which the cryptographic calculator 32 executes the cryptographic calculation processing on the partial encryption target data PD1 to PD6 to obtain the partial encrypted data CD1 to CD6. To explain how power consumption is equalized or distributed.

  Note that the same parts as the processing contents of the first embodiment shown in FIG. 3 and FIG. 4 are denoted by the same reference numerals and the description thereof will be omitted as appropriate, and the following description will focus on the parts different from the first embodiment.

  In the cryptographic processing period T10 of the loop process LP2 executed after the partial cryptographic target data PD1 is output to the cryptographic calculator 32, the CPU 31B precedes the partial cryptographic target data PD2 in order to equalize the power consumption of the cryptographic module 30B. In addition to the read process RD42, various power consumption processes (PR42 to PR48, RD52) are executed.

  In the second embodiment, instruction code group MC read process RD52 and related processes PR42, PR44, PR45, and PR47 are executed as preliminary processes in the power consumption process, and processes PR43, PR46, and PR48 are executed as dummy processes. Executed.

  The CPU 31B selects the instruction code group MCj to be read (any of j = 1 to n; selected read instruction code information) among the instruction code groups MC1 to MCn stored in the memory 41 immediately after the start of the loop process LP2. Processing PR42 determined by random numbers is executed.

  Thereafter, the CPU 31B determines a read wait period with a random number, and executes a process PR43 for performing a dummy process (wait process) similar to that in the first embodiment during the wait period.

  When the process PR43 ends, the CPU 31B performs a read process RD52 of the instruction code group MCj (determined by the process PR42) stored in the memory 41, and reads the instruction code group MCj from the memory 41. The execution period of the read process RD52 is the instruction code group read period T32.

  Thereafter, the CPU 31B executes a process PR44 for decoding the program contents of the instruction code group MCj, and subsequently performs a process PR45 for determining a memory read program designated by the instruction code group MCj. Here, the memory read program determined by the process PR45 is referred to as “read program j”.

  Then, the CPU 31B determines a Wait period until reading with a random number, and executes a process PR46 for performing a dummy process (Wait process) in the Wait period.

  When the process PR46 is completed, the CPU 31B executes the pre-read process R43 of the partial encryption target data PD2 with the read contents (including the read procedure) according to the read program j, and obtains the partial encryption target data PD2. A period during which the partial encryption target data PD2 is read from the memory 41 by the CPU 31B is an encryption target data reading period T22. Here, the partial encryption target data PD2 read by the read program j is referred to as partial encryption target data PD2x. Since the partial encryption target data PD2x is a data string obtained as a result of reading with the read content (read procedure) according to the read program j, it usually has different content from the partial encryption target data PD2.

  Thereafter, the CPU 31B executes a process PR47 for changing the format of the partial encryption target data input to the cryptographic calculator 32. That is, a process of shaping the partial encryption target data PD2x into the original partial encryption target data PD2 is performed.

  Furthermore, when the CPU 31B is in the cryptographic processing period T10 and has not received the cryptographic operation processing end signal RE1 from the cryptographic computing unit 32, the power consumption varies in the Wait period until the processing end signal RE1 is received. A dummy process for saving is executed as process PR48.

  Then, after receiving the processing end signal RE1 from the cryptographic calculator 32, the CPU 31B ends the processing PR48 and makes an encrypted data acquisition request RQ24 to the cryptographic calculator 32.

  In response to the encrypted data acquisition request RQ24, the cryptographic calculator 32 transmits the partial encrypted data CD1 obtained by performing the cryptographic calculation process on the partial encryption target data PD1 to the CPU 31B.

  On the other hand, the CPU 31B confirms the completion of reception of the partial encrypted data CD1 for one page size (200h), and performs a partial encryption target data reception completion process PR49 for transmitting the partial encrypted data CD1 to the control unit 22. When the process PR49 is completed, the partial encryption target data PD2, which is the next partial encryption target data PD read in the preceding read process RD43 and reformatted in the process PR47, is transmitted to the cryptographic operation unit 32, and the first loop process LP2 is performed. finish.

  The second loop process LP2 is mainly a process in which the cryptographic operation process on the partial encryption target data PD2 by the cryptographic operation unit 32 and the preceding read process RD43 of the partial encryption target data PD3 by the CPU 31B are performed in parallel. The same as the second time.

  In the third to fifth loop processing LP2, the cipher operation processing on the partial encryption target data PD3 to PD5 by the cryptographic operation unit 32 and the preceding read processing RD44 to RD46 of the partial encryption target data PD4 to PD6 by the CPU 31B are performed in parallel. The processing is mainly performed in the same manner as the first time.

  The processing after the end of the fifth loop processing LP2 ends in the same manner as in the first embodiment shown in FIGS.

(Instruction code group)
As described above, each instruction code group MCi, which is instruction code information, is composed of a set of instruction codes, and defines a read program that is an algorithm for realizing a preceding read process for new partial encryption target data PD. ing.

  Therefore, in each of the instruction code groups MC1 to MCn, by defining a read program having different read contents (including a read procedure), the read contents are changed for each partial encryption target data PD, and the generation contents of power consumption are changed. Can be made.

  Note that the plurality of instruction codes constituting the instruction code group MCi are uniquely customized so that “1” and “0” are arranged between adjacent bits so that the power consumption when reading the instruction code group MCi is read. Can be increased. For example, when it is desired to increase the power consumption at the time of reading the instruction code group MCi, an LD instruction or a NOP instruction code that is frequently used as the instruction code may be set to “10101010” or “01010101”.

  In this way, if the instruction code can be customized, the instruction code stored in the memory 41 as the instruction code group MCi can be changed, and the power consumption at the time of reading the instruction code group MCi can be equalized and the variation control can be performed. It becomes possible.

  In process 45 (see FIG. 7), the cryptographic calculator 32 decodes each instruction code in the selected instruction code group MCj, and executes a read program according to the decoding result.

  Regarding the method of selecting the instruction code group MCj, the selection order of the instruction code groups MC1 to MCn stored in the memory 41 is determined in advance, and the instruction code group MC1 according to the selection order determined in advance among the instruction code groups MC1 to MCn. A method of reading any one of -MCn as the instruction code group MCj may be adopted.

  Note that the contents of the read program instructed by the instruction code group MCi can be set in advance. For example, the instruction code group MC1 defines a program for executing a sequential read process, the instruction code group MC2 defines a program for executing a read process for decrementing, etc. Various correspondences can be considered.

(Effects etc.)
The cryptographic module 30B according to the second embodiment has the same configuration as the cryptographic module 30 according to the first embodiment except that the cryptographic module 30B is configured to execute a read program defined by the instruction code groups MC1 to MCn stored in the memory 41. Therefore, the same effects as those of the first embodiment are obtained. Hereinafter, effects different from those of the first embodiment will be described.

  The cryptographic module 30B according to the second embodiment uses the instruction code group MCj, which is the selective read instruction code information, to change the prior read processing contents for each partial encryption target data PDi, thereby reducing the power consumption for each partial encryption target data PDi. Since the generation state can be changed, it is possible to improve the tamper resistance during the cryptographic calculation process.

  As described above, in the second embodiment, by storing the instruction code group MCi in the memory 41, the CPU 31B does not need to store a program for executing the preceding read process in an internal memory such as a ROM. The capacity of the internal memory of the CPU 31B can be reduced.

  On the other hand, in the first embodiment, it is necessary to store a read program for executing the preceding read process in the read procedure indicated by the access ID data AIj in the internal memory such as the ROM of the CPU 31, so that the capacity of the internal memory of the CPU 31 is increased. Needs to be larger than the CPU 31B of the second embodiment.

  Further, in the cryptographic module 30B according to the second embodiment, the instruction code group MCi is stored in the memory 41 of the relatively large-capacity memory core unit 4 so that a read program for executing various read contents (read procedures) is executed. There is an effect that the code groups MC1 to MCn can be stored.

  In the above-described embodiment, the cryptographic module 30 has been described as a cryptographic device, but content data D41 (partial encryption target data PD1 to PD6) and access ID data AI1 to AIn (instruction code groups MC1 to MCn) are stored. A configuration including the memory 41 and the cryptographic module 30 can be considered as the cryptographic processing system of the present invention.

  It should be noted that the present invention can be freely combined with each other within the scope of the invention, and each embodiment can be appropriately modified or omitted.

DESCRIPTION OF SYMBOLS 1 Host part 2 Memory controller part 4 Memory core part 22 Control part 30, 30B Cryptographic module 31, 31B CPU
32 Cryptographic operator 24 Selector 25 Memory I / F
41 memory

Claims (8)

A cryptographic operation unit that performs cryptographic processing on the data to be encrypted and obtains encrypted data;
A data reading process for reading out the encryption target data from an external memory unit that stores the encryption target data, and a cipher control unit that outputs the read encryption target data to the encryption calculator,
The encryption target data includes first to mth partial encryption target data sequentially read from the memory unit in the order of the first, second, and mth (≧ 2) by the data reading process,
In the cryptographic processing period in which the cryptographic processing is performed on the i-th (i = 1 to (m−1)) partial encryption target data by the cryptographic computing unit,
The preceding read process in the data read process for reading the (i + 1) th partial encryption target data from the memory unit is performed.
Crypto device. The encryption device according to claim 1,
The wiring provided between the cryptographic control unit and the cryptographic calculator is concealed from the outside,
Crypto device. The encryption device according to claim 1 or 2, wherein
The encryption control unit further executes power consumption processing other than the preceding read processing,
Crypto device. The encryption device according to claim 3,
The memory unit further stores a plurality of read access information defining a read procedure in the preceding read process,
The power consumption process includes an access information read process that is executed before the preceding read process and reads one information from the plurality of read access information as the selected read access information from the memory unit,
The preceding read process includes a process of reading the (i + 1) th partial encryption target data according to a read procedure instructed by the selective read access information.
Crypto device. The encryption device according to claim 3,
The memory unit further stores a plurality of instruction code information defining a read program for the preceding read process in the encryption control unit,
The power consumption process includes an instruction code read process that is executed before the preceding read process and reads one information out of the plurality of instruction code information as a selective read instruction code information,
The preceding read process includes a process of executing a read program defined by the selected instruction code information.
Crypto device. The encryption device according to any one of claims 3 to 5,
The power consumption process includes at least one dummy process unrelated to the preceding read process, and the at least one dummy process can change the contents of each partial encryption target data. To
Crypto device. The encryption device according to claim 6,
The at least one dummy process includes a dummy process performed after the preceding read process;
Crypto device. The encryption device according to any one of claims 3 to 7,
The encryption control unit executes one of the data reading process and the power consumption process in the entire time period of the encryption processing period.
Crypto device.

Images