WO2002065692A1 - Procede de securisation d'un ensemble electronique mettant en oeuvre un algorithme cryptographique utilisant des operations booleennes et des operations arithmetiques, et systeme embarque correspondant - Google Patents
Procede de securisation d'un ensemble electronique mettant en oeuvre un algorithme cryptographique utilisant des operations booleennes et des operations arithmetiques, et systeme embarque correspondant Download PDFInfo
- Publication number
- WO2002065692A1 WO2002065692A1 PCT/FR2002/000579 FR0200579W WO02065692A1 WO 2002065692 A1 WO2002065692 A1 WO 2002065692A1 FR 0200579 W FR0200579 W FR 0200579W WO 02065692 A1 WO02065692 A1 WO 02065692A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- boolean
- separation
- arithmetic
- operations
- parts
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
Definitions
- the object of the present invention is to propose two new algorithms "BooleanToArithmetic” and "ArithmeticToBoolean”, proven to be safe against DPA attacks.
- Each of these algorithms uses only very simple operations: XOR (or exclusive), AND, subtraction, and the "left shift" of a register.
- Our “BooleanToArithmetic” algorithm uses a constant number (equal to 7) of such elementary operations, while the number of elementary operations involved in our “ArithmeticToBoolean” algorithm is proportional (it is 5R + 5) to the size (Le the number of bits K) of the processor registers.
- DPA Different Power Analysis
- the present invention is concerned with the "masking" method, suggested by Chari et al. [2].
- the basic principle consists in programming the algorithm so that the fundamental assumption above is not checked any more (Le. An intermediate variable never depends on the knowledge of an easily accessible subset of the secret key) . More precisely, by using a key sharing scheme, each of the intermediate variables appearing in the cryptographic algorithm is separated into several parts. In this way, an attacker is forced to analyze distributions of several points, which makes his task exponential in the number of elements of the separation.
- a boolean masking: x ' x ⁇ r.
- An arithmetic masking: A x - r modulo 2 l
- the variable x is masked by the random value r, which gives the masked value x '(or A).
- Our objective is to find an efficient algorithm to pass from boolean masking to arithmetic masking and vice versa, while ensuring that the intermediate variables are decorrelated from the data to be masked, which ensures resistance to DPA.
- the invention relates to a method for securing an electronic assembly comprising a processor and a memory, implementing a cryptographic algorithm stored in the memory and using Boolean operations and arithmetic operations, in which at least one variable is separated into several parts, according to a Boolean separation using a Boolean operation, and according to an arithmetic separation using an arithmetic operation, characterized in that, to pass from any one of these separations to the other, one performs, by means of the processor, a predetermined number of Boolean and arithmetic operations on said parts and at least one random number, so that, for each of the values appearing during the calculation, there is no correlation with said variable, the calculation resulting in a result stored in memory.
- the method comprises the following stages:
- the separation of said parts into at least two elements uses a Boolean operation.
- said grouping of two of said partial results is carried out by means of a Boolean operation.
- the Boolean operation used for the separation of said parts into at least two elements is the "or exclusive" operation.
- the Boolean operation used for grouping said partial results is carried out by means of the "or exclusive" operation.
- the Boolean separation in two parts, using the "or exclusive” operation and the arithmetic separation, in two parts, using the “addition” operation, the method is characterized in that to pass from the Boolean separation to the 'arithmetic operation, we use five operations “or exclusive” and two operations "subtraction".
- At least one variable obtained by means of a predetermined number of successive iterations is defined from an initial value which is a function of at least one hazard, by applications. successive of a transformation based on Boolean and arithmetic operations applying to said parts of the arithmetic separation and to said at least one hazard.
- each part except one of the Boolean separation is obtained by applying Boolean operations to the said variable or said variables obtained by successive iteration, to the said parts of the arithmetic separation and to the said random hazard (s).
- the Boolean operations applied to obtain all the parts except one of the Boolean separation are the "or exclusive” operation and the "logical shift of a bit to the left" operation.
- the arithmetic separation, in two parts, using the "addition” operation and the Boolean separation, in two parts, using the "or exclusive” operation characterized in that that to pass from the boolean separation to the arithmetic operation, one uses (2K + 4) operations “or exclusive”, (2K + 1) operations “and logical”, and K operations "logical shift of a bit to the left” .
- the invention also relates to an on-board system comprising a processor and a memory, and implementing a cryptographic algorithm stored in the memory and using boolean operations and arithmetic operations, in which at least one variable is separated into several parts, according to a boolean separation using a boolean operation, and according to an arithmetic separation using an arithmetic operation, characterized in that, to pass from any one of these separations to the other, it comprises conversion means for effecting, by means of the processor , a predetermined number of Boolean and arithmetic operations on said parts and at least one hazard, so that, for each of the values appearing during the calculation, there is no correlation with said variable, the calculation resulting in a result stored in memory.
- Input: (x ', r) such that x x' ⁇ r.
- Output: (A, r) such that x A + r.
- the "BooleanToArithmetic” algorithm uses 2 auxiliary variables (T and T), 1 call to the random generator, and 7 elementary operations (more precisely: 5 “XOR” and 2 subtractions).
- the "ArithmeticToBoolean” algorithm uses 3 auxiliary variables (T, ⁇ and -T), 1 call to the random generator, and (5 ⁇ . + 5) elementary operations (more precisely (2K + 4) "XOR”, (2K + 1 ) "AND” and K "left shifts”).
- a smart card includes information processing means or CPU 2, information storage means 3,4,5 of different types (RAM, EEPROM, ROM) , input / output means 6 allowing the card to cooperate with a card reader terminal, and a bus 7 allowing these different elements to interact with each other.
- the aforementioned conversion means, suitable for performing Boolean and arithmetic operations, include in particular at least one program stored in the information storage means 3,4,5.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02704839A EP1362451A1 (fr) | 2001-02-15 | 2002-02-14 | Procede de securisation d'un ensemble electronique mettant en oeuvre un algorithme cryptographique utilisant des operations booleennes et des operations arithmetiques, et systeme embarque correspondant |
US10/468,130 US7334133B2 (en) | 2001-02-15 | 2002-02-14 | Method for making a computer system implementing a cryptographic algorithm secure using Boolean operations and arithmetic operations and a corresponding embedded system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0102091A FR2820914A1 (fr) | 2001-02-15 | 2001-02-15 | Procede de securisation d'un ensemble electronique mettant en oeuvre en algorithme cryptographique utilisant des operations booleennes et des operations arithmetiques, et systeme embarque correspondant |
FR01/02091 | 2001-02-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002065692A1 true WO2002065692A1 (fr) | 2002-08-22 |
Family
ID=8860075
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2002/000579 WO2002065692A1 (fr) | 2001-02-15 | 2002-02-14 | Procede de securisation d'un ensemble electronique mettant en oeuvre un algorithme cryptographique utilisant des operations booleennes et des operations arithmetiques, et systeme embarque correspondant |
Country Status (4)
Country | Link |
---|---|
US (1) | US7334133B2 (fr) |
EP (1) | EP1362451A1 (fr) |
FR (1) | FR2820914A1 (fr) |
WO (1) | WO2002065692A1 (fr) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1596527A1 (fr) * | 2004-05-13 | 2005-11-16 | Giesecke & Devrient GmbH | Passage d'un masquage booléen à un masquage arithmétique |
WO2018162115A1 (fr) | 2017-03-06 | 2018-09-13 | Giesecke+Devrient Mobile Security Gmbh | Transition d'un masquage booléen à un masquage arithmétique |
DE102021003275B3 (de) | 2021-06-24 | 2022-07-14 | Giesecke+Devrient Mobile Security Gmbh | Verfahren zur Berechnung eines Übergangs von einer booleschen zu einer arithmetischen Maskierung |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100585119B1 (ko) * | 2004-01-07 | 2006-06-01 | 삼성전자주식회사 | 암호화 장치, 암호화 방법 및 그 기록매체 |
DE102004061312B4 (de) * | 2004-12-20 | 2007-10-25 | Infineon Technologies Ag | Vorrichtung und Verfahren zum Detektieren eines potentiellen Angriffs auf eine kryptographische Berechnung |
US8752032B2 (en) * | 2007-02-23 | 2014-06-10 | Irdeto Canada Corporation | System and method of interlocking to protect software-mediated program and device behaviours |
FR2924879B1 (fr) * | 2007-12-07 | 2009-12-18 | Sagem Securite | Procede de codage d'un secret forme par une valeur numerique |
KR101566408B1 (ko) * | 2009-03-13 | 2015-11-05 | 삼성전자주식회사 | 불 마스크와 산술 마스크의 변환 회로 및 변환 방법 |
US8615078B2 (en) * | 2009-08-21 | 2013-12-24 | Electronics And Telecommunications Research Institute | Method and apparatus for processing F-function in seed encryption system |
KR101334040B1 (ko) * | 2010-01-20 | 2013-11-28 | 한국전자통신연구원 | 대칭키 암호화 시스템의 마스킹 연산 방법 및 장치 |
FR2960728B1 (fr) * | 2010-05-26 | 2016-04-15 | Oberthur Technologies | Procede de determination d'une representation d'un produit et procede d'evaluation d'une fonction |
US8874607B2 (en) | 2010-08-17 | 2014-10-28 | Fujitsu Limited | Representing sensor data as binary decision diagrams |
US8572146B2 (en) | 2010-08-17 | 2013-10-29 | Fujitsu Limited | Comparing data samples represented by characteristic functions |
US8495038B2 (en) * | 2010-08-17 | 2013-07-23 | Fujitsu Limited | Validating sensor data represented by characteristic functions |
US8645108B2 (en) | 2010-08-17 | 2014-02-04 | Fujitsu Limited | Annotating binary decision diagrams representing sensor data |
US8583718B2 (en) | 2010-08-17 | 2013-11-12 | Fujitsu Limited | Comparing boolean functions representing sensor data |
US9138143B2 (en) | 2010-08-17 | 2015-09-22 | Fujitsu Limited | Annotating medical data represented by characteristic functions |
US8930394B2 (en) | 2010-08-17 | 2015-01-06 | Fujitsu Limited | Querying sensor data stored as binary decision diagrams |
US9002781B2 (en) | 2010-08-17 | 2015-04-07 | Fujitsu Limited | Annotating environmental data represented by characteristic functions |
KR20120070873A (ko) | 2010-12-22 | 2012-07-02 | 한국전자통신연구원 | 부채널 방지 마스킹 덧셈 연산 장치 |
US8909592B2 (en) | 2011-09-23 | 2014-12-09 | Fujitsu Limited | Combining medical binary decision diagrams to determine data correlations |
US8620854B2 (en) | 2011-09-23 | 2013-12-31 | Fujitsu Limited | Annotating medical binary decision diagrams with health state information |
US8812943B2 (en) * | 2011-09-23 | 2014-08-19 | Fujitsu Limited | Detecting data corruption in medical binary decision diagrams using hashing techniques |
US8719214B2 (en) | 2011-09-23 | 2014-05-06 | Fujitsu Limited | Combining medical binary decision diagrams for analysis optimization |
US9176819B2 (en) | 2011-09-23 | 2015-11-03 | Fujitsu Limited | Detecting sensor malfunctions using compression analysis of binary decision diagrams |
US8781995B2 (en) | 2011-09-23 | 2014-07-15 | Fujitsu Limited | Range queries in binary decision diagrams |
US9075908B2 (en) | 2011-09-23 | 2015-07-07 | Fujitsu Limited | Partitioning medical binary decision diagrams for size optimization |
US8838523B2 (en) | 2011-09-23 | 2014-09-16 | Fujitsu Limited | Compression threshold analysis of binary decision diagrams |
US9177247B2 (en) | 2011-09-23 | 2015-11-03 | Fujitsu Limited | Partitioning medical binary decision diagrams for analysis optimization |
EP2634953A1 (fr) | 2012-03-02 | 2013-09-04 | Gemalto SA | Procédé de contre-mesure contre l'analyse de canal latéral pour algorithmes cryptographiques utilisant des opérations booléennes et opérations arithmétiques |
TWI507989B (zh) * | 2013-08-08 | 2015-11-11 | Nat Univ Tsing Hua | 資源導向之嵌入式系統功率消耗分析方法 |
US9923719B2 (en) | 2014-12-09 | 2018-03-20 | Cryptography Research, Inc. | Location aware cryptography |
US10333699B1 (en) | 2015-09-30 | 2019-06-25 | Cryptography Research, Inc. | Generating a pseudorandom number based on a portion of shares used in a cryptographic operation |
US10871947B2 (en) | 2016-03-03 | 2020-12-22 | Cryptography Research, Inc. | Converting a boolean masked value to an arithmetically masked value for cryptographic operations |
FR3101983B1 (fr) * | 2019-10-11 | 2021-11-12 | St Microelectronics Grenoble 2 | Détermination d'un bit indicateur |
FR3101980B1 (fr) | 2019-10-11 | 2021-12-10 | St Microelectronics Grenoble 2 | Processeur |
FR3101982B1 (fr) | 2019-10-11 | 2024-03-08 | St Microelectronics Grenoble 2 | Détermination d'un bit indicateur |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6182216B1 (en) * | 1997-09-17 | 2001-01-30 | Frank C. Luyster | Block cipher method |
KR100373669B1 (ko) * | 1999-09-29 | 2003-02-26 | 가부시키가이샤 히타치세이사쿠쇼 | 비밀 정보의 처리 장치, 비밀 정보의 처리 프로그램을 기록한 기록 매체 및 처리 시스템 |
-
2001
- 2001-02-15 FR FR0102091A patent/FR2820914A1/fr active Pending
-
2002
- 2002-02-14 EP EP02704839A patent/EP1362451A1/fr not_active Withdrawn
- 2002-02-14 US US10/468,130 patent/US7334133B2/en not_active Expired - Fee Related
- 2002-02-14 WO PCT/FR2002/000579 patent/WO2002065692A1/fr not_active Application Discontinuation
Non-Patent Citations (2)
Title |
---|
CORON J-S ET AL: "ON BOOLEAN AND ARITHMETIC MASKING AGAINST DIFFERENTIAL POWER ANALYSIS", CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS. INTERNATIONAL WORKSHOP, CHES 2000, 17 August 2000 (2000-08-17), WORCESTER (US), pages 231 - 237, XP000989986 * |
GOUBIN L: "A SOUND METHOD FOR SWITCHING BETWEEN BOOLEAN AND ARITHMETIC MASKING", CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS. 3RD INTERNATIONAL WORKSHOP, CHES 2001, PARIS, FRANCCE, MAY 14 - 16, 2001 PROCEEDINGS, LECTURE NOTES IN COMPUTER SCIENCE, BERLIN: SPRINGER, DE, vol. 2162, 14 May 2001 (2001-05-14), pages 3 - 15, XP008002644, ISBN: 3-540-42521-7 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1596527A1 (fr) * | 2004-05-13 | 2005-11-16 | Giesecke & Devrient GmbH | Passage d'un masquage booléen à un masquage arithmétique |
WO2018162115A1 (fr) | 2017-03-06 | 2018-09-13 | Giesecke+Devrient Mobile Security Gmbh | Transition d'un masquage booléen à un masquage arithmétique |
DE102021003275B3 (de) | 2021-06-24 | 2022-07-14 | Giesecke+Devrient Mobile Security Gmbh | Verfahren zur Berechnung eines Übergangs von einer booleschen zu einer arithmetischen Maskierung |
WO2022268364A1 (fr) | 2021-06-24 | 2022-12-29 | Giesecke+Devrient Mobile Security Gmbh | Procédé de calcul d'une transition d'un masquage booléen à un masquage arithmétique |
Also Published As
Publication number | Publication date |
---|---|
US20040139136A1 (en) | 2004-07-15 |
FR2820914A1 (fr) | 2002-08-16 |
EP1362451A1 (fr) | 2003-11-19 |
US7334133B2 (en) | 2008-02-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2002065692A1 (fr) | Procede de securisation d'un ensemble electronique mettant en oeuvre un algorithme cryptographique utilisant des operations booleennes et des operations arithmetiques, et systeme embarque correspondant | |
Coron et al. | On boolean and arithmetic masking against differential power analysis | |
JP4632950B2 (ja) | 個人鍵を用いた耐タンパ暗号処理 | |
Goubin | A sound method for switching between boolean and arithmetic masking | |
Standaert et al. | An overview of power analysis attacks against field programmable gate arrays | |
US10361854B2 (en) | Modular multiplication device and method | |
JP5823639B2 (ja) | ブール演算および算術演算を用いる暗号アルゴリズムへのサイドチャネル解析に対する対策方法 | |
Mather et al. | Multi-target DPA attacks: Pushing DPA beyond the limits of a desktop computer | |
US20070064930A1 (en) | Modular exponentiation with randomized exponent | |
CN101006677A (zh) | 用于实施加密运算的方法和装置 | |
CN111817842B (zh) | 一种针对rsa-crt运算的能量分析攻击测试装置和方法 | |
WO2002088933A1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme cryptographique du type a cle publique sur une courbe elliptique | |
Roelofs et al. | Online template attack on ECDSA: Extracting keys via the other side | |
Hanley et al. | Unknown plaintext template attacks | |
US7123717B1 (en) | Countermeasure method in an electronic component which uses an RSA-type public key cryptographic algorithm | |
Kim et al. | Practical second‐order correlation power analysis on the message blinding method and its novel countermeasure for RSA | |
Gaspar et al. | Hardware implementation and side-channel analysis of lapin | |
You et al. | Low trace-count template attacks on 32-bit implementations of ASCON AEAD | |
EP1198921A2 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle secrete | |
WO2006067057A1 (fr) | Procede d'exponentiation securisee et compacte pour la cryptographie | |
Park et al. | An improved side channel attack using event information of subtraction | |
JP2002529777A (ja) | 秘密鍵式暗号化アルゴリズムを利用する電子構成部品内の対抗措置方法 | |
Schramm et al. | Embedded cryptography: Side channel attacks | |
Yen et al. | Improvement on Ha-Moon randomized exponentiation algorithm | |
US20040179680A1 (en) | Method for encrypting a calculation using a modular function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002704839 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002704839 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10468130 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |