WO2002086846A1 - Chiffrement / dispositif de dechiffrement, chiffrement / procede de dechiffrement, procede de chiffrement de donnees et carte a circuit integre - Google Patents

Chiffrement / dispositif de dechiffrement, chiffrement / procede de dechiffrement, procede de chiffrement de donnees et carte a circuit integre Download PDF

Info

Publication number
WO2002086846A1
WO2002086846A1 PCT/JP2002/002064 JP0202064W WO02086846A1 WO 2002086846 A1 WO2002086846 A1 WO 2002086846A1 JP 0202064 W JP0202064 W JP 0202064W WO 02086846 A1 WO02086846 A1 WO 02086846A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
circuit
transposition
signal
output
Prior art date
Application number
PCT/JP2002/002064
Other languages
English (en)
Japanese (ja)
Inventor
Masatoshi Takahashi
Original Assignee
Renesas Technology Corp.
Hitachi Ulsi Systems Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renesas Technology Corp., Hitachi Ulsi Systems Co., Ltd. filed Critical Renesas Technology Corp.
Publication of WO2002086846A1 publication Critical patent/WO2002086846A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Definitions

  • Encryption / decryption device Encryption / decryption device, encryption / decryption method, data encryption method, and Ic card
  • the present invention relates to an encryption / decryption device, an encryption / decryption method, a data encryption method, and an IC card.
  • a cryptographic key including a CPU and memory like a chip microcomputer
  • DES Data Encryption Standard
  • IP transposition (replacement of signals)
  • IP 1 data is divided into upper and lower 3 bits each, and transposition and substitution processing is repeated 16 times. Integrating upper and lower respectively 3 2-bit data to the end, performs permutation called IP 1, to obtain the ciphertext.
  • IP transposition and substitution processing
  • IP 1 Integrating upper and lower respectively 3 2-bit data to the end, performs permutation called IP 1, to obtain the ciphertext.
  • IP 1 permutation
  • key scheduling differs between encryption and decryption. The details of the key scheduling part are omitted, but 48-bit key scheduling data is output to each stage based on the key data.
  • the normal DES algorithm always performs the same internal operation on the same plaintext.
  • D Easy statistical processing by PA Different Power Analysis
  • the current consumption waveform is statistically processed to estimate the encryption key. I do. This process is repeated while changing the encryption key in various ways, and when the key is correct, the current waveform shows a large peak.
  • Japanese Patent Application Laid-Open No. 2000-066585 discloses an example of a countermeasure against the above-mentioned DPA decoding by DPA. According to the technology described in this publication, a pair of a mask a pattern and a bit-reversed mask pattern is provided, and each time encryption is performed, one of the pairs is randomly selected by a switch, and the result is written in plaintext inside the device. It masks the dependent bits and removes the effect of the mask a from the ciphertext by P before outputting the ciphertext.
  • the original data is masked, and the mask is released immediately before inputting to each S box.
  • this mask is released, there is a possibility that it will be decrypted by DPA, so the mask is released immediately before input to S box, input to S box with original data after unmasking, and mask of output from S box
  • the operation is calculated in advance, stored as a table, and the calculation result is obtained by referring to the table.Therefore, the calculation of the exclusive OR for masking and the calculation of the exclusive OR for masking are performed. It is explained that it could not be decrypted by DPA because it would not be confused.
  • the calculation of the exclusive OR is stored in advance as a table, and the bits corresponding to the original data are set in order to sufficiently exert the function of the mask. Since the number of combinations is enormous, the circuit size of the table (storage circuit) that stores the operation results corresponding to the masks composed of such enormous combinations is large. It will be sharp.
  • the present invention provides an encryption / decryption device that realizes stable security enhancement with a simple configuration. It aims to provide an encryption / decryption method and an IC card.
  • the input selection circuit randomly fetches either the non-inverted data corresponding to the processing unit data of the plaintext data or the ciphertext or the inverted data of all the bits, and passes the data through the input selection circuit.
  • the transposition is transmitted to the non-inverted data transposition corresponding to the non-inverted data and the positive scrambling circuit for performing the substitution processing and the transposition corresponding to the inverted data and the negative scrambling circuit performing the substitution processing, and the output selection circuit performs the positive scrambling.
  • One of the output signals transposed and replaced by the negative scramble circuit or the negative scramble circuit is taken out in accordance with the selection operation of the input selection circuit, and the output circuit outputs the output signal in the positive scramble circuit and the negative scramble circuit. Transpose multiple times ⁇ Finally transpose the result of substitution to obtain ciphertext or plaintext data.
  • Processing unit data of plaintext data or ciphertext Either the non-inverted data corresponding to the evening or the inverted data of all the bits thereof is taken in at random, and the data is transposed / substituted according to the non-inverted data.
  • Processing and negative scramble signal processing for performing transposition and substitution processing corresponding to the above inverted data processing are performed in parallel, and one of the corresponding output signals is selected as data in the first signal processing.
  • the extraction operation corresponding to the operation is performed a plurality of times, and the result of the last transposition / substitution is used as encrypted data or decrypted data.
  • FIG. 1 is a schematic block diagram showing an embodiment of an encryption / decryption device, an encryption / decryption method, and a DS encryption coprocessor adapted to an IC card according to the present invention
  • FIG. 2 is a configuration diagram for explaining the algorithm of the DES encryption used in the present invention.
  • FIG. 3 is a block diagram for explaining the operation part in the algorithm of the DESS ⁇ used in the present invention.
  • FIG. 4 is a configuration diagram for explaining the inside of S B ⁇ X in the algorithm of the DES encryption used in the present invention.
  • FIG. 5 is an explanatory diagram of an example of S 1 in how to create S BO X in the algorithm of the D E S B notation used in the present invention
  • FIG. 6 is an explanatory diagram for logically explaining how to make the SBOX according to the present invention using S1 as an example.
  • FIG. 7 is an explanatory diagram for logically explaining another example of how to make the SBOX according to the present invention, taking S1 as an example,
  • FIG. 8 shows an embodiment of the basic structure (transposed part of plaintext transposition) for explaining the encryption / decryption device and the encryption / decryption method according to the present invention.
  • FIG. 9 is a block diagram for explaining another embodiment of the encryption / decryption device and the input selection circuit in the encryption / decryption method according to the present invention.
  • FIG. 10 is a block diagram for explaining the data flow of the operation / data inversion portion in the encryption / decryption device and the encryption / decryption method according to the present invention
  • FIG. 11 is a block diagram for explaining the data flow of the SB0X output selection part in the encryption / decryption device and the encryption / decryption method according to the present invention
  • FIG. 11 is a block diagram showing an embodiment of an encryption / decryption device and a circuit for forming a selection signal for inversion / non-inversion of data in an encryption / decryption method according to the present invention.
  • FIG. 13 is a block diagram showing one embodiment of a 0 Z 1 ratio correction circuit used in the present invention.
  • FIG. 14 is an external view showing an embodiment of the IC card according to the present invention.
  • FIG. 15 is a schematic block diagram showing an embodiment of an IC card chip (microcomputer) mounted on the IC card according to the present invention.
  • FIG. 1 shows an outline of an embodiment of an encryption / decryption device, an encryption / decryption method, and a DES encryption coprocessor adapted to an IC card according to the present invention.
  • An internal operation signal 3 is obtained by adding a sign bit 1 of 1 bit to a plaintext signal (data) 1 in the DES encryption coprocessor.
  • the code bit is "0"
  • the plaintext signal indicates positive (the signal value is the plaintext value itself).
  • the sign bit is "1”
  • all bits of the internal operation signal are inverted by exclusive OR 5 with the inversion random number signal 4 for each operation.
  • Two types of scramble circuits 6 for the positive signal and 2 for the negative signal, are provided separately, and the output signal of the positive signal 6 and the negative signal 7 are selected using the selector 8 according to the value of the sign bit 2. select. After 16 repetitive operations in such a circuit, an exclusive OR 9 is placed before the output of the encrypted data, and if the sign bit 2 is "1", the encrypted data is inverted.
  • FIG. 2 is a configuration diagram for explaining an algorithm of the DES encryption, which is an encryption method processed by the present cryptographic coprocessor.
  • the DES encryption / decryption operation uses 64 bits of plaintext (data to be encrypted).
  • the DES algorithm can be roughly divided into plaintext data flow and key data flow.
  • the plaintext data flow after performing the initial transposition (signal exchange) called IP, the data is divided into 32 bits for each of the upper and lower bits, and the transposition and substitution processing shown in Fig. 3 is performed. 1 Repeat 6 times. Integrating upper and lower respectively 3 2-bit data to the end, performs permutation called IP 1, to obtain the ciphertext.
  • DES encryption and decryption can be realized by the same process.
  • key scheduling differs between encryption and decryption.
  • the 16-time repetition operation shown in Fig. 3 consists of transposition, exclusive OR operation, and substitution processing called SBOX.
  • SB OX is a 48-bit input and 32-bit output conversion process based on a conversion table.
  • the conversion table of SBOX is defined in FIPS-46, ANSI-80, and ISO.
  • the inside of the SBOX is divided into eight substitution processing sections S1 to S8. Each substitution process is 6 bits input and 4 bits output.
  • DPA attack is an analysis method that estimates the value of the encryption key from the current consumption waveform of the chip.
  • the attacker first gives the chip plaintext data and measures the current consumption waveform when processing the data. Next, assuming (part of) the value of the secret key stored in the chip, the prediction of the change in the signal line of interest (a slight increase in the current consumption) is applied to the actual current consumption waveform. If the assumed key is correct, the increase in current consumption will be amplified and peaked.
  • DES encryption is an algorithm originally designed to be easily implemented in hardware. Therefore, when designing hardware for DES encryption, all products have a similar internal structure. This facilitates analysis with DPA.
  • SB OX has different conversion tables for inverted data and non-inverted data
  • S BOX is prepared.
  • the sign bit selects whether to use SBOX or SBOX-BAR. In other words, the output signal of one of the two SBOX and SBOX-BAR is taken out as valid.
  • Fig. 5 shows the substitution structure of S1 based on the DES standard.
  • the horizontal direction is a number represented by 4 bits out of 6 bits (0 to 5)
  • the vertical direction is the remaining 2 bits of input (0 to 3)
  • the written number is Represents the output 4 bits (0 to 15) for that input.
  • the inverted data S1 BAR is logically created by inverting both the input and output of S1 as shown in Fig. 6 (b).
  • Fig. 5 (b) shows the substitution of S1-BAR.
  • FIG. 5 (a) “14” in the upper left represents the output value when the input is “0000 000”.
  • the S 1—BAR corresponding to this output corresponds to “1”, which is the inverted version of “14”, in the lower right of FIG. 5 (b) (corresponding to the input “1 1 1 1 1”).
  • FIG. 8 is a block diagram showing one embodiment of a basic structure (transposed part of plaintext transposition processing) for explaining the encryption / decryption device and the zero-code / decryption method according to the present invention.
  • IP, IP- 1 and key scheduling are the same as the basic algorithm of DES described with reference to FIGS. 2 to 4, and therefore description thereof is omitted.
  • the portion represented by A is a portion for randomly determining whether or not the operation data is inverted in FIG. 1, and the portion represented by B is a portion for selecting the outputs of two SB ⁇ X. .
  • FIG. 8 is a block diagram showing one embodiment of a basic structure (transposed part of plaintext transposition processing) for explaining the encryption / decryption device and the zero-code / decryption method according to the present invention.
  • IP, IP- 1 and key scheduling are the same as the basic algorithm of DES described with reference to FIGS. 2 to 4, and therefore description thereof is omitted.
  • the portion represented by A is a portion
  • an equivalent circuit can be formed by using an exclusive OR that commonly receives a 1-bit selection signal. That is, if the selection signal is logic 0, the 33-bit input data including the sign bit is output as it is, and if the selection signal is logic 1, the 33-bit input signal is inverted and output. Regardless of the case where the inverter circuit and the multiplexer are used as shown in FIG. 8 or the case where an exclusive OR circuit is used as shown in FIG. There is no big difference in choosing either one because it can be composed of the same circuit elements.
  • FIG. 10 is a block diagram for explaining the data flow of the operation data inversion portion.
  • FIG. 10 (a) shows the operation when the value of the selection signal, that is, the value of the random number signal for determining the inversion / non-inversion of the data is "0".
  • FIG. 10 (b) shows the operation when the selection signal is "1". If the data coming from the previous stage is M, when the selection signal is "0", As shown in Fig. 10 (a), M is selected as the data that enters the enlarged transposition E. When the selection signal is "1", as shown in FIG. 10 (b), MB (8 is the inverted signal of FIG. 10 (b)) as the data to enter into the enlarged transposition E. ) Is selected.
  • E (MB) is equal to E (M) B because the extended transpose E is a signal reordering process.
  • the output of the expanded transposition E with respect to M is an inverted value of E (M) when the selection signal is “0”, and E (M) when the selection signal is “1”.
  • FIG. 11 is a block diagram for explaining the data toughness of the SBOX output selection portion.
  • the output is selected by the sign bit of the data entering the SBOX.
  • Fig. 11 (a) when the data input to the SBOX is X (code signal-"0"), the output of the SBOX for non-inverted data is selected.
  • FIG. 12 is a block diagram showing one embodiment of a circuit for forming a selection signal for inverted Z non-inverted data.
  • an asynchronous oscillation signal of a random number generator mounted on an IC card is used as a selection signal.
  • the output of the asynchronous oscillation signal is biased by temperature and voltage, it is used after passing through the correction circuit. With the correction circuit, even if the asynchronous oscillation signal skips to 0 or 1, a signal with a ratio of 0/1 close to 50% can be used as a selection signal.
  • FIG. 13 is a block diagram showing one embodiment of the 0/1 ratio correction circuit used in the present invention.
  • eight stages of shift registers are connected in a ring.
  • An exclusive OR of the output signal of the first stage circuit B1 of the shift register and the output signal of the last stage B8 is taken to the input signal and Is done.
  • the output signal of the second stage B2 is exclusive ORed with the output of the asynchronous oscillation signal supplied from the random number generator, and is used as the input signal of the third stage B3.
  • the information is sequentially transmitted from the third stage B3 to the last stage B8.
  • the output signal of the sixth stage B6 is used as the selection signal.
  • the bits stored in the shift registers B2 to B8 successively have the same value, the bits are appropriately inverted by an exclusive OR process in B1, and a random number generator is used. Even if the asynchronous oscillation signal from is continuously biased to logic 0 or 1, the occurrence ratio of logic 0 and logic 1 is reduced by 50% by appropriately inverting between shift stages B2 and B3. It is to be corrected every time.
  • the inversion / non-inversion selection signal that determines the DPA resistance.
  • the DPA measures the current consumption waveform when processing data and searches for peaks by a statistical method.Therefore, by setting the above 0/1 appearance ratio to 50%, Since the current consumption in the statistical processing is averaged and the peak disappears, it becomes difficult to decode by such DPA.
  • a sign bit is added to the plaintext data so that it has both positive and negative states. Data is changed randomly for each code at the time of repeated operation in encryption.
  • Operations that are not affected by the sign are performed without regard to the sign.
  • operations that are affected by the sign eg, operations using a conversion table
  • a positive operation circuit and a negative operation circuit are provided, and a mechanism is used to select the output of the operation circuit according to the data sign.
  • the cryptographic operation time does not increase.
  • FIG. 14 is an external view of an embodiment of an IC card to which the present invention is applied.
  • the IC card has a card 101 made of a plastic case, and a chip for IC chip consisting of a one-chip microcomputer (not shown) mounted inside the card 101.
  • the IC card further has a plurality of contacts (electrodes) 10 connected to external terminals of the IC card chip.
  • the plurality of contacts 102 are connected to a power supply terminal VCC, a power supply reference potential terminal VSS, a reset input terminal RES bar, a clock terminal CLK, and a data terminal I / 0-1 as described later with reference to FIG. / 1 RQ bar, I / O-2 / 1 RQ bar.
  • FIG. 15 is a schematic block diagram of one embodiment of an IC card chip (microcomputer) mounted on the IC card according to the present invention.
  • Each circuit block shown in the figure is formed on a single semiconductor substrate such as single crystal silicon, although not particularly limited by a known MOS integrated circuit manufacturing technique.
  • the configuration of the IC card chip according to the present invention is basically the same as that of the microcomputer. Its configuration consists of a clock generation circuit, a central processing unit (hereinafter simply referred to as CPU), storage devices such as ROM (Read Only Memory), RAM (Random Access Memory), and non-volatile memory (EEPR ⁇ M), encryption and Coprocessor that performs the operation of decryption processing (encryption It consists of a 'decryption device', input / output ports (I / O ports), etc.
  • CPU central processing unit
  • storage devices such as ROM (Read Only Memory), RAM (Random Access Memory), and non-volatile memory (EEPR ⁇ M)
  • encryption and Coprocessor that performs the operation of decryption processing (encryption It consists of a 'decryption device', input / output ports (I / O ports), etc.
  • the clock generation circuit receives an external clock CLK supplied from a reader / writer (external coupling device) (not shown) via the contact 102 in FIG. 1, forms a system clock signal synchronized with the external clock signal, and generates the system clock signal.
  • This is a circuit to be supplied inside the chip.
  • the CPU 201 is a device that performs a logical operation, an arithmetic operation, and the like, and controls a system control logic, a random number generator, a security logic, a timer, and the like.
  • Storage devices such as RAM, ROM, and EEPROM are devices for storing program data.
  • the coprocessor is composed of a circuit adapted to the DES diacritic system as described above.
  • the IZO (input / output) port is a device that communicates with the reader / writer.
  • the data bus and the address bus are buses that interconnect each device.
  • the ROM is a memory in which stored contents are fixed in a nonvolatile manner, and is a memory mainly for storing programs.
  • Volatile memory (hereinafter referred to as RAM) is a memory in which stored information can be freely rewritten. However, when power supply is interrupted, the stored content is lost. If the IC card is removed from the reader / writer, the power supply will be interrupted, and the contents of the RAM will not be retained.
  • EE PROM Electrical Erasable Programmable Read Only Memory
  • EE PROM Electrical Erasable Programmable Read Only Memory
  • This EEPROM is used to store data that needs to be rewritten and that should be retained even if the IC card is removed from the reader / writer. For example, when an IC card is used as a prepaid card, the frequency of the prepaid card is rewritten each time the card is used. In this case, the frequency, etc. Even if it is stored, it must be stored in the IC card, so it is stored in the EEPROM.
  • the CPU is configured similarly to a so-called microprocessor. That is, although not shown in detail, an instruction register therein, an instruction register, a micro instruction ROM for decoding various instructions written in the instruction register, and various micro instructions or control signals, an arithmetic circuit, a general-purpose register, etc. (Such as RG6) and an input / output circuit such as a bus driver and a bus receiver connected to the internal bus BUS.
  • the CPU reads an instruction stored in a ROM or the like and performs an operation corresponding to the instruction.
  • the CPU fetches external data input via the I / O port, reads data such as instructions from ROM and fixed data necessary for executing instructions, and reads data from RAM and EE PROM. It controls evening writing and reading operations.
  • the CPU receives a system clock signal generated from a clock generation circuit and operates with an operation timing and a period determined by the system clock signal.
  • the main part of the CPU is composed of a CMOS circuit consisting of a P-channel MOSFET and an N-channel MOSFET.
  • the CPU includes a CM0S scanning circuit capable of static operation such as a CMOS static flip-flop, a precharge of a charge to a signal output node and a signal to a signal output node. And a CM 0 S dynamic circuit that performs output in synchronization with a system clock signal.
  • the coprocessor adds a code bit to the plaintext data to be handled internally, so that it has both a positive / negative state.
  • Data is changed randomly for each code at the time of repeated operation in encryption.
  • Operations that are not affected by the sign (such as exclusive OR) are performed without regard to the sign.
  • Operations that are affected by the sign (such as operations using a conversion table)
  • An operation circuit for the operation and an operation circuit for the negative are prepared, and a mechanism is used to select the output of the operation circuit according to the sign of the data.
  • the IC card of this embodiment also employs a disturbing method in which the contents of internal processing are different each time a calculation is performed, so that the time required for one calculation is the same as when no countermeasure is taken, so that high-speed data processing is possible. It is possible, and since the DPA countermeasures are incorporated in the hardware, there is no need for the CPU to perform extra operations for the DPA countermeasures, so that no extra load is imposed on the user.
  • the input selection circuit randomly fetches either the non-inverted data corresponding to the processing unit data of the plaintext data or the ciphertext or the inverted data of all the bits, and the input selecting circuit
  • the data passed to the transposition and non-inversion data corresponding to the non-inverted data is transmitted to the positive scramble circuit that performs the transposition processing and the transposition and the negative scramble circuit that performs the substitution processing corresponding to the inverted data.
  • One of the output signals transposed / substituted by the input scrambling circuit or the negative scrambling circuit is taken out in accordance with the selection operation of the input selection circuit, and the output scrambling circuit and the negative scrambling circuit are output by the output circuit. Transpose multiple times at the same time ⁇
  • a code bit is added to the plaintext data or ciphertext, and a randomly generated selection signal is supplied to the input selection circuit, and the signal including the code bit is not inverted.
  • the above sign bit is separated and The data is transposed / substituted by the positive scramble circuit and the negative scramble circuit, and the non-inverted data or the non-inverted data captured by the input select circuit by controlling the output select circuit using the separated code bits is controlled.
  • the IC card may include a single semiconductor integrated circuit device or a plurality of semiconductor integrated circuit devices.
  • the microcomputer on which the encryption / decryption device is mounted is not only formed on a single semiconductor integrated circuit device, but also includes a CPU and its peripheral circuits composed of multiple chips, mounted on a single module substrate. It may be made of.
  • the microphone port computer may be of any type as long as it includes a data processing device and a ROM in which a data processing procedure by the data processing device is written, and performs a data input / output operation in accordance with the data processing procedure.
  • a data processing device and a ROM in which a data processing procedure by the data processing device is written, and performs a data input / output operation in accordance with the data processing procedure.
  • ROM read-only memory
  • the present invention can be widely used in various IC microcomputers requiring an encryption / decryption device, an encryption / decryption method, a data encryption method, and confidentiality protection.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)
  • Storage Device Security (AREA)

Abstract

Selon cette invention, un traitement de signal d'embrouillage positif, dans lequel soit des données non inversées correspondant aux données de l'unité de traitement sur texte en clair ou chiffré, soit les données inversées sur tous les bits sont capturées de façon aléatoire et soumises à une transposition/substitution correspondant aux données non inversées, et un traitement de signal d'embrouillage négatif, dans lequel la transposition/substitution correspondant aux données inversées est effectuée, sont conduits en parallèle. La capture des signaux de sortie correspondant aux traitements respectifs, en réponse à la sélection de données dans le premier traitement de signal, est répétée plusieurs fois et les résultats de la transposition/substitution finale sont utilisés en tant que données chiffrées ou déchiffrées.
PCT/JP2002/002064 2001-04-16 2002-03-06 Chiffrement / dispositif de dechiffrement, chiffrement / procede de dechiffrement, procede de chiffrement de donnees et carte a circuit integre WO2002086846A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2001116254A JP3844116B2 (ja) 2001-04-16 2001-04-16 暗号化・復号化装置とicカード
JP2001-116254 2001-04-16

Publications (1)

Publication Number Publication Date
WO2002086846A1 true WO2002086846A1 (fr) 2002-10-31

Family

ID=18967016

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2002/002064 WO2002086846A1 (fr) 2001-04-16 2002-03-06 Chiffrement / dispositif de dechiffrement, chiffrement / procede de dechiffrement, procede de chiffrement de donnees et carte a circuit integre

Country Status (2)

Country Link
JP (1) JP3844116B2 (fr)
WO (1) WO2002086846A1 (fr)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4357815B2 (ja) 2002-09-11 2009-11-04 株式会社東芝 暗号演算回路
JP4588969B2 (ja) * 2002-10-29 2010-12-01 三菱電機株式会社 セキュア装置
JP2005031471A (ja) * 2003-07-07 2005-02-03 Sony Corp 暗号処理装置、および暗号処理方法
JP3998616B2 (ja) * 2003-09-10 2007-10-31 株式会社東芝 暗号化/復号モジュール
JP4565314B2 (ja) * 2004-03-12 2010-10-20 ソニー株式会社 信号処理回路および方法
JP4589327B2 (ja) 2004-07-07 2010-12-01 三菱電機株式会社 電子素子及びデータ処理方法
JP2006025366A (ja) * 2004-07-09 2006-01-26 Sony Corp 暗号化装置及び半導体集積回路
JP2006054568A (ja) * 2004-08-10 2006-02-23 Sony Corp 暗号化装置、復号化装置、および方法、並びにコンピュータ・プログラム
JP4529719B2 (ja) * 2005-02-16 2010-08-25 ソニー株式会社 信号処理回路
JP4936996B2 (ja) * 2007-05-24 2012-05-23 株式会社東芝 非線形データ変換器、暗号化装置、および復号装置
JP5354914B2 (ja) * 2008-01-18 2013-11-27 三菱電機株式会社 暗号処理装置及び復号処理装置及びプログラム
JP5146156B2 (ja) * 2008-06-30 2013-02-20 富士通株式会社 演算処理装置
EP2180631A1 (fr) * 2008-10-24 2010-04-28 Gemalto SA Protections contre les défauts d'algorithmes cryptographiques
JP5206866B2 (ja) 2009-03-30 2013-06-12 富士通株式会社 光伝送システム及び光伝送方法
WO2013190782A1 (fr) * 2012-06-22 2013-12-27 日本電気株式会社 Circuit de traitement de cryptage et circuit de traitement de décryptage

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0433020A (ja) * 1990-05-24 1992-02-04 Nec Corp 機密保持機能を備えた半導体集積回路
JP2000066585A (ja) * 1998-08-20 2000-03-03 Toshiba Corp 暗号化・復号装置、暗号化・復号方法、およびそのプログラム記憶媒体
JP2000165375A (ja) * 1998-11-30 2000-06-16 Hitachi Ltd 情報処理装置、icカード

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0433020A (ja) * 1990-05-24 1992-02-04 Nec Corp 機密保持機能を備えた半導体集積回路
JP2000066585A (ja) * 1998-08-20 2000-03-03 Toshiba Corp 暗号化・復号装置、暗号化・復号方法、およびそのプログラム記憶媒体
JP2000165375A (ja) * 1998-11-30 2000-06-16 Hitachi Ltd 情報処理装置、icカード

Also Published As

Publication number Publication date
JP3844116B2 (ja) 2006-11-08
JP2002311826A (ja) 2002-10-25

Similar Documents

Publication Publication Date Title
US6691921B2 (en) Information processing device
US8332634B2 (en) Cryptographic systems for encrypting input data using an address associated with the input data, error detection circuits, and methods of operating the same
US8428251B2 (en) System and method for stream/block cipher with internal random states
US7659837B2 (en) Operation processing apparatus, operation processing control method, and computer program
KR20020085753A (ko) 반도체 집적 회로 및 집적 회로 카드의 보안성 보호 방법
JP4960044B2 (ja) 暗号処理回路及びicカード
WO2002086846A1 (fr) Chiffrement / dispositif de dechiffrement, chiffrement / procede de dechiffrement, procede de chiffrement de donnees et carte a circuit integre
CN106487497B (zh) 对rijndael算法的dpa保护
EP2190143A1 (fr) Appareil de traitement cryptographique incorporant un mécanisme de résistance à l'analyse de consommation en courant
US7454017B2 (en) Information processing unit
CN106487498B (zh) 电子电路对边信道攻击的抵抗的检验
CN106487499B (zh) Rijndael算法的保护
Paar et al. The data encryption standard (DES) and alternatives
US10389530B2 (en) Secure method for processing content stored within a component, and corresponding component
JP3586475B2 (ja) 擬似乱数列の発生方法および回路装置
JP2007328789A (ja) 入力データに関するアドレスを使用して入力データを符号化するための暗号システム、エラー検出回路、及びそれの動作方法
KR100456599B1 (ko) 병렬 디이에스 구조를 갖는 암호 장치
KR20040038777A (ko) 데이터 암호화 방법
EP2413305B1 (fr) Dispositif et procédé de traitement de données
JP2005149262A (ja) 情報処理装置
JP2007067942A (ja) Icカード、および、icカード用プログラム
JP2006025366A (ja) 暗号化装置及び半導体集積回路
Panato et al. An IP of an Advanced Encryption Standard for Altera/spl trade/devices
Savitha et al. Implementation of AES algorithm to overt fake keys against counter attacks
WO2004105306A1 (fr) Procede et appareil pour une implementation de la fonction d'extension de cle a faible utilisation de l'espace memoire

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CN KR SG US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase