WO2003023605A3 - Vorrichtung und verfahren zum berechnen eines ergebnisses einer modularen exponentiation - Google Patents

Vorrichtung und verfahren zum berechnen eines ergebnisses einer modularen exponentiation Download PDF

Info

Publication number
WO2003023605A3
WO2003023605A3 PCT/EP2002/009405 EP0209405W WO03023605A3 WO 2003023605 A3 WO2003023605 A3 WO 2003023605A3 EP 0209405 W EP0209405 W EP 0209405W WO 03023605 A3 WO03023605 A3 WO 03023605A3
Authority
WO
WIPO (PCT)
Prior art keywords
result
rsa
calculating
auxiliary
modular exponentiation
Prior art date
Application number
PCT/EP2002/009405
Other languages
English (en)
French (fr)
Other versions
WO2003023605A2 (de
Inventor
Jean-Pierre Seifert
Joachim Velten
Original Assignee
Infineon Technologies Ag
Jean-Pierre Seifert
Joachim Velten
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infineon Technologies Ag, Jean-Pierre Seifert, Joachim Velten filed Critical Infineon Technologies Ag
Priority to EP02797920A priority Critical patent/EP1423786A2/de
Publication of WO2003023605A2 publication Critical patent/WO2003023605A2/de
Priority to US10/789,373 priority patent/US7248700B2/en
Publication of WO2003023605A3 publication Critical patent/WO2003023605A3/de

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/723Modular exponentiation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7233Masking, e.g. (A**e)+r mod n
    • G06F2207/7242Exponent masking, i.e. key masking, e.g. A**(e+r) mod n; (k+r).P
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7233Masking, e.g. (A**e)+r mod n
    • G06F2207/7247Modulo masking, e.g. A**e mod (n*r)
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7271Fault verification, e.g. comparing two values which should be the same, unless a computational fault occurred

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Bei einer Vorrichtung zum Berechnen eines Ergebnisses einer modularen Exponentiation wird der chinesische Restsatz (CRT) verwendet, bei dem unter Verwendung von zwei Hilfsexponenten und zwei Untermodulen zwei Hilfs-Exponentiationen berechnet werden. Um die Sicherheit der RSA-CRT-Berechnung gegenüber kryptographischen Attacken zu verbessern, wird eine Randomisierung der Hilfs-Exponenten und/oder eine Veränderung der Untermodule durchgeführt. Damit ist eine sichere RSA-Entschlüsselung bzw. RSA-Verschlüsselung mittels des rechenzeiteffizienten chinesischen Restsatzes gegeben.
PCT/EP2002/009405 2001-09-06 2002-08-22 Vorrichtung und verfahren zum berechnen eines ergebnisses einer modularen exponentiation WO2003023605A2 (de)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP02797920A EP1423786A2 (de) 2001-09-06 2002-08-22 Vorrichtung und verfahren zum berechnen eines ergebnisses einer modularen exponentiation
US10/789,373 US7248700B2 (en) 2001-09-06 2004-02-27 Device and method for calculating a result of a modular exponentiation

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10143728.5 2001-09-06
DE10143728A DE10143728B4 (de) 2001-09-06 2001-09-06 Vorrichtung und Verfahren zum Berechnen eines Ergebnisses einer modularen Exponentiation

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US10/789,373 Continuation US7248700B2 (en) 2001-09-06 2004-02-27 Device and method for calculating a result of a modular exponentiation

Publications (2)

Publication Number Publication Date
WO2003023605A2 WO2003023605A2 (de) 2003-03-20
WO2003023605A3 true WO2003023605A3 (de) 2004-04-01

Family

ID=7697946

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2002/009405 WO2003023605A2 (de) 2001-09-06 2002-08-22 Vorrichtung und verfahren zum berechnen eines ergebnisses einer modularen exponentiation

Country Status (5)

Country Link
US (1) US7248700B2 (de)
EP (1) EP1423786A2 (de)
CN (1) CN1554047A (de)
DE (1) DE10143728B4 (de)
WO (1) WO2003023605A2 (de)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2830146B1 (fr) * 2001-09-24 2003-10-31 Gemplus Card Int Procede de mise en oeuvre, dans un composant electronique, d'un algorithme de cryptographie et composant correspondant
DE10222212A1 (de) 2002-05-16 2003-12-04 Giesecke & Devrient Gmbh Ausspähungsgeschützte modulare Inversion
WO2004032411A1 (de) * 2002-09-11 2004-04-15 Giesecke & Devrient Gmbh Geschützte kryptographische berechnung
DE10304451B3 (de) * 2003-02-04 2004-09-02 Infineon Technologies Ag Modulare Exponentiation mit randomisiertem Exponenten
FR2858496B1 (fr) 2003-07-31 2005-09-30 Gemplus Card Int Procede pour la mise en oeuvre securisee d'un algorithme de cryptographie de type rsa et composant correspondant
JP4626148B2 (ja) * 2004-01-07 2011-02-02 株式会社日立製作所 復号または署名作成におけるべき乗剰余算の計算方法
US7426749B2 (en) * 2004-01-20 2008-09-16 International Business Machines Corporation Distributed computation in untrusted computing environments using distractive computational units
FR2880148A1 (fr) * 2004-12-23 2006-06-30 Gemplus Sa Procede d'exponentiation securisee et compacte pour la cryptographie
FR2887351A1 (fr) * 2005-06-16 2006-12-22 St Microelectronics Sa Protection d'un calcul d'exponentiation modulaire effectue par un circuit integre
FR2888690A1 (fr) * 2005-07-13 2007-01-19 Gemplus Sa Procede cryptographique pour la mise en oeuvre securisee d'une exponentiation et composant associe
US9313027B2 (en) * 2005-12-29 2016-04-12 Proton World International N.V. Protection of a calculation performed by an integrated circuit
US8150029B2 (en) * 2005-12-29 2012-04-03 Proton World International N.V. Detection of a disturbance in a calculation performed by an integrated circuit
FR2898199A1 (fr) * 2006-03-02 2007-09-07 Gemplus Sa Procede de securisation de l'execution d'une suite d'etapes logiquement enchainees
US20080104402A1 (en) * 2006-09-28 2008-05-01 Shay Gueron Countermeasure against fault-based attack on RSA signature verification
US8280041B2 (en) * 2007-03-12 2012-10-02 Inside Secure Chinese remainder theorem-based computation method for cryptosystems
EP1998491A1 (de) * 2007-05-31 2008-12-03 Thomson Licensing Verfahren zur Berechnung von komprimierten RSA-Moduli
FR2919739B1 (fr) * 2007-08-03 2009-12-04 Oberthur Card Syst Sa Procede de traitement de donnees protege contre les attaques par generation de fautes et dispositif associe
CN100576226C (zh) * 2008-07-10 2009-12-30 浙江工业大学 基于中国剩余定理的数据库加密方法
FR2977952A1 (fr) * 2011-07-13 2013-01-18 St Microelectronics Rousset Protection d'un calcul d'exponentiation modulaire par multiplication par une quantite aleatoire
CN103580869B (zh) * 2013-11-06 2016-09-21 北京华大信安科技有限公司 一种crt-rsa签名方法及装置
FR3112003B1 (fr) * 2020-06-26 2023-03-03 Idemia France Procede de traitement cryptographique, dispositif electronique et programme d'ordinateur associes

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2318892A (en) * 1996-10-31 1998-05-06 Motorola Ltd Co-processor for performing modular multiplication
WO1998052319A1 (en) * 1997-05-12 1998-11-19 Yeda Research And Development Co. Ltd. Improved method and apparatus for protecting public key schemes from timing and fault attacks
WO1999035782A1 (en) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA1318027C (en) * 1987-10-12 1993-05-18 Jun Takayama Method and apparatus for encoding and decoding data in residue number system
US6282290B1 (en) * 1997-03-28 2001-08-28 Mykotronx, Inc. High speed modular exponentiator
DE19811833A1 (de) * 1998-03-18 1999-09-30 Siemens Ag Schlüsselaustauschprotokoll
JP3551853B2 (ja) * 1999-08-27 2004-08-11 日本電気株式会社 αYa+βXb+1=0という形の定義方程式をもつ代数曲線暗号における安全なパラメータの生成装置、生成方法、および記録媒体

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2318892A (en) * 1996-10-31 1998-05-06 Motorola Ltd Co-processor for performing modular multiplication
WO1998052319A1 (en) * 1997-05-12 1998-11-19 Yeda Research And Development Co. Ltd. Improved method and apparatus for protecting public key schemes from timing and fault attacks
WO1999035782A1 (en) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus

Also Published As

Publication number Publication date
EP1423786A2 (de) 2004-06-02
US7248700B2 (en) 2007-07-24
DE10143728A1 (de) 2003-04-03
US20040215685A1 (en) 2004-10-28
WO2003023605A2 (de) 2003-03-20
DE10143728B4 (de) 2004-09-02
CN1554047A (zh) 2004-12-08

Similar Documents

Publication Publication Date Title
WO2003023605A3 (de) Vorrichtung und verfahren zum berechnen eines ergebnisses einer modularen exponentiation
WO2004008711A3 (en) An ipv6 address ownership authentification based on zero-knowledge identification protocols or based on one time password
WO2008026086A3 (en) Attestation of computing platforms
EP1283458A3 (de) Betrugssicherer Mikroprozessor mit schneller Kontextumschaltung
WO2004095164A3 (en) Safe transaction guaranty
AU2003293531A1 (en) Trusted system clock
WO2004096818A3 (en) Method and compositions for identifying anti-hiv therapeutic compounds
WO2002022223A3 (en) Transaction signature
EP1505475A3 (de) Projektion von Vertrauenswürdigkeit von einer zuverlässigen Umgebung auf eine unzuverlässige Umgebung
WO2004051444A3 (en) Providing a secure execution mode in a pre-boot environment
TW200609706A (en) Network interface controller circuitry
WO2008114257A3 (en) Protection against impersonation attacks
MY146687A (en) Cryptographic key generation
WO2004003678A3 (en) Authentication of remotely originating network messages
WO2004008676A3 (en) Network attached encryption
WO2004095281A3 (en) System and method for network quality of service protection on security breach detection
WO2001088693A3 (de) Kryptographisches verfahren und kryptographische vorrichtung
WO2000075750A3 (en) Parameter generation using elementary register operations
GB0124686D0 (en) A scheme for splitting trusted authorities based on the shamir's secret sharing
WO2005038573A3 (en) Authentication system
EP1249564A3 (de) Sicherheitsvorrichtung für das Baugewerbe für die individuelle Absturzsicherung von Arbeitern, die sich in grosser Höhe in sich im Bau befindlichen Gebäuden bewegen
WO2004070497A3 (de) Modulare exponentiation mit randomisierten exponenten
CA2422548A1 (en) Process and device for connecting i-beams
AU1031501A (en) Countermeasure method in an electronic component which uses an rsa-type public key cryptographic algorithm
WO2005003917A3 (en) Method of and system for determining connections between parties using private links

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VC VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002797920

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10789373

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 20028175573

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 2002797920

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 2002797920

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP