WO2008114310A1 - Incorporating device having fault attack countermeasure function - Google Patents

Incorporating device having fault attack countermeasure function Download PDF

Info

Publication number
WO2008114310A1
WO2008114310A1 PCT/JP2007/000240 JP2007000240W WO2008114310A1 WO 2008114310 A1 WO2008114310 A1 WO 2008114310A1 JP 2007000240 W JP2007000240 W JP 2007000240W WO 2008114310 A1 WO2008114310 A1 WO 2008114310A1
Authority
WO
WIPO (PCT)
Prior art keywords
mod
random number
countermeasure function
fault attack
attack countermeasure
Prior art date
Application number
PCT/JP2007/000240
Other languages
French (fr)
Japanese (ja)
Inventor
Kazuyoshi Furukawa
Kouichi Itoh
Masahiko Takenaka
Original Assignee
Fujitsu Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Limited filed Critical Fujitsu Limited
Priority to PCT/JP2007/000240 priority Critical patent/WO2008114310A1/en
Publication of WO2008114310A1 publication Critical patent/WO2008114310A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

An encrypting device for carrying out RSA decryption using the Chinese remainder theory (CRT). The RSA decryption is expressed by Cd (mod n) where c is an encrypted text, n is the modulus, and d is the secret key and the modulus n is expressed by n=p×q where p and q are primary numbers. The encrypting device comprises random number generating means for preparing a random number r and decryption path selecting means for selecting either a calculation method using u=p-1 (mod q) according to the random number r or a calculation method using v=q-1 (mod p) at the step of calculating a plain text after carrying out an exponential remainder operation using moduli p, q.
PCT/JP2007/000240 2007-03-16 2007-03-16 Incorporating device having fault attack countermeasure function WO2008114310A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2007/000240 WO2008114310A1 (en) 2007-03-16 2007-03-16 Incorporating device having fault attack countermeasure function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2007/000240 WO2008114310A1 (en) 2007-03-16 2007-03-16 Incorporating device having fault attack countermeasure function

Publications (1)

Publication Number Publication Date
WO2008114310A1 true WO2008114310A1 (en) 2008-09-25

Family

ID=39765431

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/000240 WO2008114310A1 (en) 2007-03-16 2007-03-16 Incorporating device having fault attack countermeasure function

Country Status (1)

Country Link
WO (1) WO2008114310A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016009114A (en) * 2014-06-25 2016-01-18 ルネサスエレクトロニクス株式会社 Data processing device and decoding method
US9571281B2 (en) 2014-02-03 2017-02-14 Samsung Electronics Co., Ltd. CRT-RSA encryption method and apparatus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks
JP2000509521A (en) * 1997-02-07 2000-07-25 テルコーディア テクノロジーズ インコーポレイテッド How to use transient failures to verify the security of a cryptographic system
JP2003241659A (en) * 2002-02-22 2003-08-29 Hitachi Ltd Information processing method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000509521A (en) * 1997-02-07 2000-07-25 テルコーディア テクノロジーズ インコーポレイテッド How to use transient failures to verify the security of a cryptographic system
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks
JP2003241659A (en) * 2002-02-22 2003-08-29 Hitachi Ltd Information processing method

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
AUMUELLER C. ET AL.: "Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures", LECTURE NOTES IN COMPUTER SCIENCE, vol. 2523, 2002, pages 260 - 275, XP003023279 *
BLOEMER J. ET AL.: "Wagner's Attack on a Secure CRT-RSA Algorithm Reconsidered", LECTURE NOTES IN COMPUTER SCIENCE, vol. 4236, 2006, pages 13 - 23, XP019045564 *
GIRAUD C.: "An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis", IEEE TRANSACTIONS ON COMPUTERS, vol. 55, no. 9, September 2005 (2005-09-01), pages 1116 - 1120, XP002460785 *
KIM C.K.: "A CRT-Based RSA Countermeasures Against Physical Cryptanalysis", LECTURE NOTES IN COMPUTER SCIENCE, vol. 3726, 2005, pages 549 - 554, XP019019614 *
LIU S. ET AL.: "A CRT-RSA Algorithm Secure against Hardware Fault Attacks", PROCEEDINGS OF THE 2ND IEEE INTERNATIONAL SYMPOSIUM ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, September 2006 (2006-09-01), pages 51 - 60, XP031030589 *
YEN S.-M. ET AL.: "Hardware Fault Attack on RSA with CRT Revisited", LECTURE NOTES IN COMPUTER SCIENCE, vol. 2587, 2003, pages 374 - 388, XP001160549 *
YEN S.-M. ET AL.: "RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis", IEEE TRANSACTIONS ON COMPUTERS, vol. 52, no. 4, April 2003 (2003-04-01), pages 461 - 472, XP001095863 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9571281B2 (en) 2014-02-03 2017-02-14 Samsung Electronics Co., Ltd. CRT-RSA encryption method and apparatus
JP2016009114A (en) * 2014-06-25 2016-01-18 ルネサスエレクトロニクス株式会社 Data processing device and decoding method

Similar Documents

Publication Publication Date Title
JP2001324925A5 (en)
WO2010105915A3 (en) Method for providing a cryptic pair of keys
WO2007027241A3 (en) Multi-key cryptographically generated address
MY146687A (en) Cryptographic key generation
CN101346691A (en) Cryptographic method comprising a modular exponentiation secured against hidden-channel attacks, cryptoprocessor for implementing the method and associated chip card
WO2007113697A3 (en) Secure decryption method
WO2005099150A3 (en) Public key cryptographic methods and systems
WO2008080800A3 (en) Securing communication
WO2008005789A3 (en) Secure escrow and recovery of media device content keys
US7248700B2 (en) Device and method for calculating a result of a modular exponentiation
WO2008042175A3 (en) Key wrapping system and method using encryption
WO2009056679A3 (en) End-to-end encrypted communication
Zhang et al. Differential fault analysis on SMS4
JP2015521003A5 (en)
WO2008013587A3 (en) Supporting multiple key ladders using a common private key set
CN103067164A (en) Anti-attack method for electronic components using RSA public key encryption algorithm
AU2002221940A1 (en) Method and device for detecting a key pair and for generating rsa keys
WO2008114310A1 (en) Incorporating device having fault attack countermeasure function
WO2007020564A3 (en) Circuit arrangement and method for rsa key generation
WO2008036919A3 (en) System and method for rotating data in a crypto system
WO2010057194A3 (en) Storage security using cryptographic splitting
CN104717213A (en) Encryption and decryption method and system for network data transmission
JP2005195829A5 (en)
JP2004246350A (en) Enciphering device, deciphering device, enciphering system equipped with the same, enciphering method, and deciphering method
WO2009004590A3 (en) Method, apparatus, system and computer program for key parameter provisioning

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07736897

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07736897

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP