WO2015144305A1 - Masquage protégé contre l'attaque par canal latéral et économe en mémoire - Google Patents
Masquage protégé contre l'attaque par canal latéral et économe en mémoire Download PDFInfo
- Publication number
- WO2015144305A1 WO2015144305A1 PCT/EP2015/000625 EP2015000625W WO2015144305A1 WO 2015144305 A1 WO2015144305 A1 WO 2015144305A1 EP 2015000625 W EP2015000625 W EP 2015000625W WO 2015144305 A1 WO2015144305 A1 WO 2015144305A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- masked
- folded
- xor
- calculation
- masking
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/043—Masking or blinding of tables, e.g. lookup, substitution or mapping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/122—Hardware reduction or efficient architectures
Definitions
- the correlation curves for false key bytes consist of a more or less uniform noise, similar to the correlation curve shown in FIG. 1b.
- the correlation curve for the correct key byte with which the calculation was performed has a rash at a previously unknown time, similar to the correlation curve shown in FIG. This procedure is performed with each key byte k of the key K until the key K is reconstructed byte by byte.
- Secondary masking is applied to the folded masked intermediate value so that randomization is performed on either the folded masked intermediate value or the one's complement associated with the folded masked intermediate value.
- a value is therefore first basemasked that The masked intermediate value or the one's complement associated with the masked intermediate value is further calculated, if necessary, using a correction element which is entered by the convolution distance. Random access to either the intermediate value or the one's complement of the intermediate value is then performed on intermediate values generated with base masking and the additional step of folding.
- FIG. 1b the table is masked with the secondary masking according to the invention, in addition to the base XOR masking.
- Memory-efficient secondary masking is accomplished by first convolving the XOR masked table underlying FIG. 1a and expanding it to a simply extended table containing the convolved XOR-masked table (first the XOR masked table , then it has been folded) and the complementary table to the folded XOR-masked table includes.
- the table access is applied to the extended folded XOR-masked table. In this case, either the folded XOR-masked table or the complementary table is randomly accessed within the extended folded XOR-masked table.
- FIG. 3 shows computational rules for base masking of an intermediate value to a masked intermediate value with XOR masking and additive masking.
- the calculation rule to mask x with an additive base masking to x add is
- the complementary table S' is formed by that in the base masked table 5 "of FIG. 10, the table input x and the table output y are complemented.
- Fig. 14 shows a table T ', simply extended, starting from the folded table of Fig. 12, with selection bits at the lowest binary bit position, according to a preferred embodiment of the invention.
- Table 14 is obtained from Table 13 by alternately selecting one entry from the upper and lower half of Table 13 (line by line). Therefore, the first circled value 22 of the second half of Table 13 immediately appears as a second value in the table 14, and accordingly, the last circled value 11 of the upper half of Table 13 is the penultimate value of FIG Table Fig. 14.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé, réalisé dans un processeur, pour l'exécution d'un calcul cryptographique. Lors de l'exécution du calcul, on utilise un masque de base, par lequel des valeurs intermédiaires sont introduites dans le calcul sous forme de valeurs intermédiaires masquées. Lors de l'exécution du calcul, on applique en plus un pliage et un masquage secondaire. Lors du pliage, la valeur intermédiaire masquée est calculée à l'aide de la valeur intermédiaire non masquée et d'au moins une deuxième valeur intermédiaire. Lors du masquage secondaire, pour chaque valeur intermédiaire masquée au moyen du masquage de base, le calcul est exécuté par une commande aléatoire soit avec la valeur intermédiaire masquée, soit avec le complément à un de la valeur intermédiaire masquée.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15713647.4A EP3123461A1 (fr) | 2014-03-26 | 2015-03-23 | Masquage protégé contre l'attaque par canal latéral et économe en mémoire |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102014004378.9A DE102014004378A1 (de) | 2014-03-26 | 2014-03-26 | Speichereffiziente seitenkanalgeschützte Maskierung |
DE102014004378.9 | 2014-03-26 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015144305A1 true WO2015144305A1 (fr) | 2015-10-01 |
Family
ID=52785032
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2015/000625 WO2015144305A1 (fr) | 2014-03-26 | 2015-03-23 | Masquage protégé contre l'attaque par canal latéral et économe en mémoire |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3123461A1 (fr) |
DE (1) | DE102014004378A1 (fr) |
WO (1) | WO2015144305A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112787800A (zh) * | 2021-01-19 | 2021-05-11 | 清华大学 | 基于二阶掩码的加解密方法、装置、电子设备及存储介质 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102015015953B3 (de) | 2015-12-08 | 2017-04-27 | Giesecke & Devrient Gmbh | Kryptoalgorithmus mit schlüsselabhängigem maskiertem Rechenschritt (SBOX-Aufruf) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004032893A1 (de) * | 2004-07-07 | 2006-02-02 | Giesecke & Devrient Gmbh | Ausspähungsgeschütztes Berechnen eines maskierten Ergebniswertes |
US20080292100A1 (en) * | 2007-05-24 | 2008-11-27 | Kabushiki Kaisha Toshiba | Non-linear data converter, encoder and decoder |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5398284A (en) * | 1993-11-05 | 1995-03-14 | United Technologies Automotive, Inc. | Cryptographic encoding process |
DE19822217B4 (de) | 1998-05-18 | 2018-01-25 | Giesecke+Devrient Mobile Security Gmbh | Zugriffsgeschützter Datenträger |
FR2820576B1 (fr) * | 2001-02-08 | 2003-06-20 | St Microelectronics Sa | Procede de cryptage protege contre les analyses de consommation energetique, et composant utilisant un tel procede de cryptage |
KR100594265B1 (ko) * | 2004-03-16 | 2006-06-30 | 삼성전자주식회사 | 매스킹 방법이 적용된 데이터 암호처리장치, aes암호시스템 및 aes 암호방법. |
ATE372619T1 (de) * | 2005-05-10 | 2007-09-15 | Research In Motion Ltd | Schlüsselmaskierung für kryptographische prozesse |
FR2950721B1 (fr) | 2009-09-29 | 2011-09-30 | Thales Sa | Procede d'execution d'un algorithme de protection d'un dispositif electronique par masquage affine et dispositif associe |
DE102012018924A1 (de) | 2012-09-25 | 2014-03-27 | Giesecke & Devrient Gmbh | Seitenkanalgeschützte Maskierung |
-
2014
- 2014-03-26 DE DE102014004378.9A patent/DE102014004378A1/de not_active Withdrawn
-
2015
- 2015-03-23 WO PCT/EP2015/000625 patent/WO2015144305A1/fr active Application Filing
- 2015-03-23 EP EP15713647.4A patent/EP3123461A1/fr not_active Ceased
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004032893A1 (de) * | 2004-07-07 | 2006-02-02 | Giesecke & Devrient Gmbh | Ausspähungsgeschütztes Berechnen eines maskierten Ergebniswertes |
US20080292100A1 (en) * | 2007-05-24 | 2008-11-27 | Kabushiki Kaisha Toshiba | Non-linear data converter, encoder and decoder |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112787800A (zh) * | 2021-01-19 | 2021-05-11 | 清华大学 | 基于二阶掩码的加解密方法、装置、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
EP3123461A1 (fr) | 2017-02-01 |
DE102014004378A1 (de) | 2015-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2901611B1 (fr) | Masquage protégé contre l'attaque par observation | |
EP3593483B1 (fr) | Transition d'un masquage booléen à un masquage arithmétique | |
WO2016074782A1 (fr) | Procédé pour tester et durcir des applications logicielles | |
DE60223337T3 (de) | Verfahren zur gesicherten verschlüsselung und baustein zur ausführung eines solchen verschlüsselungsverfahrens | |
DE60207818T2 (de) | Gesichertes Verfahren zur kryptographischen Berechnung mit Geheimschlüssel und Bauteil, das ein solches Verfahren anwendet | |
DE69932740T2 (de) | Verfahren und vorrichtung zur kryptographischen datenverarbeitung | |
EP1664979B1 (fr) | Transition entre deux representations masquees d'une valeur lors de calculs cryptographiques | |
EP3123461A1 (fr) | Masquage protégé contre l'attaque par canal latéral et économe en mémoire | |
DE60022840T2 (de) | Verfahren zum sichern einer oder mehrerer elektronischer baugruppen, unter zuhilfenahme eines privatschlüssel-krypto-algorithmus, sowie elektronische baugruppe | |
EP3387636B1 (fr) | Algorithme cryptographique comportant une étape de calcul masquée dépendant d'une clé (appel de sbox) | |
EP4101118A1 (fr) | Génération de clé et protocole pace avec protection contre des attaques par canal latéral | |
EP1615098B1 (fr) | Calcul d'une valeur masquée protégée contre l'espionnage. | |
EP3804209B1 (fr) | Procédé avec mesure de défense safe-error | |
DE60213327T2 (de) | Auf einem Blockverschlüsselungsalgorithmus mit Rundenwiederholung basiertes Verfahren und Vorrichtung zur Ausführung des Verfahrens | |
EP4360247A1 (fr) | Procédé de calcul d'une transition d'un masquage booléen à un masquage arithmétique | |
EP1506473B1 (fr) | Inversion modulaire protegee contre les tentatives d'espionnage | |
DE102012015158A1 (de) | Gegen Ausspähen geschützte kryptographische Berechnung | |
EP1573955A1 (fr) | Procede de chiffrement | |
DE102004032893B4 (de) | Ausspähungsgeschütztes Berechnen eines maskierten Ergebniswertes | |
DE10303723B4 (de) | Vorrichtung und Verfahren zum Berechnen von verschlüsselten Daten aus unverschlüsselten Daten oder von unverschlüsselten Daten aus verschlüsselten Daten | |
DE10149191A1 (de) | Verfahren und Vorrichtung zum Ermitteln von Ursprungsausgangsdaten aus Ursprungseingangsdaten auf der Basis einer kryptographischen Operation | |
WO2013127519A2 (fr) | Calcul protégé contre l'espionnage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15713647 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REEP | Request for entry into the european phase |
Ref document number: 2015713647 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015713647 Country of ref document: EP |