WO2021069075A1 - Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts - Google Patents
Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts Download PDFInfo
- Publication number
- WO2021069075A1 WO2021069075A1 PCT/EP2019/077461 EP2019077461W WO2021069075A1 WO 2021069075 A1 WO2021069075 A1 WO 2021069075A1 EP 2019077461 W EP2019077461 W EP 2019077461W WO 2021069075 A1 WO2021069075 A1 WO 2021069075A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- modular exponentiation
- mes
- calculating unit
- inputs
- unit
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/723—Modular exponentiation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/729—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic using representation by a residue number system
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
- G06F2207/7266—Hardware adaptation, e.g. dual rail logic; calculate add and double simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Definitions
- the present disclosure relates to a digital encrypting and decrypting unit for an RSA cryptographic system, being resistant to faults injection.
- Secrecy of cryptographic keys is essential for cryptographic safety Typical personalized and most commonly used devices for conducting cryptographic operations are simple chip cards and payment cards, which perform hardware encryption of information. It should be emphasized, that work is currently underway on secure solutions such as an electronic identity document (ID) with a digital layer, but also on other systems that use e- Identity.
- ID electronic identity document
- RSA Raster-Shamir-Adleman
- the encryption key is public and it is different from the decryption key which is kept secret (private).
- this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the "factoring problem".
- CRT Choinese reminder theorem is a theorem of number theory, which states that if one knows the remainders of the Euclidean division of an integer n by several integers, then one can determine uniquely the remainder of the division of n by the product of these integers, under the condition that the divisors are pairwise coprime.
- RNS Residue Numeral System
- moduli is a numeral system representing integers by their values modulo several pairwise coprime integers called the moduli. This representation is allowed by the Chinese remainder theorem, which asserts that, if N is the product of the moduli, there is, in an interval of length N, exactly one integer having any given set of modular values.
- the arithmetic of a residue numeral system is also called multi-modular arithmetic.
- a fault injection attack is a procedure to introduce an error in a computing device in order to alter the software execution. It is aimed to avoid the execution of an instruction and corrupt the data which is processed by the processor. Such attack is used to compromise the security of embedded devices by bypassing security checks or leaking the private keys.
- fault injection attacks such as clock and voltage glitching, optical glitching, electromagnetic glitching, heat glitching or radiation glitching.
- Patent publications US2008/0056489, US2009/0110187, W02009/088938 disclose digital microprocessor systems supporting modular exponentiation in RSA decrypting and encrypting, in which RNS and CRT techniques are used to increase the efficiency of processing by parallelizing modular exponentiation operations.
- Modular exponentiation performed in RSA with use of RNS performed in parallel in two digital subsystems is prone to cryptanalysis utilizing fault injection into one of the processing subsystems which operate in parallel.
- Such type of RSA cryptanalysis leads to obtaining a secret cypher key by unauthorized participant of information exchange, a therefore leads to discrediting of the cryptographic system.
- This type of RSA cryptanalysis, which uses RNS and CRT is also called as differential cryptanalysis.
- Such solution eliminates the redundancy, as well as eliminates most of disadvantageous features of other solutions.
- the available technologies do not provide the possibility of disturbing the processing in only a single layer of the semiconductor without disturbing the second layer of the semiconductor.
- the encrypting and decrypting unit for an RSA cryptographic system as presented herein is based on residue number system (RNS) and Chinese reminder theorem (CRT), wherein the unit uses two residual channels for processing data.
- the unit comprises two parallel modular exponentiation calculating units (called shortly calculating units) and a modular exponentiation controlling unit (called shortly a controlling unit) that controls the flow of signals representing two streams of data.
- the modular exponentiation controlling unit is connected between the two modular exponentiation calculating units.
- an additional modular exponentiation controlling unit is used for controlling the flow of signals representing two streams of data and alternately directing the selected signals to both calculating units.
- Z represents a ciphertext or a massage to be ciphered.
- the signals representing two streams of data are switched cyclically between the two calculating units operating in parallel, in synchronization with a clock signal.
- the controlling unit comprises six inputs. Three inputs are connected to three outputs of the first calculating unit, and the remaining three inputs are connected to three outputs of the second calculating unit.
- the controlling unit further comprises six outputs, three of which are connected to three inputs of the first calculating unit, and the remaining three are connected to three inputs of the second calculating unit.
- the inputs of the controlling unit are connected correspondingly with the outputs of both calculating units, and the outputs of the controlling unit are connected correspondingly with the inputs of both calculating units, to allow switching the signals representing data obtained in current iteration of calculations in one of the calculating units to the second calculating unit, such that the signals representing output data are switched (toggled) multiple times between the calculating units operating in parallel, wherein the switching is conducted with high frequency (preferably, not lower than 1MHz). Consequently, erroneous operation of only one calculating unit for a time longer than one microsecond gives an advantageous effect of interfering both signals representing both streams of data.
- Current state of the art does not provide methods for selectively impairing the semiconductor structures for such short period of time.
- the implementation of the system according to the description makes the RSA encrypting and decrypting unit with RNS and CRT much more resistant against the possibility of performing the cryptanalysis based on fault injection.
- the controlling unit comprises six switching elements. These switching elements may have a form of multiplexers, wherein the inputs of the first three multiplexers are connected to the three outputs of the first calculating unit and the inputs of the remaining three multiplexers are connected to the three outputs of the second calculating unit.
- the first three multiplexers are simultaneously controlled by the level of a cyclically variable clock signal, wherein the remaining three multiplexers are controlled by the opposite level of that clock signal, and each of the first three multiplexers has the output connected correspondingly with one of the three inputs of the first calculating unit, and each of the remaining three multiplexers has the output connected correspondingly to one of the three inputs of the second calculating unit.
- the clock signal is directly connected to the control inputs of the three multiplexers, wherein the control input of the remaining three multiplexers is connected to the clock signal through a negation element (NOT), changing the logical level into opposite level.
- NOT negation element
- the present invention may be implemented in cryptographic systems aimed at encrypting and decrypting data, therefore the machine and transformation test is fulfilled, and the presented idea is not abstract.
- the present invention compared to currently available solutions, provides energy saving and resources usage for manufacturing and recycling of the unit, thus it is advantageous from an economic and ecological point of view.
- Fig. 1 presents a block diagram of an example embodiment of a controlling unit
- Fig. 2 presents a block diagram of an example embodiment of a modular exponentiation system (MES) for performing the modular exponentiation according to a modular exponentiation algorithm using a binary method presented in Fig. 3;
- MES modular exponentiation system
- Fig. 3 presents a block diagram of the modular exponentiation algorithm using the binary method based on mathematical modular exponentiation formula
- Fig. 4 presents a block diagram of a prior art digital parallel modular exponentiation system
- Fig. 5 presents a block diagram of an example embodiment of a digital parallel modular exponentiation unit (PMEU) for digital encrypting and decrypting according to the invention.
- PMEU digital parallel modular exponentiation unit
- example means a non-limiting example, embodiment or drawing.
- term “for example”, “exemplary” present a list of one or more non-limiting examples, instances or drawings.
- the second factor (q or p, respectively) can be easily determined.
- the product (p- l)*(q-l) can be easily determined and so the value of the private key, which may lead to breaking the cryptographic system.
- the system of Fig. 4 is modified by adding a modular exponentiation controlling unit (MECU) that is implemented between the calculating units MES-1 and MES-2, as shown in Fig. 5.
- MECU modular exponentiation controlling unit
- Fig. 5 presents a block diagram of an example embodiment of use of the parallel modular exponentiation unit PMEU comprising two calculating units MES-1 and MES-2 operating in parallel and the controlling unit MECU, connected between their signal terminals, for operating the modular exponentiation switching the signals representing the partial results of the modular exponentiation, respectively between the calculating units MES-1 and MES-2 and in synchronization to clock signal CLK levels (wherein the clock signal CLK is connected to the I-CLK input).
- the digital parallel modular exponentiation unit PMEU may be used both as data encoder and decoder.
- the modular exponentiation controlling unit MECU is implemented in between two identical parallel modular exponentiation calculating units MES-1 and MES-2, the structure MES of which is shown in Fig. 2.
- the modular exponentiation calculating units MES are configured to calculate the results of modular exponentiation by a binary method on modulos p or q.
- the MES units comprise elements for calculating a square of the modulo (SMO) and elements for performing modulo multiplying operation (MMO) that operate if the current bit of an exponent is equal to “1”.
- the MES units operate according to the modular exponentiation algorithm using the binary method, as shown in Fig. 3.
- I- X, I-K and I-CLK represent respectively data signal inputs of a base of the modular exponentiation X, the signal inputs of an exponent of the modular exponentiation K and an input of a clock signal CLK, which activates a bit shift of the exponent.
- the MES unit has the following signal inputs and outputs that represent internal calculation results:
- I-SM and O-SM are an input and an output of the SMO element, wherein the output O-SM is directed by means of the controlling unit MECU to the input I-SM of one of the MES units, depending on the CLK signal level,
- I-MM and O-MM are an input and an output of the MMO element, wherein the output O-MM is directed by means of the controlling unit MECU to the input I-
- I-k[i] and 0-k[i] are an input and an output of a control signal, being a current bit of the exponent k[i], wherein the output 0-k[i] is directed by means of the controlling unit MECU to the input I-k[i] of one of the MES units, depending on the level of the CLK signal.
- the controlling unit comprises six multiplexers divided into two symmetrical groups - each group comprising three multiplexers, and three negating gates (NOT) having their outputs connected adequately to control inputs of the second group of multiplexers, wherein all multiplexers are controlled by the clock signal (CLK) in such a way, that the multiplexers of the first group receive directly the clock signal at their control inputs, while the multiplexers of the second group receive at the same time the clock signal which is reversed by the negating gates, which as a result allows cyclical switching of the inputs and the outputs of a controlling unit, defined as push-pull.
- CLK clock signal
- the outputs of the signals representing partial data obtained in the calculating units MES-1 and MES-2 are connected to inputs of the controlling unit MECU.
- the input signals of the MECU unit depicted as I-Pl, I-P2, I-P3 are respectively connected to the outputs 0-k[i], O-SM, O-MM of the first calculating unit MES-1, and the output signals from the MECU unit depicted as O-Pl, 0-P2, 0-P3 are connected to the inputs I-k[i], I-SM, I-MM of the first calculating unit MES-1.
- the input signals of the MECU unit depicted as I-Dl, I-D2, I-D3 are connected respectively to the outputs 0-k[i], O-SM, O-MM of the second calculating unit MES-2 and the output signals from the MECU unit depicted as O-Dl, 0-D2, 0-D3 are connected respectively to the inputs I- k[i], I-SM, I-MM of the MES-2 unit.
- the input terminal I-CLK of all units in Fig. 5 is connected to the CLK signal.
- the signals from the outputs 0-k[i], O-SM, O-MM of the second calculating unit MES-2 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the first calculating unit MES- 1 and simultaneously the signals from the outputs 0-k[i], O-SM, O-MM of the first calculating unit MES-1 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the second calculating unit MES-2.
- the signals from the outputs 0-k[i], O-SM, O-MM of the first calculating unit MES-1 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the first calculating unit MES-1 and simultaneously the signals from the outputs 0-k[i], O-SM, O-MM of the second calculating unit MES-2 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the second calculating unit MES-2.
- the switching of the signals is performed in the controlling unit MECU in Fig. 1 which is connected between the signal terminals of the calculating units MES-1 and MES- 2 accordingly to the scheme on Fig. 5, which presents the parallel modular exponentiation unit PMEU with indications of signal input and output connecting terminals, corresponding to the embodiment.
- Fig. 3 presents a block diagram of the modular exponentiation algorithm using the binary method based on mathematical modular exponentiation formula.
- This formula is known from literature (for example: Handbook of applied cryptography, CRC Press, ISBN: 0-8493-8523-7, October 1996).
- the algorithm is presented in order to show that the algorithm is iterative and comprises: modular multiplication operation denoted as MMO and consecutive operations of calculating a square of the modulo operation denoted as SMO.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Optimization (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Pure & Applied Mathematics (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne une unité de chiffrement et de déchiffrement numérique (PMEU) qui fonctionne selon un cryptosystème de Riveste-Shamir-Adleman (RSA) basé sur un système de numéros de résidus (RNS) et un théorème de rappel chinois (CRT). L'unité comprend deux unités de calcul d'exponentiation modulaire (MES -1, MES -2) pour traiter deux signaux résiduels (X mod p; X mod q) pour calculer un résultat d'une exponentiation modulaire par un procédé binaire. Les unités de calcul ont des entrées (i-k [i], I-SM, i-MM) et des sorties (O-k [i], O-SM, O-MM) pour des signaux représentant des résultats partiels de l'exponentiation modulaire. Une unité de commande d'exponentiation modulaire (MECU) est connectée aux entrées et aux sorties des unités de calcul pour commander le flux des signaux représentant les résultats partiels de l'exponentiation modulaire.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/EP2019/077461 WO2021069075A1 (fr) | 2019-10-10 | 2019-10-10 | Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/EP2019/077461 WO2021069075A1 (fr) | 2019-10-10 | 2019-10-10 | Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021069075A1 true WO2021069075A1 (fr) | 2021-04-15 |
Family
ID=68240730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2019/077461 WO2021069075A1 (fr) | 2019-10-10 | 2019-10-10 | Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2021069075A1 (fr) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
PL218112A1 (fr) | 1979-09-04 | 1981-03-13 | Zaklady Transformatorow Radiow | |
US20080056489A1 (en) | 2006-08-31 | 2008-03-06 | Stmicroelectronics S.A. | Scrambling of a calculation performed according to an rsa-crt algorithm |
US20090110187A1 (en) | 2007-10-25 | 2009-04-30 | Infineon Technologies Ag | Method and apparatus for protecting an rsa calculation on an output by means of the chinese remainder theorem |
WO2009088938A1 (fr) | 2008-01-03 | 2009-07-16 | Spansion Llc | Procédé pour protéger des données contre une analyse de défaut différentiel impliquée dans une cartographie de rivest, shamir et adleman en utilisant le théorème des restes chinois |
EP3561662A1 (fr) * | 2018-04-23 | 2019-10-30 | Adips Spolka Z Ograniczona Odpowiedzialnoscia | Unité de cryptage et de décryptage pour système cryptographique rsa, résistant à l'injection de défauts |
-
2019
- 2019-10-10 WO PCT/EP2019/077461 patent/WO2021069075A1/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
PL218112A1 (fr) | 1979-09-04 | 1981-03-13 | Zaklady Transformatorow Radiow | |
US20080056489A1 (en) | 2006-08-31 | 2008-03-06 | Stmicroelectronics S.A. | Scrambling of a calculation performed according to an rsa-crt algorithm |
US20090110187A1 (en) | 2007-10-25 | 2009-04-30 | Infineon Technologies Ag | Method and apparatus for protecting an rsa calculation on an output by means of the chinese remainder theorem |
WO2009088938A1 (fr) | 2008-01-03 | 2009-07-16 | Spansion Llc | Procédé pour protéger des données contre une analyse de défaut différentiel impliquée dans une cartographie de rivest, shamir et adleman en utilisant le théorème des restes chinois |
EP3561662A1 (fr) * | 2018-04-23 | 2019-10-30 | Adips Spolka Z Ograniczona Odpowiedzialnoscia | Unité de cryptage et de décryptage pour système cryptographique rsa, résistant à l'injection de défauts |
Non-Patent Citations (5)
Title |
---|
"Handbook of applied cryptography", October 1996, CRC PRESS |
APOSTOLOS P FOURNARIS ET AL: "CRT RSA Hardware Architecture with Fault and Simple Power Attack Countermeasures", DIGITAL SYSTEM DESIGN (DSD), 2012 15TH EUROMICRO CONFERENCE ON, IEEE, 5 September 2012 (2012-09-05), pages 661 - 667, XP032293790, ISBN: 978-1-4673-2498-4, DOI: 10.1109/DSD.2012.38 * |
CIET AND M JOYE M: "Practical fault countermeasures for Chinese Remaindering based RSA (Extended Abstract)", FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY ? FDTC?05,, 2 September 2005 (2005-09-02), pages 121 - 131, XP007906966 * |
MATHIEU CIET ET AL: "Parallel FPGA Implementation of RSA with Residue Number Systems - Can side-channel threats be avoided? - Extended version", IACR, INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH, vol. 20040807:043814, 5 August 2004 (2004-08-05), pages 1 - 16, XP061000912 * |
NOZAKI H ET AL: "IMPLEMENTATION OF RSA ALGORITHM BASED ON RNS MONTGOMERY MULTIPLICATION", CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS. 3RD INTERNATIONAL WORKSHOP, CHES 2001, PARIS, FRANCCE, MAY 14 - 16, 2001 PROCEEDINGS; [LECTURE NOTES IN COMPUTER SCIENCE], BERLIN : SPRINGER, DE, vol. VOL. 2162, 14 May 2001 (2001-05-14), pages 364 - 376, XP001061175, ISBN: 978-3-540-42521-2 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Barenghi et al. | Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures | |
CA2542556C (fr) | Systeme d'authentification executant un processus cryptographique de signature numerique a courbe elliptique | |
JP2008252299A (ja) | 暗号処理システム及び暗号処理方法 | |
CN101902331B (zh) | 用于rsa算法的素数生成的保护 | |
US9577826B2 (en) | Method of generating proven prime numbers suitable for being implemented in a smart card | |
CN109039640B (zh) | 一种基于rsa密码算法的加解密硬件系统及方法 | |
Vigilant | RSA with CRT: A new cost-effective solution to thwart fault attacks | |
US8009827B2 (en) | Encryption processing method and encryption processing device | |
EP3698262B1 (fr) | Protection d'une opération d'inversion modulaire contre des attaques de surveillance externes | |
JP2011530093A (ja) | 累乗法による暗号化を保護する解決策 | |
EP3561662B1 (fr) | Unité de cryptage et de décryptage pour système cryptographique rsa, résistant à l'injection de défauts | |
JP2004304800A (ja) | データ処理装置におけるサイドチャネル攻撃防止 | |
US7916860B2 (en) | Scalar multiplication apparatus and method | |
KR100508092B1 (ko) | 저전력 모듈로 곱셈을 수행하는 연산장치 | |
Blömer et al. | Wagner’s Attack on a secure CRT-RSA Algorithm Reconsidered | |
Schinianakis et al. | Hardware-fault attack handling in RNS-based Montgomery multipliers | |
US20010036267A1 (en) | Method for generating electronic keys from integer numbers prime with each other and a device for implementing the method | |
US7920699B2 (en) | Encryption operating apparatus | |
Zhang et al. | An Improved Public Key Cryptographic Algorithm Based on Chebyshev Polynomials and RSA | |
WO2021069075A1 (fr) | Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts | |
Ziad et al. | Homomorphic data isolation for hardware trojan protection | |
Wang et al. | Design of reliable and secure multipliers by multilinear arithmetic codes | |
Popat et al. | A Hash based Secure Scheme (HSS) against scanbased attacks on AES cipher | |
Roy et al. | Active IC Metering Protocol Security Revisited and Enhanced with Oblivious Transfer | |
Ma | Cryptographic Security: Countermeasures against Side-Channel Attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19786942 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19786942 Country of ref document: EP Kind code of ref document: A1 |