WO2021069075A1 - Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts - Google Patents

Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts Download PDF

Info

Publication number
WO2021069075A1
WO2021069075A1 PCT/EP2019/077461 EP2019077461W WO2021069075A1 WO 2021069075 A1 WO2021069075 A1 WO 2021069075A1 EP 2019077461 W EP2019077461 W EP 2019077461W WO 2021069075 A1 WO2021069075 A1 WO 2021069075A1
Authority
WO
WIPO (PCT)
Prior art keywords
modular exponentiation
mes
calculating unit
inputs
unit
Prior art date
Application number
PCT/EP2019/077461
Other languages
English (en)
Inventor
Janusz Jablonski
Witold Wendrowski
Original Assignee
Adips Spolka Z Ograniczona Odpowiedzialnoscia
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Adips Spolka Z Ograniczona Odpowiedzialnoscia filed Critical Adips Spolka Z Ograniczona Odpowiedzialnoscia
Priority to PCT/EP2019/077461 priority Critical patent/WO2021069075A1/fr
Publication of WO2021069075A1 publication Critical patent/WO2021069075A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/723Modular exponentiation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/729Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic using representation by a residue number system
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7266Hardware adaptation, e.g. dual rail logic; calculate add and double simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present disclosure relates to a digital encrypting and decrypting unit for an RSA cryptographic system, being resistant to faults injection.
  • Secrecy of cryptographic keys is essential for cryptographic safety Typical personalized and most commonly used devices for conducting cryptographic operations are simple chip cards and payment cards, which perform hardware encryption of information. It should be emphasized, that work is currently underway on secure solutions such as an electronic identity document (ID) with a digital layer, but also on other systems that use e- Identity.
  • ID electronic identity document
  • RSA Raster-Shamir-Adleman
  • the encryption key is public and it is different from the decryption key which is kept secret (private).
  • this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the "factoring problem".
  • CRT Choinese reminder theorem is a theorem of number theory, which states that if one knows the remainders of the Euclidean division of an integer n by several integers, then one can determine uniquely the remainder of the division of n by the product of these integers, under the condition that the divisors are pairwise coprime.
  • RNS Residue Numeral System
  • moduli is a numeral system representing integers by their values modulo several pairwise coprime integers called the moduli. This representation is allowed by the Chinese remainder theorem, which asserts that, if N is the product of the moduli, there is, in an interval of length N, exactly one integer having any given set of modular values.
  • the arithmetic of a residue numeral system is also called multi-modular arithmetic.
  • a fault injection attack is a procedure to introduce an error in a computing device in order to alter the software execution. It is aimed to avoid the execution of an instruction and corrupt the data which is processed by the processor. Such attack is used to compromise the security of embedded devices by bypassing security checks or leaking the private keys.
  • fault injection attacks such as clock and voltage glitching, optical glitching, electromagnetic glitching, heat glitching or radiation glitching.
  • Patent publications US2008/0056489, US2009/0110187, W02009/088938 disclose digital microprocessor systems supporting modular exponentiation in RSA decrypting and encrypting, in which RNS and CRT techniques are used to increase the efficiency of processing by parallelizing modular exponentiation operations.
  • Modular exponentiation performed in RSA with use of RNS performed in parallel in two digital subsystems is prone to cryptanalysis utilizing fault injection into one of the processing subsystems which operate in parallel.
  • Such type of RSA cryptanalysis leads to obtaining a secret cypher key by unauthorized participant of information exchange, a therefore leads to discrediting of the cryptographic system.
  • This type of RSA cryptanalysis, which uses RNS and CRT is also called as differential cryptanalysis.
  • Such solution eliminates the redundancy, as well as eliminates most of disadvantageous features of other solutions.
  • the available technologies do not provide the possibility of disturbing the processing in only a single layer of the semiconductor without disturbing the second layer of the semiconductor.
  • the encrypting and decrypting unit for an RSA cryptographic system as presented herein is based on residue number system (RNS) and Chinese reminder theorem (CRT), wherein the unit uses two residual channels for processing data.
  • the unit comprises two parallel modular exponentiation calculating units (called shortly calculating units) and a modular exponentiation controlling unit (called shortly a controlling unit) that controls the flow of signals representing two streams of data.
  • the modular exponentiation controlling unit is connected between the two modular exponentiation calculating units.
  • an additional modular exponentiation controlling unit is used for controlling the flow of signals representing two streams of data and alternately directing the selected signals to both calculating units.
  • Z represents a ciphertext or a massage to be ciphered.
  • the signals representing two streams of data are switched cyclically between the two calculating units operating in parallel, in synchronization with a clock signal.
  • the controlling unit comprises six inputs. Three inputs are connected to three outputs of the first calculating unit, and the remaining three inputs are connected to three outputs of the second calculating unit.
  • the controlling unit further comprises six outputs, three of which are connected to three inputs of the first calculating unit, and the remaining three are connected to three inputs of the second calculating unit.
  • the inputs of the controlling unit are connected correspondingly with the outputs of both calculating units, and the outputs of the controlling unit are connected correspondingly with the inputs of both calculating units, to allow switching the signals representing data obtained in current iteration of calculations in one of the calculating units to the second calculating unit, such that the signals representing output data are switched (toggled) multiple times between the calculating units operating in parallel, wherein the switching is conducted with high frequency (preferably, not lower than 1MHz). Consequently, erroneous operation of only one calculating unit for a time longer than one microsecond gives an advantageous effect of interfering both signals representing both streams of data.
  • Current state of the art does not provide methods for selectively impairing the semiconductor structures for such short period of time.
  • the implementation of the system according to the description makes the RSA encrypting and decrypting unit with RNS and CRT much more resistant against the possibility of performing the cryptanalysis based on fault injection.
  • the controlling unit comprises six switching elements. These switching elements may have a form of multiplexers, wherein the inputs of the first three multiplexers are connected to the three outputs of the first calculating unit and the inputs of the remaining three multiplexers are connected to the three outputs of the second calculating unit.
  • the first three multiplexers are simultaneously controlled by the level of a cyclically variable clock signal, wherein the remaining three multiplexers are controlled by the opposite level of that clock signal, and each of the first three multiplexers has the output connected correspondingly with one of the three inputs of the first calculating unit, and each of the remaining three multiplexers has the output connected correspondingly to one of the three inputs of the second calculating unit.
  • the clock signal is directly connected to the control inputs of the three multiplexers, wherein the control input of the remaining three multiplexers is connected to the clock signal through a negation element (NOT), changing the logical level into opposite level.
  • NOT negation element
  • the present invention may be implemented in cryptographic systems aimed at encrypting and decrypting data, therefore the machine and transformation test is fulfilled, and the presented idea is not abstract.
  • the present invention compared to currently available solutions, provides energy saving and resources usage for manufacturing and recycling of the unit, thus it is advantageous from an economic and ecological point of view.
  • Fig. 1 presents a block diagram of an example embodiment of a controlling unit
  • Fig. 2 presents a block diagram of an example embodiment of a modular exponentiation system (MES) for performing the modular exponentiation according to a modular exponentiation algorithm using a binary method presented in Fig. 3;
  • MES modular exponentiation system
  • Fig. 3 presents a block diagram of the modular exponentiation algorithm using the binary method based on mathematical modular exponentiation formula
  • Fig. 4 presents a block diagram of a prior art digital parallel modular exponentiation system
  • Fig. 5 presents a block diagram of an example embodiment of a digital parallel modular exponentiation unit (PMEU) for digital encrypting and decrypting according to the invention.
  • PMEU digital parallel modular exponentiation unit
  • example means a non-limiting example, embodiment or drawing.
  • term “for example”, “exemplary” present a list of one or more non-limiting examples, instances or drawings.
  • the second factor (q or p, respectively) can be easily determined.
  • the product (p- l)*(q-l) can be easily determined and so the value of the private key, which may lead to breaking the cryptographic system.
  • the system of Fig. 4 is modified by adding a modular exponentiation controlling unit (MECU) that is implemented between the calculating units MES-1 and MES-2, as shown in Fig. 5.
  • MECU modular exponentiation controlling unit
  • Fig. 5 presents a block diagram of an example embodiment of use of the parallel modular exponentiation unit PMEU comprising two calculating units MES-1 and MES-2 operating in parallel and the controlling unit MECU, connected between their signal terminals, for operating the modular exponentiation switching the signals representing the partial results of the modular exponentiation, respectively between the calculating units MES-1 and MES-2 and in synchronization to clock signal CLK levels (wherein the clock signal CLK is connected to the I-CLK input).
  • the digital parallel modular exponentiation unit PMEU may be used both as data encoder and decoder.
  • the modular exponentiation controlling unit MECU is implemented in between two identical parallel modular exponentiation calculating units MES-1 and MES-2, the structure MES of which is shown in Fig. 2.
  • the modular exponentiation calculating units MES are configured to calculate the results of modular exponentiation by a binary method on modulos p or q.
  • the MES units comprise elements for calculating a square of the modulo (SMO) and elements for performing modulo multiplying operation (MMO) that operate if the current bit of an exponent is equal to “1”.
  • the MES units operate according to the modular exponentiation algorithm using the binary method, as shown in Fig. 3.
  • I- X, I-K and I-CLK represent respectively data signal inputs of a base of the modular exponentiation X, the signal inputs of an exponent of the modular exponentiation K and an input of a clock signal CLK, which activates a bit shift of the exponent.
  • the MES unit has the following signal inputs and outputs that represent internal calculation results:
  • I-SM and O-SM are an input and an output of the SMO element, wherein the output O-SM is directed by means of the controlling unit MECU to the input I-SM of one of the MES units, depending on the CLK signal level,
  • I-MM and O-MM are an input and an output of the MMO element, wherein the output O-MM is directed by means of the controlling unit MECU to the input I-
  • I-k[i] and 0-k[i] are an input and an output of a control signal, being a current bit of the exponent k[i], wherein the output 0-k[i] is directed by means of the controlling unit MECU to the input I-k[i] of one of the MES units, depending on the level of the CLK signal.
  • the controlling unit comprises six multiplexers divided into two symmetrical groups - each group comprising three multiplexers, and three negating gates (NOT) having their outputs connected adequately to control inputs of the second group of multiplexers, wherein all multiplexers are controlled by the clock signal (CLK) in such a way, that the multiplexers of the first group receive directly the clock signal at their control inputs, while the multiplexers of the second group receive at the same time the clock signal which is reversed by the negating gates, which as a result allows cyclical switching of the inputs and the outputs of a controlling unit, defined as push-pull.
  • CLK clock signal
  • the outputs of the signals representing partial data obtained in the calculating units MES-1 and MES-2 are connected to inputs of the controlling unit MECU.
  • the input signals of the MECU unit depicted as I-Pl, I-P2, I-P3 are respectively connected to the outputs 0-k[i], O-SM, O-MM of the first calculating unit MES-1, and the output signals from the MECU unit depicted as O-Pl, 0-P2, 0-P3 are connected to the inputs I-k[i], I-SM, I-MM of the first calculating unit MES-1.
  • the input signals of the MECU unit depicted as I-Dl, I-D2, I-D3 are connected respectively to the outputs 0-k[i], O-SM, O-MM of the second calculating unit MES-2 and the output signals from the MECU unit depicted as O-Dl, 0-D2, 0-D3 are connected respectively to the inputs I- k[i], I-SM, I-MM of the MES-2 unit.
  • the input terminal I-CLK of all units in Fig. 5 is connected to the CLK signal.
  • the signals from the outputs 0-k[i], O-SM, O-MM of the second calculating unit MES-2 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the first calculating unit MES- 1 and simultaneously the signals from the outputs 0-k[i], O-SM, O-MM of the first calculating unit MES-1 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the second calculating unit MES-2.
  • the signals from the outputs 0-k[i], O-SM, O-MM of the first calculating unit MES-1 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the first calculating unit MES-1 and simultaneously the signals from the outputs 0-k[i], O-SM, O-MM of the second calculating unit MES-2 are transmitted respectively to the inputs I-k[i], I-SM, I-MM of the second calculating unit MES-2.
  • the switching of the signals is performed in the controlling unit MECU in Fig. 1 which is connected between the signal terminals of the calculating units MES-1 and MES- 2 accordingly to the scheme on Fig. 5, which presents the parallel modular exponentiation unit PMEU with indications of signal input and output connecting terminals, corresponding to the embodiment.
  • Fig. 3 presents a block diagram of the modular exponentiation algorithm using the binary method based on mathematical modular exponentiation formula.
  • This formula is known from literature (for example: Handbook of applied cryptography, CRC Press, ISBN: 0-8493-8523-7, October 1996).
  • the algorithm is presented in order to show that the algorithm is iterative and comprises: modular multiplication operation denoted as MMO and consecutive operations of calculating a square of the modulo operation denoted as SMO.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne une unité de chiffrement et de déchiffrement numérique (PMEU) qui fonctionne selon un cryptosystème de Riveste-Shamir-Adleman (RSA) basé sur un système de numéros de résidus (RNS) et un théorème de rappel chinois (CRT). L'unité comprend deux unités de calcul d'exponentiation modulaire (MES -1, MES -2) pour traiter deux signaux résiduels (X mod p; X mod q) pour calculer un résultat d'une exponentiation modulaire par un procédé binaire. Les unités de calcul ont des entrées (i-k [i], I-SM, i-MM) et des sorties (O-k [i], O-SM, O-MM) pour des signaux représentant des résultats partiels de l'exponentiation modulaire. Une unité de commande d'exponentiation modulaire (MECU) est connectée aux entrées et aux sorties des unités de calcul pour commander le flux des signaux représentant les résultats partiels de l'exponentiation modulaire.
PCT/EP2019/077461 2019-10-10 2019-10-10 Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts WO2021069075A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/077461 WO2021069075A1 (fr) 2019-10-10 2019-10-10 Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/077461 WO2021069075A1 (fr) 2019-10-10 2019-10-10 Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts

Publications (1)

Publication Number Publication Date
WO2021069075A1 true WO2021069075A1 (fr) 2021-04-15

Family

ID=68240730

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/077461 WO2021069075A1 (fr) 2019-10-10 2019-10-10 Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts

Country Status (1)

Country Link
WO (1) WO2021069075A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
PL218112A1 (fr) 1979-09-04 1981-03-13 Zaklady Transformatorow Radiow
US20080056489A1 (en) 2006-08-31 2008-03-06 Stmicroelectronics S.A. Scrambling of a calculation performed according to an rsa-crt algorithm
US20090110187A1 (en) 2007-10-25 2009-04-30 Infineon Technologies Ag Method and apparatus for protecting an rsa calculation on an output by means of the chinese remainder theorem
WO2009088938A1 (fr) 2008-01-03 2009-07-16 Spansion Llc Procédé pour protéger des données contre une analyse de défaut différentiel impliquée dans une cartographie de rivest, shamir et adleman en utilisant le théorème des restes chinois
EP3561662A1 (fr) * 2018-04-23 2019-10-30 Adips Spolka Z Ograniczona Odpowiedzialnoscia Unité de cryptage et de décryptage pour système cryptographique rsa, résistant à l'injection de défauts

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
PL218112A1 (fr) 1979-09-04 1981-03-13 Zaklady Transformatorow Radiow
US20080056489A1 (en) 2006-08-31 2008-03-06 Stmicroelectronics S.A. Scrambling of a calculation performed according to an rsa-crt algorithm
US20090110187A1 (en) 2007-10-25 2009-04-30 Infineon Technologies Ag Method and apparatus for protecting an rsa calculation on an output by means of the chinese remainder theorem
WO2009088938A1 (fr) 2008-01-03 2009-07-16 Spansion Llc Procédé pour protéger des données contre une analyse de défaut différentiel impliquée dans une cartographie de rivest, shamir et adleman en utilisant le théorème des restes chinois
EP3561662A1 (fr) * 2018-04-23 2019-10-30 Adips Spolka Z Ograniczona Odpowiedzialnoscia Unité de cryptage et de décryptage pour système cryptographique rsa, résistant à l'injection de défauts

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"Handbook of applied cryptography", October 1996, CRC PRESS
APOSTOLOS P FOURNARIS ET AL: "CRT RSA Hardware Architecture with Fault and Simple Power Attack Countermeasures", DIGITAL SYSTEM DESIGN (DSD), 2012 15TH EUROMICRO CONFERENCE ON, IEEE, 5 September 2012 (2012-09-05), pages 661 - 667, XP032293790, ISBN: 978-1-4673-2498-4, DOI: 10.1109/DSD.2012.38 *
CIET AND M JOYE M: "Practical fault countermeasures for Chinese Remaindering based RSA (Extended Abstract)", FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY ? FDTC?05,, 2 September 2005 (2005-09-02), pages 121 - 131, XP007906966 *
MATHIEU CIET ET AL: "Parallel FPGA Implementation of RSA with Residue Number Systems - Can side-channel threats be avoided? - Extended version", IACR, INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH, vol. 20040807:043814, 5 August 2004 (2004-08-05), pages 1 - 16, XP061000912 *
NOZAKI H ET AL: "IMPLEMENTATION OF RSA ALGORITHM BASED ON RNS MONTGOMERY MULTIPLICATION", CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS. 3RD INTERNATIONAL WORKSHOP, CHES 2001, PARIS, FRANCCE, MAY 14 - 16, 2001 PROCEEDINGS; [LECTURE NOTES IN COMPUTER SCIENCE], BERLIN : SPRINGER, DE, vol. VOL. 2162, 14 May 2001 (2001-05-14), pages 364 - 376, XP001061175, ISBN: 978-3-540-42521-2 *

Similar Documents

Publication Publication Date Title
Barenghi et al. Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures
CA2542556C (fr) Systeme d'authentification executant un processus cryptographique de signature numerique a courbe elliptique
JP2008252299A (ja) 暗号処理システム及び暗号処理方法
CN101902331B (zh) 用于rsa算法的素数生成的保护
US9577826B2 (en) Method of generating proven prime numbers suitable for being implemented in a smart card
CN109039640B (zh) 一种基于rsa密码算法的加解密硬件系统及方法
Vigilant RSA with CRT: A new cost-effective solution to thwart fault attacks
US8009827B2 (en) Encryption processing method and encryption processing device
EP3698262B1 (fr) Protection d'une opération d'inversion modulaire contre des attaques de surveillance externes
JP2011530093A (ja) 累乗法による暗号化を保護する解決策
EP3561662B1 (fr) Unité de cryptage et de décryptage pour système cryptographique rsa, résistant à l'injection de défauts
JP2004304800A (ja) データ処理装置におけるサイドチャネル攻撃防止
US7916860B2 (en) Scalar multiplication apparatus and method
KR100508092B1 (ko) 저전력 모듈로 곱셈을 수행하는 연산장치
Blömer et al. Wagner’s Attack on a secure CRT-RSA Algorithm Reconsidered
Schinianakis et al. Hardware-fault attack handling in RNS-based Montgomery multipliers
US20010036267A1 (en) Method for generating electronic keys from integer numbers prime with each other and a device for implementing the method
US7920699B2 (en) Encryption operating apparatus
Zhang et al. An Improved Public Key Cryptographic Algorithm Based on Chebyshev Polynomials and RSA
WO2021069075A1 (fr) Unité de chiffrement et de déchiffrement pour système cryptographique rsa, résistante à l'injection de défauts
Ziad et al. Homomorphic data isolation for hardware trojan protection
Wang et al. Design of reliable and secure multipliers by multilinear arithmetic codes
Popat et al. A Hash based Secure Scheme (HSS) against scanbased attacks on AES cipher
Roy et al. Active IC Metering Protocol Security Revisited and Enhanced with Oblivious Transfer
Ma Cryptographic Security: Countermeasures against Side-Channel Attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19786942

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19786942

Country of ref document: EP

Kind code of ref document: A1