DE10057203C1 - Digital signal value calculation method for cryptography calculates scalar product from natural number and point along elliptical curve - Google Patents

Abstract

The calculation method provides a scalar product from a natural number above 1, which is stored as a binary representation and a point along an elliptical curve, with calculation of the scalar product via an electronic calculator having a processor, e.g. a smart card microprocessor, without data-dependent current and/or power requirement.

Description

The invention relates to a method for calculating a digital signal value for a cryptographic process, in particular for a cryptographic process with public keys that work with elliptic curves over finite bodies beitet.

The concept of public key cryptography is based on two keys seln, one of which must be known to the communication partner. This is the case called public keys. The corresponding second key, the so-called private keys must be kept secret. The plain text is used for encryption the public key of the recipient to a message so that a Ciphertext is created. The plain text can only be extracted from the cipher text using the  the recipient's private key can be recovered. example a person A wisely transmits their public key to a person B. B ver encrypts a message with this public key and sends the resulting one A ciphertext to A. A can now receive the ciphertext received with his private Decrypt the key. The general concept of public encryption Keys come to a proposal from Diffie and Hellman in 1976 back.

In addition to using the key pair to encrypt messages the key pair of public and private keys also as a digital signature be used. A simple implementation of a digital signature is that the role of public and private keys is reversed. A provides a message or its hash value with its private key, B can, according to Er hold the message with A's public key to check if the message signed with A's private key. This must go without saying Lich be sure that the private key can not be reconstructed.

Important requirement when using cryptographic methods with public keys is the secrecy of the private key. Because for one secure communication it is just necessary to exchange messages that the encryption method and the sizes used are generally known  are so that security is based solely on ignorance of the private Key is based.

A key operation when using cryptographic methods with public Public keys are the exponentiation of natural numbers. For example ver apply the procedure of R. L. Rivest, A. Shamier and L. Adle, which is common as RSA one from 1978 and the method proposed by El Gamal from the 1985 the exponentiation with very large natural numbers for ver and ent encryption.

In addition to using natural numbers modulo a prime number that turns out to be Let elements be taken up by finite prime bodies, the points have proven successful consider elliptic curves over finite fields; these points are solutions an equation. Of particular interest are the Galois fields GF (p), where p is a large prime number and GF (2 ^ k). The advantage of using ellip tical curves over finite fields is that for comparable cryptographi security can be worked with significantly shorter keys; this has then generally significantly shorter computing times. Especially for GF (2 ^ k) is a further acceleration by using specific hardware, such as shift registers Linear feedback possible.  

Mathematically, an elliptic curve is a commutative Group, this becomes an additional point to the solution points of the equation, the neutral element of addition, added. When calculating with points an elliptic curve is between the addition of two different points and to distinguish the doubling of a point, since they are differentiated by different ver driving can be realized. Under a scalar multiplication, a multiple ad dition of a point of the elliptic curve understood to itself.

As a rough rule it can be stated that in a cryptographic process when using points of an elliptic curve, the scalar multiplication replaces the exponentiation of natural numbers.

It follows from the above that for the central operations at cryptographi procedures with public keys, the calculations quickly and in advance handles must be carried out safely.

A possible attack against a device is the so-called power attack. at During this attack, the attacker tries to gain knowledge of the secret, especially of the obtain a private key by choosing power and / or power consumption records the calculation of a signature or the encryption or decryption. The current and / or power consumption of the device provide information about the performed operations that allow conclusions to be drawn about the operands. With help  of the program code, the attacker is then able to parts of the numbers used and decrypt data.

As a countermeasure to ward off these power attacks, one was suggested To use program code, the random and not necessary for the calculation lack executes. For example, multiple jump commands can occur that un depending on the values to be kept secret, disguise the relevant commands, so that the signals measured during a power attack have no information about the ge deliver sizes to be kept. A disadvantage of this method, however, is that here is slowed down by the calculation. For an acceptable system response time So shorter keys must be used, so that security is reduced.

From the US patent is to be avoided the use of short keys US 5,999,627 a fast exponentiation method for cryptographic ver drive with public keys known. With this procedure values are given calculated and stored in a memory. The result is calculated products of the values stored in the memory. The procedure is implemented by starting with a starting value, alternating this value with a precalculation multiplied neten value and then squared the value thus obtained. Around The process according to US Pat. No. 5,999,627 allows the process to run as efficiently as possible  multiplied as often as possible with the neutral element, since such ope rations do not have to be carried out.

A transfer of the method to elliptic curves is possible, replacing the Addition of points the multiplication in the method according to US 5,999,627. however are the algorithms for doubling or adding two points on an ellipti curve so different that power attack measurements can be concluded that can be added or doubled. This will keep the secret scalar multiplier partially accessible to the attacker. An estimate shows that using the method according to US 5,999,627 approximately 25% of the binary make the number to be kept secret accessible by a single power attack. The speed advantage resulting from the most frequent addition with the neutral element, becomes a major security problem.

EP 0 874 307 describes a method for the accelerated multiplication of a point an elliptic curve with a natural number k is known. Here the number k stored as a binary vector in a register. Depending on whether a binary digit has the value zero or one, the coordinates of the point P are added or multiplied. When used for cryptographic processes, it is disadvantageous here that depending on the numbers to be kept secret, the calculation branches, so that it is accessible to an attacker.  

EP 1 014 617 describes a method for calculating a dot product on an el known liptic curve. Depending on the Bi närdarstellung a multiplier branches, so that this method no si Calculation with sizes to be kept secret allowed.

The invention has for its object to provide a method that fast and safe calculation of sizes to be kept secret allowed.

The object of the invention is achieved by a method for calculating a digital signal value for a cryptographic method using an electronic computer. The method according to the invention is advantageous when using digital variables B, which can be represented as points of an elliptic curve over a finite field. The method calculates the quantity rB, i.e. the scalar product from a base point B and a natural number r, with a data-independent current and / or power consumption. The program sequence can thus be regarded as execution invariant, because the sequence of the individual steps does not depend on the data to be kept secret. Let ( _n-1 , _n-2 ,..., ₀ ) be the binary representation of the natural number r with a bit length n. Furthermore, let h be a natural number with 1 ≦ h <n, preferably a small number between 2 and 8. Let a be the smallest natural number with ha ≦ n, whereby by filling r with leading zeros it is achieved that ha = n.

In a first process step, 2 ^h values are precalculated and stored in a field C [f] in a memory. Let ( _h-1 , _h-2 ,..., ₀ ) be the binary representation of f. The precalculated values of the field C [f] all values of f with 0 ≦ f <2 ^{h are} calculated:

Here "⊕" stands for the group addition of the points on the elliptic curve.

In a second process step, a values g _{j are} calculated with 0 ≦ j <a:

In the third process step, size D is calculated:

The size rB to be calculated is given by

From the definition of the field C it is clear that the group element B is always independent depending on the values f is added. The addition of element B to each Value in field C causes the value to be added when the product rB is executed D is added, which must then be subtracted again. For subtraction of the value D, i.e. for the addition of the inverse element of D, is the sign "⊖". Since element B is always added, in the course of the calculation at Access to field C never uses the neutral element. The presented ver driving is therefore safe from the power attack described above, because of the always same order of addition and duplication cannot be secret holding numerical value can be closed. Of course, the fiction moderate method also with elements of other commutative groups, preferably also with hyperelliptic curves.

If the method according to the invention is implemented on a smart card, ent is a device that is secure against power attacks, for example for digital Signatures can be used.

Another particular advantage of the method according to the invention is that the calculation of the variable Z = rB can be carried out in a simple manner using the following loop:
Z = C [g _a-1 ];
for (j = a - 2; j <= 1; j--)
{
Z = Z ⊕ Z;
Z = Z ⊕ C [g _j ];
}
Z = Z ⊕ Z;
Z = Z ⊖ D;
Z = Z ⊕ C [g ₀ ].

In summary, the above pseudocode also clarifies the most important aspects of the interaction:

• - The calculation of the values g [i] must not go outside. At the hardware level this is implemented by means of a protection against eavesdropping on the data bus, the software under supports it through "execution invariant" programming, like the above pseu docode shows with its alternating addition and doubling.
• - Both addition and doubling must not be included in advance or in the after correlate with modular computing operations to be determined. this will realized by the method according to the invention in that r is chosen at random.
• - From a single elementary operation (especially modular multiplication tion) may not be deduced from any of the operands used. This  must be ensured by the hardware and is a basic requirement for the secure use of a cryptographic procedure.

Since an attack is possible without any problems if the data bus is intercepted can be considered suitable microcontrollers only those in which the Da tenbus is only accessible within the chip; essentially it is around the smart card processors. Furthermore is from security and speed a cryptographic coprocessor, which does the modular arithmetic performs. However, it is quite possible to use such processors with the same Si security precautions can also be used outside of smart cards.

The following is a cryptographic procedure using public keys explained on elliptic curves: Both users A and B is an elliptical Curve E and a base point F are known on this curve. For a secret key to generate sel, user A randomly selects a natural number v, where v is great. User A calculates vF element from E. The result vF becomes known made while keeping the number v secret. A second user B dials in random w and publish the result wF element from E. Both users are able to calculate a secret key P = vwF element E, because v (wF) = w (vF). Since v and w are kept secret, an attacker from vF and wF would have to Calculate numbers v and / or w. This is called the problem of the so-called discrete Logarithm denotes and is considered to be very difficult to solve. By protecting the  Smart card before power attacks will calculate the products vF and vwF before Attacks protected. Now that A and B have a common key, you can encrypted data are exchanged.

A procedure called "ECDSA" is usually used for the signature:
Let p be a prime number, the elliptic curve is defined by GF (p);
n be the order of the subgroup generated by the base point of the elliptic curve (for cryptographic applications mostly elliptical curves are used which only have a non-trivial subgroup. In these cases n is equal to the number of elements of the elliptical curve and thus has up to a maximum of one Make difference the same bit length as p, see Theorem von Hasse-Weil);
d is the private key.

The process has the following steps:

• 1. Determine the hash value m of a message to be signed,
• 2. determine k as a random number with 1 <k <n - 1,
• 3. Determine x and y coordinates (x, y) of G = kB, where B is the Ba as before sis point is
• 4. r = x mod n and  
• 5. s = (m + dr) / k mod n, where the signature consists of the pair (r, s).

The public point Q = dB is required for decoding. Essentially, the equation
(x, y) = ((m / s) P + (r / s) Q) (the scalar operations (m / s and r / s) are to be understood as mod n).

The signature is correct if x = r mod n.

The method according to the invention is used in step 3.

An example serves to illustrate the procedure with small numbers:
h = 3
n = 17
== <a = 6 (and ah = 18)

The values are in field C.
C [0] = B
C [1] = 2B
C [2] = (2 ^ 6 + 1) B = 65B
C [3] = (2 ^ 6 + 2) B = 66B
C [4] = (2 ^ 12 + 1) B = 4097B
C [5] = (2 ^ 12 + 2) B = 4098B
C [6] = (2 ^ 12 + 2 ^ 6 + 1) B = 4161B
C [7] = (2 ^ 12 + 2 ^ 6 + 2) B = 4162B
D calculates itself
D = (2 ^ 6 - 1) = 63B

The (random) multiplier r in binary representation (original with 17 bit):

r = 01110010101100111

supplemented with leading zeros (ah bit positions)

r = 001110000101100111 = 001110 000101 100111 = 14.2 ^ 12 + 5.2 ^ 6 + 39 = 57344 + 320 + 39 = 57703

r is divided into 3 groups, which give the g [i], whereby the (i + 1) th positions of the three blocks together give the 3 bits of the g [i]:
001 == <g [5] = 1
000 == <g [4] = 0
100 == <g [3] = 4
111 == <g [2] = 7
101 == <g [1] = 5
011 == <g [0] = 3

The calculation process now shows the intermediate steps:

Z: = C [1] = 2B

Z: = Z + Z = 4B
Z: = Z + C [0] = 4B + B = 5B

Z: = Z + Z = 10B
Z: = Z + C [4] = 10B + 4097B = 4107B

Z: = Z + Z = 8214B
Z: = Z + C [7] = 8214B + 4162B = 12376B

Z: = Z + Z = 24752
Z: = Z + C [5] = 24752B + 4098B = 28850B

Z: = Z + Z = 57700B

Z: = Z - D = 57700B - 63B = 57637B

Z: = Z + C [3] = 57638B + 66B = 57703B

In order for the procedure to run properly, a condition must be placed on r:
It must not be g [a - 1] = 0 and g [a - 2] = 1 at the same time, because then the first addition would add 2B to 2B.

A device for performing the method has a central processor unit, a memory, a data output and electrical contacts for creating an egg ner supply voltage. The processor unit loads in response to a start signal two binary signal sequences and a program for calculating the digital signal value from the two bit sequences into the processor unit and executes the loaded program for calculating K from such that from the outside only a substantially of the data to be kept secret independent value for the current and power consumption acceptance is noticeable. It is achieved with the inventive method that the Current consumption during the relevant calculations, in particular addition and doubling points on the elliptic curve, no correlation to that has to be kept secret scalar factor. Through the interplay of processes sor unit and loaded program during the calculation with the secret key tending value remain the instruction sequences running in the processor unit with their Data hidden from the outside.

In one possible embodiment, the central processor unit and memory are in one integrated single chip. The entire device can be made out as a smart card leads, which is supplied with voltage via external contacts. Usually owns a smart card has an 8-bit microprocessor that has approximately 1280 bytes of RAM and about 32 kByte ROM and either with an EPROM or an EEPROM and with a crypto engine for fast calculation of modulo multiplications is led. Of course, smart cards can also have other capacities  be used. The smart card is supplied with power by plugging it in into the reader. The secret calculation of digital sizes is with smart cards of particular importance, because the readers are usually not subject to the Control of the cardholder and can therefore be used by third parties for attacks the power attack as a non-destructive attack on the card big can be repeated many times.

The smart card memory contains one or more programs for locking or unlocking encryption of digital data and / or for signing digital data according to a or several cryptographic methods based on data stored in memory access. The loaded program performs the scalar multiplication of a point an elliptic curve with a natural number.

Claims (2)

1. Method for calculating a scalar product from a natural number r and a point B of an elliptic curve for a cryptographic application, in which the scalar product is calculated by an electronic computer with a processor with essentially data-independent current and / or power consumption of the processor, characterized by the following process steps:

• - let ( _n-1 , _n-2 ,..., ₀ ) be the binary representation of the natural number r, let h be a natural number with 1 ≦ h <n and let a be a natural number with ha = n, where r is filled with leading zeros,
• - In a first method step, a total of 2 ^h values are calculated and stored in a field C [f], where ( _h-1 , _h-2 ,..., ₀ ) is the binary representation of f and the values of the field C [f] can be calculated for all values of f with 0 ≦ f <2 ^h :
  
• - In a second process step, a-quantities g _j with 0 ≦ j <a are calculated with the following values:
  
• - In a third method step, an element D is calculated:
  
• - In a fourth process step, the scalar product rB to be calculated for the cryptographic process is obtained
  

2. The method according to claim 1, characterized in that the method on a Microprocessor of a smart card expires.