[go: up one dir, main page]

GB2399904B - Side channel attack prevention in data processing apparatus - Google Patents

Side channel attack prevention in data processing apparatus

Info

Publication number
GB2399904B
GB2399904B GB0307197A GB0307197A GB2399904B GB 2399904 B GB2399904 B GB 2399904B GB 0307197 A GB0307197 A GB 0307197A GB 0307197 A GB0307197 A GB 0307197A GB 2399904 B GB2399904 B GB 2399904B
Authority
GB
United Kingdom
Prior art keywords
data processing
base
mod
multiplying
exponent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
GB0307197A
Other versions
GB2399904A (en
GB0307197D0 (en
Inventor
John Patrick Nonweiler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sharp Corp
Original Assignee
Sharp Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sharp Corp filed Critical Sharp Corp
Priority to GB0307197A priority Critical patent/GB2399904B/en
Publication of GB0307197D0 publication Critical patent/GB0307197D0/en
Priority to JP2004097245A priority patent/JP2004304800A/en
Publication of GB2399904A publication Critical patent/GB2399904A/en
Application granted granted Critical
Publication of GB2399904B publication Critical patent/GB2399904B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/723Modular exponentiation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7233Masking, e.g. (A**e)+r mod n
    • G06F2207/7247Modulo masking, e.g. A**e mod (n*r)
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7257Random modification not requiring correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

A data processing unit is provided that performs a modular exponentiation operation of the form m<d> mod N, having base (or plaintext) m, exponent d and modulus N. The data processing unit has a base blinding unit that modifies the base before the exponentiation operation such that the output of the modulus operation is unaffected. This is done by generating an integer k, multiplying k by N and adding this result to the base m. This has the effect of randomising the time that the encryption process takes such that the amount of useful side channel information leaked is reduced. The integer k could be generated by a random number generator so as to make the blinding random. Also the exponent blinding could be used, by multiplying the exponent d by the Euler totient function of N. The modulus could also be blinded, by multiplying N by an integer j to give W, then performing the modular exponentiation operation as (m<d> mod W) mod N. The operation can be part of an RSA cryptographic algorithm. The embodiment given is as used on a smart card.
GB0307197A 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus Expired - Fee Related GB2399904B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0307197A GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus
JP2004097245A JP2004304800A (en) 2003-03-28 2004-03-29 Prevention of side channel attacks in data processing equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0307197A GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus

Publications (3)

Publication Number Publication Date
GB0307197D0 GB0307197D0 (en) 2003-04-30
GB2399904A GB2399904A (en) 2004-09-29
GB2399904B true GB2399904B (en) 2005-08-17

Family

ID=9955744

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0307197A Expired - Fee Related GB2399904B (en) 2003-03-28 2003-03-28 Side channel attack prevention in data processing apparatus

Country Status (2)

Country Link
JP (1) JP2004304800A (en)
GB (1) GB2399904B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10977365B2 (en) 2017-07-25 2021-04-13 Stmicroelectronics (Rousset) Sas Protection of an iterative calculation against horizontal attacks

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2888690A1 (en) * 2005-07-13 2007-01-19 Gemplus Sa CRYPTOGRAPHIC PROCESS FOR THE SECURE IMPLEMENTATION OF AN EXPONENTIATION AND ASSOCIATED COMPONENT
FR2898199A1 (en) * 2006-03-02 2007-09-07 Gemplus Sa METHOD OF SECURING THE EXECUTION OF A FOLLOWING LOGICALLY ENCHANCED STEPS
KR100940445B1 (en) 2007-11-20 2010-02-10 한국전자통신연구원 Hardware Subchannel Verification System
FR2926651B1 (en) * 2008-01-23 2010-05-21 Inside Contactless COUNTERMEASURE METHOD AND DEVICES FOR ASYMMETRIC CRYPTOGRAPHY
WO2010096902A1 (en) * 2009-02-27 2010-09-02 Certicom Corp. System and method for performing exponentiation in a cryptographic system
EP2365659B1 (en) * 2010-03-01 2017-04-12 Inside Secure Method to test the resistance of an integrated circuit to a side channel attack
DE102010039273B4 (en) * 2010-08-12 2014-12-04 Infineon Technologies Ag Cryptography processor, smart card and method of calculating a result of exponentiation
DE102010064578B3 (en) * 2010-08-12 2015-12-10 Infineon Technologies Ag Cryptography processor, smart card and method of calculating a result of exponentiation
US10594471B2 (en) 2015-03-20 2020-03-17 Cryptography Research, Inc. Multiplicative blinding for cryptographic operations
AT517983B1 (en) * 2015-11-18 2018-11-15 Siemens Ag Oesterreich Protection of a computer system against side channel attacks
FR3055436A1 (en) 2016-08-23 2018-03-02 Stmicroelectronics (Rousset) Sas PROTECTION OF A MODULAR CALCULATION
FR3055437A1 (en) * 2016-08-23 2018-03-02 Stmicroelectronics (Rousset) Sas PROTECTION OF A MODULAR EXPONENTIATION CALCULATION
CN109039590A (en) * 2017-06-09 2018-12-18 深圳九磊科技有限公司 Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack
EP3698262B1 (en) * 2017-10-18 2023-08-02 Cryptography Research, Inc. Protecting modular inversion operation from external monitoring attacks
EP3579492A1 (en) 2018-06-08 2019-12-11 STMicroelectronics (Rousset) SAS Protection of an iterative calculation
EP3579493A1 (en) 2018-06-08 2019-12-11 STMicroelectronics (Rousset) SAS Protection of an iterative calculation
FR3094522B1 (en) 2019-03-29 2021-11-19 St Microelectronics Rousset Protection of an iterative calculation
CN110730072B (en) * 2019-10-22 2023-02-03 天津津航计算技术研究所 Side channel attack resisting method for RSA password application
US20250379734A1 (en) * 2024-06-05 2025-12-11 Shubham P. Ladhe Enhanced RSA Algorithm Using Transform Function

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035782A1 (en) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks
WO1999035782A1 (en) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Finding a small root of a univariate modular equation Coppersmith D Proceedings, Advances in Cryptology - EUROCRYPT '96, Saragossa, Sphttp://dsns.csie.nctu.edu.tw/ research/crypto/HTML/PDF/E96/155.PDF *
Universal padding schemes for RSA Coron J et al. 22nd Annual International Cryptology Conference 18-22 Aug. 2002 . Proceedings (Lecture Notes in Computer Science Vol.2442), pages 226 - 241 ISBN 3-540-44050-X http://www.gemplus.com/smart/r_d/publications/pdf/CJNP02pd.pdf *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10977365B2 (en) 2017-07-25 2021-04-13 Stmicroelectronics (Rousset) Sas Protection of an iterative calculation against horizontal attacks

Also Published As

Publication number Publication date
GB2399904A (en) 2004-09-29
JP2004304800A (en) 2004-10-28
GB0307197D0 (en) 2003-04-30

Similar Documents

Publication Publication Date Title
GB2399904B (en) Side channel attack prevention in data processing apparatus
US7162033B1 (en) Countermeasure procedures in an electronic component implementing an elliptical curve type public key encryption algorithm
KR100720726B1 (en) Security maintenance system using RSA algorithm and method
US8280041B2 (en) Chinese remainder theorem-based computation method for cryptosystems
JP2001324925A5 (en)
US20080240443A1 (en) Method and apparatus for securely processing secret data
WO1998024205A1 (en) 32n + d bit key encryption-decryption system using chaos
JP7123959B2 (en) Elliptic curve point multiplication device and method
EP1248409A3 (en) Attack-resistant cryptographic method and apparatus
KR20150107784A (en) Cryptography method comprising an operation of multiplication by a scalar or an exponentiation
US9680647B2 (en) Method of using a token in cryptography
US6898284B2 (en) Cryptographic identification and digital signature method using efficient elliptic curve
US8102998B2 (en) Method for elliptic curve scalar multiplication using parameterized projective coordinates
DE50108011D1 (en) CRYPTOGRAPHIC PROCESS AND CRYPTOGRAPHIC DEVICE
KR101990861B1 (en) Non-modular multiplier, method for non-modular multiplication and computational device
EP1553720B1 (en) Modular exponentiation method in decryption or signature generation
JP2005195829A5 (en)
JP2009500710A (en) Apparatus and method for protecting a data processing device against attack or analysis
US20050152539A1 (en) Method of protecting cryptographic operations from side channel attacks
CN101107807B (en) Method and apparatus for performing cryptographic calculations
RU2071180C1 (en) Public-key method for message encryption and device which implements said method
Shams et al. Cryptosystem an Implementation of RSA using Verilog
CN104125061A (en) RSA encryption algorithm based attack defending method applied to electronic component
Sakai et al. Simple power analysis on fast modular reduction with NIST recommended elliptic curves
JPH11296075A (en) Message encoding method and deciphering device

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20160328