Cryptographic device and an encoding device
First Claim
1. A cryptographic device arranged to compute (ƒ
-
K(M)) a key (K)-dependent cryptographic function (ƒ
) for an input message (M), the cryptographic device comprisinga data store arranged to store multiple variables (w) on which the cryptographic device acts to compute the cryptographic function, a table store storing multiple look-up tables, the multiple look-up tables together forming a table network implementing the cryptographic function, and a control unit configured to apply the cryptographic function to the input message by applying the multiple look-up tables to the variables represented in the data store, characterized in thata variable (w) is distributed over multiple shares (wj) and represented in the data store as multiple encoded shares (xj), an encoded share being an encoding (xj=Encj(wj,sj) of a share (wj) together with a state (sj), the multiple states (sj) corresponding to the same variable (w) having a relationship with the input message (M) so that there exists an injective mapping (Σ
) from the input message (M) to the multiple states (Σ
(M)=s0, . . . , sn−
1)), anda look-up table takes as input one or more encoded shares of one or more variables, the table network performing operations on the multiple shares (wj) of the encoded variable (W) and simultaneously performing redundant operations on the multiple states (sj) maintaining an injective mapping from the input message (M) to the multiple states.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic device (200) is provided to compute a key dependent cryptographic function for an input message. The cryptographic device has a data store arranged to store multiple variables (w) on which the cryptographic device acts to compute the cryptographic function, a variable (w) being distributed over multiple shares (wj) and represented in the data store as multiple encoded shares (xj), an encoded share being an encoding (xj=Encj (wj, sj)) of a share (wj) together with a state (sj), the multiple states (sj) corresponding to the same variable (w) having a relationship with the input message (M) so that there exists an injective mapping (Σ) from the input message (M) to the multiple states (Σ(M)=(s0, . . . , sn−1)).
-
Citations
14 Claims
-
1. A cryptographic device arranged to compute (ƒ
-
K(M)) a key (K)-dependent cryptographic function (ƒ
) for an input message (M), the cryptographic device comprisinga data store arranged to store multiple variables (w) on which the cryptographic device acts to compute the cryptographic function, a table store storing multiple look-up tables, the multiple look-up tables together forming a table network implementing the cryptographic function, and a control unit configured to apply the cryptographic function to the input message by applying the multiple look-up tables to the variables represented in the data store, characterized in that a variable (w) is distributed over multiple shares (wj) and represented in the data store as multiple encoded shares (xj), an encoded share being an encoding (xj=Encj(wj,sj) of a share (wj) together with a state (sj), the multiple states (sj) corresponding to the same variable (w) having a relationship with the input message (M) so that there exists an injective mapping (Σ
) from the input message (M) to the multiple states (Σ
(M)=s0, . . . , sn−
1)), anda look-up table takes as input one or more encoded shares of one or more variables, the table network performing operations on the multiple shares (wj) of the encoded variable (W) and simultaneously performing redundant operations on the multiple states (sj) maintaining an injective mapping from the input message (M) to the multiple states. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 12)
-
K(M)) a key (K)-dependent cryptographic function (ƒ
-
8. An encoding device for encoding an input message (M), the encoding device comprising
a receiving unit for receiving the input message (M), the input message comprising multiple input parts (M=(m0, m1, . . . )), and an encoding unit, characterized in that the encoding unit is arranged to, for each part (mi) of the input message (M) distribute the part (mi) of the input message (M) into multiple shares by applying multiple distribution functions (hij) to the input message to obtain the multiple shares (wij=hij(M)), wherein a combining function applied to the distribution functions (hij) equals the part (mi) of the input message (M) (d(hi0, . . . , hin− - 1)(M)=mi;
Σ
jhij(M)=mi)apply an injective mapping (Σ
i) from the input message (M) to obtain multiple states (sij), the number of multiple shares and multiple states being the sameencoding each share of the multiple shares together with a corresponding state of the multiple states, obtaining multiple encoded shares (xij) representing the part (mi). - View Dependent Claims (9)
- 1)(M)=mi;
-
11. A cryptographic method arranged to compute (ƒ
-
K(M)) a key (K)-dependent cryptographic function (ƒ
) for an input message (M), the cryptographic method comprisingstoring multiple variables (w) on which the cryptographic device acts to compute the cryptographic function, storing multiple look-up tables, the multiple look-up tables together forming a table network implementing the cryptographic function, and applying the cryptographic function to the input message by applying the multiple look-up tables to the variables represented in the data store, characterized in that a variable (w) being distributed over multiple shares (wj) and represented in the data store as multiple encoded shares (xj), an encoded share being an encoding (xj=Encj(wj,sj) of a share (wj) together with a state (sj), the multiple states (sj) corresponding to the same variable (w) having a relationship with the input message (M) so that there exists an injective mapping (Σ
) from the input message (M) to the multiple states (Σ
(M)=(s0, . . . , sn−
1)),a look-up table taking as input one or more encoded shares of one or more variables, the table performing operations on the multiple shares (wj) of the encoded variable (w) and simultaneously performing redundant operations on the multiple states (sj) maintaining an injective mapping from the input message (M) to the multiple states. - View Dependent Claims (13, 14)
-
K(M)) a key (K)-dependent cryptographic function (ƒ
Specification