Cryptographic computation using masking to prevent differential power analysis and other attacks
First Claim
1. A method for performing a cryptographic operation on a message, comprising:
- (a) generating initial unpredictable information;
(b) using said initial unpredictable information, transforming an initial secret quantity into a plurality of randomized quantities having a predetermined logical relationship thereamong; and
(c) performing a first step of said operation involving said randomized quantities in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P{K1} XOR K2P {K2} equals the “standard” DES key K, and M1P{M1} XOR M2P{M2} equals the “standard” message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.
-
Citations
40 Claims
-
1. A method for performing a cryptographic operation on a message, comprising:
-
(a) generating initial unpredictable information;
(b) using said initial unpredictable information, transforming an initial secret quantity into a plurality of randomized quantities having a predetermined logical relationship thereamong; and
(c) performing a first step of said operation involving said randomized quantities in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for performing a cryptographic operation on a message using a key, comprising:
-
(a) using unpredictable information, transforming said message into a plurality of message portions having a predetermined logical relationship thereamong;
(b) using unpredictable information, transforming said key into a plurality of key portions having a predetermined logical relationship thereamong;
(c) performing a first step of said cryptographic operation on said message portions using said key portions in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device;
(d) updating at least one of said plurality of message portions with unpredictable information;
(e) updating at least one of said plurality of key portions with unpredictable information;
(f) performing at least a second step of said cryptographic operation on said message portions using said key portions in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device; and
(g) returning a cryptographic result. - View Dependent Claims (19, 20, 21)
-
-
22. A cryptographic processing device for performing a cryptographic operation in a manner resistant to discovery of a secret quantity by external monitoring, comprising:
-
(a) an untrusted input for electrical power, from which the device'"'"'s power consumption can be measured;
(b) a secure memory containing at least a representation of said secret quantity;
(c) a source of unpredictable information for transforming said secret quantity into a plurality of randomized quantities having a predetermined logical relationship thereamong;
(d) an input/output interface;
(e) a processor connected to said memory, configured to perform cryptographic transformations on randomized forms of data received via said interface using randomized forms of said secret quantity. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A method for performing a symmetric cryptographic operation using a secret key with resistance to external monitoring attacks, comprising:
-
(a) obtaining an input message;
(b) generating initial unpredictable information;
(c) combining said key, said message, and said unpredictable information;
(d) deriving a result, where;
(i) said result is a predefined function of said input message and of said key, and (ii) said result is independent of said unpredictable information; and
(e) producing a response based on said result. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A device for performing keyed cryptographic operations, comprising:
-
(a) a keyed processing unit, configured to (i) obtain a representation of a secret parameter encoded as a first plurality of parameters, (ii) receive an input datum, (iii) perform a cryptographic operation upon said input datum using said plurality of parameters, and (iv) transmit the result of said cryptographic operation; and
(b) a key update unit, configured to (i) obtain said encoded representation of said secret parameter, (ii) obtain a blinding factor, (iii) produce from said first plurality of parameters and said blinding factor a second plurality of parameters where (1) a mathematical relationship exists between said second plurality of parameters and said first plurality of parameters; and
(2) said second plurality of parameters is different from said first plurality of parameters - View Dependent Claims (34, 35, 36)
-
-
37. A method for reducing the correlation between physical attributes of a cryptographic system and the values of secret parameters being manipulated during a cryptographic operations, by masking a table lookup operation, consisting of the following steps:
-
(a) receiving a representation of a lookup table for use in said table lookup operation;
(b) receiving input and output masking parameters corresponding to said received table representation;
(c) obtaining some unpredictable information;
(d) deriving a transformed representation of said lookup table from said received lookup table and said unpredictable information;
(e) deriving new input and output masking parameters corresponding to said transformed representation of said table;
(f) storing said transformed lookup table and said input and output masking parameters in a memory; and
(g) using said transformed table in a cryptographic computation. - View Dependent Claims (38, 39)
-
-
40. A method for transforming data in a smartcard using the Data Encryption Standard with a secret key, comprising the steps of:
-
(a) receiving a representation of a message;
(b) combining at least a portion of said message representation with at least a portion of a representation of said key to produce a DES intermediate representation;
(c) producing from said DES intermediate an index to an S operation, where said index is a representation of a traditional 6-bit S table input;
(d) performing an S operation, producing an S result in an expanded representation for which the Hamming Weight of said S result is independent of the value of said S table input;
(e) combining the result of said S operation with said DES intermediate to produce a new DES intermediate representation;
(f) repeating steps (c) through (e) a plurality of times; and
(g) converting the final DES intermediate representation into a DES result, where said DES result is a representation of the result of applying the DES standard to said message with said secret key.
-
Specification