Calculating unit and method for performing an arithmetic operation with encrypted operands

US 20050036618A1
Filed: 07/16/2004
Published: 02/17/2005
Est. Priority Date: 01/16/2002
Status: Active Grant

First Claim

Patent Images

1. A calculating unit for performing an operation on operands, wherein at least one of the operands is encrypted using an encryption algorithm and an encryption parameter so as to obtain an encrypted result of the operation, the calculating unit comprising:

a processing unit having an input for an operand or a negated version of the operand, an input for the at least one encrypted operand or a negated version of the at least one encrypted operand, having an input for the encryption parameter with which the at least one operand is encrypted, and having an output for the encrypted result, the processing unit being formed to perform one or several mathematical sub-operations which together result in a ciphertext calculating specification derived from a clear-text calculating specification for the operation with non-encrypted operands such that the non-encrypted operand is replaced, in the clear-text calculating specification from which the at least one encrypted operand results, by a mathematical combination of the at least one encrypted operand and the encryption parameter, the mathematical combination being a reversal of the encryption algorithm, and the clear-text calculating specification being transformed, due to the mathematical combination, into the one or several mathematical sub-operations representing the ciphertext calculating specification, which mathematical sub-operations obtain, as an input quantity, merely the encrypted operand or a negated version of same, or a combination of the encrypted operand or of the negated version of the encrypted operand with the other operands.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A calculating unit for performing an arithmetic operation with at least two operands, the at least two operands being encrypted, includes an arithmetic-logic unit with a first input for the first encrypted operand, a second input for the second encrypted operand, a third input for an encryption parameter and an output for an encrypted result of the operation, the arithmetic-logic unit being formed so as to operate on the first input, the second input and the third input by means of arithmetic sub-operations, while considering the type of encryption of the operands, such that at the output, an encrypted result is obtained which equals a value that would be obtained if the first operand was subjected to the arithmetic operation in a non-encrypted state and if the second operand would be subjected to the arithmetic operation in a non-encrypted state, and a result obtained was subsequently encrypted, no decryption of the operands being performed in the arithmetic-logic unit. In this manner, a processor system may be obtained in which no data whatsoever occurs in clear text, i.e. in a non-encrypted form, since no decryption upstream of an arithmetic-logic unit and no encryption downstream of the arithmetic-logic unit are required, as the arithmetic-logic unit operates with encrypted input operands to obtain an encrypted result. Interception attacks on transmission lines of the calculating unit are thus ruled out.

41 Citations

View as Search Results

37 Claims

1. A calculating unit for performing an operation on operands, wherein at least one of the operands is encrypted using an encryption algorithm and an encryption parameter so as to obtain an encrypted result of the operation, the calculating unit comprising:
- a processing unit having an input for an operand or a negated version of the operand, an input for the at least one encrypted operand or a negated version of the at least one encrypted operand, having an input for the encryption parameter with which the at least one operand is encrypted, and having an output for the encrypted result, the processing unit being formed to perform one or several mathematical sub-operations which together result in a ciphertext calculating specification derived from a clear-text calculating specification for the operation with non-encrypted operands such that the non-encrypted operand is replaced, in the clear-text calculating specification from which the at least one encrypted operand results, by a mathematical combination of the at least one encrypted operand and the encryption parameter, the mathematical combination being a reversal of the encryption algorithm, and the clear-text calculating specification being transformed, due to the mathematical combination, into the one or several mathematical sub-operations representing the ciphertext calculating specification, which mathematical sub-operations obtain, as an input quantity, merely the encrypted operand or a negated version of same, or a combination of the encrypted operand or of the negated version of the encrypted operand with the other operands.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The calculating unit as claimed in claim 1, wherein the operands are numbers, and wherein the at least one operand is encrypted in a bitwise manner.
  - 3. The calculating unit as claimed in claim 1, wherein the encryption algorithm comprises an XOR operation or an XNOR operation of the operand on a key as an encryption parameter.
  - 4. The calculating unit as claimed in claim 1, wherein the encryption parameter is variable.
  - 5. The calculating unit as claimed in claim 1, wherein the operation is a multiplexer operation for selecting one or several input signals as one or several output signals, a number of the one or several output signals being smaller than a number of the one or several input signals, the at least one encrypted operand being the control signal.
  - 6. The calculating unit as claimed in claim 5, wherein the operation is a 2:
    - 1 multiplexer operation, and wherein the processing unit is formed to implement a calculating specification given by the following equation;
      
      $2; 1 MUX; m^{'} = b^{'} \cdot x^{'} \cdot k + a^{'} \cdot {\overline{x}}^{'} \cdot k + a^{'} \cdot x^{'} \cdot \overline{k} + b^{'} \cdot {\overline{x}}^{'} \cdot \overline{k}$ wherein m′
      
      is an encrypted output signal, wherein a′
      
      is a first encrypted input signal, and b′
      
      is a second encrypted input signal, wherein x′
      
      is an encrypted control signal, and wherein k is an encryption parameter.
  - 7. The calculating unit as claimed in claim 6, which comprises the following for performing the mathematical sub-operations:
    - a first inverter for negating the encryption parameter;
      
      a second inverter for inverting the encrypted control signal;
      
      first, second, third and fourth AND gates; and
      
      an OR gate for ORing output signals of the first to fourth AND gates to obtain the output signal.
  - 8. The calculating unit as claimed in claim 5, wherein the operation is a 3:
    - 1 multiplexer operation, wherein the control signal comprises two encrypted bits x′
      
      , y′
      
      , and wherein the processing unit is formed to implement the following calculating specification;
      
      $3; 1 MUX; m^{'} = c^{'} \cdot x^{'} \cdot {\overline{y}}^{'} \cdot k + b^{'} \cdot {\overline{x}}^{'} \cdot y^{'} \cdot k + c^{'} \cdot {\overline{x}}^{'} \cdot y^{'} \cdot \overline{k} + b^{'} \cdot x^{'} \cdot {\overline{y}}^{'} \cdot \overline{k} + a^{'} \cdot x^{'} \cdot y^{'} + a^{'} \cdot {\overline{x}}^{'} \cdot {\overline{y}}^{'}$ wherein m′
      
      is the encrypted output signal, wherein a′
      
      , b′
      
      , c′
      
      are the first, second and third encrypted input signals, respectively, wherein x′
      
      is the first encrypted bit of the control signal, wherein y′
      
      is the second encrypted bit of the control signal, and wherein k is the encryption parameter for encrypting the first and second control signals.
  - 9. The calculating unit as claimed in claim 5, wherein the operation is a 4:
    - 1 multiplexer operation, wherein the control signal comprises two encrypted bits x′
      
      , y′
      
      , and wherein the processing unit is formed to implement the following calculating specification;
      
      $4; 1 MUX; m^{'} = d^{'} \cdot {\overline{x}}^{'} \cdot {\overline{y}}^{'} \cdot k + c^{'} \cdot x^{'} \cdot {\overline{y}}^{'} \cdot k + b^{'} \cdot {\overline{x}}^{'} \cdot y^{'} \cdot k + a^{'} \cdot x^{'} \cdot y^{'} \cdot k + d^{'} \cdot x^{'} \cdot y^{'} \cdot \overline{k} + c^{'} \cdot {\overline{x}}^{'} \cdot y^{'} \cdot \overline{k} + b^{'} \cdot x^{'} \cdot {\overline{y}}^{'} \cdot \overline{k} + a^{'} \cdot {\overline{x}}^{'} \cdot {\overline{y}}^{'} \cdot k$ wherein m′
      
      is the encrypted output signal, wherein a′
      
      , b′
      
      , c′
      
      , and d′
      
      are first, second, third, and fourth encrypted input signals, respectively, wherein x′
      
      is the first encrypted bit of the control signal, wherein y′
      
      is the second encrypted bit of the control signal, and wherein k is the encryption parameter for encrypting the first and second bits of the control signal.
  - 10. The calculating unit as claimed in claim 1, wherein the operation is an arithmetic operation on at least two operands, the encrypted operand being one of the operands on which the arithmetic operation may be performed.
  - 11. The calculating unit as claimed in claim 10, wherein the further operand(s) on which the operation may be performed is, or are, encrypted as well.
  - 12. The calculating unit as claimed in claim 11, wherein the arithmetic operation is an XOR operation, wherein the encrypted operands are binary and are, for encryption, XORed with a key in a bitwise manner, and wherein the arithmetic-logic unit comprises the following for performing the arithmetic sub-operations:
    - an XOR operation means for operating on the first encrypted operand, the second encrypted operand and the key to obtain the encrypted result.
  - 13. The calculating unit as claimed in claim 11, wherein the arithmetic operation is an AND operation, wherein the operands are binary and are, for encryption, XORed with a key in a bitwise manner, and wherein the arithmetic-logic unit comprises the following for performing the arithmetic sub-operations:
    - an AND operation means for operating on the first encrypted operand and the second encrypted operand to obtain a first intermediate result;
      
      a further AND operation means for operating on the first encrypted operand and the key to obtain a second intermediate result;
      
      a further AND operation means for operating on the encrypted second operand and the key to obtain a third intermediate result;
      
      an OR operation means for operating on the first intermediate result and the second intermediate result to obtain a fourth intermediate result;
      
      an OR operation means for operating on the second intermediate result and the fourth intermediate result to obtain the encrypted result.
  - 14. The calculating unit as claimed in claim 11, wherein the arithmetic operation is an OR operation, wherein the operands are binary and are, for encryption, XORed with a key (k) in a bitwise manner, and wherein the arithmetic-logic unit comprises the following for performing the arithmetic sub-operations:
    - negation means for negating the key (k) to obtain a negated key;
      
      first AND operation means for operating on the encrypted first operand and the negated key to obtain a first intermediate result;
      
      second AND operation means for operating on the second encrypted operand and the negated key to obtain a second intermediate result;
      
      third AND operation means for operating on the first encrypted operand and the second encrypted operand to obtain a third intermediate result;
      
      first OR operation means for operating on the first intermediate result and the second intermediate result to obtain a fourth intermediate result;
      
      second OR operation means for operating on the third intermediate result and the fourth intermediate result to obtain the encrypted result of the arithmetic operation.
  - 15. The calculating unit as claimed in claim 11, wherein the arithmetic operation is a NOR operation, wherein the operands are binary and, for encryption, are XORed with a key in a bitwise manner, and wherein the arithmetic-logic unit comprises the following for performing the arithmetic sub-operations:
    - first AND operation means for operating on the first encrypted operand and the second encrypted operand to obtain a first intermediate result;
      
      first negation means for negating the first intermediate result to obtain a negated first intermediate result;
      
      second negation means for negating the second encrypted operand to obtain a negated second encrypted operand;
      
      second AND operation means for operating on the negated second operand and the key to obtain a second intermediate result;
      
      third negation means for negating the first encrypted operand to obtain a negated first encrypted operand;
      
      third AND operation means for operating on the negated encrypted first operand and the key to obtain a third intermediate result;
      
      first OR operation means for operating on the negated first intermediate result and the second intermediate result to obtain a fourth intermediate result; and
      
      second OR operation means for operating on the third intermediate result and the fourth intermediate result to obtain the encrypted result of the arithmetic operation.
  - 16. The calculating unit as claimed in claim 11, wherein the arithmetic operation is a NAND operation, wherein the operands are binary and, for encryption, are XORed with a key in a bitwise manner, and wherein the arithmetic-logic unit comprises the following for performing the arithmetic sub-operations:
    - first AND operation means for operating on the first encrypted operand and the second encrypted operand to obtain a first intermediate result;
      
      first negation means for negating the first intermediate result to obtain a negated first intermediate result;
      
      second AND operation means for operating on the second encrypted operand and the key to obtain a second intermediate result;
      
      second negation means for negating the second intermediate result to obtain a negated second intermediate result;
      
      third AND operation means for operating on the encrypted first operand and the key to obtain a third intermediate result;
      
      third negation means for negating the third intermediate result to obtain a negated third intermediate result;
      
      first OR operation means for operating on the negated first intermediate result and the negated second intermediate result to obtain a fourth intermediate result; and
      
      second OR operation means for operating on the fourth intermediate result and the third intermediate result to obtain an encrypted result of the arithmetic operation.
  - 17. The calculating unit as claimed in claim 11, wherein the arithmetic operation is an ADD operation, wherein the operands are binary and, for encryption, are XORed with a key in a bitwise manner, and wherein the arithmetic-logic unit comprises the following for performing the arithmetic sub-operations:
    - first AND operation means for operating on the first encrypted operand and the second encrypted operand to obtain a first intermediate result;
      
      second AND operation means for operating on the first encrypted operand and a third encrypted operand;
      
      third AND operation means for operating on the second encrypted operand and the third encrypted operand to obtain a third intermediate result;
      
      first OR operation means for operating on the first intermediate result and the second intermediate result to obtain a fourth intermediate result;
      
      second OR operation means for operating on the fourth intermediate result and the third intermediate result to obtain an encrypted carry of the arithmetic ADD operation.
  - 18. The calculating unit as claimed in claim 17, wherein the arithmetic operation is a NOT operation, and wherein the arithmetic-logic unit further comprises the following for performing the arithmetic sub-operations:
    - additional negation means for negating the encrypted carry to obtain the encrypted result of the NOT operation.
  - 19. The calculating unit as claimed in claim 11, wherein the first encrypted operand and the second encrypted operand are encrypted using two different encryption algorithms and/or encryption keys, and wherein the arithmetic-logic unit further comprises:
    - a further input for a further encryption parameter.
  - 20. The calculating unit as claimed in claim 1, wherein the arithmetic-logic unit is formed such that merely AND operation means and OR operation means having two inputs, respectively, are used.
  - 21. The calculating unit as claimed in claim 1, wherein at least two operands are encrypted, the first encrypted operand being encrypted with a first encryption algorithm and a first encryption parameter, the second operand being encrypted with a second encryption algorithm and a second encryption parameter, wherein the processing unit comprises a further input for the second encryption parameter, and wherein the ciphertext calculating specification is derived from the clear-text calculating specification such that the non-encrypted operand, which corresponds to the second encrypted operand, is replaced by a further mathematical combination of the second encrypted operand and the second encryption parameter, the further combination being a reversal of the second encryption algorithm.
  - 22. The calculating unit as claimed in claim 21, wherein the first and the second encryption algorithms are identical, and wherein the first and second encryption parameters are different.
  - 23. The calculating unit as claimed in claim 21, wherein a result of the operation is encrypted with a third encryption algorithm and a third encryption parameter, wherein the ciphertext calculating specification, which results from the plurality of mathematical sub-operations, is derived from the clear-text calculating specification for the operation with non-encrypted operands such that a non-encrypted result of the operation is replaced by a further mathematical combination of the non-encrypted result of the operation and the third encryption parameter.
  - 24. The calculating unit as claimed in claim 23, wherein the third encryption parameter is a combination of the first and second encryption parameters.
  - 25. The calculating unit as claimed in claim 24, wherein all encryption algorithms are given by an XOR operation, wherein the mathematical combinations are given by an XOR operation, and wherein the third encryption parameter is an XOR operation of the first and second encryption parameters.
  - 26. The calculating unit as claimed in claim 25, wherein the processing unit is formed to perform a plurality of mathematical sub-operations which are given by the following ciphertext calculating specification, respectively:
    - for an AND operation;
      
      AND;
      
      r^(k)←
      
      a⁽ⁱ⁾·
      
      b^(j)·
      
      {overscore (j)}+{overscore (a⁽ⁱ⁾)}·
      
      {overscore (b)}^(j)·
      
      j+{overscore (b)}^(j)·
      
      i·
      
      {overscore (j)};
      
      for an OR operation;
      
      OR;
      
      r^(k)←
      
      a⁽ⁱ⁾·
      
      {overscore (b)}⁽ⁱ⁾·
      
      {overscore (j)}+{overscore (a)}⁽ⁱ⁾·
      
      b^(j)·
      
      j+b⁽ⁱ⁾·
      
      {overscore (i)}·
      
      {overscore (j)}+{overscore (b)}^(j)·
      
      i·
      
      j for a NAND operation;
      
      NAND;
      
      r^(k)←
      
      {overscore (a)}⁽ⁱ⁾·
      
      b^(j)·
      
      {overscore (j)}+a⁽ⁱ⁾·
      
      {overscore (b)}⁽ⁱ⁾·
      
      j+b^(j)·
      
      i·
      
      j+{overscore (b)}^(j)·
      
      {overscore (i)}·
      
      {overscore (j)};
      
      for a NOR operation;
      
      NOR;
      
      r^(k)←
      
      {overscore (a)}⁽ⁱ⁾·
      
      {overscore (b)}^(j)·
      
      {overscore (j)}+a⁽ⁱ⁾·
      
      b^(j)·
      
      j+b^(j)·
      
      i·
      
      {overscore (j)}+{overscore (b)}^(j)·
      
      {overscore (i)}·
      
      j;
      
      for an XOR operation;
      
      XOR;
      
      r^(k)←
      
      a⁽ⁱ⁾⊕
      
      b^(j);
      
      for an XNOR operation;
      
      XNOR;
      
      r^(k)←
      
      {overscore (a)}⁽ⁱ⁾⊕
      
      b^(j);
      
      for a full adder function with the following aggregate bit;
      
      SUM;
      
      r^(k)←
      
      (a⁽ⁱ⁾⊕
      
      j)⊕
      
      (b^(j)⊕
      
      i)⊕
      
      c_in^(k);
      
      or for a full adder function with a carry bit;
      
      CARRY;
      
      r^(k)←
      
      (a⁽ⁱ⁾⊕
      
      j)·
      
      (b^(j)⊕
      
      i)+(a⁽ⁱ⁾⊕
      
      j)·
      
      c_in^(k)+(b^(j)⊕
      
      i)·
      
      c_in^(k);
      
      wherein a⁽ⁱ⁾is the first operand encrypted with the first encryption parameter, wherein b^(j)is the second operand encrypted with the second encryption parameter, wherein i is the first encryption parameter, wherein j is the second encryption parameter, wherein k is the third encryption parameter, wherein the third encryption parameter is identical with the XOR operation of the first and second encryption parameters, wherein r^(k)is the result of the operation encrypted with the third encryption parameter, and wherein c_in^(k)is a carry input encrypted with the third encryption parameter.

27. A carry select adder for adding first and second encrypted operands to obtain an encrypted result, the first and second encrypted operands each comprising a plurality of bits, an encryption parameter being provided for each bit of the same order of the operands, the carry select adder comprising:
- a first ripple carry adder with a plurality of bit slice means for adding the encrypted bits of the operands from a least significant bit of the operands up to a first boundary bit of the operands to produce an encrypted carry output bit of the first ripple carry adder;
  
  first and second ripple carry adders with a plurality of bit slice means for adding the encrypted bits of the operands from a bit which is by one position more significant than the first boundary bit, up to a second boundary bit, wherein each bit slice means comprises a calculating unit for performing an operation on operands, wherein at least one of the operands is encrypted using an encryption algorithm and an encryption parameter so as to obtain an encrypted result of the operation, the calculating unit comprising;
  
  a processing unit having an input for an operand or a negated version of the operand, an input for the at least one encrypted operand or a negated version of the at least one encrypted operand, having an input for the encryption parameter with which the at least one operand is encrypted, and having an output for the encrypted result, the processing unit being formed to perform one or several mathematical sub-operations which together result in a ciphertext calculating specification derived from a clear-text calculating specification for the operation with non-encrypted operands such that the non-encrypted operand is replaced, in the clear-text calculating specification from which the at least one encrypted operand results, by a mathematical combination of the at least one encrypted operand and the encryption parameter, the mathematical combination being a reversal of the encryption algorithm, and the clear-text calculating specification being transformed, due to the mathematical combination, into the one or several mathematical sub-operations representing the ciphertext calculating specification, which mathematical sub-operations obtain, as an input quantity, merely the encrypted operand or a negated version of same, or a combination of the encrypted operand or of the negated version of the encrypted operand with the other operands, the mathematical operation being an adder operation so as to produce, at a carry input, an internal encrypted aggregate bit and an internal encrypted carry output bit using an encrypted bit of the first operand, an encrypted bit of the second operand and an encrypted carry input bit, wherein all bit slice means further comprise an associated re-encryptor to achieve a re-encryption of the carry input bit encrypted in accordance with an encryption parameter for the bit slice means from which same is derived, into an encryption with the encryption parameter for current bit slice means, wherein the second ripple carry adder and the third ripple carry adder being arranged in parallel, wherein a key (k_n+1) for the least significant bit slice means of the second ripple carry adder can be applied as a carry input bit for a least significant bit slice means of the second ripple carry adder, and wherein an inverted key (NOT k_n+1) for the least significant bit slice means of the third ripple carry adder may be applied as a carry input bit for a least significant bit slice means of the third ripple carry adder;
  
  a re-encryptor for re-encrypting the carry output bit of the first ripple carry adder on a key basis of the least significant bit slice means of the second ripple carry adder; and
  
  select means for selecting the encrypted aggregate bits of the second ripple carry adder if the re-encrypted carry output bit of a most significant bit slice means of the first ripple carry adder is identical with a logical “
  
  0”
  
  , or for selecting the encrypted aggregate bits of the third ripple carry adder if the re-encrypted carry output bit of the first ripple carry adder is identical with a logical “
  
  1”
  
  , as encrypted aggregate bits.

28. A cryptography processor, comprising:
- a memory for storing data encrypted with a first encryption algorithm;
  
  a first decryptor for decrypting data which is stored in the memory and is encrypted with the first encryption algorithm;
  
  a second encryptor for encrypting data, which are obtained from the first decryptor, with a second encryption algorithm;
  
  a calculating unit for performing an operation on operands, wherein at least one of the operands is encrypted using an encryption algorithm and an encryption parameter so as to obtain an encrypted result of the operation, the calculating unit comprising;
  
  a processing unit having an input for an operand or a negated version of the operand, an input for the at least one encrypted operand or a negated version of the at least one encrypted operand, having an input for the encryption parameter with which the at least one operand is encrypted, and having an output for the encrypted result, the processing unit being formed to perform one or several mathematical sub-operations which together result in a ciphertext calculating specification derived from a clear-text calculating specification for the operation with non-encrypted operands such that the non-encrypted operand is replaced, in the clear-text calculating specification from which the at least one encrypted operand results, by a mathematical combination of the at least one encrypted operand and the encryption parameter, the mathematical combination being a reversal of the encryption algorithm, and the clear-text calculating specification being transformed, due to the mathematical combination, into the one or several mathematical sub-operations representing the ciphertext calculating specification, which mathematical sub-operations obtain, as an input quantity, merely the encrypted operand or a negated version of same, or a combination of the encrypted operand or of the negated version of the encrypted operand with the other operands, which is arranged to obtain data output from the second encryptor;
  
  a second decryptor for decrypting data output from the calculating unit in accordance with the second encryption algorithm; and
  
  a first encryptor for encrypting the data, which are output from the second decryptor, in accordance with the first encryption algorithm, the first encryptor being coupled to the memory so that the data encrypted with the first encryption algorithm may be fed to the memory.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The cryptography processor as claimed in claim 28, wherein a buffer memory is arranged, in the direction of signal flow, between the second encryptor and the calculating unit, and/or between the calculating unit and the second decryptor, in which buffer memory data which are encrypted in accordance with the second encryption algorithm may be stored.
  - 30. The cryptography processor as claimed in claim 28, wherein more operations are required for an encryption operation in accordance with the first encryption algorithm than for an encryption operation in accordance with the second encryption algorithm.
  - 31. The cryptography processor as claimed claim 28, wherein the first decryptor and the first encryptor are arranged to perform a change of key less frequently than the second decryptor and the second encryptor.
  - 32. The cryptography processor as claimed in claim 28, wherein the second encryption algorithm is a Vernam algorithm in accordance with the following form:
    - c=(p+k) mod k, wherein c is encrypted information, wherein p is non-encrypted information, wherein k is a key and wherein mod is a modulo operation.
  - 33. The cryptography processor as claimed in claim 32, wherein the key may only adopt the values 0 or 1, wherein the clear-text information and the encrypted information is one bit, and wherein the following equation applies to the second encryption algorithm:
    - c=p XOR k.
  - 34. The cryptography processor as claimed in claim 33, wherein an independent key for the second encryption algorithm is present for each clear-text bit.

35. A method for performing an operation on operands, wherein at least one of the operands is encrypted using an encryption algorithm and an encryption parameter to obtain an encrypted result of the operation, the method comprising:
- performing one or several mathematical sub-operations which together result in a ciphertext calculating specification derived from a clear-text calculating specification for the operation with non-encrypted operands, such that the non-encrypted operand, from which the at least one encrypted operand results, is replaced by a mathematical combination of the at least one encrypted operand and the encryption parameter, the mathematical combination being a reversal of the encryption algorithm, and the clear-text calculating specification being transformed, due to the mathematical combination, into the one or several mathematical sub-operations representing the ciphertext calculating specification, which mathematical sub-operations obtain, as an input quantity, merely the encrypted operand or a negated version of same, or a combination of the encrypted operand or of the negated version of the encrypted operand with the other operands.

36. A method for forming a calculating-unit means for performing an operation on operands, at least one of the operands being encrypted using an encryption algorithm and an encryption parameter to obtain an encrypted result of the operation, the method comprising:
- providing a clear-text calculating specification for the operation;
  
  replacing, in the clear-text calculating specification, a non-encrypted operand corresponding to the encrypted operand, by a mathematical combination of the encrypted operand and the encryption parameter, the mathematical combination being a reversal of the encryption algorithm, so as to obtain ciphertext calculating specification;
  
  transforming the ciphertext calculating specification obtained into one or several mathematical sub-operations which obtain, as an input quantity, merely the encrypted operand or a negated version of same, or a combination of the encrypted operand or of the negated version of the encrypted operand with the other operands; and
  
  implementing the one or several mathematical sub-operations to obtain the calculating-unit means.

37. An apparatus for forming a calculating-unit means for performing an operation on operands, at least one of the operands being encrypted using an encryption algorithm and an encryption parameter to obtain an encrypted result of the operation, the apparatus comprising:
- means for providing a clear-text calculating specification for the operation;
  
  means for replacing, in the clear-text calculating specification, a non-encrypted operand corresponding to the encrypted operand, by a mathematical combination of the encrypted operand and the encryption parameter, the mathematical combination being a reversal of the encryption algorithm, so as to obtain ciphertext calculating specification;
  
  means for transforming the ciphertext calculating specification obtained into one or several mathematical sub-operations which obtain, as an input quantity, merely the encrypted operand or a negated version of same, or a combination of the encrypted operand or of the negated version of the encrypted operand with the other operands; and
  
  means for implementing the one or several mathematical sub-operations to obtain the calculating-unit means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
Gammel, Berndt, Kniffler, Oliver, Klug, Franz

Granted Patent

US 7,567,668 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/255
CPC Class Codes

G06F 21/72   in cryptographic circuits

G06F 2207/7238   Operand masking, i.e. messa...

G06F 7/00   Methods or arrangements for...

G06F 7/57   Arithmetic logic units [ALU...

Calculating unit and method for performing an arithmetic operation with encrypted operands

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Calculating unit and method for performing an arithmetic operation with encrypted operands

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links