Cryptographic apparatus, cryptographic method, and storage medium thereof
First Claim
1. A cryptographic apparatus comprising:
- an AND circuit which performs an AND operation between a random number and first-masked data;
a shift circuit which receives an output signal of the AND circuit, and shifts the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
a subtractor which receives the first-masked data and an output signal of the shift circuit, performs arithmetic subtraction of the output signal of the shift circuit from the first-masked data, and outputs second-masked data as a result.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic apparatus, a cryptographic method, and a computer readable storage medium provide for conversion between Boolean-masked data and arithmetic-masked data in a manner that allows for a reduction in computational overhead and hardware overhead. The cryptographic apparatus comprises: a first masking circuit which receives a first random number and data and outputs first-masked data; and a second masking circuit which receives a second random number and the first-masked data output from the first masking circuit, and outputs second-masked data. The second masking circuit comprises: an AND circuit which performs an AND operation between the first-masked data and the second random number; a shift circuit which receives the output signal of the AND circuit, and shifts the received output signal in a predetermined direction by predetermined bits; and a subtractor which receives the first-masked data and the output signal of the shift circuit, performs arithmetic subtraction of the output of the shift circuit form the first-masked data, and outputs second-masked is data. The first-masked data is Boolean-masked data and the second-masked data is arithmetic-masked data.
-
Citations
19 Claims
-
1. A cryptographic apparatus comprising:
-
an AND circuit which performs an AND operation between a random number and first-masked data;
a shift circuit which receives an output signal of the AND circuit, and shifts the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
a subtractor which receives the first-masked data and an output signal of the shift circuit, performs arithmetic subtraction of the output signal of the shift circuit from the first-masked data, and outputs second-masked data as a result. - View Dependent Claims (2)
-
-
3. A cryptographic apparatus comprising:
-
an AND circuit which performs an AND operation between a random number and first-masked data;
an exclusive OR (XOR) circuit which receives an output signal of the AND circuit and the random number, and performs an XOR operation between the output signal and the random number;
a shift circuit which receives an output signal of the XOR circuit, and shifts the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
an adder which receives the first-masked data and an output signal of the shift circuit, performs arithmetic addition of the first-masked data and the output signal of the shift circuit, and outputs second-masked data as a result.
-
-
4. A cryptographic apparatus comprising:
-
a first masking circuit which receives a first random number and data, and outputs Boolean-masked data; and
a second masking circuit which receives a second random number and the Boolean-masked data output from the first masking circuit and outputs arithmetic-masked data, wherein the second masking circuit comprises;
an AND circuit which performs an AND operation between the second random number and the Boolean-masked data;
a shift circuit which receives an output signal of the AND circuit, and shifts the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
a subtractor which receives the Boolean-masked data and an output signal of the shift circuit, performs arithmetic subtraction of the output signal of the shift circuit from the Boolean-masked data, and outputs the arithmetic-masked data as a result. - View Dependent Claims (5, 6)
-
-
7. A cryptographic apparatus comprising:
-
a first masking circuit which receives a first random number and data, and outputs Boolean-masked data; and
a second masking circuit which receives a second random number and the Boolean-masked data output from the first masking circuit and outputs arithmetic-masked data, wherein the second masking circuit comprises;
an AND circuit which performs an AND operation between the second random number and the Boolean-masked data;
an XOR circuit which receives an output signal of the AND circuit and the second random number, and performs an XOR operation between the output signal and the random number;
a shift circuit which receives an output signal of the XOR circuit, and shifts the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
an adder which receives the Boolean-masked data and an output signal of the shift circuit, performs arithmetic addition of the Boolean-masked data and the output signal of the shift circuit, and outputs the arithmetic-masked data as a result. - View Dependent Claims (8, 9)
-
-
10. A cryptographic method comprising:
-
performing an AND operation between a random number and first-masked data;
receiving a result of the AND operation, and shifting the received result by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
receiving the first-masked data and a result of the shifting, performing arithmetic subtraction of the result of the shifting from the first-masked data, and outputting second-masked data as a result.
-
-
11. A cryptographic method comprising:
-
performing an AND operation between a random number and first-masked data;
receiving a result of the AND operation and the random number, and performing an XOR operation between the AND operation result and the random number;
receiving a result of the XOR operation, and shifting the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
receiving the first-masked data and a result of the shifting, performing arithmetic addition of the first-masked data and the result of the shifting, and outputting second-masked data as a result.
-
-
12. A computer readable recording medium having embodied thereon a computer program for a cryptographic method, wherein the cryptographic method comprises:
-
performing an AND operation between a random number and first-masked data;
receiving a result of the AND operation, and shifting the received result by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
receiving the first-masked data and a result of the shifting, performing arithmetic subtraction of the result of the shifting from the first-masked data, and outputting second-masked data as a result.
-
-
13. A computer readable recording medium having embodied thereon a computer program for a cryptographic method, wherein the cryptographic method comprises:
-
performing an AND operation between a random number and first-masked data;
receiving a result of the AND operation and the random number, and performing an XOR operation between the AND operation result and the random number;
receiving a result of the XOR operation, and shifting the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
receiving the first-masked data and a result of the shifting, performing arithmetic addition of the first-masked data and the result of the shifting, and outputting second-masked data as a result.
-
-
14. A cryptographic method comprising:
-
receiving a first random number and data, and outputting Boolean-masked data; and
receiving a second random number and the Boolean-masked data and outputting arithmetic-masked data, wherein the outputting arithmetic-masked data comprises;
,performing an AND operation between the second random number and the Boolean-masked data;
receiving a result of the AND operation, and shifting the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
receiving the Boolean-masked data and a result of the shifting, performing arithmetic subtraction of the shifting result from the Boolean-masked data, and outputting the arithmetic-masked data as a result.
-
-
15. A cryptographic method comprising:
-
receiving a first random number and data, and outputting Boolean-masked data; and
receiving a second random number and the Boolean-masked data and outputting arithmetic-masked data, wherein the outputting arithmetic-masked data comprises;
performing an AND operation between the second random number and the Boolean-masked data;
receiving a result of the AND operation and the random number, and performing an XOR operation between the AND operation result and the random number;
receiving a result of the XOR operation, and shifting the received signal by m bits (here, m is a natural number) in any one of a right-hand direction and a left-hand direction; and
receiving the Boolean-masked data and a result of the shifting, performing arithmetic addition of the Boolean-masked data and the shifting result, and outputting the arithmetic-masked data as a result.
-
-
16. A cryptographic method comprising:
-
receiving n-bit data and a first random number with an n-bit length, and outputting n-bit arithmetic-masked data, an, an−
1, . . . , a2, a1; and
receiving a second random number with an n-bit length, rn, rn−
1, . . . , r2, r1, and the arithmetic-masked data, an, an−
1, . . . , a2, a1, and outputting n-bit Boolean-masked data, yn, yn−
1, . . . , y2, y1,wherein the outputting arithmetic-masked data, yn, yn−
1, . . . , y2, y1, comprises;
outputting a1 as y1;
performing an AND operation between y1 and r1 and storing the result in a storage device, and performing an XOR operation between a2 and the data stored in the storage device and outputting the result as y2, and performing an AND operation between a2 and the data stored in the storage device and generating the result as a carry;
performing an AND operation between yk−
1 and rk−
1, and storing the result in the storage device, and performing an XOR operation between ak and the carry and an XOR operation between the data stored in the storage device and the carry, and outputting the result as yk, and performing an OR operation between [the result of an AND operation between ak and the data stored in the storage device] and [the result of an AND operation between ak and the carry], and performing an OR operation between the OR operation result and [the result of the AND operation between the data stored in the storage device and the carry], and generating the result as the carry; and
performing an AND operation between yn−
1 and rn−
1 and storing the result in the storage device, and performing an XOR operation between an and the data storage in the storage device, and outputting the result as yn, andwherein predetermined variable k increases by 1 from 3 to (n−
1).
-
-
17. A cryptographic method for receiving an n-bit random number, rn, rn−
- 1, . . . , r2, r1, and arithmetic-masked data, an, an−
1, . . . , a2, a1, and outputting n-bit Boolean-masked data, yn, yn−
1, . . . , y2, y1, the method comprising;
outputting a1 as y1;
performing an AND operation between y1 and r1 and storing the result in a storage device, and performing an XOR operation between a2 and the data stored in the storage device and outputting the result as y2, and performing an AND operation between a2 and the data stored in the storage device and generating the result as a carry;
performing an AND operation between yk−
1 and rk−
1, and storing the result in the storage device, and performing an XOR operation between ak and the carry and an XOR operation between the data stored in the storage device and the carry, and outputting the result as yk, and performing an OR operation between [the result of an AND operation between ak and the data stored in the storage device] and [the result of an AND operation between ak and the carry], and performing an OR operation between the OR operation result and [the result of the AND operation between the data stored in the storage device and the carry], and generating the result as the carry; and
performing an AND operation between yn−
1 and rn−
1 and storing the result in the storage device, and performing an XOR operation between an and the data storage in the storage device, and outputting the result as yn, andwherein predetermined variable k increases by 1 from 3 to (n−
1).
- 1, . . . , r2, r1, and arithmetic-masked data, an, an−
-
18. A computer readable recording medium having embodied thereon a computer program for a cryptographic method comprising:
-
receiving n-bit data and a first random number with an n-bit length, and outputting n-bit arithmetic-masked data, an, an−
1, . . . , a2, a1; and
receiving a second random number with an n-bit length, rn, rn−
1, . . . , r2, r1, and the arithmetic-masked data, an, an−
1, . . . , a2, a1, and outputting n-bit Boolean-masked data, yn, yn−
1, . . . , y2, y1,wherein the outputting arithmetic-masked data, yn, yn−
1, . . . , y2, y1, comprises;
outputting a1 as y1;
performing an AND operation between y1 and r1 and storing the result in a storage device, and performing an XOR operation between a2 and the data stored in the storage device and outputting the result as y2, and performing an AND operation between a2 and the data stored in the storage device and generating the result as a carry;
performing an AND operation between yk−
1 and rk−
1 and storing the result in the storage device, and performing an XOR operation between ak and the carry and an XOR operation between the data stored in the storage device and the carry, and outputting the result as yk, and performing an OR operation between [the result of an AND operation between ak and the data stored in the storage device] and [the result of an AND operation between ak and the carry], and performing an OR operation between the OR operation result and [the result of the AND operation between the data stored in the storage device and the carry], and generating the result as the carry; and
performing an AND operation between yn−
1 and rn−
1 and storing the result in the storage device, and performing an XOR operation between an and the data storage in the storage device, and outputting the result as yn, andwherein predetermined variable k increases by 1 from 3 to (n−
1).
-
-
19. A computer readable recording medium having embodied thereon a computer program for a cryptographic method for receiving an n-bit random number, rn, rn−
- 1, . . . , r2, r1, and arithmetic-masked data, an, an−
1, . . . , a2, a1, and outputting n-bit Boolean-masked data, yn, yn−
1, . . . , y2, y1, wherein the cryptographic method comprises;
outputting a1 as y1;
performing an AND operation between y1 and r1 and storing the result in a storage device, and performing an XOR operation between a2 and the data stored in the storage device and outputting the result as y2, and performing an AND operation between a2 and the data stored in the storage device and generating the result as a carry;
performing an AND operation between yk−
1 and rk−
1 and storing the result in the storage device, and performing an XOR operation between ak and the carry and an XOR operation between the data stored in the storage device and the carry, and outputting the result as yk, and performing an OR operation between [the result of an AND operation between ak and the data stored in the storage device] and [the result of an AND operation between ak and the carry], and performing an OR operation between the OR operation result and [the result of the AND operation between the data stored in the storage device and the carry], and generating the result as the carry; and
performing an AND operation between yn−
1 and rn−
1 and storing the result in the storage device, and performing an XOR operation between an and the data storage in the storage device, and outputting the result as yn, andwherein predetermined variable k increases by 1 from 3 to (n−
1).
- 1, . . . , r2, r1, and arithmetic-masked data, an, an−
Specification