Differential power analysis
First Claim
1. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:
- (a) an interface for receiving data to be cryptographically processed;
(b) an interface for receiving an external clock signal regulating input/output operations;
(c) an oscillator for generating an internal clock signal that cannot be reliably predicted from said external clock signal;
(i) by incorporating unpredictable information, where said unpredictable information in said internal clock signal decreases the temporal alignment of externally measurable features of said cryptographic processing;
(ii) where said decrease in temporal alignment inhibits reliable identification of specific cryptographic processing features from measurements of characteristics of said cryptographic device;
(d) a processor configured to be clocked by said internal clock while said processor is cryptographically processing said data;
(e) an interface for outputting said cryptographically processed data at a rate corresponding to said external clock.
1 Assignment
0 Petitions
Accused Products
Abstract
Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device'"'"'s consumption of electrical power, or some other property of the target device, that varies during the device'"'"'s processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.
138 Citations
21 Claims
-
1. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:
-
(a) an interface for receiving data to be cryptographically processed;
(b) an interface for receiving an external clock signal regulating input/output operations;
(c) an oscillator for generating an internal clock signal that cannot be reliably predicted from said external clock signal;
(i) by incorporating unpredictable information, where said unpredictable information in said internal clock signal decreases the temporal alignment of externally measurable features of said cryptographic processing;
(ii) where said decrease in temporal alignment inhibits reliable identification of specific cryptographic processing features from measurements of characteristics of said cryptographic device;
(d) a processor configured to be clocked by said internal clock while said processor is cryptographically processing said data;
(e) an interface for outputting said cryptographically processed data at a rate corresponding to said external clock. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:
-
(a) receiving data to be cryptographically processed;
(b) receiving an external clock signal regulating input/output operations;
(c) using an oscillator to generate an internal clock signal that cannot be reliably predicted from said external clock signal;
(i) by incorporating unpredictable information, where said unpredictable information in said internal clock signal decreases the temporal alignment of external measurements of said cryptographic processing;
(ii) where said decrease in temporal alignment inhibits reliable identification of specific cryptographic processing features from measurements of characteristics of said cryptographic device; and
(d) processing said data using a processor clocked by said internal clock during cryptographic processing operations.
-
-
15. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of variations in the amount of power consumed, comprising:
-
(a) an input interface for receiving a quantity to be cryptographically processed;
(b) a source of unpredictable information;
(c) a processor for performing said cryptographic processing in a manner decorrelated from externally-monitorable signals produced by said device, by using outputs from said source to select between operating on an instruction and inserting a delay before operating on said instruction;
(d) an output interface for providing said cryptographically processed quantity to a recipient thereof. - View Dependent Claims (16, 17, 18)
-
-
19. A method of securely performing a cryptographic processing operation in a manner resistant to information leakage attacks, using a cryptographic processing device that consumes power and produces externally monitorable signals, comprising:
-
(a) receiving a quantity to be cryptographically processed;
(b) generating unpredictable information;
(c) cryptographically processing said quantity, including using said unpredictable information to conceal a correlation between externally-monitorable signals produced by said device and said processing by selecting between operating on an instruction and inserting a delay before operating on said instruction. - View Dependent Claims (20, 21)
-
Specification