Differential power analysis

US 20080022146A1
Filed: 12/21/2006
Published: 01/24/2008
Est. Priority Date: 01/02/1998
Status: Active Grant

First Claim

Patent Images

1. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:

(a) an interface for receiving data to be cryptographically processed;

(b) an interface for receiving an external clock signal regulating input/output operations;

(c) an oscillator for generating an internal clock signal that cannot be reliably predicted from said external clock signal;

(i) by incorporating unpredictable information, where said unpredictable information in said internal clock signal decreases the temporal alignment of externally measurable features of said cryptographic processing;

(ii) where said decrease in temporal alignment inhibits reliable identification of specific cryptographic processing features from measurements of characteristics of said cryptographic device;

(d) a processor configured to be clocked by said internal clock while said processor is cryptographically processing said data;

(e) an interface for outputting said cryptographically processed data at a rate corresponding to said external clock.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device'"'"'s consumption of electrical power, or some other property of the target device, that varies during the device'"'"'s processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.

138 Citations

View as Search Results

21 Claims

1. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:
- (a) an interface for receiving data to be cryptographically processed;
  
  (b) an interface for receiving an external clock signal regulating input/output operations;
  
  (c) an oscillator for generating an internal clock signal that cannot be reliably predicted from said external clock signal;
  
  (i) by incorporating unpredictable information, where said unpredictable information in said internal clock signal decreases the temporal alignment of externally measurable features of said cryptographic processing;
  
  (ii) where said decrease in temporal alignment inhibits reliable identification of specific cryptographic processing features from measurements of characteristics of said cryptographic device;
  
  (d) a processor configured to be clocked by said internal clock while said processor is cryptographically processing said data;
  
  (e) an interface for outputting said cryptographically processed data at a rate corresponding to said external clock.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The device of claim 1 embedded within an ISO-7816 smart card.
  - 3. The device of claim 1 embedded within a contactless smart card.
  - 4. The device of claim 1 embedded within a smart card in which I/O operations are synchronized with the external clock.
  - 5. The device of claim 1 configured to allow processor clocking based on selecting either said external clock signal or said internal clock signal.
  - 6. The device of claim 1 in which said processor is configured to be clocked by said external clock other than while cryptographically processing said data.
  - 7. The device of claim 1 where said oscillator is implemented using an analog process.
  - 8. The device of claim 7 where said oscillator includes a ring oscillator.
  - 9. The device of claim 7 where said oscillator includes a phase-locked loop.
  - 10. The device of claim 1 where said internal clock signal is an analog signal and said unpredictable information constitutes randomness therein.
  - 11. The device of claim 1 configured to prevent accurate prediction of clock state transitions by using said unpredictable information to adjust the frequency of the clock signal.
  - 12. The device of claim 1 in which said internal clock may be used to monitor the external clock to detect abnormalities introduced by attackers.
  - 13. The device of claim 1 further comprising a noise generation circuit configured to sink random amounts of electrical power when enabled by a software-controlled activation circuit within said device.

14. A method for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:
- (a) receiving data to be cryptographically processed;
  
  (b) receiving an external clock signal regulating input/output operations;
  
  (c) using an oscillator to generate an internal clock signal that cannot be reliably predicted from said external clock signal;
  
  (i) by incorporating unpredictable information, where said unpredictable information in said internal clock signal decreases the temporal alignment of external measurements of said cryptographic processing;
  
  (ii) where said decrease in temporal alignment inhibits reliable identification of specific cryptographic processing features from measurements of characteristics of said cryptographic device; and
  
  (d) processing said data using a processor clocked by said internal clock during cryptographic processing operations.

15. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of variations in the amount of power consumed, comprising:
- (a) an input interface for receiving a quantity to be cryptographically processed;
  
  (b) a source of unpredictable information;
  
  (c) a processor for performing said cryptographic processing in a manner decorrelated from externally-monitorable signals produced by said device, by using outputs from said source to select between operating on an instruction and inserting a delay before operating on said instruction;
  
  (d) an output interface for providing said cryptographically processed quantity to a recipient thereof.
- View Dependent Claims (16, 17, 18)
- - 16. The device of claim 15 wherein said inserting said delay includes performing a no-operation processor instruction prior to said cryptographic processing instruction.
  - 17. The device of claim 15 embodied as a smartcard.
  - 18. The device of claim 15 where said use of said unpredictable information in selecting in (c) causes said device to have unpredictable variations in power consumption.

19. A method of securely performing a cryptographic processing operation in a manner resistant to information leakage attacks, using a cryptographic processing device that consumes power and produces externally monitorable signals, comprising:
- (a) receiving a quantity to be cryptographically processed;
  
  (b) generating unpredictable information;
  
  (c) cryptographically processing said quantity, including using said unpredictable information to conceal a correlation between externally-monitorable signals produced by said device and said processing by selecting between operating on an instruction and inserting a delay before operating on said instruction.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19 where said delay insertion includes a no-operation processor instruction.
  - 21. The method of claim 19 where said delaying operation uses unpredictable information to consume a varying amount of power.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptography Research, Inc. (Rambus Inc.)
Original Assignee
Cryptography Research, Inc. (Rambus Inc.)
Inventors
Jun, Benjamin, Kocher, Paul, Jaffe, Joshua

Granted Patent

US 7,634,083 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/600
CPC Class Codes

G06F 1/06   Clock generators producing ...

G06F 1/266   Arrangements to supply powe...

G06F 1/3225   of memory devices

G06F 21/755   with measures against power...

G06F 21/77   in smart cards

G06F 2207/7223   Randomisation as countermea...

G06F 2207/7266   Hardware adaptation, e.g. d...

G06F 7/00   Methods or arrangements for...

G06K 19/073   Special arrangements for ci...

G06K 19/07363   by preventing analysis of t...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/409   Device specific authenticat...

G07F 7/08   by coded identity card or c...

G07F 7/082   Features insuring the integ...

G07F 7/1008   Active credit-cards provide...

G09C 1/00   Apparatus or methods whereb...

H04L 2209/04   Masking or blinding

H04L 2209/08   Randomization, e.g. dummy o...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805 : Lightweight hardware, e.g. ...

H04L 9/003 : for power analysis, e.g. di...

H04L 9/0618 : Block ciphers, i.e. encrypt...

View All

Differential power analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

138 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Differential power analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links