CRYPTOGRAPHIC DEVICE WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS AND OTHER EXTERNAL MONITORING ATTACKS

US 20140247944A1
Filed: 03/07/2014
Published: 09/04/2014
Est. Priority Date: 12/04/2009
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments.

17 Citations

View as Search Results

27 Claims

1. (canceled)

2. A programmable logic device comprising:
- a keystore to store a secret value; and
  
  a cryptography logic coupled to the keystore, the cryptography logic to;
  
  receive a bitstream comprising a validator and a first encrypted segment of configuration data for the programmable logic device;
  
  retrieve the secret value from the keystore;
  
  derive an initial key for the bitstream based at least in part on the secret value;
  
  verify, using the received validator, that the first encrypted segment has not been modified; and
  
  decrypt the first encrypted segment using a first decryption key derived from the initial key to produce a first decrypted segment responsive to verifying that the first encrypted segment has not been modified.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 3. The programmable logic device of claim 2, wherein the initial key for the bitstream is also based at least in part on an identifier of the bistream.
  - 4. The programmable logic device of claim 2, wherein the programmable logic device comprises a field programmable gate array (FPGA), and wherein the first encrypted segment comprises a first portion of configuration data for the FPGA.
  - 5. The programmable logic device of claim 2, wherein the received bitstream further comprises a second encrypted segment of configuration data for the programmable logic device, the cryptography logic to:
    - verify whether the second encrypted segment has been modified; and
      
      decrypt the second encrypted segment using a second decryption key derived from the initial key to produce a second decrypted segment responsive to verifying that the second encrypted segment has not been modified.
  - 6. The programmable logic device of claim 5, the cryptography logic to:
    - responsive to a failure to successfully verify that the second encrypted segment has not been modified, delete the first decrypted segment of configuration data.
  - 7. The programmable logic device of claim 2, wherein the bitstream comprises a plurality of encrypted segments, and wherein the cryptography logic is to perform hash chaining operations to decrypt the plurality of encrypted segments, the hash chaining operations comprising:
    - cryptographically transforming the first encrypted segment of the plurality of encrypted segments to produce a first derived value;
      
      comparing the first derived value with a first expected value;
      
      responsive to determining that the first derived value matches the first expected value, decrypting the first encrypted segment using the first decryption key to produce the first decrypted segment and a second expected value;
      
      cryptographically transforming the second encrypted segment to produce a second derived value;
      
      comparing the second derived value with a second expected value; and
      
      responsive to determining that the second derived value matches the second expected value, decrypting the second encrypted segment using a second decryption key derived from the initial key to produce a second decrypted segment.
  - 8. The programmable logic device of claim 2, wherein the bitstream comprises a plurality of encrypted segments, and wherein the cryptography logic is to perform hash chaining operations to decrypt the plurality of encrypted segments, the hash chaining operations comprising:
    - cryptographically transforming the first encrypted segment of the plurality of encrypted segments to produce a first derived value;
      
      comparing the first derived value with a first expected value;
      
      responsive to determining that the first derived value matches the first expected value, decrypting the first encrypted segment using the first decryption key to produce the first decrypted segment and deconcatenating the first encrypted segment to produce a second expected value;
      
      cryptographically transforming the second encrypted segment to produce a second derived value;
      
      comparing the second derived value with a second expected value; and
      
      responsive to determining that the second derived value matches the second expected value, decrypting the second encrypted segment using a second decryption key derived from the initial key to produce a second decrypted segment.
  - 9. The programmable logic device of claim 2, further comprising:
    - a programmable logic, wherein the bitstream comprises a plurality of encrypted segments of the configuration data, and wherein the programmable logic is configured using the configuration data after all of the plurality of encrypted segments of the configuration data are decrypted; and
      
      one or more status registers to track a status for a bistream loading process that configures the programmable logic.
  - 10. The programmable logic device of claim 2, the cryptography logic further to:
    - derive the initial key using a path through a key tree, wherein the path through the key tree is based on an identifier of the bitstream and identifies a plurality of entropy distribution operations used to derive the initial key.
  - 11. The programmable logic device of claim 10, the cryptography logic further to:
    - divide the identifier into a plurality of parts, where each of the plurality of parts determines a leg of the path, and where each leg of the path is associated with a particular entropy distribution operation of the plurality of entropy distribution operations.
  - 12. The programmable logic device of claim 11, the cryptography logic further to:
    - compute a plurality of intermediate keys in succession, wherein each of the plurality of intermediate keys is computed based on applying one of the plurality of entropy distribution operations to at least one of the secret value or a previous intermediate key in the succession.
  - 13. The programmable logic device of claim 2, the cryptography logic further to:
    - receive and decrypt a plurality of encrypted segments using hash chaining operations comprising;
      
      decrypting the first encrypted segment of the plurality of encrypted segments to produce a first plaintext segment comprising a first decrypted segment and a first hash value;
      
      validating the first hash value; and
      
      responsive to validating the first hash value, decrypting a second encrypted segment of the plurality of encrypted segments to produce a second plaintext segment comprising a second decrypted segment and a second hash value.
  - 14. The programmable logic device of claim 2, wherein to verify that the encrypted segment has not been modified the cryptography logic is to:
    - compute a hash of the encrypted segment;
      
      generate an expected validator based on performing a plurality of entropy distribution operations on the initial key using a key tree, wherein the hash indicates a path through the key tree, the path identifying the plurality of entropy distribution operations; and
      
      compare the expected validator to the received validator.

15. A method comprising:
- receiving, by a programmable logic device (PLD), a bitstream comprising a validator and a first encrypted segment of configuration data for the PLD;
  
  deriving, by the PLD, an initial key for the bitstream based at least in part on a secret value and a plurality of entropy distribution operations;
  
  verifying, using the received validator, that the first encrypted segment has not been modified; and
  
  decrypting the first encrypted segment using a first decryption key derived from the initial key to produce a first decrypted segment responsive to verifying that the first encrypted segment has not been modified.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 16. The method of claim 15, wherein deriving, by the PLD, an initial key for the bitstream is also based at least in part on an identifier of the bitstream.
  - 17. The method of claim 15, wherein the PLD comprises a field programmable gate array (FPGA), and wherein the first encrypted segment comprises a first portion of configuration data for the FPGA.
  - 18. The method of claim 15, wherein the received bitstream further comprises a second encrypted segment of configuration data for the PLD, the method further comprising:
    - verifying whether the second encrypted segment has been modified; and
      
      decrypting the second encrypted segment using a second decryption key derived from the initial key to produce a second decrypted segment responsive to verifying that the second encrypted segment has not been modified.
  - 19. The method of claim 18, further comprising:
    - responsive to a failure to successfully verify that the second encrypted segment has not been modified, deleting the first decrypted segment of configuration data.
  - 20. The method of claim 15, wherein the bitstream comprises a plurality of encrypted segments, and wherein hash chaining operations are performed to decrypt the plurality of encrypted segments, the hash chaining operations comprising:
    - cryptographically transforming the first encrypted segment of the plurality of encrypted segments to produce a first derived value;
      
      comparing the first derived value with a first expected value;
      
      responsive to determining that the first derived value matches the first expected value, decrypting the first encrypted segment using the first decryption key to produce the first decrypted segment and a second expected value;
      
      cryptographically transforming the second encrypted segment to produce a second derived value;
      
      comparing the second derived value with a second expected value; and
      
      responsive to determining that the second derived value matches the second expected value, decrypting the second encrypted segment using a second decryption key derived from the initial key to produce a second decrypted segment.
  - 21. The method of claim 15, wherein the bitstream comprises a plurality of encrypted segments, and wherein hash chaining operations are performed to decrypt the plurality of encrypted segments, the hash chaining operations comprising:
    - cryptographically transforming the first encrypted segment of the plurality of encrypted segments to produce a first derived value;
      
      comparing the first derived value with a first expected value;
      
      responsive to determining that the first derived value matches the first expected value, decrypting the first encrypted segment using the first decryption key to produce the first decrypted segment and deconcatentating the first encrypted segment to produce a second expected value;
      
      cryptographically transforming the second encrypted segment to produce a second derived value;
      
      comparing the second derived value with a second expected value; and
      
      responsive to determining that the second derived value matches the second expected value, decrypting the second encrypted segment using a second decryption key derived from the initial key to produce a second decrypted segment.
  - 22. The method of claim 15, wherein the bitstream comprises a plurality of encrypted segments of the configuration data, the method further comprising:
    - after decrypting all of the plurality of encrypted segments of the configuration data, configuring the PLD using the configuration data.
  - 23. The method of claim 15, further comprising:
    - deriving the initial key using a path through a key tree, wherein the path through the key tree is based on an identifier of the bitstream and identifies the plurality of entropy distribution operations.
  - 24. The method of claim 23, further comprising:
    - dividing the identifier into a plurality of parts, where each of the plurality of parts determines a leg of the path, and where each leg of the path is associated with a particular entropy distribution operation of the plurality of entropy distribution operations.
  - 25. The method of claim 24, further comprising:
    - computing a plurality of intermediate keys in succession, wherein each of the plurality of intermediate keys is computed based on applying one of the plurality of entropy distribution operations to at least one of the secret value or a previous intermediate key in the succession.
  - 26. The method of claim 15, further comprising receiving and decrypting a plurality of encrypted segments using hash chaining operations comprising:
    - decrypting the first encrypted segment of the plurality of encrypted segments to produce a first plaintext segment comprising a first decrypted segment and a first hash value;
      
      validating the first hash value; and
      
      responsive to validating the first hash value, decrypting a second encrypted segment to produce a second plaintext segment comprising a second decrypted segment and a second hash value.
  - 27. The method of claim 15, wherein verifying that the encrypted segment has not been modified comprises:
    - computing a hash of the encrypted segment;
      
      generating an expected validator based on performing an additional plurality of entropy distribution operations on the initial key using a key tree, wherein the hash indicates a path through the key tree, the path identifying the additional plurality of entropy distribution operations; and
      
      comparing the expected validator to the received validator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptography Research, Inc. (Rambus Inc.)
Original Assignee
Cryptography Research, Inc. (Rambus Inc.)
Inventors
Kocher, Paul C., Rohatgi, Pankaj, Jaffe, Joshua M.

Granted Patent

US 8,977,864 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/286
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/556   involving covert channels, ...

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 21/755   with measures against power...

G06F 21/76   in application-specific int...

G06F 2212/402   Encrypted data

G06F 2221/034   Test or assess a computer o...

G06F 2221/2107   File encryption

G06F 2221/2125   Just-in-time application of...

G06F 2221/2145   Inheriting rights or proper...

G06F 8/71   Version control security ar...

G06F 9/44505   Configuring for program ini...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/56   Financial cryptography, e.g...

H04L 2463/061   applying further key deriva...

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04L 9/003   for power analysis, e.g. di...

H04L 9/0631   Substitution permutation ne...

H04L 9/085 : Secret sharing or secret sp...

H04L 9/0861 : Generation of secret inform...

H04L 9/088 : Usage controlling of secret...

H04L 9/0894 : Escrow, recovery or storing...

H04L 9/16 : the keys or algorithms bein...

H04L 9/3236 : using cryptographic hash fu...

H04L 9/3247 : involving digital signatures

H04L 9/3271 : using challenge-response

H04L 9/50 : using hash chains, e.g. blo...

View All

CRYPTOGRAPHIC DEVICE WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS AND OTHER EXTERNAL MONITORING ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

CRYPTOGRAPHIC DEVICE WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS AND OTHER EXTERNAL MONITORING ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links