Method and apparatus for preventing information leakage attacks on a microelectronic assembly

US 6,295,606 B1
Filed: 07/26/1999
Issued: 09/25/2001
Est. Priority Date: 07/26/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for preventing information leakage attacks on a microelectronic assembly performing a cryptographic algorithm by transforming a first function, used by the cryptographic algorithm, into a second function, the comprising the steps of:

receiving a masked input data having n number of bits that is masked with an input mask, wherein n is a first predetermined integer;

processing the masked input data using a second function based on a predetermined masking scheme;

producing a masked output data having m number of bits that is masked with an output mask, wherein m is a second predetermined integer.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for preventing information leakage attacks on a microelectronic assembly is described for performing a cryptographic algorithm by transforming a first function, used by the cryptographic algorithm, into a second function. The method includes receiving (1102) a masked input data having n number of bits that is masked with an input mask, wherein n is a first predetermined integer. The method also includes processing (1104) the masked input data using a second function based on a predetermined masking scheme, and producing (1106) a masked output data having m number of bits that is masked with an output mask, wherein m is a second predetermined integer.

140 Citations

12 Claims

1. A method for preventing information leakage attacks on a microelectronic assembly performing a cryptographic algorithm by transforming a first function, used by the cryptographic algorithm, into a second function, the comprising the steps of:
- receiving a masked input data having n number of bits that is masked with an input mask, wherein n is a first predetermined integer;
  
  processing the masked input data using a second function based on a predetermined masking scheme;
  
  producing a masked output data having m number of bits that is masked with an output mask, wherein m is a second predetermined integer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising the step of removing the output mask from the masked output data.
  - 3. The method of claim 2, wherein the predetermined masking scheme utilizes a look-up table.
  - 4. The method of claim 3, wherein the look-up table, having n input bits and m output bits, is constructed based on a first randomly generated input mask, at randomly generated output mask and the first function.
  - 5. The method of claim 4, wherein the input data is masked with the first randomly generated input mask using a bitwise XOR operation.
  - 6. The method of claim 4, wherein the output data is masked with the first randomly generated output mask using a bitwise XOR operation.
  - 7. The method according to claim 4, wherein the step of removing the output mask from the output data includes the step of bitwise XORing the masked output data with the first randomly generated output mask.
  - 8. The method of claim 1, wherein the first function is a substitution box (S-box) function of Data Encryption Standard (DES) algorithm.

9. An apparatus for preventing information leakage attacks on a microelectronic assembly, comprising:
- a crossbar switch responsive to a first masked input and a second masked input that are masked based on a first mask, a control input based on a second mask, the crossbar switch providing a first output and a second output;
  
  a multiplexer coupled to the first output and the second output of the crossbar switch, the multiplexer having an output, and a control input responsive to a control signal that is based on the second mask and an input to a first function.
- View Dependent Claims (10, 11, 12)
- - 10. The apparatus of claim 9, wherein the first mask and the second mask are randomly generated using a random number generator circuit.
  - 11. The apparatus of claim 9, wherein the inputs to the crossbar switch are masked with the first mask using an XOR operation.
  - 12. The apparatus of claim 9, wherein the input to the first function is masked with the second mask using an XOR operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Puhl, Larry, Messerges, Thomas S., Dabbish, Ezzat A.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
DI LORENZO, ANTHONY

Application Number

US09/360,585
Time in Patent Office

792 Days
Field of Search

380/1, 713/189
US Class Current

713/189
CPC Class Codes

G06F 21/72   in cryptographic circuits

G06F 21/755   with measures against power...

G06F 2207/7219   Countermeasures against sid...

G06Q 20/341   Active cards, i.e. cards in...

G07F 7/082   Features insuring the integ...

G07F 7/084   Additional components relat...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

G07F 7/1083   Counting of PIN attempts

H04L 2209/046   of operations, operands or ...

H04L 2209/08   Randomization, e.g. dummy o...

H04L 9/003   for power analysis, e.g. di...

H04L 9/0625   with splitting of the data ...

Method and apparatus for preventing information leakage attacks on a microelectronic assembly

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for preventing information leakage attacks on a microelectronic assembly

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links