Using unpredictable information to minimize leakage from smartcards and other cryptosystems
DCFirst Claim
1. A cryptographic processing device for securely performing a cryptographic processing operation including a sequence of instructions in a manner resistant to discovery of a secret by external monitoring, comprising:
- (a) an input interface for receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) a source of unpredictable information;
(c) a processor;
(i) connected to said input interface for receiving and cryptographically processing said quantity, (ii) configured to use said unpredictable information to conceal a correlation between externally monitorable signals and said secret during said processing of said quantity by modifying said sequence; and
(d) an output interface for outputting said cryptographically processed quantity to a recipient thereof.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. This is generally accomplished by incorporating unpredictable information into the cryptographic processing. Various embodiments of the invention use techniques such as reduction of signal to noise ratios, random noise generation, clock skipping, and introducing entropy into the order of processing operations or the execution path. The techniques may be implemented in hardware or software, may use a combination of digital and analog techniques, and may be deployed in a variety of cryptographic devices.
-
Citations
36 Claims
-
1. A cryptographic processing device for securely performing a cryptographic processing operation including a sequence of instructions in a manner resistant to discovery of a secret by external monitoring, comprising:
-
(a) an input interface for receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) a source of unpredictable information;
(c) a processor;
(i) connected to said input interface for receiving and cryptographically processing said quantity, (ii) configured to use said unpredictable information to conceal a correlation between externally monitorable signals and said secret during said processing of said quantity by modifying said sequence; and
(d) an output interface for outputting said cryptographically processed quantity to a recipient thereof. - View Dependent Claims (2, 3, 4, 22)
-
-
5. A cryptographic processing device for securely performing a cryptographic processing operation implementing a permutation in a manner resistant to discovery of a secret by external monitoring, comprising:
-
(a) an input interface for receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) a source of unpredictable information;
(c) a processor;
(i) connected to said input interface for receiving and cryptographically processing said quantity, (ii) configured to use said unpredictable information to conceal a correlation between externally monitorable signals and said secret during said processing of said quantity by randomizing the order of said permutation; and
(d) an output interface for outputting said cryptographically processed quantity to a recipient thereof.
-
-
6. A cryptographic processing device implemented on a single microchip for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring, comprising:
-
(a) an input interface for receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) a source of unpredictable information;
(c) a processor;
(i) connected to said input interface for receiving and cryptographically processing said quantity, (ii) configured to use said unpredictable information to conceal a correlation between said microchip'"'"'s power consumption and said processing of said quantity by expending additional electricity in said microchip during said processing; and
(d) an output interface for outputting said cryptographically processed quantity to a recipient thereof. - View Dependent Claims (7, 8)
(a) program logic implementing said source of unpredictable information; - and
(b) program logic to transmit said unpredictable information to an additional power expending circuit contained in said microchip.
-
-
9. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring, comprising:
-
(a) an input interface for receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) a source of unpredictable information;
(c) a processor;
(i) connected to said input interface for receiving and cryptographically processing said quantity, (ii) configured to use said unpredictable information to conceal a correlation between externally monitorable signals and said secret during said processing of said quantity;
(d) an output interface for outputting said cryptographically processed quantity to a recipient thereof;
(e) a hardware-implemented noise production subunit connected to said source of unpredictable information and configured to expend unpredictable amounts of electricity based on the output of said source of unpredictable information; and
(f) an activation controller, which may be activated by software contained in said device, to activate and deactivate said expending of unpredictable amounts of electricity. - View Dependent Claims (10)
-
-
11. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external measurement of said device'"'"'s power consumption, comprising:
-
(a) an input interface for receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) an input interface for receiving a variable amount of power, said power consumption varying measurably during said performance of said operation;
(c) a processor connected to said input interface for receiving and cryptographically processing said quantity; and
(d) a noise production system for introducing noise into said measurement of said power consumption. - View Dependent Claims (12, 13)
(a) a source of randomness for generating initial noise having a random characteristic;
(b) a noise processing module for improving the random characteristic of said initial noise; and
(c) a noise production module configured to vary said power consumption based on an output of said noise processing module.
-
-
13. The device of claim 12 wherein said noise production system is connected to said processor and is selectively operable under the control of said processor.
-
14. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:
-
(a) an input/output interface for receiving data to be cryptographically processed, said data being representative of at least a portion of a message;
(b) an oscillator generating a first clock signal;
(c) an input interface for receiving a variable amount of power, said power consumption varying measurably during said performance of said operation;
(d) a source of unpredictable information;
(e) a clock decorrelator coupled to said source of unpredictable information for generating a second clock signal from said first clock signal using said unpredictable information, such that said second clock signal cannot be reliably predicted from said first clock signal; and
(f) a processor;
(i) clocked by said second clock signal, (ii) configured to cryptographically processing said data, and (iii) configured to output said cryptographically processed data using said input/output interface.
-
-
15. A cryptographic processing device for securely performing a cryptographic processing operation in a manner resistant to discovery of a secret by external monitoring of said device'"'"'s power consumption, comprising:
-
(a) an input/output interface for receiving data to be cryptographically processed, said data being representative of at least a portion of a message;
(b) an input interface for receiving an external clock signal;
(c) an input interface for receiving a variable amount of power, said power consumption varying measurably during said performance of said operation;
(d) a source of unpredictable information;
(e) a clock decorrelator coupled to said source of unpredictable information for generating an internal clock signal from said external clock signal using said unpredictable information, such that said internal clock signal cannot be reliably predicted from said external clock signal; and
(f) a processor;
(i) clocked by said internal clock signal, (ii) configured to cryptographically processing said data, and (iii) configured to output said cryptographically processed data using said input/output interface. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
23. A method of securely performing a cryptographic processing operation in a manner resistant to discovery of a secret within a cryptographic processing device by external monitoring, comprising:
-
(a) receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) generating unpredictable information;
(c) cryptographically processing said quantity, including using said unpredictable information while processing said quantity to conceal a correlation between externally monitorable signals and said secret by selecting between;
(c)(1) performing a computation and incorporating the result of said computation in said cryptographic processing, and (c)(2) performing a computation whose output is not incorporated in said cryptographic processing; and
(d) outputting said cryptographically processed quantity to a recipient thereof. - View Dependent Claims (24, 25)
-
-
26. A method of securely performing a cryptographic processing operation in a manner resistant to discovery of a secret within a cryptographic processing device by external monitoring, comprising:
-
(a) receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) generating unpredictable information;
(c) cryptographically processing said quantity, including using said unpredictable information while processing said quantity to conceal a correlation between externally monitorable signals and said secret by selecting a code process from a plurality of code processes, where said selected code process is involved in said cryptographic processing, but where the value of said outputted quantity is independent of which of said code processes was selected; and
(d) outputting said cryptographically processed quantity to a recipient thereof.
-
-
27. A method of securely performing a cryptographic processing operation including a sequence of instructions in a manner resistant to discovery of a secret within a cryptographic processing device by external monitoring, comprising:
-
(a) receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) generating unpredictable information;
(c) using said unpredictable information while processing said quantity to conceal a correlation between externally monitorable signals and said secret by using said unpredictable information to modify said sequence; and
(d) outputting said cryptographically processed quantity to a recipient thereof.
-
-
28. A method of securely performing a cryptographic processing operation implementing a permutation in a manner resistant to discovery of a secret within a cryptographic processing device by external monitoring, comprising:
-
(a) receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(b) generating unpredictable information;
(c) using said unpredictable information while processing said quantity to conceal a correlation between externally monitorable signals and said secret by randomizing the order of said permutation; and
(d) outputting said cryptographically processed quantity to a recipient thereof.
-
-
29. A method of securely performing a cryptographic processing operation in a manner resistant to discovery of a secret within a cryptographic processing device by external monitoring of said device'"'"'s power consumption, comprising:
-
(a) receiving a variable amount of power, said power consumption varying measurably during said performance of said operation;
(b) receiving a quantity to be cryptographically processed, said quantity being representative of at least a portion of a message;
(c) introducing noise into said measurement of said power consumption while processing said quantity; and
(d) outputting said cryptographically processed quantity to a recipient thereof. - View Dependent Claims (30)
(a) generating initial noise having a random characteristic;
(b) improving the random characteristic of said initial noise; and
(c) varying said power consumption based on said improved initial noise.
-
-
31. A method of securely performing a cryptographic processing operation in a manner resistant to discovery of a secret within a cryptographic processing device by external monitoring of said device'"'"'s power consumption, comprising:
-
(a) receiving a variable amount of power, said power consumption varying measurably during said performance of said operation;
(b) generating a first clock signal;
(c) receiving data to be cryptographically processed, said data being representative of at least a portion of a message;
(d) generating unpredictable information;
(e) generating a second clock signal from said first clock signal using said unpredictable information, such that said second clock signal cannot be reliably predicted from said first clock signal;
(f) processing said data using said second clock signal; and
(g) outputting said cryptographically processed quantity to a recipient thereof.
-
-
32. A method of securely performing a cryptographic processing operation in a manner resistant to discovery of a secret within a cryptographic processing device by external monitoring of said device'"'"'s power consumption, comprising:
-
(a) receiving a variable amount of power, said power consumption varying measurably during said performance of said operation;
(b) receiving an external clock signal;
(c) receiving data to be cryptographically processed, said data being representative of at least a portion of a message;
(d) generating unpredictable information;
(e) generating an internal clock signal from said external clock signal using said unpredictable information, such that said external clock signal cannot be reliably predicted from said internal clock signal;
(f) processing said data using said internal clock signal; and
(g) outputting said cryptographically processed quantity to a recipient thereof. - View Dependent Claims (33, 34, 35, 36)
-
Specification