Key masking for cryptographic processes
First Claim
1. A computing device-implemented method for improving the resistance, to power analysis attacks, of a processing unit performing iterative cryptographic operations utilizing key values and substitution tables, the method utilizing masking of the key values and the substitution tables, the method comprising the steps of:
- a) initially masking an initial key value,b) initially defining a set of non-uniform key encryption masks,c) initially defining a set of masked substitution tables, each masked substitution table being derived from an initial substitution table so as to correspond to one of the key encryption masks from the set of non-uniform key encryption masks,d) iteratively carrying out the cryptographic operations, such thateach iteration of the cryptographic operations comprises the step of defining a successive masked key value by masking the previous masked key value using a key encryption mask selected from the set of non-uniform key encryption masks, andeach iteration of the cryptographic operations utilizes the successively defined masked key value and the corresponding table from the set of masked substitution tables that corresponds to the selected key encryption mask.
4 Assignments
0 Petitions
Accused Products
Abstract
Countermeasures for differential power or electromagnetic analysis attacks are provided with the definition and use of key encryption masks and masked substitution tables in a cryptographic process. Different key encryption masks and masked substitution tables are applied to different portions of masked keys used in the cryptographic process and are rotated as the cryptographic operations are carried out. The rotation of the key encryption masks and the masked substitution tables is non-uniform. Input and output masking for the substitution tables is provided.
14 Citations
20 Claims
-
1. A computing device-implemented method for improving the resistance, to power analysis attacks, of a processing unit performing iterative cryptographic operations utilizing key values and substitution tables, the method utilizing masking of the key values and the substitution tables, the method comprising the steps of:
-
a) initially masking an initial key value, b) initially defining a set of non-uniform key encryption masks, c) initially defining a set of masked substitution tables, each masked substitution table being derived from an initial substitution table so as to correspond to one of the key encryption masks from the set of non-uniform key encryption masks, d) iteratively carrying out the cryptographic operations, such that each iteration of the cryptographic operations comprises the step of defining a successive masked key value by masking the previous masked key value using a key encryption mask selected from the set of non-uniform key encryption masks, and each iteration of the cryptographic operations utilizes the successively defined masked key value and the corresponding table from the set of masked substitution tables that corresponds to the selected key encryption mask. - View Dependent Claims (2, 3, 4, 5, 20)
-
-
6. A computing device-implemented method for successively masking a key value, the successively masked values being for use by a processing unit performing successive iterations of cryptographic operations utilizing a substitution table, the method comprising the initial steps of:
-
a) splitting the key value into a set of split key values, b) defining a set of random mask values, c) combining multiple random mask values to define non-uniform key encryption masks and masking the set of split key values with selected key encryption masks to define a set of masked keys for use in the iterative cryptographic operations, and d) combining multiple random mask values related to the key encryption masks to define non-uniform table masks and generating a set of masked tables derived from the substitution table and corresponding to the set of split key values, for use in the iterative cryptographic operations, the method further comprising, for each iteration of the cryptographic operation, the step of utilizing selected key encryption masks and masked tables, the selection being carried out by a rotation through the respective sets of key encryption masks and masked tables. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A computing device program product for carrying out iterative cryptographic operations utilizing an initial key value and a substitution table, the computing device program product comprising a computer device usable storage medium having computer device readable program product code stored in said medium, and comprising
a) program code operative to initially mask the initial key value, b) program code operative to initially define a set of non-uniform key encryption masks, c) program code operative to initially define a set of masked substitution tables, each masked substitution table being derived from the initial substitution table so as to correspond to one of the set of key encryption masks, and d) program code operative to carry out each iteration of the cryptographic operations by defining a successive masked key value by masking the previous masked key value using a key encryption mask selected from the set of key encryption masks, and to carry out each iteration of the cryptographic operations utilizing the successively defined masked key value and the corresponding table from the set of masked substitution tables.
-
17. A computing device program product for successively masking a key value, the successively masked values being for use in successive iterations of cryptographic operations utilizing a substitution table, the computing device program product comprising a computing device usable storage medium having computing device readable program product code stored in said medium, and comprising
program code operative to split the key value into a set of split key values, program code operative to define a set of random mask values, program code operative to combine multiple random mask values to define non-uniform key encryption masks and to mask the set of split key values with selected key encryption masks to define a set of masked keys for use in the iterative cryptographic operations, program code operative to combine multiple random mask values related to the key encryption masks to define non-uniform table masks and to generate a set of masked tables derived from the substitution table and corresponding to the set of split key values, for use in the iterative cryptographic operations, and program code operative to carry out each iteration of the cryptographic operation by utilizing selected key encryption masks and masked tables, the program code being operative to carry out the selection by rotating through the respective sets of key encryption masks and masked tables.
Specification