Method for making safe an electronic cryptography assembly with a secret key

US 8,582,774 B2
Filed: 03/04/2003
Issued: 11/12/2013
Est. Priority Date: 03/07/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for operating an electronic system to secure a multi-round cryptographic calculation procedure wherein each round is performed using a round-operation that uses a secret key and an encryption function f or a replacement thereof, the method comprising operating the electronic system to:

determine a sequence of round-operations selected from a set of round-operations including round-operations performing a function p selected from the set of functions f, a masking operation followed by f, and f followed by an unmasking operation, and defined by whether each input of the round-operation has an input-type of masked or unmasked, respectively, and at least one output having an output-type of masked or unmasked depending on the input-types for the inputs, respectively, and the function p;

wherein the sequence of round-operations is selected such that for two sequential rounds i and i+1, each output from round i serves as an input to round i+1 and the output-type for each output from round i matches the input-type for the corresponding input to round i+1; and

execute the determined sequence of rounds.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An aim of this invention is to eliminate the risks of aggression “DPA of the n order” attacks, for all n values, of cryptography electronic assemblies or systems with a secret or private key. The process according to this invention concerns a securing process for an electronic system using a cryptographic calculation procedure using a secret key. The process consists of masking intermediate results in input or output of at least one critical function for the said procedure.

20 Citations

15 Claims

1. A method for operating an electronic system to secure a multi-round cryptographic calculation procedure wherein each round is performed using a round-operation that uses a secret key and an encryption function f or a replacement thereof, the method comprising operating the electronic system to:
- determine a sequence of round-operations selected from a set of round-operations including round-operations performing a function p selected from the set of functions f, a masking operation followed by f, and f followed by an unmasking operation, and defined by whether each input of the round-operation has an input-type of masked or unmasked, respectively, and at least one output having an output-type of masked or unmasked depending on the input-types for the inputs, respectively, and the function p;
  
  wherein the sequence of round-operations is selected such that for two sequential rounds i and i+1, each output from round i serves as an input to round i+1 and the output-type for each output from round i matches the input-type for the corresponding input to round i+1; and
  
  execute the determined sequence of rounds.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of operating an electronic system to secure a multi-round cryptographic calculation procedure of claim 1 wherein the round-operations have a left input, a right input, a left output and a right output and are selected from the set including round-operations that:
    - A. accept unmasked inputs and produce unmasked output using the function f to produce the left output;
      
      B. accepts unmasked inputs and produces an unmasked left output and a masked right output;
      
      C. accepts an umasked left input, a masked right input and produces a masked left output, and an unmasked right output;
      
      D. accepts a masked left input, an unmasked right input, and produces an unmasked left output, and a masked right output;
      
      E. accepts a masked left input, an unmasked right input, and produces unmasked outputs.
  - 3. The method for operating an electronic system to secure a multi-round cryptographic calculation procedure of claim 1 or 2 wherein at least one masking operation is a non-public masking operation.
  - 4. The method for operating an electronic system to secure a multi-round cryptographic calculation procedure of claim 1 or 2 wherein the sequence of round-operations comprises a first and a second subsequence such and wherein the mask applied in the masking operations in the first subsequence is different from the mask applied in the second subsequence.
  - 5. The method for operating an electronic system to secure a multi-round cryptographic calculation procedure of claim 4 wherein the end of the first subsequence is defined by a round-operation having all unmasked outputs.

6. An electronic system comprising:
- storage device storing a cryptographic calculation procedure that uses a secret key executable by a processor,a processor programmed to;
  
  determine a sequence of round-operations selected from a set of round-operations including round-operations performing a function p selected from the set of functions f, a masking operation followed by f, and f followed by an unmasking operation, and defined by whether each input of the round-operation has an input-type of masked or unmasked, respectively, and at least one output having an output-type of masked or unmasked depending on the input-types for the inputs, respectively, and the function p;
  
  wherein the sequence of round-operations is selected such that for two sequential rounds i and i+1, each output from round i serves as an input to round i+1 and the output-type for each output from round i matches the input-type for the corresponding input to round i+1; and
  
  execute the determined sequence of rounds.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The electronic system of claim 6 wherein the round-operations have a left input, a right input, a left output and a right output and are selected from the set including round-operations that:
    - A. accept unmasked inputs and produce unmasked output using the function f to produce the left output;
      
      B. accepts unmasked inputs and produces an unmasked left output and a masked right output;
      
      C. accepts an umasked left input, a masked right input and produces a masked left output, and an unmasked right output;
      
      D. accepts a masked left input, an unmasked right input, and produces an unmasked left output, and a masked right output;
      
      E. accepts a masked left input, an unmasked right input, and produces unmasked outputs.
  - 8. The electronic system of claim 6 or 7 wherein at least one masking operation is a non-public masking operation.
  - 9. The electronic system of claim 6 or 7 wherein the sequence of round-operations comprises a first and a second subsequence such and wherein the mask applied in the masking operations in the first subsequence is different from the mask applied in the second subsequence.
  - 10. The electronic system of claim 9 wherein the end of the first subsequence is defined by a round-operation having all unmasked outputs.

11. A non-transitory computer storage media operable to store instructions for instructing a processor of an electronic system to perform certain operations, the storage media comprising:
- instructions to direct the processor to;
  
  determine a sequence of round-operations selected from a set of round-operations including round-operations performing a function p selected from the set of functions f, a masking operation followed by f, and f followed by an unmasking operation, and defined by whether each input of the round-operation has an input-type of masked or unmasked, respectively, and at least one output having an output-type of masked or unmasked depending on the input-types for the inputs, respectively, and the function p;
  
  wherein the sequence of round-operations is selected such that for two sequential rounds i and i+1, each output from round i serves as an input to round i+1 and the output-type for each output from round i matches the input-type for the corresponding input to round i+1; and
  
  execute the determined sequence of rounds.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer storage media of claim 11 wherein the round-operations have a left input, a right input, a left output and a right output and are selected from the set including round-operations that:
    - A. accept unmasked inputs and produce unmasked output using the function f to produce the left output;
      
      B. accepts unmasked inputs and produces an unmasked left output and a masked right output;
      
      C. accepts an umasked left input, a masked right input and produces a masked left output, and an unmasked right output;
      
      D. accepts a masked left input, an unmasked right input, and produces an unmasked left output, and a masked right output;
      
      E. accepts a masked left input, an unmasked right input, and produces unmasked outputs.
  - 13. The non-transitory computer storage media of claim 11 or 12 wherein at least one masking operation is a non-public masking operation.
  - 14. The non-transitory computer storage media of claim 11 or 12 wherein the sequence of round-operations comprises a first and a second subsequence such and wherein the mask applied in the masking operations in the first subsequence is different from the mask applied in the second subsequence.
  - 15. The non-transitory computer storage media of claim 14 wherein the end of the first subsequence is defined by a round-operation having all unmasked outputs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Gemalto SA (Thales SA)
Inventors
Goubin, Louis, Akkar, Mehdi-Laurent
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US10/506,851
Publication Number

US 20100272264A1
Time in Patent Office

3,906 Days
Field of Search

726/34, 713/189, 380/277
US Class Current

380/277
CPC Class Codes

H04L 2209/046   of operations, operands or ...

H04L 9/003   for power analysis, e.g. di...

H04L 9/0625   with splitting of the data ...

Method for making safe an electronic cryptography assembly with a secret key

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method for making safe an electronic cryptography assembly with a secret key

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others