Cryptographic device with resistance to differential power analysis and other external monitoring attacks
First Claim
1. A device comprising:
- storage hardware to store a secret value; and
processing hardware, coupled to the storage hardware, to;
derive a message key for a message based at least in part on the secret value and a message identifier of the message, wherein the message key is derived using a plurality of entropy distribution operations;
encrypt a data segment of the message using an encryption key derived from the message key to produce an encrypted data segment;
compute a validator based on the secret value and the encrypted data segment; and
output the encrypted data segment and the validator.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments.
-
Citations
28 Claims
-
1. A device comprising:
-
storage hardware to store a secret value; and processing hardware, coupled to the storage hardware, to; derive a message key for a message based at least in part on the secret value and a message identifier of the message, wherein the message key is derived using a plurality of entropy distribution operations; encrypt a data segment of the message using an encryption key derived from the message key to produce an encrypted data segment; compute a validator based on the secret value and the encrypted data segment; and output the encrypted data segment and the validator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A device comprising:
-
storage hardware to store a secret value; and processing hardware, coupled to the storage hardware, to; receive an encrypted data segment and a validator; obtain a message identifier corresponding to the encrypted data segment; derive a message key using the secret value and the message identifier, where the message key is derived using a plurality of entropy distribution operations; verify, using the received validator, that the encrypted data segment has not been modified; and decrypt the encrypted data segment using a decryption key derived from the message key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
receiving a message by processing hardware; deriving, by the processing hardware, a message key for the message based at least in part on a stored secret value and a message identifier of the message, where the message key is derived using a plurality of entropy distribution operations; encrypting, by the processing hardware, a data segment of the message using an encryption key derived from the message key to produce an encrypted data segment; computing a validator based on the secret value and the encrypted data segment; and outputting the encrypted data segment and the validator. - View Dependent Claims (23, 24, 25)
-
-
22. A method comprising:
-
receiving, by processing hardware, an encrypted data segment and a validator; obtaining, by the processing hardware, a message identifier corresponding to the encrypted data segment; deriving, by the processing hardware, a message key using the secret value and the message identifier, where the message key is derived using a plurality of entropy distribution operations; verifying, using the received validator, that the encrypted data segment has not been modified; and decrypting the encrypted data segment using a decryption key derived from the message key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified. - View Dependent Claims (26, 27, 28)
-
Specification