Des and other cryptographic, processes with leak minimization for smartcards and other cryptosystems
DCFirst Claim
1. A method for performing a cryptographic operation on a message, comprising:
- (a) generating initial unpredictable information;
(b) using said initial unpredictable information, transforming an initial secret quantity into a plurality of randomized quantities having a predetermined logical relationship thereamong; and
(c) performing a first step of said operation involving said randomized quantities in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device.
3 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P {K1} XOR K2P {K2} equals the “standard” DES key K, and M1P {M1} XOR M2P {M2} equals the “standard” message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.
248 Citations
39 Claims
-
1. A method for performing a cryptographic operation on a message, comprising:
-
(a) generating initial unpredictable information;
(b) using said initial unpredictable information, transforming an initial secret quantity into a plurality of randomized quantities having a predetermined logical relationship thereamong; and
(c) performing a first step of said operation involving said randomized quantities in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
(d) updating at least one of said randomized quantities using additional unpredictable information to generate at least one updated randomized quantity; and
(e) performing a second step of said operation involving said at least one updated randomized quantity.
-
-
14. The method of claim 13 wherein step (d) includes reordering the bit positions of said at least one randomized quantity.
-
15. The method of claim 13 wherein step (d) includes randomizing the bit values of said at least one randomized quantity.
-
16. The method of claim 13 wherein step (d) includes incrementing and checking a failure counter prior to said updating, and clearing said failure counter following said updating.
-
17. The method of claim 13 wherein step (c) includes performing said first step of said operation using a plurality of parameters, said method further comprises using said initial unpredictable information to initialize said parameters and updating said parameters to generate a plurality of updated parameters, and step (e) includes performing said second step of said operation using said updated parameters.
-
18. A method for performing a cryptographic operation on a message using a key, comprising:
-
(a) using unpredictable information, transforming said message into a plurality of message portions having a predetermined logical relationship thereamong;
(b) using unpredictable information, transforming said key into a plurality of key portions having a predetermined logical relationship thereamong;
(c) performing a first step of said cryptographic operation on said message portions using said key portions in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device;
(d) updating at least one of said plurality of message portions with unpredictable information;
(e) updating at least one of said plurality of key portions with unpredictable information;
(f) performing at least a second step of said cryptographic operation on said message portions using said key portions in a hardware device to reduce the amount of useful information about said operation available from external monitoring of said hardware device; and
(g) returning a cryptographic result. - View Dependent Claims (19, 20, 21)
-
-
22. A cryptographic processing device for performing a cryptographic operation in a manner resistant to discovery of a secret quantity by external monitoring, comprising:
-
(a) an untrusted input for electrical power, from which the device'"'"'s power consumption can be measured;
(b) a secure memory containing at least a representation of said secret quantity;
(c) a source of unpredictable information for transforming said secret quantity into a plurality of randomized quantities having a predetermined logical relationship thereamong;
(d) an input/output interface;
(e) a processor connected to said memory, configured to perform cryptographic transformations on randomized forms of data received via said interface using randomized forms of said secret quantity. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A method for performing a symmetric cryptograhic operation using a secret key with resistance to external monitoring attacks, comprising:
-
(a) obtaining an input message;
(b) generating initial unpredictable information;
(c) combining said key, said message, and said unpredictable information;
(d) deriving a result, where;
(i) said result is a predefined function of said input message and of said key, and (ii) said result is independent of said unpredictable information; and
(e) producing a response based on said result. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A device for performing keyed cryptographic operations, comprising:
-
(a) a keyed processing unit, configured to (i) obtain a representation of a secret parameter encoded as a first plurality of parameters, (ii) receive an input datum, (iii) perform a cryptographic operation upon said input datum using said plurality of parameters, and (iv) transmit the result of said cryptographic operation; and
(b) a key update unit, configured to (i) obtain said encoded representation of said secret parameter, (ii) obtain a blinding factor, (iii) produce from said first plurality of parameters and said blinding factor a second plurality of parameters where (1) a mathematical relationship exists between said second plurality of parameters and said first plurality of parameters; and
(2) said second plurality of parameters is different from said first plurality of parameters. - View Dependent Claims (34, 35, 36)
(a) A permuted part, containing a sequence of bits in permuted order; - and
(b) An ordering part, which contains the order of bits in said permuted part.
-
-
37. A method for reducing the correlation between physical attributes of a cryptographic system and the values of secret parameters being manipulated during a cryptographic operations, by masking a table lookup operation, consisting of the following steps:
-
(a) receiving a representation of a lookup table for use in said table lookup operation;
(b) receiving input and output masking parameters corresponding to said received table representation;
(c) obtaining some unpredictable information;
(d) deriving a transformed representation of said lookup table from said received lookup table and said unpredictable information;
(e) deriving new input and output masking parameters corresponding to said transformed representation of said table;
(f) storing said transformed lookup table and said input and output masking parameters in a memory; and
(g) using said transformed table in a cryptographic computation. - View Dependent Claims (38)
(d1) obtaining a first random value;
(d2) generating a new output masking value from said first random value and an output masking value received at step (b);
(d3) obtaining a second random value;
(d4) generating a new input masking value from said second random value and an input masking value received at step (b);
(d5) producing said transformed table with the property that the ith element in the transformed table is equal to the result of (i) finding the element at the location in the original table specified by taking an index ‘
i’
XORed with said old input mask,(ii) XORing said element with the values of both said new output mask and said old output mask, (iii) storing said XOR result in said transformed table at a location corresponding to said index ‘
i’
XORed with said new input mask.
-
-
39. A method for transforming data in a smartcard using the Data Encryption Standard (DES) with a secret key, comprising the steps of:
-
(a) receiving a representation of a message;
(b) combining at least a portion of said message representation with at least a portion of a representation of said key to produce a DES intermediate representation;
(c) producing from said DES intermediate an index to a substitution (S) operation, where said index is a representation of a traditional 6-bit S table input;
(d) performing an S operation, producing an S result in an expanded representation for which the Hamming Weight of said S result is independent of the value of said S table input;
(e) combining the result of said S operation with said DES intermediate to produce a new DES intermediate representation;
(f) repeating steps (c) through (e) a plurality of times; and
(g) converting the final DES intermediate representation into a DES result, where said DES result is a representation of the result of applying the DES standard to said message with said secret key.
-
Specification