Leak-resistant cryptographic method and apparatus
DCFirst Claim
1. A cryptographic token configured to perform cryptographic operations using a secret key in a secure manner, comprising:
- (a) an interface configured to receive power from a source external to said token;
(b) a memory containing said secret key;
(c) a processor;
(i) configured to receive said power delivered via said interface;
(ii) configured to perform said processing using said secret key from said memory;
(d) said token having a power consumption characteristic;
(i) that is externally measurable; and
(ii) that varies over time in a manner measurably correlated with said cryptographic operations; and
(e) a source of unpredictable information configured for use in said cryptographic operations to make determination of said secret key infeasible from external measurements of said power consumption characteristic.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
The present invention provides a method and apparatus for securing cryptographic devices against attacks involving external monitoring and analysis. A “self-healing” property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations of the invention are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption, ElGamal digital signing, and the Digital Signature Algorithm.
-
Citations
18 Claims
-
1. A cryptographic token configured to perform cryptographic operations using a secret key in a secure manner, comprising:
-
(a) an interface configured to receive power from a source external to said token;
(b) a memory containing said secret key;
(c) a processor;
(i) configured to receive said power delivered via said interface;
(ii) configured to perform said processing using said secret key from said memory;
(d) said token having a power consumption characteristic;
(i) that is externally measurable; and
(ii) that varies over time in a manner measurably correlated with said cryptographic operations; and
(e) a source of unpredictable information configured for use in said cryptographic operations to make determination of said secret key infeasible from external measurements of said power consumption characteristic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification