Leak-resistant cryptographic method and apparatus
DC
First Claim
1. A cryptographic token configured to perform cryptographic operations using a secret key in a secure manner, comprising:
- (a) an interface configured to receive power from a source external to said token;
(b) a memory containing said secret key;
(c) a processor;
(i) configured to receive said power delivered via said interface;
(ii) configured to perform said processing using said secret key from said memory;
(d) said token having a power consumption characteristic;
(i) that is externally measurable; and
(ii) that varies over time in a manner measurably correlated with said cryptographic operations; and
(e) a source of unpredictable information configured for use in said cryptographic operations to make determination of said secret key infeasible from external measurements of said power consumption characteristic.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
The present invention provides a method and apparatus for securing cryptographic devices against attacks involving external monitoring and analysis. A “self-healing” property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations of the invention are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption, ElGamal digital signing, and the Digital Signature Algorithm.
-
Citations
18 Claims
-
1. A cryptographic token configured to perform cryptographic operations using a secret key in a secure manner, comprising:
-
(a) an interface configured to receive power from a source external to said token;
(b) a memory containing said secret key;
(c) a processor;
(i) configured to receive said power delivered via said interface;
(ii) configured to perform said processing using said secret key from said memory;
(d) said token having a power consumption characteristic;
(i) that is externally measurable; and
(ii) that varies over time in a manner measurably correlated with said cryptographic operations; and
(e) a source of unpredictable information configured for use in said cryptographic operations to make determination of said secret key infeasible from external measurements of said power consumption characteristic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification
-
- Resources
-
Current AssigneeCryptography Research, Inc. (Rambus Inc.)
-
Original AssigneeCryptography Research, Inc. (Rambus Inc.)
-
InventorsKocher, Paul C., Jaffe, Joshua M.
-
Primary Examiner(s)Peeso, Thomas R.
-
Assistant Examiner(s)Darrow, Justin T.
-
Application NumberUS09/737,182Publication NumberTime in Patent Office503 DaysField of Search713/172, 713/174, 713/176, 713/340, 705/65, 705/75, 705/76, 380/29, 380/30US Class Current713/172CPC Class CodesG06F 21/556 involving covert channels, ...G06F 21/602 Providing cryptographic fac...G06F 21/755 with measures against power...G06F 2207/7219 Countermeasures against sid...G06F 2207/7257 Random modification not req...G06F 7/723 Modular exponentiation G06F...G06Q 20/367 involving electronic purses...H04L 2209/56 Financial cryptography, e.g...H04L 63/1441 Countermeasures against mal...H04L 9/002 Countermeasures against att...H04L 9/0841 involving Diffie-Hellman or...H04L 9/0891 Revocation or update of sec...H04L 9/3013 involving the discrete loga...H04L 9/302 involving the integer facto...H04L 9/3247 involving digital signatures
