CA2298990A1 - Method and system for resistance to power analysis - Google Patents

Method and system for resistance to power analysis Download PDF

Info

Publication number
CA2298990A1
CA2298990A1 CA002298990A CA2298990A CA2298990A1 CA 2298990 A1 CA2298990 A1 CA 2298990A1 CA 002298990 A CA002298990 A CA 002298990A CA 2298990 A CA2298990 A CA 2298990A CA 2298990 A1 CA2298990 A1 CA 2298990A1
Authority
CA
Canada
Prior art keywords
hamming
information
neutral
bits
execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002298990A
Other languages
French (fr)
Inventor
Zhengchu Xiao
Stanley T. Chow
Harold J. Johnson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cloakware Corp
Original Assignee
Cloakware Corporation
Zhengchu Xiao
Stanley T. Chow
Harold J. Johnson
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloakware Corporation, Zhengchu Xiao, Stanley T. Chow, Harold J. Johnson filed Critical Cloakware Corporation
Priority to CA002298990A priority Critical patent/CA2298990A1/en
Priority to PCT/CA2001/000201 priority patent/WO2001061916A2/en
Priority to AU2001235280A priority patent/AU2001235280A1/en
Priority to CA002397077A priority patent/CA2397077A1/en
Priority to PCT/CA2001/000200 priority patent/WO2001061915A2/en
Priority to US10/181,942 priority patent/US20040025032A1/en
Priority to AU2001235279A priority patent/AU2001235279A1/en
Priority to CA002397615A priority patent/CA2397615A1/en
Priority to EP01907279A priority patent/EP1256203A2/en
Priority to US10/203,156 priority patent/US20040078588A1/en
Priority to PCT/CA2001/000199 priority patent/WO2001061914A2/en
Priority to EP01907278A priority patent/EP1256202A2/en
Priority to US10/181,452 priority patent/US20040030905A1/en
Priority to AU2001235281A priority patent/AU2001235281A1/en
Priority to CA002398441A priority patent/CA2398441A1/en
Priority to EP01907277A priority patent/EP1256201A2/en
Publication of CA2298990A1 publication Critical patent/CA2298990A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • G06K19/07363Means for preventing undesired reading or writing from or onto record carriers by preventing analysis of the circuit, e.g. dynamic or static power analysis or current analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks

Claims (18)

1. The Hamming-neutral encoding of data values used during computation for resistance to leaking of secret information during power analysis of sealed platforms, such as smart cards, by means of pre-computing an appropriate Hamming-neutral set or Hamming-neutral assembly as described herein, and encoding of data according to an enumeration of the elements in that set as described herein.
2. The Hamming-neutral addressing of indexed data used during computation for resistance to discovery of indices in indexed tables, by means of pre-computing an appropriate Hamming-neutral set or Hamming-neutral assembly as described herein, and encoding of addresses according to an enumeration of the elements in that set as described herein.
3. The Hamming-neutral addressing of indexed data used during computation for resistance to discovery of indices in indexed tables, by means of pre-computing an appropriate Hamming-neutral set or Hamming-neutral assembly as described herein, and encoding of addresses according to an enumeration of the elements in that set as described herein, using the herein-described representation in which each address element in the set or assembly consists of zero or more fixed prefix bits, one or more groups of varying bits (one per dimension of indexing), and zero or more fixed suffix bits, where the prefix bits select a region in memory and the suffix bits select an offset.
4. Protection of execution from revelation of secrets under power analysis by the method of average-neutral execution, in which initially a hash of information is computed, depending on any initial information which would be provided by an attacker using power analysis, and on any initial information which the attacker using power analysis would guess, such as data to be encrypted or decrypted and the key controlling such encryption or decryption; said hash being used to produce one or more Hamming-neutral encodings of Boolean values used to determine whether execution is normal or bit-complemented ('bit flipped').
5. Protection of execution from revelation of secrets under power analysis by the method of permuted execution, in which initially a hash of information is computed, depending on any initial information which would be provided by an attacker using power analysis, and on any initial information which the attacker using power analysis would guess, such as data to be encrypted or decrypted and the key controlling such encryption or decryption, and on sequencing information during execution, such as encryption round number;
said hash being used to produce one or more Hamming-neutral encodings of sequences of values representing a pseudo-random permutation of a sequence, used to determine in what order steps of execution are performed, thereby mixing averaged information for particular values predicted by an attacker with other, randomly chosen information.
6. The method of performing the protection described in the above claim 5, in which further protection is provided by more finely subdividing the operations to be permuted, thereby mixing averaged information for particular values predicted by an attacker with an increased number of other, randomly chosen information.
7. Protection of execution from revelation of secrets under power analysis by the method of time-shifted execution, in which initially a hash of information is computed, depending on any initial information which would be provided by an attacker using power analysis, and on any initial information which the attacker using power analysis would guess, such as data to be encrypted or decrypted and the key controlling such encryption or decryption, and on sequencing information during execution, such as encryption round number;
said hash being used to produce a sequence of one or more Hamming-neutral of values representing a pseudo-random series of code executions, used to inject spurious computations among the significant computations, thereby making the timing of power features unpredictable and thereby less susceptible to information leakage by timing-based power analysis.
8. The method of performing the protection described above in claims 1 - 7, by combining two or more of these methods either to the same part of a program, or differently to different parts of a program, to achieve a desired level of protection for the program, or a desired level of protection differing among parts of the program, whre the program is to be protected against leakage of information when under attack by power analysis.
9. The method of combining methods described above in claims 1 - 7 in concert with methods from either or both of the co-pending data flow patent application, United States Patent Application No. 09/329,117 and the co-pending control flow patent application as outlined in United States Patent Application Serial No. 09/377,312, by combining two or more of these methods either to the same part of a program, or differently to different parts of a program, to achieve a desired level of protection for the program, or a desired level of protection differing among parts of the program, whre the program is to be protected against leakage of information when under attack by power analysis or by other, more intrusive techniques such as execution tracing, debugging, and graph analysis of the code and data.
10. The method of avoiding transition count and Hamming weight leakage during execution of masking operations by initially setting affected fields to all 0-bits or all 1-bits, thereby preventing power feature distinctions from being observed during transitions from one state to another.
11. The method of shifting quantities without revealing information due to Hamming weight leakage or transition count leakage, by masking out portions which will be shifted end-off during the shifting process, so that only 0-bits (or only 1-bits) will be shifted end-off, thereby not revealing by timing differences or Hamming-weights or transition counts the actual represented values shifted and/or masked.
12. The method of extracting bit-fields without revealing information due to Hamming weight leakage or transition count leakage, by masking out portions which will be shifted end-off during the shifting process, so that only 0-bits (or only 1-bits) will be shifted end-off, thereby not revealing by timing differences or Hamming-weights or transition counts the actual represented values shifted and/or masked.
13. The method of inserting bit-fields without revealing information due to Hamming weight leakage or transition count leakage, by masking out portions which will be shifted end-off during the shifting process, so that only 0-bits (or only 1-bits) will be shifted end-off, thereby not revealing by timing differences or Hamming-weights or transition counts the actual represented values shifted and/or masked.
14. The general method of performing power-analysis-resistant DES as revealed in this disclosure.
15. The detailed layouts and techniques of performing power-analysis-resistant DES as revealed in this disclosure.
16. A system for executing the method of any one of claims 1 through 15.
17. A computer readable memory medium for storing software code executable to perform the method steps of any one of claims 1 through 15.
18. A carrier signal incorporating software code executable to perform the method steps of any one of claims 1 through 15.
CA002298990A 2000-02-18 2000-02-18 Method and system for resistance to power analysis Abandoned CA2298990A1 (en)

Priority Applications (16)

Application Number Priority Date Filing Date Title
CA002298990A CA2298990A1 (en) 2000-02-18 2000-02-18 Method and system for resistance to power analysis
PCT/CA2001/000201 WO2001061916A2 (en) 2000-02-18 2001-02-19 Encoding method and system resistant to power analysis
AU2001235280A AU2001235280A1 (en) 2000-02-18 2001-02-19 Method and system for resistance to statistical power analysis
CA002397077A CA2397077A1 (en) 2000-02-18 2001-02-19 Encoding method and system resistant to power analysis
PCT/CA2001/000200 WO2001061915A2 (en) 2000-02-18 2001-02-19 Method and system for resistance to statistical power analysis
US10/181,942 US20040025032A1 (en) 2000-02-18 2001-02-19 Method and system for resistance to statiscal power analysis
AU2001235279A AU2001235279A1 (en) 2000-02-18 2001-02-19 Method and apparatus for balanced electronic operations
CA002397615A CA2397615A1 (en) 2000-02-18 2001-02-19 Method and system for resistance to statistical power analysis
EP01907279A EP1256203A2 (en) 2000-02-18 2001-02-19 Encoding method and system resistant to power analysis
US10/203,156 US20040078588A1 (en) 2000-02-18 2001-02-19 Method and apparatus for balanced electronic operations
PCT/CA2001/000199 WO2001061914A2 (en) 2000-02-18 2001-02-19 Method and apparatus for balanced electronic operations
EP01907278A EP1256202A2 (en) 2000-02-18 2001-02-19 Method and system for resistance to statistical power analysis
US10/181,452 US20040030905A1 (en) 2000-02-18 2001-02-19 Encoding method and system resistant to power analysis
AU2001235281A AU2001235281A1 (en) 2000-02-18 2001-02-19 Encoding method and system resistant to power analysis
CA002398441A CA2398441A1 (en) 2000-02-18 2001-02-19 Method and apparatus for balanced electronic operations
EP01907277A EP1256201A2 (en) 2000-02-18 2001-02-19 Method and apparatus for balanced electronic operations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA002298990A CA2298990A1 (en) 2000-02-18 2000-02-18 Method and system for resistance to power analysis

Publications (1)

Publication Number Publication Date
CA2298990A1 true CA2298990A1 (en) 2001-08-18

Family

ID=4165351

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002298990A Abandoned CA2298990A1 (en) 2000-02-18 2000-02-18 Method and system for resistance to power analysis

Country Status (5)

Country Link
US (3) US20040078588A1 (en)
EP (3) EP1256203A2 (en)
AU (3) AU2001235279A1 (en)
CA (1) CA2298990A1 (en)
WO (3) WO2001061914A2 (en)

Families Citing this family (75)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7587044B2 (en) 1998-01-02 2009-09-08 Cryptography Research, Inc. Differential power analysis method and apparatus
US6625737B1 (en) * 2000-09-20 2003-09-23 Mips Technologies Inc. System for prediction and control of power consumption in digital system
US7620832B2 (en) * 2000-09-20 2009-11-17 Mips Technologies, Inc. Method and apparatus for masking a microprocessor execution signature
JP2002247025A (en) * 2001-02-22 2002-08-30 Hitachi Ltd Information processor
JP4596686B2 (en) * 2001-06-13 2010-12-08 富士通株式会社 Secure encryption against DPA
DE10129241B4 (en) * 2001-06-18 2008-04-30 Infineon Technologies Ag Multifunctional calculator
DE10202700A1 (en) * 2002-01-24 2003-08-07 Infineon Technologies Ag Device and method for generating a command code
DE10227618B4 (en) * 2002-06-20 2007-02-01 Infineon Technologies Ag logic circuit
JP2004126841A (en) * 2002-10-01 2004-04-22 Renesas Technology Corp Method for mounting program
US20060076418A1 (en) * 2002-11-21 2006-04-13 Koninlijke Philips Electronics N.V. Electronic memory component or memory module, and method of operating same
US7134003B2 (en) * 2002-12-12 2006-11-07 Arm Limited Variable cycle instruction execution in variable or maximum fixed cycle mode to disguise execution path
KR100528464B1 (en) * 2003-02-06 2005-11-15 삼성전자주식회사 Security system of smart card
CN1795639A (en) * 2003-05-22 2006-06-28 松下电器产业株式会社 Copyright protection system, power residue calculation device, and method
JP2005056413A (en) * 2003-08-01 2005-03-03 Stmicroelectronics Sa Protection of multiple identical computations
KR100564599B1 (en) * 2003-12-24 2006-03-29 삼성전자주식회사 Inverse calculation circuit, inverse calculation method, and storage medium encoded with computer-readable computer program code
DE102004018874B4 (en) * 2004-04-19 2009-08-06 Infineon Technologies Ag Method and device for determining a result
DE102004032893B4 (en) * 2004-07-07 2015-02-05 Giesecke & Devrient Gmbh Spying-protected calculation of a masked result value
DE102004032894A1 (en) * 2004-07-07 2006-02-09 Giesecke & Devrient Gmbh Spying-protected calculation of a masked result value
US7920050B2 (en) * 2004-07-29 2011-04-05 Emc Corporation Proxy device for enhanced privacy in an RFID system
FR2874440B1 (en) * 2004-08-17 2008-04-25 Oberthur Card Syst Sa METHOD AND DEVICE FOR PROCESSING DATA
FR2875318A1 (en) * 2004-09-15 2006-03-17 St Microelectronics Sa PROTECTION OF AN ALGORITHM
FR2875657B1 (en) * 2004-09-22 2006-12-15 Trusted Logic Sa METHOD OF SECURING CRYPTOGRAPHIC TREATMENTS THROUGH LURES.
ATE400936T1 (en) * 2004-09-24 2008-07-15 Synaptic Lab Ltd S-BOXES
EP1646174A1 (en) * 2004-10-07 2006-04-12 Axalto SA Method and apparatus for generating cryptographic sets of instructions automatically and code generation
KR100855958B1 (en) * 2004-11-24 2008-09-02 삼성전자주식회사 Cryptographic system and method for securing against side channel attacks based on Hamming distance
KR100725169B1 (en) * 2005-01-27 2007-06-04 삼성전자주식회사 Apparatus and method for performing logical operation being secure against differential power analysis
JP4783104B2 (en) * 2005-09-29 2011-09-28 株式会社東芝 Encryption / decryption device
DE602006020010D1 (en) * 2005-12-19 2011-03-24 St Microelectronics Sa Protection of the execution of a DES algorithm
US20070226144A1 (en) * 2006-03-24 2007-09-27 Tp Lab Method and apparatus to record usage of a portable media
US7594104B2 (en) * 2006-06-09 2009-09-22 International Business Machines Corporation System and method for masking a hardware boot sequence
US20070288740A1 (en) * 2006-06-09 2007-12-13 Dale Jason N System and method for secure boot across a plurality of processors
US20070288739A1 (en) * 2006-06-09 2007-12-13 Dale Jason N System and method for masking a boot sequence by running different code on each processor
US20070288761A1 (en) * 2006-06-09 2007-12-13 Dale Jason N System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors
US20070288738A1 (en) * 2006-06-09 2007-12-13 Dale Jason N System and method for selecting a random processor to boot on a multiprocessor system
US7774616B2 (en) * 2006-06-09 2010-08-10 International Business Machines Corporation Masking a boot sequence by providing a dummy processor
ATE440336T1 (en) * 2006-06-29 2009-09-15 Incard Sa METHOD FOR PROTECTING IC CARDS AGAINST PERFORMANCE ANALYSIS ATTACKS
US8997255B2 (en) 2006-07-31 2015-03-31 Inside Secure Verifying data integrity in a data storage device
US8365310B2 (en) * 2006-08-04 2013-01-29 Yeda Research & Development Co. Ltd. Method and apparatus for protecting RFID tags from power analysis
US8352752B2 (en) 2006-09-01 2013-01-08 Inside Secure Detecting radiation-based attacks
JP5203594B2 (en) * 2006-11-07 2013-06-05 株式会社東芝 Cryptographic processing circuit and cryptographic processing method
US8752032B2 (en) 2007-02-23 2014-06-10 Irdeto Canada Corporation System and method of interlocking to protect software-mediated program and device behaviours
FR2923305B1 (en) * 2007-11-02 2011-04-29 Inside Contactless METHOD AND DEVICES FOR PROTECTING A MICROCIRCUIT AGAINST ATTACKS TO DISCOVER SECRET DATA
US20100287083A1 (en) * 2007-12-28 2010-11-11 Mastercard International, Inc. Detecting modifications to financial terminals
FR2928060B1 (en) * 2008-02-25 2010-07-30 Groupe Des Ecoles De Telecommunications Get Ecole Nat Superieure Des Telecommunications Enst METHOD FOR TESTING CRYPTOGRAPHIC CIRCUITS, SECURED CRYPTOGRAPHIC CIRCUIT FOR TESTING, AND METHOD FOR WIRING SUCH CIRCUIT.
JP4687775B2 (en) * 2008-11-20 2011-05-25 ソニー株式会社 Cryptographic processing device
FR2941342B1 (en) * 2009-01-20 2011-05-20 Groupe Des Ecoles De Telecommunications Get Ecole Nat Superieure Des Telecommunications Enst CRYPTOGRAPHIC CIRCUIT PROTECTED AGAINST ATTACKS IN OBSERVATION, IN PARTICULAR OF HIGH ORDER.
KR101026439B1 (en) * 2009-07-20 2011-04-07 한국전자통신연구원 The Masking Method for Protecting Power Analysis Attacks in SEED
FR2949925A1 (en) * 2009-09-09 2011-03-11 Proton World Int Nv PROTECTION OF GENERATION OF FIRST NUMBERS AGAINST HIDDEN CHANNEL ATTACKS
WO2011068996A1 (en) * 2009-12-04 2011-06-09 Cryptography Research, Inc. Verifiable, leak-resistant encryption and decryption
US8583944B1 (en) 2010-08-04 2013-11-12 Xilinx, Inc. Method and integrated circuit for secure encryption and decryption
US8624624B1 (en) 2011-08-26 2014-01-07 Lockheed Martin Corporation Power isolation during sensitive operations
US8525545B1 (en) 2011-08-26 2013-09-03 Lockheed Martin Corporation Power isolation during sensitive operations
US8958550B2 (en) * 2011-09-13 2015-02-17 Combined Conditional Access Development & Support. LLC (CCAD) Encryption operation with real data rounds, dummy data rounds, and delay periods
US8842824B2 (en) * 2011-11-28 2014-09-23 Nec Corporation Encryption processing circuit and decryption processing circuit, methods thereof, and programs thereof
CN102710413A (en) * 2012-04-25 2012-10-03 杭州晟元芯片技术有限公司 System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention
CN103384197B (en) * 2012-05-03 2016-08-31 国家电网公司 A kind of defence circuit, chip and method to grouping algorithm Attacks
EP2917833B1 (en) * 2012-11-07 2018-12-12 Koninklijke Philips N.V. Compiler generating operator free code
US9886597B2 (en) * 2013-02-27 2018-02-06 Morpho Method for encoding data on a chip card by means of constant-weight codes
US9755822B2 (en) * 2013-06-19 2017-09-05 Cryptography Research, Inc. Countermeasure to power analysis attacks through time-varying impedance of power delivery networks
DE102014001647A1 (en) * 2014-02-06 2015-08-06 Infineon Technologies Ag Operation based on two operands
CN103929301A (en) * 2014-05-07 2014-07-16 中国科学院微电子研究所 Random number generation method and device and power device
TWI712915B (en) 2014-06-12 2020-12-11 美商密碼研究公司 Methods of executing a cryptographic operation, and computer-readable non-transitory storage medium
DE102014016548A1 (en) * 2014-11-10 2016-05-12 Giesecke & Devrient Gmbh Method for testing and hardening software applications
US10700849B2 (en) * 2015-07-30 2020-06-30 Nxp B.V. Balanced encoding of intermediate values within a white-box implementation
EP3220304B1 (en) * 2016-02-22 2018-11-07 Eshard Method of testing the resistance of a circuit to a side channel analysis
EP3258639A1 (en) * 2016-06-14 2017-12-20 Gemalto Sa Cryptography apparatus protected against side-channel attack using constant hamming weight substitution-box
US10255462B2 (en) 2016-06-17 2019-04-09 Arm Limited Apparatus and method for obfuscating power consumption of a processor
US10771235B2 (en) * 2016-09-01 2020-09-08 Cryptography Research Inc. Protecting block cipher computation operations from external monitoring attacks
US10223528B2 (en) * 2016-09-27 2019-03-05 Intel Corporation Technologies for deterministic code flow integrity protection
US10256973B2 (en) * 2016-09-30 2019-04-09 Intel Corporation Linear masking circuits for side-channel immunization of advanced encryption standard hardware
CN108063662A (en) * 2016-11-09 2018-05-22 国民技术股份有限公司 A kind of system and method for anti-template attack
KR20200041771A (en) * 2018-10-12 2020-04-22 삼성전자주식회사 Method of designing memory system considering power characteristic, method of manufacturting memory system, and computing system for designing memory system
US11303462B2 (en) 2018-11-19 2022-04-12 Arizona Board Of Regents On Behalf Of Northern Arizona University Unequally powered cryptography using physical unclonable functions
CN110610106B (en) * 2019-08-05 2022-11-22 宁波大学 Three-input confusion operation circuit based on DCVS (data communication and voltage switching) logic
CN113438067B (en) * 2021-05-30 2022-08-26 衡阳师范学院 Side channel attack method for compressed key guessing space

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2776445A1 (en) * 1998-03-17 1999-09-24 Schlumberger Ind Sa Cryptographic algorithm security technique
JP2002519722A (en) * 1998-06-03 2002-07-02 クリプターグラフィー リサーチ インコーポレイテッド Improved DES and other cryptographic processes for smart cards and other cryptographic systems to minimize leakage
DE69936856T2 (en) * 1998-06-03 2008-04-30 Cryptography Research Inc., San Francisco BALANCED CRYPTOGRAPHIC MEASUREMENT METHOD AND APPARATUS FOR SLIP MINIMIZATION IN SMART CARDS AND OTHER CRYPTOSYSTEMS
JP3600454B2 (en) * 1998-08-20 2004-12-15 株式会社東芝 Encryption / decryption device, encryption / decryption method, and program storage medium therefor
NL1011544C1 (en) * 1998-12-30 2000-07-03 Koninkl Kpn Nv Encryption system for digital data, uses secondary key to mask primary key, is more difficult to decrypt by Brute Force Attack than data encrypted with conventional single key
AU1983300A (en) * 1998-12-30 2000-07-24 Koninklijke Kpn N.V. Method and device for cryptographically processing data

Also Published As

Publication number Publication date
EP1256203A2 (en) 2002-11-13
US20040030905A1 (en) 2004-02-12
EP1256201A2 (en) 2002-11-13
WO2001061916A3 (en) 2002-03-28
EP1256202A2 (en) 2002-11-13
AU2001235281A1 (en) 2001-08-27
WO2001061916A2 (en) 2001-08-23
AU2001235280A1 (en) 2001-08-27
US20040078588A1 (en) 2004-04-22
AU2001235279A1 (en) 2001-08-27
WO2001061914A3 (en) 2002-08-01
WO2001061915A2 (en) 2001-08-23
WO2001061915A3 (en) 2001-12-27
WO2001061914A2 (en) 2001-08-23
US20040025032A1 (en) 2004-02-05

Similar Documents

Publication Publication Date Title
CA2298990A1 (en) Method and system for resistance to power analysis
Jacob et al. Attacking an obfuscated cipher by injecting faults
US8095993B2 (en) Cryptographic architecture with instruction masking and other techniques for thwarting differential power analysis
EP2398182B1 (en) A device and a method for generating software code
US8000473B2 (en) Method and apparatus for generating cryptographic sets of instructions automatically and code generator
US20050021990A1 (en) Method for making secure a secret quantity
Breier et al. The other side of the coin: Analyzing software encoding schemes against fault injection attacks
CN111046381A (en) Embedded CPU anti-differential power consumption analysis device and method
US9767277B2 (en) Detection of fault injections in a random number generator
CN107534550B (en) Cryptographic apparatus, cryptographic method, computing apparatus, and computer-readable storage medium
Islam et al. DLockout: A design lockout technique for key obfuscated RTL IP designs
CN115333824A (en) Encryption method, device, equipment and storage medium for resisting error injection attack
CN115348083A (en) Firmware encryption and decryption method and device, computer equipment and readable storage medium
Karp et al. Security-oriented code-based architectures for mitigating fault attacks
EP3046095B1 (en) A method of protecting diverse applications stored on an integrated circuit using PUFs
EP3479287B1 (en) Secure loading of secret data to non-protected hardware registers
US7707431B2 (en) Device of applying protection bit codes to encrypt a program for protection
EP3662613A1 (en) Method to secure a software code performing accesses to look-up tables
Kocher Computer security is broken: can better hardware help fix it?
CN112687318B (en) Fuse reading method, controller and chip for resisting data tampering and template attack
EP4307155A1 (en) Method and circuit for protecting an electronic device from a side-channel attack
Benhadjyoussef et al. Power-based Side Channel Analysis and Fault Injection: Hacking Techniques and Combined Countermeasure
Nithyadevi et al. Implementation of Enhanced Hardware Digital System Design by Protecting Hardware Trojans using Concurrent Error Detection Technique
CN114547651A (en) Chain encryption-based operating system interrupt context protection method
CN114428979A (en) Data processing method, device, equipment and system

Legal Events

Date Code Title Description
FZDE Dead