WO2001061916A2 - Encoding method and system resistant to power analysis - Google Patents
Encoding method and system resistant to power analysis Download PDFInfo
- Publication number
- WO2001061916A2 WO2001061916A2 PCT/CA2001/000201 CA0100201W WO0161916A2 WO 2001061916 A2 WO2001061916 A2 WO 2001061916A2 CA 0100201 W CA0100201 W CA 0100201W WO 0161916 A2 WO0161916 A2 WO 0161916A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- hamming
- bit
- neutral
- bits
- positions
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
- G06K19/07363—Means for preventing undesired reading or writing from or onto record carriers by preventing analysis of the circuit, e.g. dynamic or static power analysis or current analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
- G07F7/082—Features insuring the integrity of the data on or in the card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
Definitions
- the present invention relates generally to computer software and electronic hardware, and more specifically, to a method, apparatus and system resistant to power analysis of sealed platforms, including a particular implementation for smart cards employing Data Encryption Standard (DES) protection.
- DES Data Encryption Standard
- platform generally refers to a hardware/software environment capable of supporting computation including the execution of software programs.
- a “sealed” platform refers to a platform purposely built to frustrate reverse-engineering.
- the new sealed platforms may store and process a significantly larger quantity of data using microprocessors, random access memory (RAM), and read only memory (ROM).
- the new sealed platforms are typically secured using cryptographic technology which is intended to maintain and manipulate secret parameters in open environments without revealing their values. Compromise of a secret key used to compute a digital signature could, for example, allow an attacker to forge the owner's digital signature and execute fraudulent transactions.
- a sealed platform is intended to perform its function while protecting information and algorithms, such as performing digital signatures as part of a challenge-response protocol, authenticating commands or requests, and encrypting or decrypting arbitrary data.
- a smart card used in a stored value system may, for example, digitally sign or compute parameters such as the smart card's serial number, account balance, expiration date, transaction counter, currency, and transaction amount as part of a value transfer.
- FIG. 1 presents an exemplary physical structure of a smart card 10, which typically embeds an electronic chip 12 or chips in a plastic card 14.
- the electronic chip 12 may include, for example, a microprocessor or similar device, read-only memory (ROM), and/or read-write random access memory (RAM).
- the electronic chip 12 may also include other electronic components such as digital signal processors (DSPs), field-programmable gate arrays (FPGAs), electrically-erasable programmable read-only memory (EEPROM) and miscellaneous support logic.
- DSPs digital signal processors
- FPGAs field-programmable gate arrays
- EEPROM electrically-erasable programmable read-only memory
- miscellaneous support logic Generally, the electronic chip 12 is glued into a recessed area 16 of the plastic card 14 and is covered by a printed circuit 18 which provides the electrical interface to an external smart card reader.
- the standard configuration of the input and output pads of the printed circuit 18 is shown in detail in Figure 1 , and generally includes power (VCC), ground (GND), a clock input (CLK) and a serial input/output pad (I/O). Several additional unconnected pads (N/C) are also included in the standard configuration. Because the plastic card 14 is somewhat flexible, the electronic chip 12 must be small enough to avoid breaking. This limits the physical size of the electronic chip 12 to a few millimetres across, and also limits the number of electronic components that can be supported.
- Contactless smart cards are also in use, which communicate with the external smart card reader using radio frequencies or other wireless communication media.
- Such smart cards are generally equipped with an internal antenna, rather than the input and output pads of the printed circuit 18.
- Data Encryption Standard Smart cards commonly encode their internal data using a cryptographic technique such as the Data Encryption Standard (DES).
- DES is a block cipher method using a 64 bit key (of which only 56 bits are actually used), which is very fast and has been widely adopted. Though DES can be cracked by a brute-force attack (simply testing all possible keys), triple DES is still considered very secure (triple DES is simply three copies of DES executed in series).
- Power analysis is the process of gathering information about the data and algorithms embodied on a platform by means of the "power signature" of the platform.
- the "power signature" of a platform is its power consumption profile measured over time, while executing the software stored on that platform.
- the power consumed by a microprocessor, micro-controller or similar electronic device changes with the state of the electronic components in the device.
- Such devices generally represent data in terms of binary 1s and 0s, which are represented in the electronic devices as corresponding high or low voltage levels. For example a value of 1 may be represented by +5 volts and a value of 0 by 0 volts.
- the amount of power that a sealed platform consumes may be correlated with the number of binary 1s in a data word, at a given moment in time. It follows that the amount of current drawn by, and the electromagnetic radiation emanated from a sealed platform, may be correlated to the secrets being manipulated within it. Such signals can be measured and analysed by attackers to recover secret keys.
- Smart cards require an external power supply to operate.
- the current and voltage being supplied to the smart card may easily be monitored while it is executing, using an arrangement such as that presented in Figure 2.
- the smart card 10 is provided with an external power supply unit (PSU) 20, and its operation is monitored using a standard personal computer 22 running appropriate analysis software.
- the power consumed by the smart card 10 is monitored using a pickup 24, whose data is digitized for the personal computer (PC) 22 using an analogue to digital convertor (A/D) 26.
- the PC 22 also provides a clock signal (CLK) to the smart card 10 and communicates data via its serial input and output port (DIGITAL I/O). This arrangement allows the attacker to monitor the power consumed by the smart card 10 while it is processing known data.
- CLK clock signal
- SPA Simple Power Analysis
- simple power analysis the power signature for the execution of a given algorithm is used to determine information about the algorithm and its data.
- power data is gathered from many executions and averaged at each point in time in the profile.
- a particular series of points in the power signature may indicate the number of 1s and 0s in each 8-bit byte of the DES key (note that the term "byte" will generally refer to an 8-bit byte in this document). This reduces the space of possible keys for an exhaustive all- possible-keys attack from 2 56 possible keys to 2 38 possible keys (if parity bits are stored for each byte of the key), making search time among possible keys about 2 18 times shorter.
- DPA Differential Power Analysis
- DPA Differential power analysis
- DPA Data Encryption Standard
- DES Data Encryption Standard
- Low-cost smart cards performing DES have proven, in recent experience, to be highly vulnerable to DPA.
- Any form of encryption or decryption which is similar to DES would necessarily have similar vulnerabilities when incarnated on low-cost smart cards or similar sealed platforms.
- DPA Example: Finding a DES Key Implementation of a DPA attack involves two phases: data collection, followed by data analysis.
- Data collection for DPA may be performed as described with respect to Figure 2, by sampling a device's power consumption during cryptographic operations as a function of time or number of clock cycles.
- DPA a number of cryptographic operations using the target key are observed.
- To perform such an attack on a smart card one processes a large number (a thousand or more) DES encryptions (or decryptions) on distinct plaintexts (or cyphertexts), recording:
- each round of DES the output of a given S-box is dependent on both the data to be encrypted (or decrypted) and the key. Since the attacker knows the input text, he guesses what the value of the key is, that was used to generate a particular power signature sample, so he can determine whether a particular output bit of a given S-box is 1 or 0 for the particular data used in the sample (note that each standard S-box has a 6-bit input and a 4-bit output). Typically, this analysis begins in round 1 or 16 since those are the ones where the attacker knows either the exact inputs (for round 1 ) or outputs (for round 16) for the respective S-box.
- the targeted output bit that is, one of the four output bits from a targeted S-box which is chosen as a target in the first round of the attack
- the 1 -group those in which the attacker's guess of the six key bits is correct
- the 0-group those in which it is a 0 if the attacker's guess of the six key bits is correct
- modulo minor asymmetries in DES those portions of the averaged power profiles which are affected only by bits other than the particular output bit mentioned above, should be similar, since on average, in both groups, they should be 1 for about half of the samples in each group, and 0 for about half of the samples in each group.
- those portions of the averaged power profiles which are affected by the above-mentioned output bit should show a distinct difference between the 1- group and the 0-group.
- the presence of such a difference, or multiple such differences, indicates that the guessed value of the six key bits was correct. Its absence, or the absence of such differences, shows that the guessed value of the six key bits was incorrect.
- Physical measures to protect sealed platforms against attack are known to include: enclosing systems in physically durable enclosures, physical shielding of memory cells and data lines, physical isolation, and coating integrated circuits with special coatings that destroy the chip when removed. While such techniques may offer a degree of protection against physical damage and reverse engineering, these techniques do not protect against non-invasive power analysis methods.
- Some devices such as those shielded to United States Government "Tempest” specifications, use large capacitors and other power regulation systems to minimize variations in power consumption, enclose devices in well-shielded cases to prevent electromagnetic radiation, and buffer inputs and outputs to hinder external monitoring.
- smart cards may also be protected from a power analysis attack to an extent, at the software level, by representing data in a "Hamming-neutral” form.
- the Hamming weight of a binary bit string such as a data word or byte, is the quantity of bits in the bit string with a value of 1. For example, 10100 will have a Hamming weight of 2, and 1111 will have a Hamming weight of 4.
- a set of "Hamming-neutral" bit-strings is a set of bit-strings that all have the same number of 1s. If all of the data bytes manipulated by a software application have the same number of 1s, clearly, the power consumed by the device and the noise it emits will not vary as the device processes this data. For example, one could replace each "1" in a bit string with a "10", and each
- the software programming needed to manipulate these Hamming-neutral data bytes can be considerably more complex than regular software programming, requiring the creation of new functions to manipulate such abstract codings mathematically.
- the boolean calculation (1 OR 0) would map onto (10 OR 01 ), which could clearly not be effected using the standard OR operator.
- the new functions perform their calculations in such a manner that the power emitted while calculating would also be Hamming-neutral (referred to herein as Hamming-neutral processing or Hamming-neutral execution), or the benefit of the Hamming-neutral data presentation would be reduced.
- Hamming-neutral processing or Hamming-neutral execution referred to herein as Hamming-neutral processing or Hamming-neutral execution
- the overhead of these added hardware capacities and software complexities generally makes the cost of such smart cards too great to be competitive.
- PA power analysis
- One aspect of the invention is broadly defined as a method of decreasing externally observable power modulation from execution of a software program on a computer processor, comprising the steps of: generating a Hamming-neutral set sufficient to span a set of targeted bit strings; and assigning each member of the set of targeted bit strings to a member of the Hamming-neutral set.
- Another aspect of the invention is defined as a compiler for compiling high level source code into assembly or machine code, said compiler including software code executable to perform the steps of: generating a Hamming-neutral set sufficient to span a set of targeted bit strings; and assigning each member of the set of targeted bit strings to a member of the Hamming-neutral set.
- a further aspect of the invention is defined as a computer readable memory medium for storing software code executable to perform the method steps of: generating a Hamming-neutral set sufficient to span a set of targeted bit strings; and assigning each member of the set of targeted bit strings to a member of the Hamming-neutral set.
- An additional aspect of the invention is defined as a carrier signal incorporating software code executable to perform the method steps of any one of generating a Hamming-neutral set sufficient to span a set of targeted bit strings; and assigning each member of the set of targeted bit strings to a member of the Hamming-neutral set.
- Figure 1 presents an exemplary diagram of a smart card as known in the art
- Figure 2 presents an exemplary physical layout of a system for monitoring and cracking a smart card using power analysis, as known in the art
- Figure 3 presents a flow chart of a broad method of the invention
- Figure 4 presents a flow chart of a preferred embodiment of the invention
- Figure 5 presents an exemplary Hamming-neutral look up table in a preferred method of the invention
- Figure 6 presents the form of a one-dimensional Hamming-neutral address
- Figure 7 presents the form of a multi-dimensional Hamming-neutral address
- Figure 8 presents a memory layout for Hamming-neutral DES implementation.
- power analysis attacks can be used on any manner of software, executing on any manner of microprocessor, micro controller, digital signal processor (DSP), field programmable gate array (FPGA), application specific integrated circuit (ASIC) or the like.
- DSP digital signal processor
- FPGA field programmable gate array
- ASIC application specific integrated circuit
- the invention decreases the magnitude of externally observable information by encoding inputs, internal memory addressing, stored secret keys or other data into a Hamming-neutral form, which minimizes the amount of noise generated during execution.
- the Hamming weight of a bit-string refers to the number of bits with a value of 1 in that bit string.
- a Hamming-neutral set refers to a set of bit strings which have a like Hamming weight, and hence, the use of a Hamming-neutral set of data will not modulate the power consumed by a device, or the noise it generates.
- mappings can be described as bitwise mappings.
- the method of the invention differs in that mappings are performed in a bitstring manner rather than this bitwise manner. That is, rather than mapping each individual bit onto a new coding which at least doubles the width of all resources, the invention maps groups of more than one bit together onto new Hamming-neutral codings. This results in far more efficient use of resources, and does not require as great an increase in the width of resources.
- the Hamming-neutral encodings known in the art increase the width of resources by ratios of at least 1 :2, while in this example, the invention has a ratio of 6 bits (unencoded) to 8 bits (encoded), or 1 :1.3
- the Hamming neutral mappings known in the art such as 0 --> 01 and 1 -> 10, or 0 --> 0110 and 1 -> 1001 , only protect the data with two encodings (one for the 0 bits and one for the 1 bits).
- the method of the invention uses a separate encoding for each bit string, making it far more difficult for an attacker to obtain any useful information.
- any hardware asymmetries causing bit values or transitions at some bit-positions to have more effect on power consumption than at other bit-positions have less effect when the instant invention is employed, because it distributes information for any given bit-position in the original algorithm (prior to application of the instant invention) over more bit-positions in the resulting algorithm (after application of the instant invention).
- the exemplary 6-bit string for example, uses 64 encodings.
- the Hamming-neutral set generated at step 28 must span the set of targeted data, that is, it must have enough members to have at least one entry for each member in the set. Methods for determining the necessary size of the Hamming- neutral set, and how to generate it, are described herein after.
- the members of this Hamming-neutral set may then be mapped onto input bit strings in a one-to-one correspondence at step 30.
- the use of a one-to-one correspondence results in the smallest Hamming- neutral set, which will have the smallest impact on the system resources. However, it is generally preferable that this mapping be performed on a one-to-many correspondence, that is, a member of the target data set may map onto more than one member of the Hamming neutral set.
- bit string Hamming-neutral encoding of the invention 1. provides Hamming-neutral encoding which is less demanding of system resources than bit wise encoding known in the art;
- 4. can be applied to various components of the targeted code including, for example: addressing, indexing, stored data or input data, critical applications possibly including all of these encodings; and
- 5. can be augmented with other techniques described hereinafter, including: fixed prefixes and suffixes, parity bits, Hamming-neutral assemblies, asymmetric implementations, and alphabets.
- Hamming-Neutral Sets Let S be a set of bit-strings.
- the set S exhibits Hamming-neutrality, or is a
- Elements of a Hamming-neutral set are all identical in zero or more bit- positions, whereas two or more elements differ at two or more bit-positions.
- the bit- positions which are identical for all elements in the set will be referred to herein as the fixed bit-positions, and the bit-positions which differ between elements in the set, the varying bit-positions.
- the set S ⁇ 1010110, 1011001 , 1010101 ⁇ is a Hamming-neutral set of three elements, all of which are bit-strings of length seven.
- the fixed bit-positions are the leftmost three, and the varying bit-positions are the rightmost four.
- a Hamming-neutral set S is converted to a set T by inserting a parity bit in each member of S, then 7 is also a Hamming-neutral set provided all of the parity bits are identical.
- the fixed bit-positions are the leftmost three and one rightmost; the rest of the bit-positions are varying.
- ECC error correcting code
- this technique one would need to determine the sensitivities at various bit positions. This may be done for example, by a series of hardware measurements on the target platform.
- n C k n ⁇ I (k ⁇ (n - k) ⁇ ) for positive integers n and k where n ⁇ k.
- the set S contains all possible bit strings with ti-varying bits, having k 1-bits in the varying bit positions.
- ⁇ C k must be equal to or greater than the number of members in the set of targeted bit strings.
- n there are an infinite number of possible n, k pairings for any given targeted set S, though generally one will minimize n, to minimize the width of the computer processor and associated resources. However, the width of the resources may already be greater than the minimal value for n in order to meet other processing requirements.
- n is larger, and nCk may correspondingly be larger, providing freedom to use a 1 -to-many mapping from original values to Hamming-neutral set elements, rendering the attacker's job harder.
- V is the set of all varying bit-positions of S;
- V k is the set of all subsets of Vwith k 1-bit elements. This set V k may be generated in a number of manners, which would be clear to one skilled in the art, for example:
- the members of set S are then assembled as shown at steps 40 through 46, each successive member of set S being assembled according to the next successive element of P. This is done by stepping through the members of set S using the test at step 40, and the incrementation through set P at step 46.
- Step 42 sets the bits in the fixed positions to their corresponding fixed values.
- fixed prefix and/or suffix bits may for example, be used to specify memory regions or offsets.
- the varying bit-positions are then set to a value of 1 in the bit- positions specified by the elements of the current subset in P, and to values of 0 in the remaining varying bit-positions.
- H ⁇ S.,, S 2 , S 3 , , S r ), where r> 0, be a set of pairwise disjoint Hamming- neutral sets such that every bit-string in every member of H has the same length, w.
- Such a set H is referred to herein as a Hamming-neutral assembly.
- a Hamming-neutral assembly is made of one or more Hamming- neutral sets, each Hamming-neutral set having a different Hamming weight. Therefore, there is no overlap between the different Hamming-neutral sets.
- H For a Hamming-neutral assembly, H, the population of H is defined to be:
- the spread of H is defined to be:
- H H'max - H rl min + 1 '
- H max and H m ⁇ n are the maximum and minimum values, respectively, of elements of members of H, when the elements are conventionally interpreted as non-negative binary integer values.
- the occupancy of a Hamming-neutral assembly, H is defined to be:
- S For a single Hamming-neutral set, S, one may define the population of S to be the population of H, the spread of S to be the spread of H, and the occupancy of S to be the occupancy of H, where H is the Hamming-neutral assembly ⁇ S ⁇ .
- Multiple Hamming-neutral sets can be generated for different data sets, such as alphabets.
- An alphabet is a finite, nonempty set, such as the set of ASCII or EBCDIC characters, the set of hexadecimal digits, the set of days of the week, or the set of months of the year.
- a maximal Hamming-neutral set with elements of length 8 with all bit-positions varying and with four 1-bits per element has a population of 70, hence, it could be used to represent this 62 member alphabet. This allows one letter from the above alphabet to be represented in one byte, with each distinct value being represented by a different member of the Hamming-neutral set.
- a targeted alphabet is the union of two alphabets, one comprising the upper- and lower-case letters and the decimal digits as above, and the other being the lower-case Greek letters.
- the distinction between first of the above alphabets and the second (lower-case Greek) alphabet is not considered useful to an attacker.
- these two sets can be combined into a single assembly sharing the same 8-bit space, and there will be no conflict.
- each variable will have its own mapping and typically, in each operation/lookup, each operand/index will have its own mapping as will the output.
- Hamming-neutral execution or processing refers to the execution of basic computations and functions without exposing information to power analysis by either Hamming-weight leakage or transition count leakage. As well, Hamming-neutral execution should not leak information about layout of data tables. It is very difficult to build complex electronic components as many short cuts cause imbalance and preserving balance means doing things the bulky way. This is why the techniques taught by Cray et al. only used simple gates. Kocher et al also show how to build simple gates in the patent application filed under PCT serial no. WO9967766, titled "Balanced Cryptographic Computational Method and Apparatus for Leak Minimization in Smartcards and other Cryptosystems", which results in a bulky implementation. The method of the invention, using a table lookup, is far more powerful and flexible than those techniques known in the art.
- the number of transitions that take place during the computation can be kept constant.
- the number of transitions is a function of the current and/or previous state(s) of the device, including the parameters of the particular computation.
- Leakless devices can be designed for which the type and timing of state transitions during each part of a computation are independent of the parameters of the computation.
- FIG. 5 An exemplary XOR (exclusive OR) operation table for a single pair of bit- encoded Boolean values is shown in Figure 5.
- This example presents a simple Hamming-neutral mapping of 0 -> 01 , 1— > 10; with a high output (10) only when one of the inputs is high.
- the inputs of 00 and 11 , and the outputs of 00 are shown for completeness, but of course, they would not be used.
- Almost any kind of operation can be performed by a table lookup, or a sequence of table lookups, based on this technique. For example, since one can add, subtract, or multiply one digit at a time, using multiplication and addition tables, and since these operations are also sufficient for long division, one can do integer arithmetic in a Hamming-neutral way, so that (as long as one is careful to avoid transition count leakage as noted previously) one can perform integer arithmetic on data without leaking any information about that data to power analysis.
- Bit-wise Boolean operations can also be performed using tables.
- a table whose elements are stored as bytes is sufficient for doing arbitrary binary masking operations on operands encoded in eight bits, but representing six bits.
- Shifting can also be done using a table-driven approach. Since one can do Boolean operations as well, one can perform arbitrary computations using the techniques described herein, including floating point computations. These techniques may not be suited to high-speed computation or operation in minimal memory space, however, they are highly suited to execution which is resistant to SPA or DPA attacks.
- Bitwise XOR operations can be done by table lookup with a table as shown in Figure 5, one pair of Boolean operands at a time, so that instead of a 48-bit wide XOR one performs 48 individual XOR operations, handling one bit-position at a time. Selecting and permuting bits, both for wide XOR operations and for other purposes, can also be done by creating appropriate lookup tables.
- the leftmost bit of the 4-bit value is represented by two bits.
- 01 or 10 depending on the value of the leftmost represented bit, it is either represented by 01 or 10.
- 01 representation would result in no reduction in 1-bits count followed by a 1-bit reduction
- 10 representation would result in a reduction in 1-bits count followed by no reduction. This could produce observable differences which could be exploited to obtain some information about the value being shifted.
- the above method easily extends to arbitrary width shifting operations.
- the method described here avoids transition-count and Hamming-weight leakage of information about the data values being manipulated and the data values resulting from the computations.
- Hamming-neutral addressing is performed by employing selected Hamming- neutral sets or assemblies. Hamming-neutral assemblies are used for sets of addresses which divide into more than one subset, where the distinctions among the subsets need not be protected.
- a typical construction for one-dimensional Hamming-neutral addressing is shown in Figure 6, following the usual convention that high-order bits are on the left and low-order bits are on the right. If the Hamming-neutral addressing is based on a Hamming-neutral set, then for each such address, the varying bit-positions contain the same number of 1-bits. If it is based on a Hamming-neutral assembly, then the varying bit-positions contain different quantities of 1-bits, depending on how many Hamming-neutral sets of addresses have been mapped onto the same region of memory. Note that the pairwise disjointness of the members of a Hamming-neutral assembly guarantees that storage elements based on distinct sets from the assembly have distinct addresses, that is, there is no possibility of two elements of data being stored in the same place.
- the prefix bit-positions 48 contain fixed bit-values which determine the region of memory to be addressed. The use of such prefixes is well known in the art.
- the maximum width of the addressed memory region is the spread of any underlying maximal Hamming-neutral set or Hamming-neutral assembly.
- the number of elements which could be stored in the memory region is the population of the set or assembly.
- the fraction of the region which is actually usable for Hamming-neutral addressing is the occupancy of the set or assembly. Definitions for spread, population, and occupancy are given herein above.
- the width of the string of suffix fixed bit-positions 52 determines the width, in memory units, of the storage per element. If it is s, then the space provided for each value to be fetched or stored is 2 s memory units. The width of the entire address, that is, the total number of bit positions, is determined by the type of memory to be addressed and the characteristics of the platform.
- FIG. 7 A typical construction for multi-dimensional Hamming-neutral addressing is shown in Figure 7.
- the prefix 48 and suffix 52 fixed bit-positions are as before, with the prefix 48 selecting the region of memory and the suffix 52 an offset.
- DES Key Representation For the sake of simplicity, 56-bit DES keys are represented in this example in bit-encoded form, where 0 is represented by 01 and 1 by 10, rather than in bit-string encoded format. Implementations in bit-string format would follow logically from the description which follows.
- this exemplary mapping doubles the storage for a key from seven bytes to 14 bytes. Parity bits are omitted from the representation, since on a smart card, the keys would be fixed data stored in ROM.
- an S-box contains 64 4-bit entries. Since the output bits of an S-box are dealt with individually, a bit-encoded representation (such as 0 -> 01 and 1 -> 10 for example) may be used for elements of the S-boxes also. This puts one S-box entry in one byte. Since 8-bit processors are typical for smart cards, this is a convenient representation for smart card implementations.
- each S-box will consume too much address space. To avoid this, it is preferable to perform a two-stage look up that employs one large access table.
- an S-box index occupies six bits, so its bit-encoded representation occupies twelve bits.
- a conversion is performed to reduce the storage space required for this table into 256 bytes.
- one index conversion table (the S-box access table) is employed, which serves for every conversion of a bit-encoded S-box index into a Hamming- neutral S-box element address: it is used once each time an element is fetched from an S-box. It is indexed by a Hamming-neutral address in which there are no suffix fixed bit-positions, there are twelve varying bit-positions in the form of such a twelve- bit bit-encoded index, and the prefix bit-positions indicate the region of memory containing this index conversion table. Indexing into this table with a 12-bit bit- encoded index, the addressed data byte is a corresponding 8-bit index containing some arrangement of four 1-bits and four 0-bits. This 8-bit index is then used to look up the actual S-box. Note that each step of this process is Hamming-neutral.
- Figure 8 presents an exemplary layout of such a memory region.
- the region of memory indicated in Figure 8 begins on a 4K boundary, that is, on a 2 12 boundary.
- This diagram presents regions of memory in terms of blocks of 256 bytes.
- the first two bits of the index can only be 01 or 10
- the second two bits of the index can only be 01 or 10
- the last 1 K of the 4K region starting at the 4K boundary can be unused.
- the 1K portion which begins the region is unused, and can provide space for four 256-byte S-box representations
- four 256 byte regions beginning with 0100, 1000, 0111 , and 1011 are also unused, providing space for another four 256-byte S-box representations.
- the entire eight S-boxes, and the conversion table described in the previous section can all be stored in a 3K region beginning at a 4K boundary with a good deal of space still unoccupied.
- S-boxes 1 through 8 appear as S T through S 8 , respectively.
- Each S-box occupies only a sparse portion of its 256 bytes, since only 64 of the 256 bytes are actually used to contain bit-encoded S-box entries. Their occupancy is therefore 25%.
- the S-box access table sparsely occupies four 256-byte blocks, since only 64 out of 1024 of the bytes are occupied by the result of translation from bit-encoded to an 8 C 4 Hamming-neutral representation. Its occupancy is thus 6.25%.
- the techniques provide protection against revealing any or all of: the data, the data addresses, and the code addresses employed during execution.
- the instant invention is most applicable to assembly- or machine-level implementations. It is less applicable to high-level language (HLL) implementation, because compilers for HLLs usually do not provide the programmer with sufficient control over instruction and memory usage to permit the instant invention to be used effectively.
- HLL high-level language
- the embodiments of the invention may be executed by a computer processor or similar device programmed in the manner of method steps, or may be executed by an electronic system which is provided with means for executing these steps.
- an electronic memory medium may store code executable to perform such method steps. Suitable memory media would include serial access formats such as magnetic tape, or random access formats such as floppy disks, hard drives, computer diskettes, CD-Roms, bubble memory, EEPROM, Random Access Memory (RAM), Read Only Memory (ROM), optical media, or magneto-optical media or similar computer software storage media known in the art.
- electronic signals representing these method steps may also be transmitted via a communication network.
- the invention could also be implemented in hardware, or a combination of software and hardware including software running on a general purpose processor, microcode, PLAs, ASICs, and any application where there is a need for leak- minimized cryptography that prevents external monitoring attacks.
- the methods and apparatuses of the present invention might be embodied as program code running on a processor, for example, as instructions stored on in the memory of a smart card. Where greater security is desired, the code might additionally be signed by a trusted party, for example, by the smart card issuer.
- the invention might be embodied in a single-chip device containing both a nonvolatile memory for key storage and logic instructions, and a processor for executing such instructions.
- An electronic commerce system in a manner of the invention could for example, be applied to: point of sale terminals; vending machines; cryptographic smart cards of all kinds including contactless and proximity-based smart cards and cryptographic tokens; stored value cards and systems; electronic payment, credit and debit cards; secure cryptographic chips, microprocessors and software programs; pay telephones, prepaid telephone cards, cellular telephones, telephone scrambling and authentication systems; security systems including: identity verification systems, electronic badges and door entry systems; systems for decrypting television signals including broadcast, satellite and cable television; systems for decrypting enciphered music and other audio content (including music distributed over computer networks); and systems for protecting video signals.
- Such implementations would be clear to one skilled in the art, and do not take away from the invention.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP01907279A EP1256203A2 (en) | 2000-02-18 | 2001-02-19 | Encoding method and system resistant to power analysis |
AU2001235281A AU2001235281A1 (en) | 2000-02-18 | 2001-02-19 | Encoding method and system resistant to power analysis |
CA002397077A CA2397077A1 (en) | 2000-02-18 | 2001-02-19 | Encoding method and system resistant to power analysis |
US10/181,452 US20040030905A1 (en) | 2000-02-18 | 2001-02-19 | Encoding method and system resistant to power analysis |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002298990A CA2298990A1 (en) | 2000-02-18 | 2000-02-18 | Method and system for resistance to power analysis |
CA2,298,990 | 2000-02-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001061916A2 true WO2001061916A2 (en) | 2001-08-23 |
WO2001061916A3 WO2001061916A3 (en) | 2002-03-28 |
Family
ID=4165351
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2001/000200 WO2001061915A2 (en) | 2000-02-18 | 2001-02-19 | Method and system for resistance to statistical power analysis |
PCT/CA2001/000201 WO2001061916A2 (en) | 2000-02-18 | 2001-02-19 | Encoding method and system resistant to power analysis |
PCT/CA2001/000199 WO2001061914A2 (en) | 2000-02-18 | 2001-02-19 | Method and apparatus for balanced electronic operations |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2001/000200 WO2001061915A2 (en) | 2000-02-18 | 2001-02-19 | Method and system for resistance to statistical power analysis |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2001/000199 WO2001061914A2 (en) | 2000-02-18 | 2001-02-19 | Method and apparatus for balanced electronic operations |
Country Status (5)
Country | Link |
---|---|
US (3) | US20040078588A1 (en) |
EP (3) | EP1256202A2 (en) |
AU (3) | AU2001235281A1 (en) |
CA (1) | CA2298990A1 (en) |
WO (3) | WO2001061915A2 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1244077A2 (en) * | 2001-02-22 | 2002-09-25 | Hitachi, Ltd. | Tamper resistant device |
WO2002103494A2 (en) * | 2001-06-18 | 2002-12-27 | Infineon Technologies Ag | Multifunctional computer |
EP2190143A1 (en) * | 2008-11-20 | 2010-05-26 | Sony Corporation Of America | Cryptographic processing apparatus with improved resistance to power analysis |
FR2941342A1 (en) * | 2009-01-20 | 2010-07-23 | Groupe Ecoles Telecomm | CRYPTOGRAPHIC CIRCUIT PROTECTED AGAINST ATTACKS IN OBSERVATION, IN PARTICULAR OF HIGH ORDER. |
US8352752B2 (en) | 2006-09-01 | 2013-01-08 | Inside Secure | Detecting radiation-based attacks |
US8997255B2 (en) | 2006-07-31 | 2015-03-31 | Inside Secure | Verifying data integrity in a data storage device |
EP2885875A1 (en) * | 2013-02-27 | 2015-06-24 | Morpho | Method for encoding data on a chip card by means of constant-weight codes |
Families Citing this family (68)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7587044B2 (en) | 1998-01-02 | 2009-09-08 | Cryptography Research, Inc. | Differential power analysis method and apparatus |
US6625737B1 (en) * | 2000-09-20 | 2003-09-23 | Mips Technologies Inc. | System for prediction and control of power consumption in digital system |
US7620832B2 (en) * | 2000-09-20 | 2009-11-17 | Mips Technologies, Inc. | Method and apparatus for masking a microprocessor execution signature |
JP4596686B2 (en) * | 2001-06-13 | 2010-12-08 | 富士通株式会社 | Secure encryption against DPA |
DE10202700A1 (en) * | 2002-01-24 | 2003-08-07 | Infineon Technologies Ag | Device and method for generating a command code |
DE10227618B4 (en) | 2002-06-20 | 2007-02-01 | Infineon Technologies Ag | logic circuit |
JP2004126841A (en) * | 2002-10-01 | 2004-04-22 | Renesas Technology Corp | Method for mounting program |
US20060076418A1 (en) * | 2002-11-21 | 2006-04-13 | Koninlijke Philips Electronics N.V. | Electronic memory component or memory module, and method of operating same |
JP4511461B2 (en) * | 2002-12-12 | 2010-07-28 | エイアールエム リミテッド | Processing action masking in data processing system |
KR100528464B1 (en) * | 2003-02-06 | 2005-11-15 | 삼성전자주식회사 | Security system of smart card |
US7925893B2 (en) * | 2003-05-22 | 2011-04-12 | Panasonic Corporation | Copyright protection system, modular exponentiation operation apparatus, and modular exponentiation operation method |
JP2005056413A (en) * | 2003-08-01 | 2005-03-03 | Stmicroelectronics Sa | Protection of multiple identical computations |
KR100564599B1 (en) * | 2003-12-24 | 2006-03-29 | 삼성전자주식회사 | Inverse calculation circuit, inverse calculation method, and storage medium encoded with computer-readable computer program code |
DE102004018874B4 (en) * | 2004-04-19 | 2009-08-06 | Infineon Technologies Ag | Method and device for determining a result |
DE102004032893B4 (en) * | 2004-07-07 | 2015-02-05 | Giesecke & Devrient Gmbh | Spying-protected calculation of a masked result value |
DE102004032894A1 (en) * | 2004-07-07 | 2006-02-09 | Giesecke & Devrient Gmbh | Spying-protected calculation of a masked result value |
US7920050B2 (en) * | 2004-07-29 | 2011-04-05 | Emc Corporation | Proxy device for enhanced privacy in an RFID system |
FR2874440B1 (en) * | 2004-08-17 | 2008-04-25 | Oberthur Card Syst Sa | METHOD AND DEVICE FOR PROCESSING DATA |
FR2875318A1 (en) * | 2004-09-15 | 2006-03-17 | St Microelectronics Sa | PROTECTION OF AN ALGORITHM |
FR2875657B1 (en) * | 2004-09-22 | 2006-12-15 | Trusted Logic Sa | METHOD OF SECURING CRYPTOGRAPHIC TREATMENTS THROUGH LURES. |
WO2006033013A2 (en) * | 2004-09-24 | 2006-03-30 | Synaptic Laboratories Limited | Substitution boxes |
EP1646174A1 (en) * | 2004-10-07 | 2006-04-12 | Axalto SA | Method and apparatus for generating cryptographic sets of instructions automatically and code generation |
KR100855958B1 (en) * | 2004-11-24 | 2008-09-02 | 삼성전자주식회사 | Cryptographic system and method for securing against side channel attacks based on Hamming distance |
KR100725169B1 (en) * | 2005-01-27 | 2007-06-04 | 삼성전자주식회사 | Apparatus and method for performing logical operation being secure against differential power analysis |
JP4783104B2 (en) * | 2005-09-29 | 2011-09-28 | 株式会社東芝 | Encryption / decryption device |
EP1798888B1 (en) * | 2005-12-19 | 2011-02-09 | St Microelectronics S.A. | DES-algorithm execution protection |
US20070226144A1 (en) * | 2006-03-24 | 2007-09-27 | Tp Lab | Method and apparatus to record usage of a portable media |
US20070288738A1 (en) * | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for selecting a random processor to boot on a multiprocessor system |
US20070288739A1 (en) * | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for masking a boot sequence by running different code on each processor |
US20070288761A1 (en) * | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors |
US7594104B2 (en) * | 2006-06-09 | 2009-09-22 | International Business Machines Corporation | System and method for masking a hardware boot sequence |
US20070288740A1 (en) * | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for secure boot across a plurality of processors |
US7774616B2 (en) * | 2006-06-09 | 2010-08-10 | International Business Machines Corporation | Masking a boot sequence by providing a dummy processor |
ATE440336T1 (en) * | 2006-06-29 | 2009-09-15 | Incard Sa | METHOD FOR PROTECTING IC CARDS AGAINST PERFORMANCE ANALYSIS ATTACKS |
US8365310B2 (en) * | 2006-08-04 | 2013-01-29 | Yeda Research & Development Co. Ltd. | Method and apparatus for protecting RFID tags from power analysis |
JP5203594B2 (en) * | 2006-11-07 | 2013-06-05 | 株式会社東芝 | Cryptographic processing circuit and cryptographic processing method |
US8752032B2 (en) * | 2007-02-23 | 2014-06-10 | Irdeto Canada Corporation | System and method of interlocking to protect software-mediated program and device behaviours |
FR2923305B1 (en) * | 2007-11-02 | 2011-04-29 | Inside Contactless | METHOD AND DEVICES FOR PROTECTING A MICROCIRCUIT AGAINST ATTACKS TO DISCOVER SECRET DATA |
US20100287083A1 (en) * | 2007-12-28 | 2010-11-11 | Mastercard International, Inc. | Detecting modifications to financial terminals |
FR2928060B1 (en) * | 2008-02-25 | 2010-07-30 | Groupe Des Ecoles De Telecommunications Get Ecole Nat Superieure Des Telecommunications Enst | METHOD FOR TESTING CRYPTOGRAPHIC CIRCUITS, SECURED CRYPTOGRAPHIC CIRCUIT FOR TESTING, AND METHOD FOR WIRING SUCH CIRCUIT. |
KR101026439B1 (en) * | 2009-07-20 | 2011-04-07 | 한국전자통신연구원 | The Masking Method for Protecting Power Analysis Attacks in SEED |
FR2949925A1 (en) * | 2009-09-09 | 2011-03-11 | Proton World Int Nv | PROTECTION OF GENERATION OF FIRST NUMBERS AGAINST HIDDEN CHANNEL ATTACKS |
WO2011068996A1 (en) | 2009-12-04 | 2011-06-09 | Cryptography Research, Inc. | Verifiable, leak-resistant encryption and decryption |
US8583944B1 (en) | 2010-08-04 | 2013-11-12 | Xilinx, Inc. | Method and integrated circuit for secure encryption and decryption |
US8624624B1 (en) | 2011-08-26 | 2014-01-07 | Lockheed Martin Corporation | Power isolation during sensitive operations |
US8525545B1 (en) | 2011-08-26 | 2013-09-03 | Lockheed Martin Corporation | Power isolation during sensitive operations |
US8958550B2 (en) * | 2011-09-13 | 2015-02-17 | Combined Conditional Access Development & Support. LLC (CCAD) | Encryption operation with real data rounds, dummy data rounds, and delay periods |
JP5327493B1 (en) * | 2011-11-28 | 2013-10-30 | 日本電気株式会社 | Encryption processing circuit and decryption processing circuit, method and program thereof |
CN102710413A (en) * | 2012-04-25 | 2012-10-03 | 杭州晟元芯片技术有限公司 | System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention |
CN103384197B (en) * | 2012-05-03 | 2016-08-31 | 国家电网公司 | A kind of defence circuit, chip and method to grouping algorithm Attacks |
WO2014072209A1 (en) * | 2012-11-07 | 2014-05-15 | Koninklijke Philips N.V. | Compiler generating operator free code |
US9755822B2 (en) * | 2013-06-19 | 2017-09-05 | Cryptography Research, Inc. | Countermeasure to power analysis attacks through time-varying impedance of power delivery networks |
DE102014001647A1 (en) * | 2014-02-06 | 2015-08-06 | Infineon Technologies Ag | Operation based on two operands |
CN103929301A (en) * | 2014-05-07 | 2014-07-16 | 中国科学院微电子研究所 | Random number generation method and device and power device |
TWI712915B (en) | 2014-06-12 | 2020-12-11 | 美商密碼研究公司 | Methods of executing a cryptographic operation, and computer-readable non-transitory storage medium |
DE102014016548A1 (en) * | 2014-11-10 | 2016-05-12 | Giesecke & Devrient Gmbh | Method for testing and hardening software applications |
US10700849B2 (en) * | 2015-07-30 | 2020-06-30 | Nxp B.V. | Balanced encoding of intermediate values within a white-box implementation |
EP3220306B1 (en) * | 2016-02-22 | 2018-11-07 | Eshard | Method of testing the resistance of a circuit to a side channel analysis |
EP3258639A1 (en) * | 2016-06-14 | 2017-12-20 | Gemalto Sa | Cryptography apparatus protected against side-channel attack using constant hamming weight substitution-box |
US10255462B2 (en) | 2016-06-17 | 2019-04-09 | Arm Limited | Apparatus and method for obfuscating power consumption of a processor |
US10771235B2 (en) * | 2016-09-01 | 2020-09-08 | Cryptography Research Inc. | Protecting block cipher computation operations from external monitoring attacks |
US10223528B2 (en) * | 2016-09-27 | 2019-03-05 | Intel Corporation | Technologies for deterministic code flow integrity protection |
US10256973B2 (en) * | 2016-09-30 | 2019-04-09 | Intel Corporation | Linear masking circuits for side-channel immunization of advanced encryption standard hardware |
CN108063662A (en) * | 2016-11-09 | 2018-05-22 | 国民技术股份有限公司 | A kind of system and method for anti-template attack |
KR20200041771A (en) * | 2018-10-12 | 2020-04-22 | 삼성전자주식회사 | Method of designing memory system considering power characteristic, method of manufacturting memory system, and computing system for designing memory system |
US11303462B2 (en) | 2018-11-19 | 2022-04-12 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Unequally powered cryptography using physical unclonable functions |
CN110610106B (en) * | 2019-08-05 | 2022-11-22 | 宁波大学 | Three-input confusion operation circuit based on DCVS (data communication and voltage switching) logic |
CN113438067B (en) * | 2021-05-30 | 2022-08-26 | 衡阳师范学院 | Side channel attack method for compressed key guessing space |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999067766A2 (en) * | 1998-06-03 | 1999-12-29 | Cryptography Research, Inc. | Balanced cryptographic computational method and apparatus for leak minimization in smartcards and other cryptosystems |
EP0981223A2 (en) * | 1998-08-20 | 2000-02-23 | Kabushiki Kaisha Toshiba | Encryption/decryption apparatus |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2776445A1 (en) * | 1998-03-17 | 1999-09-24 | Schlumberger Ind Sa | Cryptographic algorithm security technique |
CA2333095C (en) * | 1998-06-03 | 2005-05-10 | Cryptography Research, Inc. | Improved des and other cryptographic processes with leak minimization for smartcards and other cryptosystems |
EP1142191B1 (en) * | 1998-12-30 | 2006-08-09 | Nokia Corporation | Method and device for cryptographically processing data |
NL1011544C1 (en) * | 1998-12-30 | 2000-07-03 | Koninkl Kpn Nv | Encryption system for digital data, uses secondary key to mask primary key, is more difficult to decrypt by Brute Force Attack than data encrypted with conventional single key |
-
2000
- 2000-02-18 CA CA002298990A patent/CA2298990A1/en not_active Abandoned
-
2001
- 2001-02-19 EP EP01907278A patent/EP1256202A2/en not_active Withdrawn
- 2001-02-19 WO PCT/CA2001/000200 patent/WO2001061915A2/en not_active Application Discontinuation
- 2001-02-19 WO PCT/CA2001/000201 patent/WO2001061916A2/en not_active Application Discontinuation
- 2001-02-19 US US10/203,156 patent/US20040078588A1/en not_active Abandoned
- 2001-02-19 US US10/181,452 patent/US20040030905A1/en not_active Abandoned
- 2001-02-19 WO PCT/CA2001/000199 patent/WO2001061914A2/en not_active Application Discontinuation
- 2001-02-19 US US10/181,942 patent/US20040025032A1/en not_active Abandoned
- 2001-02-19 EP EP01907277A patent/EP1256201A2/en not_active Withdrawn
- 2001-02-19 EP EP01907279A patent/EP1256203A2/en not_active Withdrawn
- 2001-02-19 AU AU2001235281A patent/AU2001235281A1/en not_active Abandoned
- 2001-02-19 AU AU2001235279A patent/AU2001235279A1/en not_active Abandoned
- 2001-02-19 AU AU2001235280A patent/AU2001235280A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999067766A2 (en) * | 1998-06-03 | 1999-12-29 | Cryptography Research, Inc. | Balanced cryptographic computational method and apparatus for leak minimization in smartcards and other cryptosystems |
EP0981223A2 (en) * | 1998-08-20 | 2000-02-23 | Kabushiki Kaisha Toshiba | Encryption/decryption apparatus |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1244077A3 (en) * | 2001-02-22 | 2007-04-11 | Hitachi, Ltd. | Tamper resistant device |
EP1244077A2 (en) * | 2001-02-22 | 2002-09-25 | Hitachi, Ltd. | Tamper resistant device |
WO2002103494A2 (en) * | 2001-06-18 | 2002-12-27 | Infineon Technologies Ag | Multifunctional computer |
WO2002103494A3 (en) * | 2001-06-18 | 2003-09-25 | Infineon Technologies Ag | Multifunctional computer |
US8997255B2 (en) | 2006-07-31 | 2015-03-31 | Inside Secure | Verifying data integrity in a data storage device |
US8352752B2 (en) | 2006-09-01 | 2013-01-08 | Inside Secure | Detecting radiation-based attacks |
US8370642B2 (en) | 2008-11-20 | 2013-02-05 | Sony Corporation | Cryptographic processing apparatus |
EP2190143A1 (en) * | 2008-11-20 | 2010-05-26 | Sony Corporation Of America | Cryptographic processing apparatus with improved resistance to power analysis |
WO2010084106A1 (en) * | 2009-01-20 | 2010-07-29 | Institut Telecom-Telecom Paristech | Cryptography circuit protected against observation attacks, in particular of a high order |
US8615079B2 (en) | 2009-01-20 | 2013-12-24 | Institut Telecom-Telecom Paristech | Cryptography circuit protected against observation attacks, in particular of a high order |
FR2941342A1 (en) * | 2009-01-20 | 2010-07-23 | Groupe Ecoles Telecomm | CRYPTOGRAPHIC CIRCUIT PROTECTED AGAINST ATTACKS IN OBSERVATION, IN PARTICULAR OF HIGH ORDER. |
CN102405615B (en) * | 2009-01-20 | 2016-09-07 | 电信教育集团-巴黎电信学校 | The encrypted circuit that defence observation is attacked, particularly high-order observation is attacked |
EP2885875A1 (en) * | 2013-02-27 | 2015-06-24 | Morpho | Method for encoding data on a chip card by means of constant-weight codes |
Also Published As
Publication number | Publication date |
---|---|
WO2001061915A2 (en) | 2001-08-23 |
WO2001061915A3 (en) | 2001-12-27 |
EP1256203A2 (en) | 2002-11-13 |
EP1256201A2 (en) | 2002-11-13 |
WO2001061914A2 (en) | 2001-08-23 |
CA2298990A1 (en) | 2001-08-18 |
WO2001061916A3 (en) | 2002-03-28 |
US20040030905A1 (en) | 2004-02-12 |
EP1256202A2 (en) | 2002-11-13 |
AU2001235280A1 (en) | 2001-08-27 |
AU2001235279A1 (en) | 2001-08-27 |
AU2001235281A1 (en) | 2001-08-27 |
WO2001061914A3 (en) | 2002-08-01 |
US20040078588A1 (en) | 2004-04-22 |
US20040025032A1 (en) | 2004-02-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20040030905A1 (en) | Encoding method and system resistant to power analysis | |
US7543159B2 (en) | Device and method with reduced information leakage | |
US7194633B2 (en) | Device and method with reduced information leakage | |
CA2333095C (en) | Improved des and other cryptographic processes with leak minimization for smartcards and other cryptosystems | |
EP1084548B1 (en) | Secure modular exponentiation with leak minimization for smartcards and other cryptosystems | |
JP4671571B2 (en) | Secret information processing device and memory for storing secret information processing program | |
US6510518B1 (en) | Balanced cryptographic computational method and apparatus for leak minimizational in smartcards and other cryptosystems | |
RU2579990C2 (en) | Protection from passive sniffing | |
GB2399904A (en) | Side channel attack prevention in data processing by adding a random multiple of the modulus to the plaintext before encryption. | |
EP1244077B1 (en) | Tamper resistant device | |
Seo et al. | SCA-resistant GCM implementation on 8-Bit AVR microcontrollers | |
CA2397077A1 (en) | Encoding method and system resistant to power analysis | |
CA2398441A1 (en) | Method and apparatus for balanced electronic operations | |
Saputra et al. | Masking the energy behaviour of encryption algorithms | |
EP1802024B1 (en) | Balanced cryptographic computational method and apparatus for leak minimization in smartcards and other cryptosystems | |
CA2397615A1 (en) | Method and system for resistance to statistical power analysis | |
AU2002348963A1 (en) | Device and method with reduced information leakage | |
EP1933496A2 (en) | Improved DES and other cryptographic processes with leak minimization for smartcards and other cryptosystems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2397077 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001907279 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001907279 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10181452 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001907279 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |