[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CA2259089A1 - Method and apparatus for masking cryptographic operations - Google Patents

Method and apparatus for masking cryptographic operations Download PDF

Info

Publication number
CA2259089A1
CA2259089A1 CA 2259089 CA2259089A CA2259089A1 CA 2259089 A1 CA2259089 A1 CA 2259089A1 CA 2259089 CA2259089 CA 2259089 CA 2259089 A CA2259089 A CA 2259089A CA 2259089 A1 CA2259089 A1 CA 2259089A1
Authority
CA
Canada
Prior art keywords
secret value
parts
program code
readable program
masking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA 2259089
Other languages
French (fr)
Other versions
CA2259089C (en
Inventor
Robert J. Lambert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Certicom Corp
Original Assignee
Certicom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Certicom Corp filed Critical Certicom Corp
Priority to CA 2259089 priority Critical patent/CA2259089C/en
Priority to PCT/CA2000/000030 priority patent/WO2000042733A1/en
Priority to AU30281/00A priority patent/AU3028100A/en
Publication of CA2259089A1 publication Critical patent/CA2259089A1/en
Priority to US09/900,959 priority patent/US7092523B2/en
Priority to US10/119,803 priority patent/US7599491B2/en
Priority to US11/483,553 priority patent/US8666070B2/en
Priority to US12/495,429 priority patent/US8280048B2/en
Priority to US12/837,268 priority patent/US8666063B2/en
Priority to US13/619,557 priority patent/US8621239B2/en
Priority to US13/621,021 priority patent/US8660264B2/en
Application granted granted Critical
Publication of CA2259089C publication Critical patent/CA2259089C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/724Finite field arithmetic
    • G06F7/725Finite field arithmetic over elliptic curves
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • G06K19/07363Means for preventing undesired reading or writing from or onto record carriers by preventing analysis of the circuit, e.g. dynamic or static power analysis or current analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7223Randomisation as countermeasure against side channel attacks
    • G06F2207/7233Masking, e.g. (A**e)+r mod n
    • G06F2207/7242Exponent masking, i.e. key masking, e.g. A**(e+r) mod n; (k+r).P

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Computational Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Algebra (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)

Abstract

A method of masking a cryptographic operation using a secret value, comprising the steps of dividing the secret value into a plurality of parts; combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and utilizing each of the individual parts in the operation.

Claims (6)

1. A method of masking a cryptographic operation using a secret value, comprising the steps of:
(d) dividing said secret value into a plurality of parts;
(e) combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and (f) utilizing each of the individual parts in said operation.
2. A method as defined in claim 1, including generating a plurality of random values.
3. A method as defined in claim 1, said operation being performed in an additive group.
4. A method as defined in claim 1, said operation being performed in a muliplicative group.
5. An article of manufacture comprising:
(a) a computer usable medium having computer readable program code embodied therein for masking a cryptographic operation using a secret value, the computer readable program code in said article of manufacture comprising;
(b) computer readable program code configured to cause a computer to divide said secret value into a plurality of parts;
(c) computer readable program code configured to cause a computer to combine with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and (d) computer readable program code configured to cause a computer to utilize each of the individual parts in said operation.
6
CA 2259089 1999-01-11 1999-01-15 Method and apparatus for masking cryptographic operations Expired - Lifetime CA2259089C (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
CA 2259089 CA2259089C (en) 1999-01-15 1999-01-15 Method and apparatus for masking cryptographic operations
AU30281/00A AU3028100A (en) 1999-01-15 2000-01-14 Method and apparatus for masking cryptographic operations
PCT/CA2000/000030 WO2000042733A1 (en) 1999-01-15 2000-01-14 Method and apparatus for masking cryptographic operations
US09/900,959 US7092523B2 (en) 1999-01-11 2001-07-10 Method and apparatus for minimizing differential power attacks on processors
US10/119,803 US7599491B2 (en) 1999-01-11 2002-04-11 Method for strengthening the implementation of ECDSA against power analysis
US11/483,553 US8666070B2 (en) 1999-01-11 2006-07-11 Method and apparatus for minimizing differential power attacks on processors
US12/495,429 US8280048B2 (en) 1999-01-11 2009-06-30 Method for strengthening the implementation of ECDSA against power analysis
US12/837,268 US8666063B2 (en) 1999-01-11 2010-07-15 Method and apparatus for minimizing differential power attacks on processors
US13/619,557 US8621239B2 (en) 1999-01-11 2012-09-14 Method for strengthening the implementation of ECDSA against power analysis
US13/621,021 US8660264B2 (en) 1999-01-11 2012-09-15 Method and apparatus for minimizing differential power attacks on processors

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA 2259089 CA2259089C (en) 1999-01-15 1999-01-15 Method and apparatus for masking cryptographic operations

Publications (2)

Publication Number Publication Date
CA2259089A1 true CA2259089A1 (en) 2000-07-15
CA2259089C CA2259089C (en) 2013-03-12

Family

ID=4163193

Family Applications (1)

Application Number Title Priority Date Filing Date
CA 2259089 Expired - Lifetime CA2259089C (en) 1999-01-11 1999-01-15 Method and apparatus for masking cryptographic operations

Country Status (3)

Country Link
AU (1) AU3028100A (en)
CA (1) CA2259089C (en)
WO (1) WO2000042733A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008106793A1 (en) * 2007-03-06 2008-09-12 Research In Motion Limited Power analysis attack countermeasure for the ecdsa
US8027466B2 (en) 2007-03-07 2011-09-27 Research In Motion Limited Power analysis attack countermeasure for the ECDSA
US8160245B2 (en) 2007-03-07 2012-04-17 Research In Motion Limited Methods and apparatus for performing an elliptic curve scalar multiplication operation using splitting

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7092523B2 (en) 1999-01-11 2006-08-15 Certicom Corp. Method and apparatus for minimizing differential power attacks on processors
US7599491B2 (en) 1999-01-11 2009-10-06 Certicom Corp. Method for strengthening the implementation of ECDSA against power analysis
JP3926532B2 (en) * 2000-03-16 2007-06-06 株式会社日立製作所 Information processing apparatus, information processing method, and card member
WO2002008865A2 (en) * 2000-07-24 2002-01-31 David Chaum Transparent-coin electronic money system
GB0204620D0 (en) * 2002-02-28 2002-04-10 Europay Internat N V Chip authentication programme
US8909557B2 (en) 2002-02-28 2014-12-09 Mastercard International Incorporated Authentication arrangement and method for use with financial transaction
DE10222212A1 (en) * 2002-05-16 2003-12-04 Giesecke & Devrient Gmbh Spying-proof modular inversion
KR20060034228A (en) * 2003-06-04 2006-04-21 마스터카드 인터내셔날, 인코포레이티드 Customer authentication in e-commerce transactions
US8467535B2 (en) 2005-01-18 2013-06-18 Certicom Corp. Accelerated verification of digital signatures and public keys
EP2395424B1 (en) 2005-01-18 2013-07-31 Certicom Corp. Accelerated verification of digital signatures and public keys
US9123316B2 (en) 2010-12-27 2015-09-01 Microsoft Technology Licensing, Llc Interactive content creation
US8745376B2 (en) 2011-10-14 2014-06-03 Certicom Corp. Verifying implicit certificates and digital signatures

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2672402B1 (en) * 1991-02-05 1995-01-27 Gemplus Card Int METHOD AND DEVICE FOR THE GENERATION OF UNIQUE PSEUDO-RANDOM NUMBERS.
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008106793A1 (en) * 2007-03-06 2008-09-12 Research In Motion Limited Power analysis attack countermeasure for the ecdsa
WO2008106792A1 (en) * 2007-03-06 2008-09-12 Research In Motion Limited Methods and apparatus for performing an elliptic curve scalar multiplication operation using splitting
US8027466B2 (en) 2007-03-07 2011-09-27 Research In Motion Limited Power analysis attack countermeasure for the ECDSA
US8160245B2 (en) 2007-03-07 2012-04-17 Research In Motion Limited Methods and apparatus for performing an elliptic curve scalar multiplication operation using splitting
US8331557B2 (en) 2007-03-07 2012-12-11 Research In Motion Limited Power analysis attack countermeasure for the ECDSA
US8379844B2 (en) 2007-03-07 2013-02-19 Research In Motion Limited Methods and apparatus for performing an elliptic curve scalar multiplication operation using splitting
US8660263B2 (en) 2007-03-07 2014-02-25 Blackberry Limited Power analysis attack countermeasure for the ECDSA

Also Published As

Publication number Publication date
WO2000042733A1 (en) 2000-07-20
CA2259089C (en) 2013-03-12
AU3028100A (en) 2000-08-01

Similar Documents

Publication Publication Date Title
CA2259089A1 (en) Method and apparatus for masking cryptographic operations
SG165174A1 (en) Method of authenticating a consumable
CA2197915A1 (en) Cryptographic key recovery system
BR9709534A (en) Process for managing encrypted codes between a first computer unit and a second computer unit
WO2005038641A3 (en) Data security
WO2001080088A8 (en) Method of searching and producing matching color information
CA2442456A1 (en) Data encryption system and method
WO2003038569A3 (en) Method and apparatus for selecting a password generated based on discrete password elements
WO1998045980A3 (en) Secure deterministic encryption key generator system and method
WO2001061868A3 (en) Method, apparatus, and product for use in generating crc and other remainder based codes
WO2003069822A3 (en) Method for rate matching
BG101139A (en) Heteroatoms-containing cyclopentanopyridyloxazolidinons
DE602004030357D1 (en) Secure multicast transmission
CA2150683A1 (en) A Cryptographic Method
CA2496313A1 (en) Communication management using a token action log
IL147618A0 (en) Method for treating chronic pain using mek inhibitors
CA2118826A1 (en) Hardware Arrangement for Enciphering Bit Blocks While Renewing a Key at Each Iteration
EP1394674A3 (en) System and method for generating initial vectors
MXPA04009380A (en) System and method to build project management processes.
SE0001044L (en) Method and system for encryption and authentication
DK1476860T3 (en) Method for defining a group between bidirectional articles
BR0108367A (en) Method in a radio communication system and radio communication system
CA2508160A1 (en) Table masking for resistance to power analysis attacks
AU2553000A (en) Countermeasure method in an electronic component using a secret key cryptographic algorithm
MXPA05001799A (en) Methods and apparatus for stress relief using multiple energy sources.

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20190115