KR101665600B1 - Apparatus and Method for Protecting Power Collision Attack on Elliptic Curve Cryptography - Google Patents
Apparatus and Method for Protecting Power Collision Attack on Elliptic Curve Cryptography Download PDFInfo
- Publication number
- KR101665600B1 KR101665600B1 KR1020150096689A KR20150096689A KR101665600B1 KR 101665600 B1 KR101665600 B1 KR 101665600B1 KR 1020150096689 A KR1020150096689 A KR 1020150096689A KR 20150096689 A KR20150096689 A KR 20150096689A KR 101665600 B1 KR101665600 B1 KR 101665600B1
- Authority
- KR
- South Korea
- Prior art keywords
- bit
- register address
- point
- random
- bits
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to an apparatus and method for constructing an LDML (Lopez-Dahab Montgomery Ladder) algorithm so as to be safe for a subchannel analysis so that an ECC encryption algorithm can cope with a power collision attack, and a register address bit randomization technique and a random projective coordinate system And a register address for loading or storing data is always random or fixed so that the association with the key bit is removed to cope with a power collision attack of the ECC encryption algorithm.
Description
More particularly, the present invention relates to an apparatus and method for constructing an LDML (Lopez-Dahab Montgomery Ladder) algorithm that is safe for a subchannel analysis so that an ECC encryption algorithm can respond to a power collision attack.
Generally, RSA, which is the core algorithm of accredited authentication system used in many electronic transactions such as Internet banking and internet securities transactions, and ECC (Elliptic) which is suitable for embedded platforms such as electronic passport, USIM, smart card, Curve Cryptography algorithm is vulnerable to subchannel analysis attacks.
A subchannel analysis attack is a physical attack that utilizes subchannel information that occurs while a cryptographic algorithm is running on a secure device.
In this sub-channel analysis attack, the power analysis attack that is used for the observation and analysis of the power pattern consumed while the encryption algorithm is executed is the strongest. Typical examples are Simple Power Analysis (SPA) and Differential Power Analysis , Differential Power Analysis).
And collision attacks (CA, Collision Attack). The collision attack is a public key cryptographic algorithm such as RSA and ECC, which are designed securely for simple power analysis and differential power analysis. It is a very powerful attack technique.
Therefore, it is necessary to research and develop a secure public key encryption algorithm that can cope with this.
In other words, the security of the past information protection device depends on the mathematical safety of the embedded cryptographic algorithm. In addition, since there are physical vulnerabilities due to the subchannel analysis attack, it is essential to design a secure countermeasure technique.
The present invention solves the problem of physical vulnerability due to the subchannel analysis attack of the public key cryptographic algorithm of the prior art. The present invention constitutes an LDML (Lopez-Dahab Montgomery Ladder) algorithm to secure the subchannel analysis, And an apparatus and method that are configured to respond to a power collision attack.
The present invention randomizes an address of a register using a random number having a bit length equal to the bit length of the scalar d, and further uses a register Zq to set a register address to be called at the time of edition operation, And an apparatus and method for responding to a power collision attack of the same ECC encryption algorithm.
The present invention uses an ECC cryptographic algorithm that removes the association with a key bit by randomly setting or fixing a register address to which a register address bit randomization technique and a random projective coordinate system are applied and a register is additionally used and data is loaded or stored. And an apparatus and method for responding to a power collision attack.
The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.
In order to achieve the above object, an apparatus for responding to a power collision attack of an ECC encryption algorithm according to the present invention includes a secret value (d), a plaintext and secret key input unit for inputting a point (P) on an elliptic curve, A register address random value generator for generating a random number (r) having the same bit length as the secret value (d) to generate a random point (R) on the elliptic curve to correspond to simple power analysis and differential power analysis; A random point generating unit for randomly generating an initial operation result value at a random point R and an initial operation for randomly configuring a register address for storing a result value of d n -1 bit operation at r n -1 bits A register address for starting the repetitive operation starting from d n -2 bits and for fetching the data necessary for the d i bit intermediate operation is randomly configured with r i and r i +1 bits and the data necessary for the d i bit intermediate operation is called A point addition, a double addition operation, a double addition operation, a data addition operation, and a multiplication operation are performed on the register address, and the address for storing the result of the d i bit operation is randomly constructed by r i bits to perform point addition, A final arithmetic execution unit for randomly constructing the register address with r 0 bits to perform a final arithmetic operation; And a ciphertext output unit for outputting a ciphertext according to a final operation.
According to another aspect of the present invention, there is provided an apparatus for responding to a power collision attack of an ECC encryption algorithm, including a secret value (d), a plaintext and secret key input unit for inputting a point (P) on an elliptic curve, A first register address random value generator for generating a random bit r 1 to generate a random bit r 1 for performing a simple power analysis and a differential power analysis, a random point generator for generating a random point R on an elliptic curve, An initial operation performing unit for randomizing the initial operation result value to a point R and randomly configuring a register address for storing d n -1 bit operation result value to r 1 bit, Bit r 2 A second register address, a random value generator for generating a; d n bits from -2 begin iteration, and d i-bit register address importing data necessary for the intermediate calculation r 1, r 2 bits randomly, and, d i bit A point adder for performing a point addition and a doubling operation at random with an address for storing a result of the d i bit operation at random r 2 bits; A final arithmetic execution unit for randomly constructing a register address for fetching data necessary for a final arithmetic operation with r 1 bits to perform a final arithmetic operation; And a ciphertext output unit for outputting a ciphertext according to a final operation.
Here, the plain text and secret key input unit is characterized in that when the input secret value d = 0, dP = 0 is returned and the algorithm is terminated.
The simple power analysis correspondence in the point random value generation unit and the initial calculation execution unit prevents d n -2 bit exposure and the differential power analysis countermeasure prevents intermediate data exposure.
In addition, the point addition and doubling operation performing unit performs a point addition and a doubling operation by randomly constructing the register storing the data necessary for the d i bit intermediate operation and the address storing the operation result with r i , r i +1 bits .
In addition, the point addition and double operation performing unit performs an iterative operation for each bit from d n -1 bit to d 0 bit by decreasing the index i value and verifies whether the iterative operation has been performed up to the d 0 bit .
In addition, the point addition and double operation performing unit includes a register for loading data necessary for the d i bit intermediate operation and an address for storing the operation result as r 1 , r 2 bits to perform point addition and double operation.
The point addition and doubling operation performing unit replaces the random value used in the next iterative step to return the correct operation result and sets the index i value to perform the iterative operation by one bit from the d n -1 bit to the d 0 bit, And it is confirmed whether or not the iterative operation has been performed up to the d 0 bit.
According to another aspect of the present invention, there is provided a method for responding to a power collision attack of an ECC encryption algorithm, comprising: inputting a secret value (d), a plaintext and a secret key for inputting a point (P) A random address generating step of generating a random number (r) having the same bit length as the secret value (d) in order to randomize a random point (R) on the elliptic curve in response to simple power analysis and differential power analysis; An initial operation for randomizing the initial operation result value to a random point R and randomly configuring a register address for storing a result value of d n -1 bit operation to r n -1 bits, performing step; d n from -2-bit start and repeat operation, d i-bit register address importing data necessary for the intermediate calculation r i, r i +1 bits and randomly configured, d i-bit intermediate data necessary for operation Further comprising: a constant configuration for loading the emitter register address and performs point addition, twice the operation to the address that stores the d i-bit operation result r i bits configured to randomly; the register address importing data necessary for the final calculation r 0 Performing a final operation by randomly configuring bits; And outputting a ciphertext according to a final operation.
According to another aspect of the present invention, there is provided a method for responding to a power collision attack of an ECC encryption algorithm, comprising: inputting a secret value (d), a plaintext and a secret key for inputting a point (P) A first register address random value generating step of generating a random bit r 1 to randomize the first register address, a point random value generating step of generating a random point R on the elliptic curve to correspond to the simple power analysis and the differential power analysis An initial operation step of randomizing the initial operation result value with a random point R and randomly configuring a register address storing the result value of d n -1 bit operation as r 1 bits, Random bit r 2 A second register address, the random value generation step of generating a; d n bits from -2 begin iteration, and d i-bit register address importing data necessary for the intermediate calculation r 1, r 2 bits randomly, and, d i bit A step of constructing a register address for fetching data necessary for the intermediate operation to be constant and randomly constructing an address for storing the result of the d i bit operation to r 2 bits to perform point addition and double operation; Constructing the register address randomly with r 1 bits to perform the final operation; And outputting a ciphertext according to a final operation.
Here, the simple power analysis correspondence in the point random value generation step and the initial calculation execution step is to prevent d n -2 bit exposure.
The step of performing point addition and doubling operations comprises: a step of randomly constructing a register for storing data necessary for the d i bit intermediate operation and an address for storing the result of the operation at r i and r i +1 bits, Is performed.
In the step of performing point addition and double operation, it is checked whether the iterative operation is performed up to the d 0 bit by decreasing the index i value in order to perform the iterative operation by one bit from the d n -1 bit to the d 0 bit .
The step of performing the point addition and the double operation includes a register for loading data necessary for the d i bit intermediate operation and an address for storing the operation result as r 1 , r 2 bits to perform point addition and double operation.
To perform the point addition and the double operation, the random value used in the next iteration step is replaced to return the correct operation result and the iterative operation is performed by one bit from the d n -1 bit to the d 0 bit decreasing the index i by value characterized in that the check is carried out whether a repeat operation to d 0 bit.
The apparatus and method for responding to a power collision attack of the ECC encryption algorithm according to the present invention have the following effects.
First, an LDML (Lopez-Dahab Montgomery Ladder) algorithm can be constructed to be safe for sub-channel analysis.
Second, a countermeasure technique can be designed to provide higher security for collision attacks of the ECC algorithm, which is a public key encryption algorithm.
Third, it is possible to effectively cope with a collision attack by using a register address bit randomization technique and a random projection coordinate system, and a corresponding method using one register additionally.
1 is a block diagram of an apparatus for responding to a power collision attack of an ECC encryption algorithm according to a first embodiment of the present invention;
2 is a flowchart showing a method for responding to a power collision attack of the ECC encryption algorithm according to the first embodiment of the present invention
3 is a block diagram of an apparatus for responding to a power collision attack of an ECC encryption algorithm according to a second embodiment of the present invention
4 is a flowchart illustrating a method for responding to a power collision attack of an ECC encryption algorithm according to a second embodiment of the present invention
Hereinafter, a preferred embodiment of an apparatus and method for responding to a power collision attack of the ECC encryption algorithm according to the present invention will be described in detail.
The features and advantages of the apparatus and method for responding to a power collision attack of the ECC encryption algorithm according to the present invention will be apparent from the following detailed description of each embodiment.
FIG. 1 is a block diagram of an apparatus for responding to a power collision attack of an ECC encryption algorithm according to a first embodiment of the present invention. FIG. 2 is a diagram illustrating a method for responding to a power collision attack of an ECC encryption algorithm according to the first embodiment of the present invention Fig.
In order to solve the physical vulnerability problem caused by the subchannel analysis attack of the ECC cryptographic algorithm, the present invention is configured to configure the LDML (Lopez-Dahab Montgomery Ladder) algorithm so as to be safe in the subchannel analysis.
To this end, the address of the register is randomized by using a random number having a bit length equal to the bit length of the scalar d, and a register address to be called at the time of the edition operation is additionally used by using the register Zq, So that it can respond to a power collision attack of the ECC encryption algorithm in the same manner.
Definitions of the terms used in the following description are as shown in Table 1.
First, the Lopez-Dahab Montgomery ladder with randomized address algorithm, which applies a random projection coordinate system and a corresponding method of randomizing register addresses, to cope with a sub-channel analysis attack of the ECC encryption algorithm, will be described.
First, a random finite field element R is generated by random power analysis to prevent the d n -2 bits from being exposed, and the algorithm is configured so that the multiplication operation with Z 1 = 1 does not occur by randomizing the coordinate system .
In order to cope with a collision attack, the address of the register is randomized by using a random number r = (r n -1 r n -1 ... r 0 ) 2 having the bit length equal to the bit length of the scalar d.
Further, by using the register Z q additionally, the address of the register to be loaded at the time of the edition operation can be made the same when the secret key bit is 0 and 1, thereby coping with the collision attack.
As shown in Table 2, by combining the random projection coordinate algorithm and the register randomization algorithm, it is possible to design a simple LDPC (Lopez-Dahab Montgomery Ladder) algorithm-compatible technique for simple power analysis, differential power analysis and collision attack.
The Lopez-Dahab Montgomery ladder with randomized address and random projective coordinates safety verification in an apparatus and method for a power collision attack response of the ECC encryption algorithm according to the present invention is as follows.
The present invention relates to a method for verifying the safety of two different exponent bit operation register address conflicts, a safety verification for one exponent bit internal register address conflict, a safety check for data conflicts in an exponent bit operation, Includes computational data storage and safety verification for load collisions.
The apparatus for responding to a power collision attack of the ECC encryption algorithm according to the first embodiment of the present invention inputs a secret value d and a point P on an elliptic curve and returns dP = 0 if the secret value d = 0, a plain text and a private
In this case, the point addition and double
The apparatus for responding to a power collision attack of the ECC encryption algorithm according to the first embodiment of the present invention randomizes the address of the register using a random number having the same bit length as the scalar d bit length and additionally uses the register Zq The address of the register to be loaded at the time of the edition operation is set to be the same when the secret key bit is 0 and 1, so that it can cope with a power collision attack of the ECC encryption algorithm.
Specifically, as shown in FIG. 2, the secret value d and the point P on the elliptic curve are input (S200). If the input secret value d = 0, dP = 0 is returned and the algorithm is terminated (S201)
Then, in order to randomize the register address, a random number r having the same bit length as d is generated (S202)
Then, a random point R generation on the elliptic curve is performed to cope with the simple power analysis (d n -2 bit exposure) and the differential power analysis (S 203)
Next, to correspond to the simple power analysis (d n -2 bit exposure) and the differential power analysis, the initial calculation result value is randomized to R (S204)
The register address for storing the result of the d n -1 bit operation is randomly configured as r n -1 bits (S205), and the iterative operation is started from the bit d n -2 (S206)
Next, a register address for fetching data necessary for the d i bit intermediate operation is randomly configured with r i bits (S 207), and a register address for fetching data necessary for the d i bit intermediate operation is constantly configured (S 208)
A register for loading data necessary for the d i bit intermediate operation and an address for storing the calculation result are randomly constructed with r i and r i +1 bits to perform point addition and double operation (S209).
Next, in order to perform an iterative operation of one bit from the d n -1 bit to the d 0 bit, the index i value is decreased (S210), and it is confirmed whether the iterative operation is repeated up to the d 0 bit (S211)
Then, a register address for fetching data necessary for a final operation is randomly configured with r 0 bits to perform a final operation (S 212), and a ciphertext according to the final operation is output (S 213)
An apparatus and method for responding to a power collision attack of an ECC encryption algorithm according to a second embodiment of the present invention will now be described.
FIG. 3 is a block diagram of an apparatus for responding to a power collision attack of an ECC encryption algorithm according to a second embodiment of the present invention. FIG. 4 is a diagram illustrating a method for responding to a power collision attack of an ECC encryption algorithm according to a second embodiment of the present invention Fig.
As shown in FIG. 3, the apparatus for responding to a power collision attack of the ECC encryption algorithm according to the second embodiment of the present invention inputs a secret value d and a point P on an elliptic curve, and when the input secret value d = 0, dP = A plain text and secret key input unit 30 for terminating the algorithm after returning 0, a random bit r 1 And a point random value generating unit 33 for generating a random point R on an elliptic curve to correspond to a simple power analysis (d n -2 bit exposure) and a differential power analysis, And a register address for randomizing the initial calculation result value to R to correspond to the simple power analysis (d n -2 bit exposure) and the differential power analysis, and storing the d n -1 bit calculation result value An initial operation performing unit 33 for randomly configuring r 1 bits with d n -2 bits and a random bit r 2 A second register address random value generator 34 for generating a register address for randomly generating data necessary for the d i bit intermediate operation and a register address for randomly setting the register address r 2 bits for d i bit intermediate operation, A register for loading data required for the d i bit intermediate operation and an address for storing the result of the operation are r 1 , r 2 bits point addition randomly configured to perform the point addition and double the operation, two times operation execution unit 35 and, by the register address importing data necessary for the final calculation r 1 bits configured to randomly perform the final operation And a ciphertext output unit 37 for outputting a ciphertext according to the final computation.
Here, the point addition and double
The apparatus for responding to a power collision attack of the ECC encryption algorithm according to the second embodiment of the present invention includes a first and a second register address random value generator to cope with a power collision attack of the ECC encryption algorithm.
Specifically, as shown in FIG. 4, a secret value d and a point P on an elliptic curve are input (S400). If the input secret value d = 0, dP = 0 is returned and the algorithm is terminated (S401)
Next, a random bit r 1 is generated to randomize the register address (S 402), and a random point R on the elliptic curve is generated to correspond to the simple power analysis (d n -2 bit exposure) and the differential power analysis (S403)
In order to correspond to the simple power analysis (d n -2 bit exposure) and the differential power analysis, the initial calculation result values are randomized to R (S404)
Next, a register address for storing the result value of the d n -1 bit operation is randomly configured with r 1 bits (S 405), and the iterative operation is started from the d n -2 bit (S 406)
And the random bit r 2 is generated to randomize the registers addressed and (S407), d i the address register loading the data necessary for the operation bit intermediate r constitute the 2-bit random. (S408)
Next, a register for loading data required for the d i bit intermediate operation is constantly configured (S 409), a register for loading data necessary for the d i bit intermediate operation, and an address for storing the result of the operation are r 1 , r 2 bits to perform point addition and double operation (S410)
Then, the random value used in the next iterative step is replaced (step S411), and the index i value is decremented to perform the iterative operation by one bit from the d n -1 bit to the d 0 bit (step S 412) , it is checked whether the repetitive operation is performed up to bit d 0 (S413)
Finally, a register address for fetching data necessary for the final operation is randomly configured with r 1 bits to perform a final operation (S414), and a ciphertext according to the final operation is output (S415)
Here, the random bit r 2 generating step for randomly addressable register (S407) and is applied to generate a random value by 1-bit at step (S411) for replacing the random value used in the next iteration step.
The apparatus and method for responding to a power collision attack of the ECC encryption algorithm according to the present invention as described above uses a register address bit randomization technique and a random projective coordinate system and additionally uses one register and a register address Is always random or fixed so that the association with the key bit is eliminated so that it can cope with a power collision attack of the ECC encryption algorithm.
As described above, it will be understood that the present invention is implemented in a modified form without departing from the essential characteristics of the present invention.
It is therefore to be understood that the specified embodiments are to be considered in an illustrative rather than a restrictive sense and that the scope of the invention is indicated by the appended claims rather than by the foregoing description and that all such differences falling within the scope of equivalents thereof are intended to be embraced therein It should be interpreted.
10. Plain text and secret
12. Point random
14. Point addition, double
16. The cipher text output unit
Claims (15)
A register address random value generator for generating a random number (r) having the same bit length as the secret value (d) to randomize the register address;
A point random value generator for generating a random point (R) on the elliptic curve to correspond to the simple power analysis and the differential power analysis;
An initial computation unit randomizing the initial computation result value to a random point R and randomly configuring a register address for storing the d n-1 bit computation result value to r n-1 bits;
a register address for starting the d n-2 bit repetition operation, randomly constructing a register address for reading data required for the d i bit intermediate operation with r i , r i + 1 bits, and registering the data required for the d i bit intermediate operation A point addition, a double operation performing unit for performing a point addition, a double operation, and a register operation for randomly configuring a register address for storing a result of the d i bit operation to r i bits;
A final arithmetic execution unit for randomly constructing a register address for fetching data necessary for a final arithmetic operation with r 0 bits to perform a final arithmetic operation; And a ciphertext output unit for outputting a ciphertext according to a final operation. The point addition and double operation unit include registers for fetching data necessary for the d i bit intermediate operation and addresses for storing the operation result as r i and r i + And a point addition and a double operation are performed by randomly configuring one bit.
A first register address random value generator for generating a random bit r 1 to randomize a register address;
A point random value generator for generating a random point (R) on the elliptic curve to correspond to the simple power analysis and the differential power analysis;
An initial arithmetic execution unit for randomizing the initial arithmetic operation result value to a random point R and randomly configuring a register address for storing the d n-1 arithmetic operation result value to r 1 bits;
A second register address random value generator for generating a random bit r 2 to randomize a register address;
d n-2 starts cyclic operation at bit, and d i-bit intermediate register address importing data necessary for the operation r 1, r 2 bits configured to randomly, and a constant register address loading the data required for the d i-bit intermediate operation A point adder for performing point addition and double operation by randomly constructing a register address for storing the result of the d i bit operation with r 2 bits;
A final arithmetic execution unit for randomly constructing a register address for fetching data necessary for a final arithmetic operation with r 1 bits to perform a final arithmetic operation; And a ciphertext output unit for outputting a ciphertext according to a final operation. The point addition and double operation unit include registers for loading data required for the d i bit intermediate operation and addresses for storing the operation result as r 1 , r 2 bits randomly to perform point addition and double operation. The apparatus for responding to a power collision attack of an ECC encryption algorithm.
and deciding whether the iterative operation is repeated up to the d 0 bit by decreasing the index i value in order to perform the iterative operation by one bit from the d n -1 bit to the d 0 bit. Device.
Replacing the random value used in the next iteration step in order to return the correct result of the operation, and by d n -1 repeated by one bit from bit to bit d 0 i yeonsanreul reduction index value to perform a cyclic operation is performed to the bits d 0 Wherein the ECC cryptographic algorithm checks whether an ECC cryptographic algorithm is used.
A register address random value generation step of generating a random number (r) having the same bit length as the secret value (d) to randomize the register address;
A point random value generating step of generating a random point (R) on the elliptic curve to correspond to the simple power analysis and the differential power analysis;
An initial computation step of randomizing an initial computation result value at a random point R and randomly configuring a register address for storing the d n-1 bit computation result value to r n-1 bits;
a register address for starting the d n-2 bit repetition operation, randomly constructing a register address for reading data required for the d i bit intermediate operation with r i , r i + 1 bits, and registering the data required for the d i bit intermediate operation Performing a point addition and a doubling operation by randomly configuring a register address for storing the result of the d i bit operation to r i bits;
Performing a final operation by randomly constructing a register address for fetching data necessary for a final operation with r 0 bits; And a step of performing a point addition or a double operation includes a register for loading data necessary for the d i bit intermediate operation and an address for storing the result of the operation are r i and r i And performing addition and doubling of the points by randomly constructing by +1 bits. The method for responding to a power collision attack of an ECC encryption algorithm.
A first register address random value generation step of generating a random bit r 1 to randomize a register address;
A point random value generating step of generating a random point (R) on the elliptic curve to correspond to the simple power analysis and the differential power analysis;
An initial computation step of randomizing an initial computation result value to a random point R and randomly configuring a register address to store the d n-1 bit computation result value with r 1 bits;
A second register address random value generation step of generating a random bit r 2 to randomize a register address;
d n-2 starts cyclic operation at bit, and d i-bit intermediate register address importing data necessary for the operation r 1, r 2 bits configured to randomly, and a constant register address loading the data required for the d i-bit intermediate operation Performing a point addition and a doubling operation by randomly configuring a register address for storing a result of the d i bit operation to r 2 bits;
Performing a final operation by randomly constructing a register address for fetching data necessary for a final operation with r 1 bits; Wherein the step of performing point addition and double operation comprises: a register for loading data necessary for the d i bit intermediate operation; and an address for storing the result of the operation, r 1 , r 2 bits randomly to perform point addition and double operation.
and deciding whether the iterative operation is repeated up to the d 0 bit by decreasing the index i value in order to perform the iterative operation by one bit from the d n -1 bit to the d 0 bit. Way.
In order to return the correct result of the operation to replace the random value used in the next iteration step and, d n -1 repeated by one bit from bit to bit d 0 i yeonsanreul reduction index value to perform a cyclic operation by the bits d 0 to The method comprising the steps of: determining whether an ECC encryption algorithm has been performed;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150096689A KR101665600B1 (en) | 2015-07-07 | 2015-07-07 | Apparatus and Method for Protecting Power Collision Attack on Elliptic Curve Cryptography |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150096689A KR101665600B1 (en) | 2015-07-07 | 2015-07-07 | Apparatus and Method for Protecting Power Collision Attack on Elliptic Curve Cryptography |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101665600B1 true KR101665600B1 (en) | 2016-10-12 |
Family
ID=57173362
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150096689A KR101665600B1 (en) | 2015-07-07 | 2015-07-07 | Apparatus and Method for Protecting Power Collision Attack on Elliptic Curve Cryptography |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101665600B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019117565A1 (en) * | 2017-12-11 | 2019-06-20 | 국민대학교산학협력단 | Apparatus and method for randomizing key bit variables of public key encryption algorithm |
US11341285B2 (en) | 2018-05-09 | 2022-05-24 | Samsung Electronics Co., Ltd. | Integrated circuit device and operating method of integrated circuit device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100402156B1 (en) | 2002-04-25 | 2003-10-17 | Jae Cheol Ha | Method for encrypting elliptic curve to prevent power analysis attack |
KR100772550B1 (en) * | 2006-05-11 | 2007-11-02 | 경북대학교 산학협력단 | Enhanced message blinding method to resistant power analysis attack |
KR20090070060A (en) | 2007-12-26 | 2009-07-01 | 대구대학교 산학협력단 | Lopez-dahab algorithm based high speed elliptic curve cryptographic processor on finite field |
-
2015
- 2015-07-07 KR KR1020150096689A patent/KR101665600B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100402156B1 (en) | 2002-04-25 | 2003-10-17 | Jae Cheol Ha | Method for encrypting elliptic curve to prevent power analysis attack |
KR100772550B1 (en) * | 2006-05-11 | 2007-11-02 | 경북대학교 산학협력단 | Enhanced message blinding method to resistant power analysis attack |
KR20090070060A (en) | 2007-12-26 | 2009-07-01 | 대구대학교 산학협력단 | Lopez-dahab algorithm based high speed elliptic curve cryptographic processor on finite field |
Non-Patent Citations (1)
Title |
---|
연구보고서 "군 정보통신시스템 부채널 공격 위협측정 및 대응방안 연구" (2014.11.27. 공개) * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019117565A1 (en) * | 2017-12-11 | 2019-06-20 | 국민대학교산학협력단 | Apparatus and method for randomizing key bit variables of public key encryption algorithm |
KR101981621B1 (en) * | 2017-12-11 | 2019-08-28 | 국민대학교산학협력단 | System and Method for Key bit Parameter Randomizating of public key cryptography |
US11341285B2 (en) | 2018-05-09 | 2022-05-24 | Samsung Electronics Co., Ltd. | Integrated circuit device and operating method of integrated circuit device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107111966B (en) | Method for testing and reinforcing software application | |
CN107040362B (en) | Modular multiplication apparatus and method | |
US10263768B2 (en) | Protection of a calculation against side-channel attacks | |
CN105991292B (en) | System and method for operating a secure elliptic curve cryptography system | |
JP7123959B2 (en) | Elliptic curve point multiplication device and method | |
US10354063B2 (en) | Protection of a modular calculation | |
CN109600232B (en) | Attack verification and protection method and device for SM2 signature algorithm | |
JP5401477B2 (en) | Protecting electronic circuits from error-based attacks | |
JPWO2006077651A1 (en) | Encryption processor with tamper resistance against power analysis attacks | |
JP5693927B2 (en) | Failure detection attack detection method and detection apparatus | |
US10025559B2 (en) | Protection of a modular exponentiation calculation | |
EP3078154B1 (en) | A computing device for iterative application of table networks | |
EP3085005B1 (en) | Secure data transformations | |
KR101665600B1 (en) | Apparatus and Method for Protecting Power Collision Attack on Elliptic Curve Cryptography | |
CN110710154B (en) | Systems, methods, and apparatus for obfuscating device operations | |
US10229264B2 (en) | Protection of a modular exponentiation calculation | |
US8582761B2 (en) | Cryptographic method with elliptical curves | |
WO2011061263A1 (en) | Countermeasures against power attacks for the randomization of the exponent | |
US10977365B2 (en) | Protection of an iterative calculation against horizontal attacks | |
US11329796B2 (en) | Protection of an iterative calculation | |
US11265142B2 (en) | Protection of an iterative calculation | |
US10305678B2 (en) | Imbalanced montgomery ladder | |
US20150220307A1 (en) | Operation based on two operands |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20190923 Year of fee payment: 4 |