WO2009109715A2 - Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature - Google Patents
Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature Download PDFInfo
- Publication number
- WO2009109715A2 WO2009109715A2 PCT/FR2009/000072 FR2009000072W WO2009109715A2 WO 2009109715 A2 WO2009109715 A2 WO 2009109715A2 FR 2009000072 W FR2009000072 W FR 2009000072W WO 2009109715 A2 WO2009109715 A2 WO 2009109715A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- parameter
- generating
- sequence
- private key
- protection
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000010586 diagram Methods 0.000 title 1
- 230000006870 function Effects 0.000 claims description 62
- 230000009466 transformation Effects 0.000 claims description 12
- 230000001131 transforming effect Effects 0.000 claims description 10
- 230000001172 regenerating effect Effects 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 description 16
- 230000000873 masking effect Effects 0.000 description 9
- 238000002347 injection Methods 0.000 description 8
- 239000007924 injection Substances 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 4
- 125000004122 cyclic group Chemical group 0.000 description 4
- 238000000844 transformation Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- PXFBZOLANLWPMH-UHFFFAOYSA-N 16-Epiaffinine Natural products C1C(C2=CC=CC=C2N2)=C2C(=O)CC2C(=CC)CN(C)C1C2CO PXFBZOLANLWPMH-UHFFFAOYSA-N 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 3
- 239000000203 mixture Substances 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000763 evoking effect Effects 0.000 description 1
- 238000005286 illumination Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000000691 measurement method Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3013—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/722—Modular multiplication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/725—Finite field arithmetic over elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/046—Masking or blinding of operations, operands or results of the operations
Definitions
- the present invention relates to a countermeasure method in an electronic component implementing an asymmetric cryptography algorithm with a private key, resistant to attacks aimed at discovering the private key. It also relates to a microcircuit device and a portable device, in particular a smart card, implementing such a method.
- Private-key asymmetric cryptography is based on the use of primitives P which are generally functions exploiting a problem with complex and one-way resolution, such as the so-called discrete logarithm problem in finite fields (DLP of English "Discrete Logarithm Problem ”) or the so-called discrete logarithm on elliptic curves (ECDLP of the English” Elliptic Curves Discrete Logarithm Problem ").
- DLP discrete logarithm problem in finite fields
- ECDLP of the English Elliptic Curves Discrete Logarithm Problem ").
- Signature schemes are a classic use of asymmetric cryptography.
- an algorithmic application of asymmetric cryptography with a signature scheme involving the use of a private key d is generally implemented by a microcircuit 12 to authenticate the transmission of an M message by a signature of this message using the private key.
- the private key d is for example stored in the microcircuit 12 which includes a memory 14 including itself a secure memory space 16 provided for this purpose and a microprocessor 18 for executing the asymmetric cryptographic algorithm 10.
- Microcircuit devices implementing cryptographic algorithms are sometimes attacked to determine the secret data they manipulate such as the key (s) used and possibly, in some cases, information. on the messages themselves.
- the algorithms of asymmetric cryptography to signature scheme are under attack to discover the private key.
- Auxiliary channel attacks are an important family of cryptanalysis techniques that exploit certain properties of software or hardware implementations of cryptographic algorithms.
- the attacks of the SPA (Simple Power Analysis) or DPA (Differential Power Analysis) type consist in measuring the incoming and outgoing currents and voltages in the microcircuit. during the execution of the asymmetric cryptographic algorithm in order to deduce the private key.
- the feasibility of this family of attacks has been demonstrated in the article by P. Kocher, J. Jaffe and B. Jun entitled “Differential Power Analysis” published in Advances in Cryptology in particular - Crypto 99 Proceedings, Lecture Notes In Computer Science Vol . 1666, M. Wiener, eds., Springer-Verlag, 1999.
- Time attacks analyze the time taken to perform certain operations. Such attacks on asymmetric cryptographic algorithms are described in the article by P. Kocher, N. Koblitz titled “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other Systems” published in Advances in Cryptology - Crypto 96, 16th annual international cryptology conference, Aug. 18-22, 1996 Proceedings.
- Fault injection (s) attacks are also known, among which are the DFA (Differential Fault Analysis) attacks, which consist in intentionally generating faults during the execution of the algorithm. cryptography, for example by disrupting the microcircuit on which it runs. Such a disturbance may include one or more short illumination (s) of the microcircuit or the generation of one or more peak (s) of voltage on one of its contacts. It thus makes it possible, under certain conditions, to exploit the calculation and behavior errors generated in order to obtain part or all of the private key sought.
- DFA Different Fault Analysis attacks
- the invention more particularly relates to a method of countermeasure in an electronic component implementing an asymmetric cryptography algorithm with a private key d, comprising the steps of: generate a first output data using a primitive,
- the protection parameter a is conventionally generated using a pseudo random data generator 20, so that the execution of the primitive by the cryptographic algorithm 10 is itself made random, for example by a technique commonly referred to as masking, which can also be renamed a method of transformation or deformation of the data since their manipulation is deformed as opposed to their raw use, performed by a countermeasure section 22 of the microprocessor 18, using the protection parameter a.
- masking a technique commonly referred to as masking
- the intermediate data of the cryptographic algorithm and, consequently, the measurable currents are modified by the random protection parameter and their observation does not make it possible to find the true value of the private key.
- the masking does not disturb the algorithm itself, which therefore provides the same result with or without masking.
- RSA asymmetric cryptographic algorithm
- An efficient implementation of this primitive uses a binary representation of the private key d by iterating on each bit of this binary representation. In each iteration, the calculation performed and in fact the energy consumption during the calculation depends on the value of the bit concerned. Therefore, the execution of such a primitive makes the private key particularly vulnerable to the aforementioned attacks.
- a conventional countermeasure then consists in directly masking the private key using the protection parameter.
- a known signature scheme using this RSA algorithm can be used to sign an M message by applying the modular exponentiation to the message M using the private key d as an exponent.
- the signature is in this case the direct result of the modular exponentiation.
- a fault injection attack (s) is described. This attack allows, by switching to 0 a number of low-order bits of the random and then calculation of the signature a number of times, to deduce the value of the private key.
- One embodiment of the invention relates to a countermeasure method in an electronic component implementing a private key asymmetric cryptography algorithm, comprising the steps of:
- generating a protection parameter characterized in that it further comprises the steps of:
- the protection parameter is used to protect the execution of the operation following the application of the primitive, rather than the execution of the primitive itself. It is indeed more this operation that is exploited in the attacks aimed at this type of signature scheme.
- the countermeasure method comprises the steps of:
- the countermeasure method comprises the steps of:
- the intermediate parameter is the first output data item.
- the primitive is a modular exponentiation for the realization of a signature scheme cryptography algorithm of the DSA type.
- the primitive is a scalar multiplication for the realization of an ECDSA type signature scheme cryptography algorithm.
- the countermeasure method implements a signature-type asymmetric cryptographic algorithm consisting in applying the Fiat-Shamir heuristics to a zero-knowledge identification identification protocol.
- the generation of the protection parameter comprises the steps of:
- the countermeasure method comprises the steps of:
- each function being generating, by successive applications to at least one predetermined secret parameter and stored in memory, a corresponding sequence of values that can be determined solely from the corresponding secret parameter and the corresponding function
- the countermeasure method comprises the steps of:
- the method of countermeasure comprises, after carrying out the transformation, a step of regenerating the protection parameter for use in the step of generating the second output data item.
- Another embodiment of the invention consists in providing a microcircuit device, comprising a microprocessor for implementing a countermeasure method of a private key asymmetric cryptography algorithm, at least one secure memory for storage of the private key, and a data generator for generating a protection parameter, characterized in that it is configured to:
- the microcircuit device is configured to:
- the microcircuit device is configured to:
- the intermediate parameter is the first output data item.
- the primitive is a modular exponentiation for the realization of a signature scheme cryptography algorithm of the DSA type.
- the primitive is a scalar multiplication for the realization of an ECDSA type signature scheme cryptography algorithm.
- the microprocessor implements a signature-type asymmetric cryptographic algorithm consisting in applying the Fiat-Shamir heuristics to a zero-knowledge identification identification protocol.
- the data generator is configured to generate the protection parameter by:
- the data generator is configured to:
- each function being generating, by successive applications to at least one predetermined secret parameter and stored in memory, a corresponding sequence of values that can be determined solely from the corresponding secret parameter and the corresponding function
- the data generator is configured to: defining a generating function, by successive applications to at least one predetermined secret parameter and stored in memory, of a sequence of values that can be determined solely from the secret parameter and from the function,
- the microcircuit device is configured to, after completion of the transformation, regenerate the protection parameter to use it during the step of generating the second output datum.
- Another embodiment of the invention consists in providing a portable device, in particular a smart card, comprising a microcircuit device as described above.
- FIG. 1 previously described schematically represents the structure of a microcircuit device, of conventional type
- FIG. 2 schematically represents the structure of a microcircuit device, according to a first embodiment of the invention
- FIG. 3 schematically represents a smart card comprising the device of FIG. 2,
- FIG. 4 illustrates the successive steps of a first countermeasure method implemented by the device of FIG. 2,
- FIG. 5 illustrates the successive steps of a second countermeasure method implemented by the device of FIG. 2,
- FIG. 6 schematically represents the structure of a microcircuit device, according to a second embodiment of the invention.
- FIG. 7 illustrates the successive steps of a countermeasure method implemented by the device of FIG. 6.
- the microcircuit device 12 'represented in FIG. 2 comprises, like that represented in FIG. 1, an algorithmic application of asymmetric cryptography 10, a memory 14 including a secure memory space 16 for storing, in particular, a private key d intended to be used by the application 10, a microprocessor 18 and a pseudo-random data generator 20 for the supply a protection parameter a. It also has a countermeasure section 22 ', but this provides an improvement to the existing countermeasures, in particular to the countermeasure section 22 previously described.
- the device 12 ' is for example integrated in a portable device, in particular in the form of a secure smart card chip 30, as shown in FIG.
- the algorithmic application of asymmetric cryptography 10 is more precisely adapted for the implementation of a signature scheme of the type consisting in applying the heuristics of Fiat-Shamir to an identification protocol to zero disclosure of knowledge. It therefore comprises:
- the first and second output data constitute the signature (si, s2).
- the countermeasure section 22' is configured to transform, using the protection parameter a, the private key d and / or an intermediate parameter obtained from the first data Release.
- the intermediate parameter is the first output data itself.
- a first method of this type, performing a DSA-type signature on a message M, is illustrated in FIG. 4.
- the public key is (p, q, g, e).
- the private key is d.
- a random number u is generated, chosen such that 0 ⁇ u ⁇ q.
- the pseudo-random data generator 20 generates a protection parameter a whose size of the binary representation is equal to that of the private key d.
- the generator 20 generates a parameter a 'whose size is much smaller than that of d, but the binary representation of this parameter a' is concatenated as many times with itself as necessary, in order finally to provide a protection parameter a whose size of the binary representation is equal to that of d.
- the parameter generated by the generator 20 (a or a ') is stored in memory for use later, especially optionally as a verification parameter for the parameter a 'when combined with other parameters of the DSA algorithm to form a.
- an optional verification step 110 is performed if, in step 104, the parameter a 'generated by the generator 20 has been stored in memory as a verification parameter.
- the parameter a is again calculated, using the COMB function and the public and / or stored values used by this function (a ', q, si, ).
- step 104 If the value of a has changed between step 104 and step 110, it can be concluded that a fault injection attack (s) has occurred between these two steps. An alert is then transmitted by the cryptographic application 10 and the cryptographic algorithm is stopped (112) or a different security response comes into application.
- step 114 If the value of a has not changed between step 104 and step 110, proceed to a step 114 in which the following calculation is performed:
- a last step 116 the cryptographic application 10 returns the value (si, s2) as the signature DSA of the message M.
- the first method described above can be modified as follows.
- step 108 calculating the linear congruence operation involves the first transformed output data if 'and the private key d:
- the first method described above can be modified as follows.
- step 108 calculating the linear congruence operation involves the first output data if and the private key transformed from:
- step 114 the following calculation is performed:
- the first method described above can be modified as follows.
- step 108 calculating the linear congruence operation involves the first transformed output data if 'and the private key d:
- step 114 the following calculation is performed:
- the first method described above can be modified as follows.
- step 104 the pseudo-random data generator 20 generates a protection parameter a whose size of the binary representation is much smaller than that of d.
- step 108 the calculation of the linear congruence operation involves the first transformed output datum if and the transformed private key of:
- FIG. 1 A second method according to the invention, carrying out an ECDSA signature of the "Elliptic Curve Digital Signature Algorithm" on a message M, is illustrated in FIG.
- G be an elliptic curve of order q with q a prime number greater than 2160 .
- the curve is also defined by two elements a and b which are elements of a Galois field of cardinality n.
- a random number of k bits such as 0 ⁇ d ⁇ q, are randomly determined.
- the public key is Q.
- the private key is d.
- a random number u is generated, chosen such that 0 ⁇ u ⁇ q.
- the pseudo-random data generator 20 generates a protection parameter a whose size of the binary representation is equal to that of the private key d.
- the generator 20 generates a parameter a 'whose size is much smaller than that of d, but the binary representation of this parameter a' is concatenated as many times with itself as necessary, in order finally to provide a protection parameter a whose size of the binary representation is equal to that of d.
- the generator 20 generates a parameter a 'which is combined with other parameters of the ECDSA algorithm, such as q or if previously determined, using a COMB function to provide the protection parameter a.
- a COMB (a ', q, si, ).
- the parameter generated by the generator 20 (a or a ') is stored in memory for later use, especially optionally as a verification parameter for the parameter a' when combined with other parameters of the DSA algorithm to train a.
- the following steps 206 to 216 are identical to steps 106 to 116. They will therefore not be detailed.
- another method according to the invention can realize a Schnorr type signature.
- the step of calculating the first output data is identical to step 102.
- the linear congruence applied to steps 108, 114 is slightly modified.
- the microcircuit device 12 "represented in FIG. 6 comprises, like that represented in FIG. 2, an algorithmic application of asymmetric cryptography 10, a memory 14 including a secure memory space 16, a microprocessor 18 and a countermeasure section 22 'It is for example integrated in a portable device, in particular in the form of a chip of a secure smart card 30 as
- a cryptographic algorithm including a countermeasure can in fact be closely integrated into one and the same implementation.
- the algorithmic application of asymmetric cryptography 10 of the device 12 is more precisely adapted for the implementation of a signature scheme of the type consisting in applying the heuristics of Fiat-Shamir to a identification protocol with zero knowledge disclosure, and therefore includes:
- the countermeasure section 22 'of the device 12 is configured, like that of the device 12', to transform, using the protection parameter a, the private key d and / or an intermediate parameter obtained at From the first output data
- the intermediate parameter is the first output data itself.
- the pseudo-random data generator 20 of conventional type is replaced by a data generator 20" which comprises:
- a section 20 "has application of a predefined function F to at least one predetermined secret parameter S for generating a sequence of determinable values solely from this secret parameter and this function F, and
- a section 20 "b for providing at least one protection parameter reproducibly has a value of this sequence.
- Section 20 is actually a software or hardware implementation of the F function.
- the secret parameter S is stored in the secure memory 16 and supplied at the input of the section 20 "of the generator 20", while the protection parameter a is provided, at the output of the section 20 “b, at the counter section. -measure 22 '.
- the parameter a is not therefore a hazard in the conventional sense mentioned in the documents of the state of the art. This is a deterministic result derived from the calculation of the function F executed by the generator 20 "on at least one secret parameter S which may be specific to the smart card 30 on which the microcircuit 12 'is disposed. secret is for example derived from a public data device 30.
- the element A n can be processed before providing the parameter a.
- sequences of values (A n ) that can be provided by a generator 20 "according to the second embodiment of the invention . Then a second step, we will expose several possible uses of such sequences of values for the provision of protection parameters, in particular to the two countermeasure applications in asymmetric cryptography previously described with reference to FIGS. 4 and 5.
- the protection parameters are for example the elements of the sequence (A n ).
- A, q L .A 0 + r (q l -1) / (q-1).
- m 2 k .
- m is one of the secret parameters to be kept in the secure memory of the device.
- the initial element A 0 is chosen as being the generating element a to which the law of internal composition of the group GC is applied k times,
- the secret parameters S used by the generating function of the sequence (A n ) are then for example the generating element a and the values k, k 'and m.
- the protection parameters generated are for example the elements of the sequence (A n ).
- Frobenius a finite field, where the order q is a prime number of k bits.
- the group of inverse affine transformations on this finite field is a group of Frobenius.
- An interesting property of Frobenius groups is that no non-trivial element fixes more than one point.
- a t + m ⁇ m + O .A t 1n-1 -A t + 1 + ... + A 1 -A ⁇ 1+ 1, wherein the ⁇ , take the value 0 or 1.
- a secret parameter A 0 for example 16 bits
- a corresponding CRC polynomial among those conventionally used in CRC calculations, for example the CRC-16 polynomial (X 16 + X 15 + X 2 + 1) or the CRC CCITT V41 polynomial (X 16 + X 12 + X 5 + 1).
- the function T in question can be a secret matrix of values, the values A ' n and A " n respectively denoting respectively a row and a column of this matrix.
- the sequence (A n ) can be generated from a first sequence (A ' n ), also according to public data, such as for example data used during the execution of the cryptography application with countermeasure and not secret. Among these data, depending on the applications, mention may be made of the message M (in clear or encrypted), a public key e, etc.
- the values of the sequence used as protection parameters are then calculated using any COMB function combining all these data:
- a n COMB (A ' n , M, e, ).
- sequence of values (A n ) can be used not only to supply the countermeasure application of the cryptography algorithm with protection parameters, but also to detect fault injection attacks. (especially on public data). Indeed by regeneration of the sequence (A ' n ) using the secret parameter (s), at the end of the execution of the cryptography algorithm for example, but before doing the opposite operation of the initial transformation using a regenerated protection parameter, then by using this regenerated sequence (A ' n ) and public data as it appears at the end of execution, it is possible to check whether the application of the COMB function produces the same sequence of values (A n ) or not and therefore if public data has been assigned or not running.
- this generation of random events can be replaced by the non-random generation of parameters derived from one or more sequence (s) of values obtained using at least one secret parameter.
- FIG. 7 illustrates an example of steps performed by a method according to the second embodiment of FIG. 6, applied to the execution of an asymmetrical cryptographic algorithm with countermeasure, using T protection parameters a. ... a ⁇ by execution, all the protection parameters that can be extracted from the same sequence of values (A n ) generated by the section 20'a.
- a counter i is initialized to 0. This counter i is intended to keep in memory the number of times that the asymmetric cryptographic algorithm has been executed since this step of initialization INIT, as long as another initialization is not performed.
- the secret parameter S (or the parameters S when there are several), from which the sequence of values must be generated, is defined. It can be kept from a previous initialization, but can also be generated on the basis of a new value on the occasion of this initialization. It is for example generated from unique identification data, such as a public data device 30. It can also be generated from parameters or physical phenomena related to the microcircuit at a given instant, which can be random. In all cases, it is stored in memory in a secure manner, to allow the microcircuit to regenerate at any time the same sequence of values (A n ) using the function implemented by section 20 "a.
- the initialization step INIT can be unique in the life cycle of the microcircuit, carried out during the design by the manufacturer, or reproduced several times, for example regularly or whenever the counter i reaches an imax value.
- the generator 20 " is solicited one or more times to apply the secret parameter S to the predefined function F , so as to generate, in one or more times, a number T of elements of the sequence of values (A n ): A 1 , ... A ⁇ . From these first T elements, the protection parameters T v ... a ⁇ are generated.
- a k A k .
- the generator 20 " is again requested one or more times to apply the secret parameter S to the predefined function F, so as to generate, in one or more times, a number T of additional elements of the sequence of values (A n ): A T (M) +1 , ... A 11 . From these additional elements T, the protection parameters ⁇ ,..., ⁇ are generated, as before.
- a k AT ( ⁇ 1) + k .
- the knowledge of the method and the secret values used by the method including the initial parameter A 0 previously loaded in memory or during a stage of the life cycle of the microcircuit device in EEPROM memory, allows to find at any time the protection parameters generated and used in the life of the device. It is clear that this feature then allows simple and effective debugging and improved resistance to attack by fault injection.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computational Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2712180A CA2712180A1 (fr) | 2008-01-23 | 2009-01-23 | Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature |
CN2009801023050A CN101911009B (zh) | 2008-01-23 | 2009-01-23 | 用于以签名方案进行非对称加密的对策方法和设备 |
JP2010543544A JP2011510579A (ja) | 2008-01-23 | 2009-01-23 | 署名ダイアグラムを用いた非対称暗号方式のための対策方法およびデバイス |
EP09718480A EP2248008A2 (fr) | 2008-01-23 | 2009-01-23 | Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature |
US12/840,407 US20110170685A1 (en) | 2008-01-23 | 2010-07-21 | Countermeasure method and devices for asymmetric encryption with signature scheme |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0800345A FR2926652B1 (fr) | 2008-01-23 | 2008-01-23 | Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature |
FR0800345 | 2008-01-23 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/840,407 Continuation US20110170685A1 (en) | 2008-01-23 | 2010-07-21 | Countermeasure method and devices for asymmetric encryption with signature scheme |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2009109715A2 true WO2009109715A2 (fr) | 2009-09-11 |
WO2009109715A3 WO2009109715A3 (fr) | 2010-01-14 |
Family
ID=39720608
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2009/000072 WO2009109715A2 (fr) | 2008-01-23 | 2009-01-23 | Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature |
Country Status (8)
Country | Link |
---|---|
US (1) | US20110170685A1 (fr) |
EP (1) | EP2248008A2 (fr) |
JP (1) | JP2011510579A (fr) |
KR (1) | KR20100117589A (fr) |
CN (1) | CN101911009B (fr) |
CA (1) | CA2712180A1 (fr) |
FR (1) | FR2926652B1 (fr) |
WO (1) | WO2009109715A2 (fr) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5328993B2 (ja) * | 2010-12-24 | 2013-10-30 | 三菱電機株式会社 | 署名生成装置及び署名生成方法及び記録媒体 |
FR2980602B1 (fr) * | 2011-09-28 | 2015-06-26 | Oberthur Technologies | Procede de communication avec une entite electronique portable |
US8886924B1 (en) * | 2011-11-15 | 2014-11-11 | The Boeing Company | System and method for transmitting an alert |
CN105739946A (zh) * | 2014-12-08 | 2016-07-06 | 展讯通信(上海)有限公司 | 随机数生成方法及装置 |
EP3438832B1 (fr) * | 2017-08-03 | 2020-10-07 | Siemens Aktiengesellschaft | Procédé pour exécuter un programme dans un ordinateur |
CN107317671B (zh) * | 2017-08-22 | 2019-12-24 | 兆讯恒达微电子技术(北京)有限公司 | 防御旁路攻击的crc运算电路装置和方法 |
CN109768988B (zh) * | 2019-02-26 | 2021-11-26 | 安捷光通科技成都有限公司 | 去中心化物联网安全认证***、设备注册和身份认证方法 |
FR3095709B1 (fr) * | 2019-05-03 | 2021-09-17 | Commissariat Energie Atomique | Procédé et système de masquage pour la cryptographie |
US12021985B2 (en) | 2022-06-03 | 2024-06-25 | Nxp B.V. | Masked decomposition of polynomials for lattice-based cryptography |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1291763A1 (fr) * | 2001-09-06 | 2003-03-12 | STMicroelectronics S.A. | Procédé de brouillage d'un calcul à quantité secrète |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5991415A (en) * | 1997-05-12 | 1999-11-23 | Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science | Method and apparatus for protecting public key schemes from timing and fault attacks |
US6144740A (en) * | 1998-05-20 | 2000-11-07 | Network Security Technology Co. | Method for designing public key cryptosystems against fault-based attacks with an implementation |
US6873706B1 (en) * | 1999-09-29 | 2005-03-29 | Hitachi, Ltd. | Processing apparatus, program, or system of secret information |
JP4086503B2 (ja) * | 2002-01-15 | 2008-05-14 | 富士通株式会社 | 暗号演算装置及び方法並びにプログラム |
AU2003304629A1 (en) * | 2003-07-22 | 2005-02-04 | Fujitsu Limited | Tamper-resistant encryption using individual key |
JP2008512060A (ja) * | 2004-08-27 | 2008-04-17 | 株式会社エヌ・ティ・ティ・ドコモ | 仮署名スキーム |
KR100891323B1 (ko) * | 2005-05-11 | 2009-03-31 | 삼성전자주식회사 | 이진 필드 ecc에서 랜덤 포인트 표현을 이용하여 파워해독의 복잡도를 증가시키기 위한 암호화 방법 및 장치 |
US7404089B1 (en) * | 2005-06-03 | 2008-07-22 | Pitney Bowes Inc. | Method and system for protecting against side channel attacks when performing cryptographic operations |
DE602005020702D1 (de) * | 2005-10-18 | 2010-05-27 | Telecom Italia Spa | Verfahren zur skalarmultiplikation in gruppen elliptischer kurven über primkörpern für nebenkanal-attacken-beständige kryptosysteme |
EP1840732A1 (fr) * | 2006-03-31 | 2007-10-03 | Axalto SA | Protection contre les attaques latérales de la chaîne |
US20080104402A1 (en) * | 2006-09-28 | 2008-05-01 | Shay Gueron | Countermeasure against fault-based attack on RSA signature verification |
US8139763B2 (en) * | 2007-10-10 | 2012-03-20 | Spansion Llc | Randomized RSA-based cryptographic exponentiation resistant to side channel and fault attacks |
US8091139B2 (en) * | 2007-11-01 | 2012-01-03 | Discretix Technologies Ltd. | System and method for masking arbitrary Boolean functions |
-
2008
- 2008-01-23 FR FR0800345A patent/FR2926652B1/fr active Active
-
2009
- 2009-01-23 EP EP09718480A patent/EP2248008A2/fr not_active Withdrawn
- 2009-01-23 CA CA2712180A patent/CA2712180A1/fr not_active Abandoned
- 2009-01-23 CN CN2009801023050A patent/CN101911009B/zh active Active
- 2009-01-23 WO PCT/FR2009/000072 patent/WO2009109715A2/fr active Application Filing
- 2009-01-23 KR KR1020107017062A patent/KR20100117589A/ko not_active Application Discontinuation
- 2009-01-23 JP JP2010543544A patent/JP2011510579A/ja active Pending
-
2010
- 2010-07-21 US US12/840,407 patent/US20110170685A1/en not_active Abandoned
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1291763A1 (fr) * | 2001-09-06 | 2003-03-12 | STMicroelectronics S.A. | Procédé de brouillage d'un calcul à quantité secrète |
Non-Patent Citations (2)
Title |
---|
CORON J-S: "RESISTANCE AGAINST DIFFERENTIAL POWER ANALYSIS FOR ELLIPTIC CURVE CRYPTOSYSTEMS" CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS. INTERNATIONALWORKSHOP, XX, XX, 1 août 1999 (1999-08-01), pages 292-302, XP000952243 * |
D. NACCACHE ET AL.: "Experimenting with Faults, Lattice and the DSA" PKC '05, LECTURE NOTES IN COMPUTER SCIENCE, vol. 3386, 2005, pages 16-28, XP002495194 Berlin, Germany, ISBN 978-3-540-24454-7 cité dans la demande * |
Also Published As
Publication number | Publication date |
---|---|
CN101911009B (zh) | 2012-10-10 |
FR2926652A1 (fr) | 2009-07-24 |
FR2926652B1 (fr) | 2010-06-18 |
US20110170685A1 (en) | 2011-07-14 |
WO2009109715A3 (fr) | 2010-01-14 |
CA2712180A1 (fr) | 2009-09-11 |
JP2011510579A (ja) | 2011-03-31 |
EP2248008A2 (fr) | 2010-11-10 |
CN101911009A (zh) | 2010-12-08 |
KR20100117589A (ko) | 2010-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2215768B1 (fr) | Procede et dispositifs de protection d'un microcircuit contre des attaques visant a decouvrir une donnee secrete | |
WO2009109715A2 (fr) | Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature | |
CA2614120C (fr) | Multiplication de points d'une courbe elliptique | |
EP2248009A2 (fr) | Procede et dispositifs de contre-mesure pour cryptographie asymetrique | |
EP1166494B1 (fr) | Procedes de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle publique de type courbe elliptique | |
WO2007074149A1 (fr) | Procédé cryptographique comprenant une exponentiation modulaire sécurisée contre les attaques à canaux cachés, cryptoprocesseur pour la mise en oeuvre du procédé et carte à puce associée | |
EP2791784A1 (fr) | Procede de generation de nombres premiers prouves adapte aux cartes a puce | |
EP2015171A1 (fr) | Procédé cryptographique comprenant une exponentiation modulaire sécurisée contre les attaques à canaux cachés sans la connaissance de l'exposant public, cryptoprocesseur pour la mise en oeuvre du procédé et carte à puce associée | |
FR2941798A1 (fr) | Appareil pour calculer un resultat d'une multiplication scalaire | |
WO2007116171A2 (fr) | Procede et dispositif pour engendrer une suite pseudo-aleatoire | |
WO2006103149A1 (fr) | Procede et dispositif cryptographique permettant de proteger les logiques de cles publiques contre les attaques par faute | |
EP1904921A1 (fr) | Procede cryptographique pour la mise en oeuvre securisee d'une exponentiation et composant associe | |
FR2949886A1 (fr) | Procede de traitement cryptographique de donnees | |
EP1829279A2 (fr) | Procede et dispositif d'execution d'un calcul cryptographique | |
FR3000246A1 (fr) | Generateur de sequences chaotiques | |
FR2818846A1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie | |
WO1998051038A1 (fr) | Generateur pseudo-aleatoire base sur une fonction de hachage pour systemes cryptographiques necessitant le tirage d'aleas | |
EP4239944B1 (fr) | Procédé de signature cryptographique d'une donnée, dispositif électronique et programme d'ordinateur associés | |
EP1989820A1 (fr) | Dispositif et procede de hachage cryptographique | |
FR2864390A1 (fr) | Procede cryptographique d'exponentiation modulaire protege contre les attaques de type dpa. | |
Zeitoun | Algebraic methods for security analysis of cryptographic algorithms implementations | |
FR2984548A1 (fr) | Procede de generation de nombres premiers prouves adapte aux cartes a puce | |
FR2984547A1 (fr) | Procede de generation de nombres premiers prouves adapte aux cartes a puce | |
WO2006067157A2 (fr) | Procede de generation rapide d'un nombre aleatoire non divisible par un ensemble predetermine de nombres premiers | |
FR2821945A1 (fr) | Procede de protection contre les attaques par mesure de courant ou de rayonnement electromagnetique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200980102305.0 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09718480 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2712180 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010543544 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20107017062 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009718480 Country of ref document: EP |