This application is based upon and claims the benefit of priority from prior Japanese Patent Applications No. 2005-361996, filed Dec. 15, 2005; and No. 2006-215447, filed Aug. 8, 2006, the entire contents of both of which are incorporated herein by reference.
1. Field of the Invention
The present invention relates to an encryption apparatus, encryption method, and encryption program using private key block encryption that is secure against power analysis.
2. Description of the Related Art
Data encryption standard (DES) is private key block encryption that is widely used for the purpose of concealing, e.g., communication contents (e.g., JP-A 51-108701 (KOKAI).
Recently, Paul Kocher et al. have proposed differential power analysis (DPA). DPA is an analyzing method which estimates key information secretly held by an encryption apparatus by analyzing, using a statistical technique, power traces consumed by the encryption apparatus in encrypting a plurality of plaintext blocks (e.g., Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis” in Proceedings of Advances in Cryptology—CRYPTO '99 Springer-Verlag, 1999).
As a known countermeasure against DPA, a plaintext block is mask-processed by using a random number to make intermediate data processed in an encryption apparatus unpredictable for the analyzer, thereby invalidating statistical analysis. However, Paul Kocher et al. have reported higher-order DPA in which key information secretly held by the encryption apparatus is estimated by invalidating the random number masking measure by using power consumption values observed at a plurality of timings. It is known that the key information secretly held by the encryption apparatus can be estimated by higher-order DPA using the timing of mask random number generation in the encryption apparatus and the timing of nonlinear operation of encryption processing.
Ito et al. have devised an arrangement of an encryption apparatus which ensures security against DPA by selecting, at random in every encryption processing, a plurality of conversion tables corresponding to a plurality of mask values fixed in advance (e.g., JP-A No. 2002-366029 (KOKAI)). In the encryption apparatus of Ito et al., when a plaintext block is input from the outside, a random number generator generates a random number for mask selection. In accordance with the mask selection random number, a selection unit selects a mask value and a conversion table corresponding to it from a plurality of mask values and conversion tables stored in advance in a mask storage unit and a table storage unit, respectively. A mask processing unit executes mask processing of the received plaintext block by using the selected mask value. The plaintext block which has undergone the mask processing is converted into a ciphertext block depending on key information by using the selected conversion table.
The method proposed by Ito et al. can invalidate the above-described higher-order DPA using two timings because no mask random number is generated.
It is however known that the key can be estimated by DPA or higher-order DPA if the bits (0 and 1) of the mask value are ill-balanced. To prevent this, well-balanced mask values must be prepared in advance. In addition, if the mask values fixed in advance are revealed by, e.g., reverse engineering, the key information may be estimated on the basis of slight imbalance.
According to an aspect of the present invention, there is provided an encryption apparatus for generating a ciphertext block from a plaintext block, comprising a random number generator which generates a plurality of random numbers, a selector which selects one mask random number from the plurality of random numbers at random, a mask processing unit which executes mask processing of a plaintext block by using the mask random number selected by the selector, a storage unit which stores a first table representing an initial S-box, a converter which converts the first table into a second table representing a deformed S-box on the basis of the mask random number selected by the selector, and an encryption unit which generates a ciphertext block by shuffling the mask-processed plaintext block using the second table.
Embodiments in which the present invention is applied to data encryption standard (DES) will be described below.
Referring to
As shown in
The 32-bit data on the right side is expanded to 48-bit data by the expansion permutation E 311. The result is output to the exclusive OR 313. The exclusive OR 313 outputs the exclusive OR between an expansion key 312 and the output from the expansion permutation E 311. The 48-bit data output from the exclusive OR 313 is equally divided into 6-bit data and input to the S-boxes.
Each S-box includes a table and outputs 4-bit data in correspondence with each of 64 entries of 6-bit input. In, e.g., an S-box (S) 314, the left end of the 6-bit input is defined as the first bit, and the right end is defined as the sixth bit. A row of the S-box table (S1 table) shown in
Referring to
The input/output unit 501 receives, as an input, a plaintext block (64 bits) from the outside and outputs a ciphertext block (64 bits) as a calculation result. The control unit 502 generates a clock signal and controls the operation of the encryption apparatus. The arithmetic unit 503 executes arithmetic processing such as addition and exclusive OR in accordance with an input (instruction and data). The random number generator 504 generates mask random numbers and a selection random number. On the basis of the selection random number generated by the random number generator 504, the selector 505 selects one of a plurality of mask random numbers generated by the random number generator 504 and one of a plurality of S-boxes deformed in correspondence with the mask random number. The ROM 506 stores instruction codes, initial permutation, expansion permutation, S-boxes, permutation using round functions, final permutation, key information, and information necessary for key schedule. The RAM 507 is a memory to save random numbers generated by the random number generator 504, deformed S-boxes, and data obtained in a calculation process.
Mehdi-Laurent Akkar et al. have proposed a method of preparing S-boxes corresponding to different mask random numbers in rounds to improve the security of an encryption apparatus (e.g., Mehdi-Laurent Akkar, Reigis Bevan, and Louis Goubin, “Two Power Analysis Attacks against One-Mask Methods”, Fast Software Encryption 2004, Springer-Verlag, 2004). In the first embodiment, the security can further be improved by using the method of Mehdi-Laurent Akkar et al., though a description thereof will be omitted.
The operation of the encryption apparatus according to the first embodiment will be described with reference to
When the input/output unit 501 receives a plaintext block (64 bits) 601, the random number generator 504 generates mask random numbers 602a and 602b (each contains 64 bits) and a selection random number 603 (one bit). The selector 505 executes selection processing 604 of one of the mask random numbers 602a and 602b on the basis of the selection random number 603.
Assume that the mask random number 602a is selected by the selection processing 604. The arithmetic unit (converter) 503 converts S-boxes stored in the ROM 506 into deformed S-boxes on the basis of the mask random number 602a. More specifically, the mask random number 602a is subjected to initial permutation and divided into 32-bit data on the left (upper) side and 32-bit data on the right (lower) side. The 32-bit data on the right side is expanded to 48-bit data by expansion permutation of a round function and divided into mi1, mi2, . . . , mi8 (each mij contains six bits) corresponding to the inputs to the S-boxes. The 32-bit data on the left side is subjected to reverse permutation of the round function and divided into mo1, mo2, . . . , mo8 (each moj contains four bits) corresponding to the outputs from the S-boxes. Each S-box (initial S-box) stored in the ROM 506 is represented by Sj. Each S-box (deformed S-box) deformed depending on the mask random number is represented by MSj (j=1, 2, . . . , 8).
In correspondence with an input i (six bits), MSj outputs the exclusive OR between moj (four bits) and the output (four bits) from Sj that receives the exclusive OR between i and mij. Such MSj is stored in the RAM 507 as, e.g., a table and supplied to the round function.
When the mask random number 602a is selected by the selection processing 604, the arithmetic unit 503 executes an exclusive OR 605 between the mask random number 602a and the plaintext block 601. The obtained data (64 bits) is subjected to initial permutation 606 and divided into 32-bit data on the left (upper) side and 32-bit data on the right (lower) side. The data are input to a round function 607 using MSj as an S-box. The arrangement of the round function is the same as that shown in
The round function calculation is repeated 16 times. After final permutation 608 is performed, an exclusive OR 609 between the mask random number 602a and the output from the final permutation 608 is executed. A ciphertext block 610 is obtained and output from the input/output unit 501.
The encryption apparatus according to the above-described first embodiment statistically balances bits by using random numbers generated by the random number generator 504 instead of designing mask values containing well-balanced bits in advance. The encryption apparatus of the first embodiment can easily be designed because the bit balance of mask values need not be taken into consideration. Since leakage of mask value information by, e.g., reverse engineering can be prevented, the security can be improved. Since the timing to generate mask random numbers to be used changes in every encryption processing, key information estimation by higher-order DPA can be made difficult.
In the first embodiment, the random number generator 504 generates a 1-bit random number as a selection random number. In some implementations, each generated random number has a fixed length, and no 1-bit random number can be generated. In this case, the random number generation processing is time-consuming. In the modification to the first embodiment, a specific bit (e.g., the least significant bit) of a predetermined one (e.g., the mask random number 602a generated first) of two random numbers generated is used as a selection variable. The value of the selection variable is also used as a random number. One of the two mask random numbers generated is selected on the basis of this value. According to this modification, the number of times of random number generation processing can be reduced by one.
Referring to
The input/output unit 701 receives, as an input, a plaintext block (64 bits) from the outside and outputs a ciphertext block (64 bits) as a calculation result. The control unit 702 generates a clock signal and controls the operation of the encryption apparatus. The arithmetic units 703a and 703b execute arithmetic processing such as addition and exclusive OR in accordance with an input (instruction and data). The random number generator 704 generates mask random numbers and a selection random number. The selector 705 selects one of the exclusive OR results between the plaintext block and the mask random numbers, which are calculated by the arithmetic units 703a and 703b, and one of two deformed S-boxes which are deformed in correspondence with the two mask random numbers. The ROM 706 stores instruction codes, initial permutation, expansion permutation, S-boxes, permutation using round functions, final permutation, key information, and information necessary for key schedule. The RAM 707 is a memory to save random numbers generated by the random number generator 704, deformed S-boxes, and data obtained in a calculation process.
Even in the second embodiment, the security can further be improved by using the method of Mehdi-Laurent Akkar et al., as in the first embodiment, though a description thereof will be omitted.
The operation of the encryption apparatus according to the second embodiment will be described with reference to
When the input/output unit 701 receives a plaintext block (64 bits), the random number generator 704 generates mask random numbers 802a and 802b (each contains 64 bits) and a selection random number 803 (one bit). The arithmetic units 703a and 703b receive, as inputs, the plaintext blocks (plaintext blocks 801a and 801b contain identical data) and the mask random numbers 802a and 802b and execute exclusive ORs 804a and 804b in the same clock cycle, respectively.
In correspondence with the two mask random numbers 802a and 802b, the arithmetic units (converters) 703a and 703b convert S-boxes stored in the ROM 706 into two deformed S-boxes. The conversion rule is the same as in the first embodiment, and a description thereof will be omitted. The obtained two deformed S-boxes, i.e., MSaj and MSbj (j=1, 2, . . . , 8) are stored in the RAM 707 as tables.
On the basis of the selection random number 803, the selector 705 executes selection processing 805 of one of the two data which have undergone mask processing using the mask random numbers. Additionally, on the basis of the selection random number 803, the selector 705 executes selection processing 806 of one set of the deformed S-boxes (MSa1, MSa2, . . . , MSa8) and (MSb1, MSb2, . . . , MSb8) stored in the RAM 707.
When the above processing is ended, the plaintext block (64 bits) which has undergone mask processing and is selected by the selection processing 805 is subjected to initial permutation 807. The processing result is divided into 32-bit data on the left (upper) side and 32-bit data on the right (lower) side and input to a round function 808 to which MSaj or MSbj is supplied as an S-box. The arrangement of the round function is the same as that shown in
The round function calculation is repeated 16 times. The result is subjected to final permutation 809. The arithmetic units 703a and 703b receive, as inputs, the output from the final permutation 809 (exclusive ORs 810a and 810b receive identical data) and the mask random numbers 802a and 802b and execute the exclusive ORs 810a and 810b in the same clock cycle, respectively. The results are input to the selector 705. The selector 705 executes selection processing 811 of one of the outputs from the exclusive ORs 810a and 810b in accordance with the selection random number 803. A ciphertext block 812 is obtained and output from the input/output unit 701.
The encryption apparatus according to the above-described second embodiment selects one of results obtained by executing mask processing for a plurality of (in this embodiment, two) mask random numbers in parallel instead of selecting a mask random number before mask processing is executed for a plaintext block. With this arrangement, correlation between power consumption and data to be processed in the encryption apparatus is reduced.
The encryption apparatus according to the second embodiment can make it difficult to estimate key information by higher-order DPA using the timing of plaintext block mask processing and the timing of nonlinear operation of encryption processing.
Even in the second embodiment, the same modification as in the first embodiment is possible. That is, the number of times of random number generation processing can be reduced by one by using the least significant bit of the mask random number 802a as a selection random number.
Referring to
The input/output unit 901 receives, as an input, a plaintext block (64 bits) from the outside and outputs a ciphertext block (64 bits) as a calculation result. The control unit 902 generates a clock signal and controls the operation of the encryption apparatus. The arithmetic units 903a, 903b, and 903c execute arithmetic processing such as addition and exclusive OR in accordance with an input (instruction and data). The random number generator 904 generates a mask random number and a selection random number. The selector 905 selects one of the exclusive OR results between the plaintext block and the mask variables, which are calculated by the arithmetic units 903a, 903b, and 903c, and one of a plurality of (three) deformed S-boxes which are deformed in correspondence with the mask variables. The ROM 906 stores instruction codes, initial permutation, expansion permutation, S-boxes, permutation using round functions, final permutation, key information, information necessary for key schedule, two mask variables (64-bit fixed values), and deformed S-boxes corresponding to the two mask variables. The RAM 907 is a memory to save a random number generated by the random number generator 904, deformed S-boxes, and data obtained in a calculation process.
Even in the third embodiment, the security can further be improved by using the method of Mehdi-Laurent Akkar et al., as in the first embodiment, though a description thereof will be omitted.
The operation of the encryption apparatus according to the third embodiment will be described with reference to
In the encryption apparatus of the third embodiment, fixed values are substituted into mask variables 1002a and 1002b in advance and stored in the ROM 906. The mask variables 1002a and 1002b preferably contain reverse bit strings to improve the security. For example, 0101 . . . 01 (64 bits) is stored in the ROM 906 as the mask variable 1002a, and 1010 . . . 10 (64 bits) is stored in the ROM 906 as the mask variable 1002b. Deformed S-boxes (MSa1, MSa2, . . . , MSa8) and (MSb1, MSb2, . . . , MSb8) corresponding to the mask variables are calculated in the same way as in the first embodiment and stored in the ROM 906.
When the input/output unit 901 receives a plaintext block (64 bits), the random number generator 904 generates a mask random number (64 bits) and a selection random number (two bits). The mask random number is substituted into a mask variable 1002c. The arithmetic units 903a, 903b, and 903c receive, as inputs, the plaintext blocks (plaintext blocks 1001a, 1001b, and 1001c contain identical data) and the mask variables 1002a, 1002b, and 1002c and execute exclusive ORs 1004a, 1004b, and 1004c in the same clock cycle, respectively.
In correspondence with the mask random number 1002c, the arithmetic unit 903c converts S-boxes stored in the ROM 906 into deformed S-boxes. The conversion rule is the same as in the first embodiment, and a description thereof will be omitted. Each converted deformed S-box, i.e., MScj (j=1, 2, . . . , 8) is stored in the RAM 907 as a table.
On the basis of a selection random number 1003, the selector 905 executes selection processing 1005 of one of the three data which have undergone mask processing using the mask variables. Additionally, on the basis of the selection random number 1003, the selector 905 executes selection processing 1006 of one set of the deformed S-boxes (MSa1, MSa2, . . . , MSa8), (MSb1, MSb2, . . . , MSb8) and (MSc1, MSc2, . . . , MSc8) stored in the ROM 906 and RAM 907.
When-the above processing is ended, the plaintext block (64 bits) which has undergone mask processing and is selected by the selection processing 1005 is subjected to initial permutation 1007. The result is divided into 32-bit data on the left (upper) side and 32-bit data on the right (lower) side and input to a round function 1008 to which MSaj, MSbj, or MScj is supplied as an S-box. The arrangement of the round function is the same as that shown in
The round function calculation is repeated 16 times. The result is subjected to final permutation 1009. The arithmetic units 903a, 903b, and 903c receive, as inputs, the output from the final permutation 1009 (exclusive ORs 1010a, 1010b, and 1010c receive identical data) and the mask variables 1002a, 1002b, and 1002c and execute the exclusive ORs 1010a, 1010b, and 1010c in the same clock cycle, respectively. The selector 905 executes selection processing 1011 of one of the outputs from the exclusive ORs 1010a, 1010b, and 1010c in accordance with the selection random number 1003. A ciphertext block 1020 is obtained and output from the input/output unit 901.
The encryption apparatus according to the above-described third embodiment generates only one random number as a mask random number. The same processing as that of the encryption apparatus of the second embodiment is executed by using a total of three mask variables, i.e., the random number and two mask values fixed in advance.
Even in the third embodiment, the same modification as in the first embodiment is possible. In the modification to the third embodiment, the two lower bits of the mask variable 1002c are used as a selection variable. When the two lower bits are 00, the mask variable 1002a is used. When the two lower bits are 01, the mask variable 1002b is used. When the two lower bits are 10 or 11, the mask variable 1002c is used. With this arrangement, the number of times of random number generation processing can be reduced by one.
In the fourth embodiment, the present invention is applied to advanced encryption standard (AES). However, the present invention may be applied to DES.
Referring to
The SubByte, ShiftRow, and MixColumn express 128-bit data as 16 8-bit data blocks and process them.
The SubByte executes the following processing for each of the 16 data blocks. First, the 8-bit data of each data block is regarded as a number I of an eighth-order extension field GF(28) of GF(2) with an irreducible polynomial given by:
b(x)=x8+x4+x3+x+1
The inverse of I is calculated by:
J=I−1 (where 0−1 is defined as 0)
Next, J that is expressed as the inverse of I is regarded as 8-bit data J1J2 . . . J8 (Ji is 1 bit). For i=0, 1, . . . , 7, J′i=Ji(+)Ji+4mod8(+)Ji+5mod8(+)Ji+6mod8(+)Ji+7mod8(+)Ci is calculated. In this case, (+) represents an exclusive OR, and Ci is a bit where (C7,C6,C5,C4,C3,C2,C1,C0)=(0,1,1,0,0,0,1,1). A method of calculating J′=J′7J′6J′5J′4J′3J′2J′1J′0 from the 8-bit data j is called affine transformation of SubByte and will be referred to as J′=A(J). That is, when SubByte is executed for each data block I, A(I−1) is output.
The SubByte is implemented by a method of calculating the above-described J=I−1 and A(I−1) by using adding and multiplying circuits or a method of preparing a table that outputs A(I−1) in correspondence with input I. The former method requires a large circuit scale but can reduce the memory capacity.
The ShiftRow and MixColumn arrange 16 data blocks in a 4×4 matrix and execute transformation of each block.
The ShiftRow executes cyclic permutation of a predetermined size in each row of the matrix. The MixColumn executes predetermined matrix transformation in each column of the matrix. Matrix transformation is implemented by a calculation method using adding and multiplying circuits or a calculation method using only an adding circuit by expanding the operation.
The key addition calculates the exclusive OR of 128-bit data and the 128-bit expansion key calculated by the key schedule unit.
In the fourth embodiment, assume that a multiplying circuit and an adding circuit are provided to execute the above-described SubByte and MixColumn.
Referring to
The input/output unit 1201 receives, as an input, a plaintext block (128 bits) from the outside and outputs a ciphertext block (128 bits) as a calculation result. The control unit 1202 generates a clock signal and controls the operation of the encryption apparatus. The arithmetic unit 1203 executes arithmetic processing such as addition and exclusive OR in accordance with an input (instruction and data). The multiplier 1208 and adder 1209 are circuits dedicated to multiplication and addition and therefore can execute multiplication and addition more efficiently than the arithmetic unit 1203. In the fourth embodiment, the multiplier 1208 and adder 1209 are used for mask processing and calculation of SubByte and MixColumn.
The random number generator 1204 generates two mask random numbers and one selection random number. The selector 1205 selects one of processing results of a plaintext block and mask random numbers, which are calculated by the multiplier 1208 and adder 1209, and also selects one of two sets of values which are calculated in correspondence with the mask random numbers and to be used in the SubByte. The values used in the SubByte will be described later in detail.
The ROM 1206 stores instruction codes, SubByte, ShiftRow, MixColumn, key information, and information necessary for key schedule. The RAM 1207 is a memory to save random numbers generated by the random number generator 1204 and data obtained in a calculation process.
The fourth embodiment can also improve the security by using different masks in rounds, as in the first embodiment, though a description thereof will be omitted.
The operation of the encryption apparatus according to the fourth embodiment will be described next with reference to
When the input/output unit 1201 receives a plaintext block (128 bits), the random number generator 1204 generates mask random numbers ma 1302a and mb 1302b (each contains 128 bits), a selection random number 1303 (one bit), and a SubByte mask random number m′ (128 bits).
The multiplier 1208 receives, as inputs, a plaintext block 1301a and the mask random number ma 1302a. The adder 1209 receives, as inputs, a plaintext block 1301b (plaintext blocks 1301a and 1301b contain identical data) and the mask random number mb 1302b. Regarding each 128-bit data as 16 8-bit data blocks, the multiplier 1208 and adder 1209 execute multiplication 1304a and addition 1304b, respectively, in the extension field GF(28) in the same clock cycle, thereby executing mask processing.
The arithmetic unit 1203 calculates inverse elements ma=(ma15, ma14, . . . ma0), mb=(mb15, mb14, . . . , mb0), m′=(m′15, m′14, . . . , m′0) of the mask random numbers ma−1=(ma15−1, ma14−1, . . . , ma0−1), mb−1=(mb15−1, mb14−1, . . . , mb0−1), m′−1=(m′15−1, m′14−1, . . . , m′0−1) and the affine transformation A(m′i) of SubByte. The calculation result is used to calculate data to be used in the SubByte calculated by the multiplier 1208. Note that mai, mbi, m′i(i=0, 1, 2, . . . , 15) represents 16 data blocks obtained by dividing ma, mb, and m′ into 8-bit data.
The multiplier 1208 calculates ma−1m′=(ma15−1m′15, ma14−1m′14, . . . , ma0−1m′0), maA(m′)=ma15A(m′15), ma14A(m′14), . . . , ma0A(m′0), mbm′=(mb15m′15, mb14m′14, . . . , mb0m′0), mbm′−1=(mb15m′15−1, mb14m′14−1, . . . , mb0m′0−1) as data to be used in the SubByte. The RAM 1207 stores ma−1 and ma−1m′, maA(m′) and mbm′, mbm′−1. These ma−1m′, maA(m′) and mbm′, mbm′−1 are the above-described two sets of values selected by the selector.
The selector 1205 executes, on the basis of the selection random number 1303, selection processing 1305 of one of two plaintext blocks 1320a and 1320b which have undergone mask processing by the multiplier 1208 and adder 1209. The selector 1205 also executes, on the basis of the selection random number 1303, selection processing 1306 of one of two sets of values ma−1m′, maA(m′) and mbm′, mbm′−1 stored in the RAM.
When the above-described processing is complete, the plaintext block (128 bits) after mask processing which is selected by the selection processing 1305 is added the expansion key and input to a round function.
If a plaintext block 1308a which has undergone mask processing by multiplication is selected in accordance with the selection random number, processing is changed such that all the key addition, SubByte, ShiftRow, and MixColumn input/output data based on the plaintext block 1320a that has undergone mask processing by multiplication. On the other hand, if a plaintext block 1308b which has undergone mask processing by addition is selected, processing is changed such that all the functions input/output data based on the plaintext block 1320b that has undergone mask processing by addition.
When Plaintext Block 1320a that has Undergone Mask Processing by Multiplication is Selected
Key addition and processing in each round function when the plaintext block 1320a that has undergone mask processing by multiplication is selected by the selection processing 1305 will be examined.
Data input to each processing is represented by d=(d15, d14, . . . , d0). The mask ma is given by ma=(ma15, ma14, . . . , ma0). Data dma=(d15ma15, d14ma14, . . . , d0ma0) that has undergone mask processing by multiplication of GF(28) will be considered.
Key addition is a function to calculate the exclusive OR of data d and an expansion key k. If the data d has undergone mask processing by the multiplication 1304a, (d (+) k)ma must be calculated from dma and k.
The expansion key k is expressed by k=(k15, k14, . . . , k0). Note that ki (i=0, . . . , 15) represents 16 data blocks obtained by dividing the data into 8-bit data. At this time, when kma=(k15ma15, k14ma14, . . . , k0ma0) is calculated, and key addition is processed by addition of dma and kma in GF(28), (d (+) k)ma is obtained.
Addition of GF(28) is calculated by adding mod2 of each coefficient when expressing the 8-bit data by GF(28) and is equivalent to the exclusive OR. Hence, dma+kma=(d+k)ma equals (d (+) k)ma.
The ShiftRow will be considered. The ShiftRow executes substitution by regarding the divided 8-bit data block as one unit. The mask random numbers ma and mb are also substituted in blocks of 8 bits.
The MixColumn will be examined. The MixColumn executes matrix transformation for the received data d by using the divided 8-bit data block. In matrix transformation, the product of each component of the transformation matrix and the mask data is calculated such that output data after MixColumn becomes data processed by the mask ma.
For example, of (d′15, d′14, . . . , d′0) obtained by inputting (d15, d14, . . . , d0) to MixColumn, d′15 can be obtained by a product (0x02, 0x03, 0x01, 0x01)(d15, d14, d13, d12)T (T represents transposition).
When a product (dma,15, dma,14, dma,13, dma,12)T is calculated by using (0x02, 0x03*ma,14-1l*ma15, 0x01*ma,13−1*ma,15, 0x01*ma,12−1*ma15) in place of 0x02, 0x03, 0x01, 0x01, the 15th block of the output of MixColumn upon receiving the data dma that has undergone the mask processing can be obtained. The product of the remaining blocks of MixColumn and the mask can be calculated in the same way.
Processing of SubByte will be considered finally. The SubByte is a function that outputs (A(d15−1) A(d14−1), . . . , A(d0−1)) in correspondence with the input data d=(d15, d14, . . . , d0). If the data dma processed by the multiplication mask is input, (A(d15−1)ma,15, A(d14−1)ma,14, . . . , A(d0−1)ma,0) must be calculated from dma in the following way.
First, the arithmetic unit 1203 calculates (dma)−1=(d15−1ma,15−1, d14−1ma,14−1, . . . , d0−1ma,0−1). Next, the arithmetic unit adds ma−1m′ to (dma)−1 and calculates (d−1+m′)ma−1=((d15−1+m′15)ma,15−1, (d14−1+m′14)ma,14−1, . . . , (d0−1+m′0)ma,0−1). d−1+m′=(d15−1+m′15, d14−1+m′14, . . . , d0−1+m′0) is calculated by multiplying ma. When affine transformation A(·) is applied to each block, (A(d15−1)+A(m′15), A(d14−1)+A(m′14), . . . , A(d0−1)+A(m′0)) is obtained. This value is multiplied by ma to calculate ((A(d15−1)ma,15+A(m′15)ma,15, A(d14−1)ma,14+A(m′14)ma,14, . . . , A(d0−1)ma,0+A(m′0)ma,0). By adding maA(m′), (A(d15−1)ma,15, A(d14−1)ma,14, . . . , A(d0−1)ma,0) can be calculated.
When Plaintext Block 1320b that has Undergone Mask Processing by Addition is Selected
Key addition and processing in each round function when the plaintext block 1320b that has undergone mask processing by addition is selected by the selection processing 1305 will be examined.
Data input to each processing is represented by d=(d15, d14, . . . , d0). The mask is given by mb=(mb15, mb14, . . . , mb0). If input data has undergone mask processing by addition of GF(28), data input to each processing is represented by d+mb=(d15+mb15, d14+mb14, . . . , d0+mb0). Key addition and processing in each round function upon receiving d+mb will be examined below.
Key addition is a function to calculate the exclusive OR of the data d and the expansion key k. If the data d has undergone mask processing by the addition 1304b, (d (+) k)+mb must be calculated from d+mb and k. As described above, addition of GF(28) is calculated by adding mod2 of each coefficient when expressing the 8-bit data by GF(28) and is equivalent to the exclusive OR. Hence, when (d+mb)+k=((d15+mb,15)+k15, (d14+mb,14)+k14, . . . , (d0+mb,0)+k0) is calculated, (d (+) k)+mb can be obtained.
The ShiftRow will be considered. As in mask processing by multiplication, the ShiftRow executes substitution by regarding the divided 8-bit data block as one unit. The data ma and mb are also substituted in blocks of 8 bits.
The MixColumn will be examined. As described above, the MixColumn executes matrix transformation for by using the divided 8-bit data block. When data that has undergone mask processing by addition is input, the difference of the product of each component of the transformation matrix and the mask data is calculated, thereby obtaining data processed by the mask ma as the output data as a result of MixColumn.
For example, when mb,15−0x02*mb,15−0x03*mb,14−0x01*mb,13−0x01*mb,12 is added to a product (0x02, 0x03, 0x01, 0x01)(d15+mb,15, d14+mb14, d13+mb,13, d12+mb,12)T, the output of MixColumn upon receiving the data d+mb that has undergone mask processing can be obtained. The sum of the remaining blocks of MixColumn and the mask can be calculated in the same way.
Processing of SubByte will be considered finally. The SubByte is a function that outputs (A(d15−1), A(d14−1), . . . , A(d0−1)) in correspondence with the input data d=(d15, d14, . . . , d0). If the data d+mb processed by the addition mask is input, (A(d15−1)+mb,15, A(d14−1)+mb,14, . . . , A(d0−1)+mb,0) must be calculated from d+mb in the following way.
First, m′ is multiplied by d+mb to calculate (d+mb)m′=((d15+mb,15)m′15, (d14+mb,14)m′14 . . . , (d0+mb,0)m′0). dm′=(d15m′15, d14m′14, . . . , d0m′0) is calculated by adding mbm′ to obtained data. An inverse element (dm′)−1=(d15−1m′15−1, d14−1m′14−1, . . . , d0−1m′0−1) is calculated.
Next, mbm′−1 is added to (dm′)−1 to calculate (d−1+mb)m′−1=((d15−1+mb,15)m′15−1, (d14−1+mb,14)m′14−1, . . . , (d0−1+mb,0)m′0−1). d−1+mb=(d15−1+mb,15, d14−1+mb,14, . . . , d0−1+mb,0) is calculated by multiplying m′. When affine transformation A(·) is applied to this value, (A(d15−1)+A(mb,15), A(d14−1)+A(mb,14), . . . , A(d0−1)+A(mb,0)) is obtained.
Finally, A(mb,0)+mb,o is added to obtain (A(d15−1)+mb,15, A(d14−1)+mb,14, . . . , A(d0−1)+mb,0) The final addition can be done together with the key addition.
As described above, calculation of the round function is repeated 10 times in accordance with the plaintext block selected by the selection processing 1305. Then, the multiplier 1208 and adder 1209 receive, as the inputs, the output from the 10th round function, a reciprocal ma−1 1302c of the mask random number, and the mask random number mb 1302b and execute multiplication 1310a and addition 1310b in the same clock cycle. The results are input to the selector 1205.
The selector 1205 executes, on the basis of the selection random number 1303, selection processing 1311 of one of the outputs of the multiplication 1310a and addition 1310b. With this processing, a ciphertext block 1312 is obtained and output from the input/output unit 1201.
The above-described encryption apparatus according to the fourth embodiment selects one of plaintext blocks which have undergone mask processing by a plurality of mask calculation methods, thereby reducing the correlation between power consumption and data processed in the encryption apparatus. This can make it difficult to estimate key information using power consumption as in DPA or higher-order DPA. In the fourth embodiment, to prevent selection from being specified on the basis of the order or SubByte processing or the calculation time, the calculation order and calculation time must be uniformed by adding dummy processing.
In the fourth embodiment, any increase in circuit scale can be prevented by using multiplying and adding circuits that are held to execute SubByte and MixColumn in different operations (multiplication and addition) as two mask processes.
The fourth embodiment can also be modified as in the first embodiment. That is, the number of times of random number generation processing can be reduced by one by using the least significant bit of the mask random number ma 1302a as a selection variable.
In addition, when identical random numbers are used as ma and mb, the number of times of random number generation processing can be reduced by one.
Additional advantages and modifications will readily occur to those skilled in the art. Therefore, the invention in its broader aspects is not limited to the specific details and representative embodiments shown and described herein. Accordingly, various modifications may be made without departing from the spirit or scope of the general inventive concept as defined by the appended claims and their equivalents.
Number | Date | Country | Kind |
---|---|---|---|
2005-361996 | Dec 2005 | JP | national |
2006-215447 | Aug 2006 | JP | national |