The present invention relates to an encryption field, and more particularly, to a countermeasures technique for preventing cryptanalysis called a power analysis attack.
Encryption methods are broadly classified into a public key encryption method and a common key encryption method. The public key encryption method is a method using different keys for encryption and decryption. This is a method for securing safety by making a key (secret key) for decrypting an encrypted text secret only to a receiver although a key (public key) for encrypting a text is made public. In contrast, the common key encryption method is a method using the same key (secret key) for both encryption and decryption. This is a method for securing safety by implementing the secret key as information unknown to third parties except for a transmitter and a receiver.
Techniques in the encryption field include cryptanalysis. Cryptanalysis is a technique for estimating secret information such as a secret key or the like on the basis of obtainable information such as an encrypted text or the like. Cryptanalysis includes various techniques. A method called a power analysis attack (hereinafter referred to as PA) is a technique that has been recently receiving attention. PA is a technique devised by Paul Kocher in 1998. This is a technique for estimating key information within an encryption processor by collecting/analyzing power consumption data when various pieces of input data are given to the encryption processor included in an embedded apparatus such as a smart card or the like. It is known that a secret key can be estimated from an encryption processor by using PA in both public key encryption and secret key encryption.
PA includes two types of analyses such as a single power analysis (hereinafter referred to as SPA), and a differential power analysis (hereinafter referred to as DPA)). SPA is a method for estimating a secret key on the basis of a characteristic of single piece of power consumption data in an encryption processor, whereas DPA is a method for estimating a secret key by analyzing differences among many pieces of power consumption data. Normally, DPA is said to be stronger analysis. The following paper was announced as a representative of cryptanalysis using SPA and DPA. Documents such as Non-Patent Document 1 listed below describe cryptanalysis using DPA for public key encryption such as RSA or the like. Moreover, Non-Patent Document 2 listed below describes cryptanalysis using SPA and DPA for DES (Data Encryption Standards) currently used as a standard in common key encryption methods. In addition to DES, also Rijndael that is a common key encryption method is expected to be used as a standard in the next generation, and documents such as Non-Patent Document 3 listed below and the like point out the possibility of decryption using DPA.
Cryptanalytic technology using PA has been receiving attention as an especially effective method, and diverse cryptanalytic methods have been studied. Not only cryptanalytic technology but also countermeasures for preventing cryptanalysis using PA has made a prograss, and has been focused as important technology as well as cryptanalytic technology.
AES (Advanced Encryption Standards) is known as a representative common key encryption algorithm, and AES is made public as Non-Patent Document 4 listed below.
AES is an algorithm using 128 bits as an encryption unit. Namely, a 128-bit encrypted text is generated from a 128-bit plaintext. A secret key is selectable from among three types such as 128 bits, 192 bits and 256 bits. By executing the expanded key process, N+1 128-bit expanded keys are generated from a secret key. An AES round process is composed of four types of processes such as RoundKey, Subbyte, ShiftRow and MixColumn. In RoundKey among them, an expanded key is used. A plaintext is input to the round process, which is repeated by N−1 times in order of RoundKey, Subbyte, ShiftRow and MixColumn. Then, the processes of RoundKey, Subbyte, ShiftRow and RoundKey are executed to output an encrypted text. The number of repetitions N varies depending on a bit length of a secret key. For 128 bits, N=10. For 192 bits, N=12. For 256 bits, N=14.
A secret key cryptanalytic method using DPA is described below. DPA is a method for cryptanalyzing a secret key by measuring power consumed for the round process of
L(X⊕Y)=L(X)⊕L(Y)
(In the following description, the symbol ⊕ is replaced with ◯)
Specifically, a bit permutation process like ShiftRow illustrated in
An example where the expanded key K can be decrypted by using DPA for a process of
DPA is composed of two stages such as a measurement of power consumption data, and an expanded key analysis using differential power data. With the measurement of power consumption data, data of power consumption of an encryption processor when a plaintext is given is measured as a power consumption curve illustrated in
The expanded key analysis using power consumption curves is described next. Assume kj=k′j for the expanded key kj used in the encryption process. Since mj and wj are known, the set G can be classified into the following two types of subsets such as G0(k′j) and G1(k′j) in accordance with the e-th bit value of assumed wj(mj◯k′j).
G
0(k′j)=e th bit value of {G|zj=wj(mj◯k′j)=0} (1)
G
1(k′j)=e th bit value of {G|zj=wj(mj◯k′j)=1} (2)
Then, the following differential power curve DG(k′j) is created.
DG(k′j)=(average of power consumption curves belonging to the subset G1)−(average of power consumption curves belonging to the subset G0) (3)
If this assumption is correct, namely, if k′j=kj, a spike illustrated in
The reason why the spike appears in the differential power curve DG(k′1) if k′j=kj is described next. If k′j=kj, an equation (4) is satisfied for Zj when G is classified into G0(k′j) and (G1(k′j) according to the equations (1) and (2).
(average hamming weight of zj belonging to G1)−(average hamming weight of zj belonging to G0)=1 (4)
In the meantime, if k′j≠kj, the equation (4) is not satisfied, and the set G is randomly classified. Therefore, an equation (5) is satisfied.
(average hamming weight of zj belonging to G0)−(average hamming weight of zj belonging to G0)=0 (5)
A hamming weight is the number of bits having a value “1” when a certain value is represented with bit values. For example, the hamming weight of a bit value (1101)2 is 3.
Accordingly, a difference occurs between average hamming weights of the load value zj of G1(k′j) and G0(k′j) if the equation (4) is satisfied. However, if the equation (5) is satisfied, a difference does not occur between the average hamming weights of the load value zj of G1(k′j) and G0(k′j).
Normally, power consumption is considered to be proportional to a hamming weight of a data value. Experimental results that prove this to be correct are referred to in documents such as Non-Patent Document 5 listed below and the like.
Accordingly, if k′j=kj, a difference of power consumption appears as a spike in a differential power curve when the equation (4) is satisfied. However, a spike does not appear and a differential power curve becomes flat when the equation (5) is satisfied.
DPA against the simplest structure illustrated in
With the above described method, DPA is applied by focusing an Sbox output during the linear process. In addition, a method for applying DPA by focusing a value obtained immediately after XORing an input mj and a key kj (output value of the XOR process of a key) or an input value xj to the Sbox is known (Non-Patent Document 7 listed below).
In summary, the secret key K is estimated with DPA if the following conditions are satisfied (these DPA attack conditions are referred to also in Patent Document 1 listed below).
DPA-1. If an input M is known and controllable, the key K is unknown and fixed and a transformation of Sbox wj is known, DPA can be performed by measuring a power consumption curve of a portion A (output of Sbox wj) illustrated in
DPA-2. If the input M is known and controllable and the key K is unknown and fixed, DPA can be performed by measuring a power consumption curve of a portion B (a write of the output of the XOR process of a key) illustrated in
DPA-3. If the input M is known and controllable and the key K is unknown and fixed, DPA can be performed by measuring a power consumption curve of a portion C (loading of an input value for indexing Sbox wj) illustrated in
<Secret Key Decryption Method Using SPA>
A secret key decryption method using SPA is described below. This attack observes power consumption of a multiplication process represented by
c=a{circle around (×)}b
({circle around (×)} is a symbol that represents a multiplication. The symbol {circle around (×)} is hereinafter replaced with ⊚ in this specification) where {circle around (×)} is a symbol that represents a multiplication. In an AES process, a multiplication process when a, b and c are an element of GF(28) or GF(((22)2)2) is executed in a calculation (
In
The zero multiplication SPA can be performed also for the circuit configuration illustrated in
In
<Conventional Techniques>
As conventional DPA countermeasures, there is a technique for randomizing power consumption by taking countermeasures for an encryption process. The following two conventional examples are known as countermeasures using this technique. These examples are described below as conventional examples 1 and 2. Moreover, a method for reducing a Subbyte circuit in an AES circuit without DPA countermeasures is described in the following conventional example 3. The Subbyte circuit is implemented not with the multiplication process but with a table operation in the conventional examples 1 and 2. Therefore, these examples are safe from the zero multiplication SPA, and the DPA countermeasures to be taken functions as PA countermeasures unchanged.
As a typical method for randomizing power consumption, a technique called a masking method is known (Non-Patent Document 8 listed below. Hereinafter referred to as the conventional example 1). Assuming that data calculated in an encryption process without DPA countermeasures is M, DPA countermeasures referred to in the conventional example 1 is a method for executing an encryption process by calculating data M′ and R represented by M′=M◯R instead of calculating data M. Note that R is a random number, which is a value generated each time the encryption process is executed. With this method, data of the encryption process is masked with a random value. Because data is randomized, also power consumption is randomized. As a result, the process safe from PA can be implemented. In the following description, a value such as R, XORed with data without PA countermeasures, is called a mask value.
Problem 1: A circuit scale is large compared with a circuit without DPA countermeasures
Problem 2: Processing speed is slow compared with a circuit without DPA countermeasures
A method for solving the problem 2 of the conventional example 1 is disclosed by Patent Document 1 listed below (hereinafter referred to as the conventional example 2 in this specification). A mask value is generated at random in the conventional example 1, whereas a value selected with a random number among a plurality of fixed values calculated in advance is used as a mask in the conventional example 2. The selected mask value is denoted as Ri. In the conventional example 2, data M′i and Ri that satisfy M′i=Mi◯R, are calculated in a similar manner as in the conventional example 1. Since Ri is a value calculated in advance, there is no need to calculate both M′i and Ri. Only M′i needs to be calculated. Since a random number is a value calculated in advance, there is no need to dynamically update the table data of Sbox unlike the conventional example 1. Only a plurality of pieces of static data calculated in advance need to be prepared. Therefore, a faster process than the conventional example 1 can be implemented. By using the DPA countermeasures of the conventional example 2, the AES encryption process without DPA countermeasures illustrated in
An XOR process using an expanded key Ki, the Subbyte process using Sbox, the ShiftRow process and the MixColumn process are executed for input data M′i, and data M′i+1 is output. In this series of processes, one of q fixed values is selected with a random number r (0≦r≦q−1), and a masking process is executed with this value. For example, if the q fixed values are denoted as ch (h=0, 1, . . . q−1), a fixed value selected with the random number r is denoted as cr. If input data in the process without the DPA countermeasures is denoted as Mi, M′i=Mi◯fr is satisfied for a fixed value fr selected with the random number r. Namely, Mi′ is XORed with fr, and a mask value of Mi is fr.
After the expanded key Ki is masked with the fixed value er selected with the random number r, it is XORed with M′i. The mask value of Mi′ is fr, and the mask value of the expanded key Ki is er. Therefore, the mask value of data input to Sbox is represented as a result of XORing these mask values, and the mask value is fr◯er. If ch=fh◯eh is represented for an arbitrary h (0, 1, . . . , q−1), the mask value of data input to Sbox results in cr.
A nonlinear transformation process is executed by the Sbox circuit next. This process is executed by selecting one of q Sboxes with a random number. Sbox executes a process for masking input data with cr and for masking output data with dr. If Sbox with masking intended to implement this process is represented as S′h[x] and Sbox without countermeasures is represented as S[x] in this process, S′h[x] (h=0, 1, . . . , q−1) is designed so that a relationship of S′h[x]=S[x◯ch]◯dh is satisfied. Since a q−1 DEMUX circuit and a q−1 MUX circuit are respectively provided at an input and an output of the Sbox circuit, a signal of the expanded key XOR operation is transferred to only one of the q Sboxes. Power characteristics of the q Sboxes are mutually different. Therefore, by selecting one of the q Sboxes with a random number, power consumption is randomized, and the process safe from PA can be implemented. Unlike the conventional example 1, data calculated in advance is available for the Sbox table. Therefore, a faster process than the conventional example 1 can be implemented. However, the configuration of
Problem 1: A circuit scale is large compared with a circuit without DPA countermeasures.
As a method for reducing the circuit scale of AES Sbox, a method using a composite field is known (Non-Patent Document 9 listed below. Hereinafter referred to as a conventional example 3). This method is known as a method applicable to an AES circuit without SPA or DPA countermeasures.
A normal configuration of an AES Sbox circuit is described as an assumption of explaining this method.
An inverse element is an 8-bit value y that satisfies I(x)=x−1 mod (x8+x4+x3+x+1) where x is an arbitrary 8-bit value, and satisfies x⊚y=1 mod(x8+x4+x3+x+1). For the Affine transformation and the inverse element, also see “5.1.1 SubBytes( ) Transformation” of Non-Patent Document 4 listed below.
A(x) is used only for encryption, whereas A−1(x) is used only for decryption. I(x) is a common circuit used for both encryption and decryption. A(x) and A−1(x) are circuits that perform an 8-bit input/output operation with a simple logic operation, and their scales are known to be small. In contrast, I(x) is a circuit that performs an 8-bit input/output operation using a table, and its scale is known to be large. Namely, the configuration illustrated in
As illustrated in
Contents of the process illustrated in
The circuit illustrated in
Problem 3: A process safe from SPA and DPA cannot be implemented.
The following types of multiplications ⊚ using elements of GF(28) and GF(((22)2)2) are known. For the multiplication ⊚ and the XOR operation ◯, laws represented as (law-1), (law-2), (law-3), and (law-4) are satisfied.
multiplication of GF(28): Only the following one type is defined.
multiplication of GF(((22)2)2): The following three types are defined.
(law-1) a⊚b=b⊚a
where a and b are 8-bit or 4-bit data, and are elements of GF(28) or GF(((22)2)2).
(law-2) a⊚(b◯c)=a⊚b◯a⊚c
where a, b and c are 8-bit or 4-bit data, and are elements of GF(28) or GF(((22)2)2).
(law-3) a◯a=0
where a is 8-bit or 4-bit data, and is an element of GF(28) or GF(((22)2)2).
(law-4) a⊚b=aH⊚b∥aL⊚b
where a is 8-bit data, aH is higher-order 4 bits of a, aL is lower-order 4 bits of a, and b is 4-bit data. ∥ is a symbol that represents a bit concatenation. For example, a bit value (1110)2 is denoted as (1110)2=(11)2∥(10)2. Moreover, a relationship among a, aH and aL is denoted as a=aH∥aL. a, aH, aL and b are elements of GF(((22)2)2).
(law-1) and (law-2) are laws that correspond to a communicative law a×b=b×a satisfied for an integer multiplication × and an integer addition +, and also correspond to an associative law a×(b+c)=a×b+a×c. These laws are satisfied for both GF(28) and GF(((22)2)2). (law-3) is evident from a definition 0◯0=0, 1◯1=0 of an XOR operation, and this law is satisfied for both GF(28) and GF(((22)2)2). (law-4) is a special law that is satisfied only for GF(((22)2)2). This law indicates that a calculation result of an 8-bit×4-bit multiplication in GF(((22)2)2) is obtained by concatenating bits of results of operations of two 4-bit×4-bit multiplications aH⊚b and aL⊚b.
For normal Galois fields except for GF(28) and GF(((22)2)2), (law-1), (law-2) and (law-3) are satisfied for an arbitrary binary field GF(2β) and an arbitrary composite field GF(( . . . (2β1) . . . )βγ). (law-4) is satisfied if the composite field GF(( . . . (2β1) . . . )βγ) satisfies βγ=2. Namely, a result of a⊚b conforms to (law-4) if a is (β1× . . . ×βγ−1×2) bits and aH, aL and b are (β1× . . . ×βγ−1) bits.
Comparisons of the respective characteristics of the above described conventional examples 1 to 3 are summarized in Table 1. Table 1 includes the comparisons of three points such as safety from PA, a circuit scale and a processing speed. For the safety, “safer” is better. For the circuit scale, “smaller” is better. For the processing speed, “faster” is better. It is proved from Table 1 that the conventional examples 1 to 3 are not methods having superior characteristics of all the three points.
Here, means of the present invention for achieving superior effects on all the three characteristics represented by Table 1 is described. To explain this means, a solution according to the present invention is described after a simple combination of the conventional examples 2 and 3 is explained. Initially,
Input data of
A value obtained by performing a 6 transformation for the above described value is X=δ(M◯K◯pr)=δ(M◯K)◯δ(pr). Namely, X is masked with a mask value δ(pr). Since δ and δ−1 transformations are linear transformations, they are functions that satisfy δ(a∘b)=δ(a)∘δ(b) and δ−1(a∘b)=δ−1(a)∘δ−1(b) where a and b are arbitrary values.
In
An assumption of the attack is initially described. Assume that M is a value known to an attacker, K is a value unknown to the attacker, r is a value unknown to the attacker, and a set of q fixed values p0, p1, . . . pq−1 is values known to the attacker. A method of the zero multiplication SPA for the circuit illustrated in
A multiplier the power consumption of which is observed with the zero multiplication SPA can be observed with SPA if a zero multiplication by X=0 occurs. This SPA means X=0. Therefore, δ(M◯K)◯δ(pr)=0, namely, δ(M◯K)=δ(pr) is proved to the attacker. By performing a δ−1 transformation for both sides, M◯K=pr is obtained. Accordingly, K=M◯pr is proved to the attacker. Namely, K◯M=pr is proved to the attacker for any of r=0, 1, . . . , q−1. Therefore, the values of K can be reduced to q values. Such a zero multiplication SPA is applicable not only to the multiplier of
As described above, the circuit illustrated in
As described above, it is concluded that the AES process using a composite field calculation is vulnerable to the zero multiplication SPA if data masked with a fixed mask value is input to the multiplier, and that the AES process is safe from the zero multiplication SPA if data masked with a random mask value is input.
In
As illustrated in
(ZSPA-sec) The multiplication process safe from the zero multiplication SPA is an operation for inputting random value masked data as both of the two inputs a and b to the multiplication process represented by c=a⊚b.
The following document group is known examples cited in this specification.
[Non-Patent Document 1] Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan “Power Analysis Attacks of Modular Exponentiation in Smartcards”, Cryptographic Hardware and Embedded Systems (CHES'99), Springer-Verlag, pp. 144-157
[Non-Patent Document 2] Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis,” in proceedings of Advances in Cryptology-CRYPTO'99, Springer-Verlag, 1999, pp. 388-397
[Non-Patent Document 3] S. Chari, C. Jutla, J. R. Rao, P. Rohatgi, “An Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards,” Second Advanced Encryption Standard Candidate Conference, March 1999
[Non-Patent Document 4] US NIST (National Institute of Standards and Technology), FIPS197 (Federal Information Processing Standards Publication) http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[Non-Patent Document 5] T. S. Messerge, Ezzy A. Dabbish and Robert H. Sloan, “Investigations of Power Attacks on Smartcards”. Proceedings of USENIX Workshop on Smartcard Technology, March 1999.
[Non-Patent Document 6] Takeshi Shimoyama, Hitoshi Yanami, Kazuhiro Yokoyama, Masahiko Takenaka, Kouichi Itoh, Jun Yajima, Naoya Torii, Hidema Tanaka “The Block Cipher SC2000”, Fast Software Encryption (FSE 2001), pp. 312-327, LNCS vol. 2355
[Non-Patent Document 7] M. Akkar, R Bevan, P. Dischamp, and D. Moyart, “Power Analysis, What Is Now Possible . . . .”, Asiacrypt 2000)
[Non-Patent Document 8] Thomas S. Messerges, “Securing the AES Finalists Against Power Analysis Attacks,” in proceedings of Fast Software Encryption Workshop 2000, Springer-Verlag, April 2000.
[Non-Patent Document 9] Akashi Satoh, Sumio Morioka, Kohji Takano and Seiji Munetoh: “A Compact Rijndael Hardware Architecture with S-Box Optimization”, ASIACRYPT2001, LNCS Vol. 2248, pp. 239-254, December 2001.
[Non-Patent Document 10] Akashi Satoh, Sumio Morioka, Kohji Takano and Seiji Munetoh: “A Compact Rijndael Hardware Architecture with S-Box Optimization”, ASIACRYPT2001, LNCS Vol. 2248, pp. 239-254, December 2001.
[Non-Patent Document 11] “A Compact Rijndael Hardware Architecture with S-Box Optimization”
[Patent Document 1] Japanese Laid-open Patent Publication No. 2002-366029
As described above, if the conventional examples are simply combined, an AES encryption apparatus that can solve the aforementioned problems 1, 2 and 3 and has SPA and DPA countermeasures cannot be implemented.
The present invention is an implementation technique for taking PA countermeasures for an encryption processor for performing common key encryption. By using this technique, it becomes difficult to cryptanalyze a secret key of an encryption process such as AES that is a representative common key algorithm, and safety of an embedded device such as a smart card or the like can be improved.
A first embodiment according to the present invention assumes a common key block encryption apparatus for performing a nonlinear transformation with a multiplication process executed in a binary field or a composite field.
Initially, the first embodiment includes a computing unit configured to execute computation processes other than the nonlinear transformation with fixed value masked input data obtained by performing an XOR operation (hereinafter referred to as XOR) with a mask using a fixed value (hereinafter referred to as a fixed mask value).
The first embodiment further includes, in the multiplication process using the nonlinear transformation, an XOR computing circuit configured to transform all pieces of input data into fixed value masked input data by XORing all the pieces of input data with a fixed mask value, and to transform the fixed value masked data into random value masked input data by XORing the input data with a mask using a random value (hereinafter referred to as a random mask value), a multiplier configured to execute a multiplication process on the basis of the random value masked input data output from the XOR computing circuit, and a random mask value-to-fixed mask value transformation circuit configured to again transform the random value masked output data output from the multiplier into fixed value masked output data.
A second embodiment according to the present invention has the following configuration based on the first embodiment according to the present invention.
Namely, the multiplication process in the first embodiment according to the present invention is configured with a computing circuit configured to compute
J1=(X◯R′)⊚(Y◯S′)
J2=S′⊚(X◯R′)
J3=R′⊚(Y◯S′)
J4=R′⊚S′
J0=J1◯J2◯J3◯J4◯fr
and to compute an output J0=X⊚Y◯fr if it is assumed that input data of the multiplication process using the nonlinear transformation are X and Y, random mask values are R and S, a fixed mask value is fr, ◯ is an XOR operation circuit, ⊚ is a multiplier, and random mask values, such as R′=R◯pr and S′=S◯qr, obtained by XORing the fixed mask value with a random number are R′ and S′, or the multiplication process is configured with a computing circuit equivalent to the computing circuit.
A third embodiment according to the present invention has the following configuration based on the first embodiment according to the present invention.
Namely, the multiplication process in the first embodiment according to the present invention is configured with a computing circuit configured to compute
J1=(X◯R′)⊚(Y◯R′)
J2=R′⊚((X◯R′)◯(Y◯R′)◯R′)
J0=J1◯J2◯fr
and to compute an output J0=X⊚Y◯fr if it is assumed that input data of the multiplication process using the nonlinear transformation are X and Y, a random mask value is R, a fixed mask value is fr, ◯ is an XOR operation circuit, ⊚ is a multiplier, and a random mask value, such as R′=R◯pr, obtained by XORing the fixed mask value with a random number is R′, or the multiplication process is configured with a computing circuit equivalent to the computing circuit.
A fourth embodiment according to the present invention has the following configuration based on the first embodiment according to the present invention.
Namely, the multiplication process in the first embodiment according to the present invention is a computation performed in a composite field GF(( . . . (2β1) . . . )βγ) that satisfies βγ=2, and the multiplication process is configured with a computing circuit configured to compute
J1=(X◯R′)⊚(Y◯R′L)
J2=(Y◯R′H)⊚R′H◯R′H2
J3=((X◯R′)◯(Y◯R′L)◯R′L)⊚R′L
J0=J1◯(J2∥(0000)2)◯J3◯fr
and to compute an output J0=X⊚Y◯fr if it is assumed that input data of the multiplication process using the nonlinear transformation are X and Y, random mask values are R and S, a fixed mask value is fr, ◯ is an XOR operation circuit, ⊚ is a multiplier, random mask values, such as R′=R◯pr and S′=S◯qr, obtained by XORing the fixed mask values with a random number, are R′ and S′, R′H and R′L are bit values obtained when R′ is halved into higher-order and lower-order bits, and J2∥(0000)2 is a computation for concatenating a zero bit sequence including a same number of bits as J2 to a lower-order side of J2, or the multiplication process is configured with a computing circuit equivalent to the computing circuit.
A fifth embodiment according to the present invention has the following configuration based on the first embodiment according to the present invention.
Namely, the multiplication process in the first embodiment according to the present invention is a computation performed in a composite field GF(( . . . (2β1) . . . )βγ) that satisfies βγ=2. The multiplication process is configured with a computing circuit configured to compute
J1=(XH◯R′L)⊚(Y◯R′L)
J2=((XH◯R′L)◯(Y◯R′L)◯R′L)⊚R′L
J3=(XL◯R′L)⊚(Y◯R′L)
J4=((XL◯R′L)◯(Y◯R′L)◯R′L)⊚R′L
J0=((J1◯J2)∥(J3◯J4))◯fr
and to compute an output J0=X⊚Y◯fr if it is assumed that input data of the multiplication process using the nonlinear transformation are X and Y, random mask values are R and S, a fixed mask value is fr, ◯ is an XOR operation circuit, ⊚ is a multiplier, random mask values, such as R′=R◯pr and S′=S◯qr, obtained by XORing the fixed mask value with a random number, are R′ and S′, R′H and R′L, are bit values obtained when R′ is halved into higher-order bits and lower-order bits, and X′H and X′L, are bit values obtained when X′ is halved into higher-order bits and lower-order bits, or the multiplication process is configured with a computing circuit equivalent to the computing circuit.
By using the computing circuit of the multiplication process in the second or the third embodiment according to the present invention, a U16⊚U multiplication in a binary field or a composite field can be performed.
Additionally, by using the computing circuit of the multiplication process in the second, the fourth or the fifth embodiment, a U−17⊚U16 multiplication in a binary field or a composite field can be performed.
A sixth embodiment according to the present invention has the following configuration by assuming a common key encryption apparatus for computing 8-bit output data U−1 ◯fr 8-bit input data U◯gr in a composite field GF(( . . . (2β1) . . . )βγ) that satisfies βγ=2 by using 4-bit cr, 8-bit gr, 4-bit dr and 8-bit fr as fixed mask values selected with a random number r, and by using 8-bit R and R′ as random mask values.
Initially, the sixth embodiment includes a maskedU16⊚U calculation circuit configured to calculate a 4-bit value U17◯cr from the input data U◯gr with a U16⊚U calculation for XORing with a random mask value, and to calculate 8-bit U16 ◯R′ and R′.
The sixth embodiment further includes a 4-bit-to-4-bit transformation table circuit that is selected with a random number r, and configured to calculate 4-bit U−17 ◯dr from the U17◯cr output from the maskedU16⊚U calculation circuit.
The sixth embodiment still further includes a maskedU−17⊚U16 calculation circuit, to which U−17◯dr output from the 4-bit-to-4-bit transformation table circuit, U16◯R′ output from the maskedU16⊚U calculation circuit, and R′ are input, and which is configured to calculate the output data U−1◯fr.
A seventh embodiment according to the present invention has the following configuration based on the sixth embodiment according to the present invention.
Namely, the maskedU16⊚U calculation circuit includes a computing circuit group, to which the fixed mask value gr, the input data U◯gr, and the random mask value R are input, and which is configured to calculate three pieces of data such as U◯R=(U◯gr)◯R◯gr, U16◯R16=(U◯R)16, and R16, and a computing circuit group configured to perform a computation
J1=(U◯R)⊚(U16◯R16)
J2=R16⊚(U◯R)
J3=R⊚(U16◯R16)
J4=R⊚R16
J0=J1◯J2◯J3◯J4◯cr
or a computing circuit group configured to perform a computation equivalent to this computation, wherein the J0 is input as the U17◯cr to the 4-bit-to-4-bit transformation table circuit, and the U16◯R16 and the R16 are input as the U16◯R′ and the R′ to the maskedU−17⊚U16 calculation circuit.
An eighth embodiment according to the present invention has the following configuration based on the sixth embodiment according to the present invention.
Namely, the maskedU16⊚U calculation circuit includes a computing circuit group, to which the fixed mask value gr, the input data U◯gr, and the random mask value R are input, and which is configured to calculate two pieces of data such as U ◯R=(U◯gr)◯R◯gr and 16◯R=(U◯R)16◯R◯R16, and a computing circuit group configured to perform a computation
J1=(U◯R)⊚(U16◯R)
J2=R⊚((U◯R)◯(U16◯R)◯R)
J0=J1◯J2◯cr
or a computing circuit group configured to perform a computation equivalent to this computation, wherein the J0 is input as the U17◯cr to the 4-bit-to-4-bit transformation table circuit, and the U16◯R and the R are input as the U16◯R′ and the R′ to the maskedU−17⊚U16 calculation circuit.
A ninth embodiment according to the present invention has the following configuration based on the sixth embodiment according to the present invention.
Namely, the maskedU−17⊚U16 calculation circuit includes a computing circuit group, to which U−17◯d4 is output from the 4-bit-to-4-bit transformation table circuit, the fixed mask values dr and fr, U16◯R′ is output from the maskedU16⊚U calculation circuit, R′, and a random number S generated within the circuit are input, and which is configured to calculate two pieces of data such as U−17◯S◯dr=(U−17◯dr) ◯S and S◯dr, and a computing circuit group configured to perform a computation
J1=(U−17◯S◯dr)⊚(U16◯R′)
J2=R′⊚(U−17◯S◯dr)
J3=(S◯dr)⊚(U16◯R′)
J4=(S◯dr)⊚R′
J0=J1◯J2◯J3◯J4◯fr
or a computing circuit group configured to perform a computation equivalent to this computation, wherein the J0 is output as the U−1◯fr.
A tenth embodiment according to the present invention has the following configuration based on the sixth embodiment according to the present invention.
Namely, the maskedU−17⊚U16 calculation circuit includes a computing circuit group, to which U−17◯dr is output from the 4-bit-to-4-bit transformation table circuit, the fixed mask values dr and fr, U16◯R′ is output from the maskedU16⊚U calculation circuit, R′, and higher-order 4 bits R′H and lower-order 4 bits R′L of R′ are input, and which is configured to calculate five pieces of data such as U16◯(dr∥dr)◯R′, U−17◯dr ◯R′L, dr◯R′, U−17◯dr◯R′H and dr◯R′H and a computing circuit group configured to perform a computation
J1=(U16◯(dr∥dr)◯R′)⊚(U−17◯dr◯R′H)
J2=(U−17◯dr◯R′H)⊚(dr◯R′H)◯(dr◯R′H)2
J3=((U16◯(dr∥dr)◯R′)◯(U−17◯dr◯R′L)◯(dr◯R′L))⊚(dr◯R′L)
J0=J1◯(J2∥(0000)2)◯J3◯fr
or a computing circuit group configured to perform a computation equivalent to this computation, wherein the J0 is output as the U−1◯fr.
An eleventh embodiment according to the present invention has the following configuration based on the sixth embodiment according to the present invention.
Namely, the maskedU−17⊚U16 calculation circuit includes a computing circuit group, to which U−17◯dr is output from the 4-bit-to-4-bit transformation table circuit, the fixed mask values dr and fr, U16◯R′ is output from the maskedU16⊚U calculation circuit, R′, and higher-order 4 bits R′H and lower-order 4-bits R′L, of R′ are input, and which is configured to calculate three pieces of data such as U16H◯R′L=(higher-order 4 bits of U16◯R′)◯R′L◯R′H, U−17◯R′L=(U−17◯dr)◯R′L◯dr, U16L◯R′L=(lower-order 4 bits of U16◯R′) by using U16H and U16L respectively as higher-order 4 bits and lower-order 4 bits of an 8-bit value U16, and a computing circuit group configured to perform a computation
J1=(U16H◯R′L)⊚(U−17◯R′L)
J2=((U16H◯R′L)◯(U−17◯R′L)◯R′L)⊚R′L
J3=(U16L◯R′L)⊚(U−17◯R′L)
J4=((U16L◯R′L)◯(U−17◯R′L)◯R′L)⊚R′L
J0=((J1◯J2)∥(J3◯J4))◯fr
or a computing circuit group configured to perform a computation equivalent to this computation, wherein the J0 is input as the U−1◯fr.
In any of the first, the second, the third, the sixth and the eighth embodiments according to the present invention, the multiplication process using the nonlinear transformation can be executed in a binary field represented by GF(28). At this time, the binary field GF(28) is represented, for example, with a remainder of a polynomial x8+x4+x3+x+1.
Additionally, in any of the first to the eleventh embodiments, the multiplication process using the nonlinear transformation can be executed in a composite field represented by GF(((22)2)2). At this time, the composite field GF(((22)2)2) is represented, for example, with a remainder of polynomials GF((24)2=x2+x+(1100)2, GF((22)2)=x2+x+(10)2 and GF(22)=x2+x+1.)
The present invention can be implemented also as an embedded apparatus into which the encryption apparatus according to any one of the first to the eleventh embodiments.
The object and advantages of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the claims.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, as claimed
Embodiment is described in detail below with reference to the drawings.
The present invention implements an AES encryption processing apparatus that solves all the problems 1 to 3 pointed out in the background art. To solve the problems, the apparatus executes processes that satisfy the following (condition-1), (condition-2), (condition-3) and (condition-4).
(condition-1) The processes of the conventional example 2 except for the AES Subbyte process are executed.
(condition-2) As the AES Subbyte process, an inverse element operation using a composite field is executed with a method safe from SPA and DPA.
(condition-3) As the table process in the composite field operation of (condition-2), the process of the conventional example 2 is executed.
(condition-4) To a multiplication of the composite field operation of (condition-2), random value masked data is always input.
By introducing (condition-1), the problems 1, 2 and 3 are simultaneously solved other than the AES Subbyte process. Since the problem 1 that is the single problem of the conventional example 2 is a problem related only to the Subbyte circuit, all the problems are solved if the conventional example 2 is not used in the Subbyte process. If the problems 1, 2 and 3 can be solved for the AES Subbyte process, it means that all the problems can be solved for the entire AES process.
By introducing (condition-2), the problem 1 is solved for the AES Subbyte process. By replacing an inverse element operation that needs a large circuit scale in the Subbyte process with the process using the composite field of the conventional example 3 illustrated in
(condition-3) performs the table operation of the conventional example 2 for the table operation in the inverse element operations using the composite field illustrated in
(condition-4) is a policy of SPA and DPA countermeasures for a multiplication among the inverse element operations using the composite field illustrated in
According to the present invention, the AES process that satisfies all the above described (condition-1) to (condition-4) is executed. The basic policy of satisfying all these conditions is to execute a masking process using a random mask value only for a multiplication process in an inverse element operation using a composite field, and to execute a masking process using a fixed mask value for other processes. A basic idea for realizing this policy is described below.
In the conventional examples, either or both of inputs to a multiplier are fixed value masked data as illustrated in an upper portion of
By XORing also data Y◯qr masked with a fixed mask value qr with the random number S, Y◯S◯qr=Y◯S′ results in random value masked data. A multiplication of (X◯R′)⊚(Y◯S′) is performed for these pieces of random value masked data, namely, the two inputs to the multiplier are random value masked data. Therefore, with the method according to the present invention, a process safe from SPA and DPA is implemented. However, also data output as a result of this multiplication is random value masked data. As indicated by (condition-1), according to the present invention, the processes of the conventional example 2, namely, the processes using fixed value masked data need to be executed other than the Subbyte process. Accordingly, random value masked data that is output as a result of multiplying pieces of random value masked data needs to be transformed into fixed value masked data. This process is executed by the random mask value-to-fixed mask value transformation processing circuit illustrated in
In the following description of (basic principle-1) to (basic principle-4), data calculated in a normal AES process without PA countermeasures, random mask values, and a fixed mask value are respectively referred to as X and Y, R and S, and fr. Random mask values obtained by XORing the fixed mask values with a random number as represented by R′=R◯pr and S′=S◯qr are denoted as R′ and S′.
[Basic Principle-1]
This is a method applicable to both of multiplications such as U17=U16⊚U and U−1=U−17⊚U16 (
J1=(X◯R′)⊚(Y◯S′)
J2=S′⊚(X◯R′)
J3=R′⊚(Y◯S′)
J4=R′⊚S′
If U17=U16⊚U, X, Y, R′ and S′ are 8 bits. If U−1=U−17⊚U16, X and R′ are 8 bits, and Y and S′ are 4 bits.
J1, J2, J3 and J4 are calculated, and J0=X⊚Y◯fr is obtained from J0=J1◯J2◯J3◯J4◯fr. A circuit for calculating X⊚Y◯fr according to the basic principle-1 is represented with MaskedMul—1(X◯R′, Y◯S′, R′, S′, fr) as a symbol. Moreover, if (law-1) to (law-3) are taken into account,
J1=X⊚Y◯X⊚S′◯Y⊚R′◯R′⊚S′
J2=S′⊚X◯S′⊚R′
J3=R′⊚Y◯R′⊚S′
J4=R′⊚S′
Therefore, J0=J1◯J2◯J3◯J4◯fr=X⊚Y◯fr can be verified.
All pieces of data input to the multiplication processes J1 to J4 are random value masked data. Therefore, the process safe from SPA and DPA can be implemented. The number of multiplications needed for this process is as follows.
For U17=U16⊚U, four 8-bit×8-bit multiplications
For U−1=U−17⊚U16, four 8-bit×4-bit multiplications (or eight 4-bit×4-bit multiplications)
The basic principle-1 is based on (law-1) to (law-3). Therefore, this principle is applicable to an operation of an arbitrary binary field and composite field.
[Basic Principle-2]
If the PA countermeasures according to the basic principle-1 is used, one multiplication without PA countermeasures is replaced with four multiplications. An increase in the number of multiplications results in an overhead associated with the PA countermeasures. Accordingly, by reducing the number of multiplications after this replacement, the overhead associated with the PA countermeasures is decreased. Specializing S′ in the basic principle-1 with S′=R′ (basic principle-2) in order to decrease the overhead is (basic principle-2). With this specialization, the operation process is simplified. Therefore, one multiplication without PA countermeasures is replaced with two multiplications.
However, the specialization using S′=R′ can be performed only if the data bit lengths of S′ and R′ are equal. Accordingly, (basic principle-2) is applicable only if the bit lengths of two pieces of input data of the multiplication without PA countermeasures are equal. Namely, this is a method applicable only to an 8-bit×8-bit multiplication represented by U17=U16⊚U (
J1=(X◯R′)⊚(Y◯R′)
J2=R′⊚((X◯R′)◯(Y◯R′)◯R′)
where X, Y and R′ are 8 bits. J1 and J2 are calculated, and J0=X⊚Y◯fr is obtained from J0=J1◯J2◯fr. A circuit for calculating X⊚Y◯fr in accordance with the basic principle-2 is represented with MaskedMul—2(X◯R′, Y◯R′, R′, fr) as a symbol. Moreover, if (law-1) to (law-3) are taken into account,
J1=X⊚Y◯X⊚R′◯Y⊚R′◯R′2
J2=X⊚R′◯Y′⊚R′◯R′2
Therefore, J0=J1◯J2◯fr=X⊚Y◯fr can be verified.
All pieces of data input to the multiplication processes of J1 and J2 are random value masked data. Therefore, the process safe from SPA and DPA can be implemented. The number of multiplications needed for this process is as follows.
For U17=U16⊚U, two 8-bit×8-bit multiplications
Since the basic principle-2 is based on (law-1) to (law-3), this principle is applicable to an operation of an arbitrary binary field and composite field.
[Basic Principle-3]
By using the basic principle-2, an overhead of the number of multiplications performed for the PA countermeasures can be decreased according to the present invention. However, a multiplication to which this technique is applicable is only an 8-bit×8-bit multiplication represented by U17=U16⊚U, and is not applicable to an 8-bit×4-bit multiplication represented by U−1=U−17⊚U16. A method, applicable to an 8-bit×4-bit multiplication represented by U−1=U−17⊚U16, for reducing the overhead of the number of multiplications in accordance with the basic principle-1 in order to improve this problem is the following basic principle-3.
A basic idea of the basic principle-2 is to simplify the calculation by making the random mask value R′ of X and the random mask value S′ of Y common with S′=R′. This idea is possible only if the bit lengths of X and Y are equal. If the bit lengths are different, S′=R′ is impossible. Accordingly, it is impossible to make two random mask values equal if bits lengths are different. However, it is possible to make these mask values partially equal. Namely, if R′ and S′ are assumed to be 8 bits and 4 bits respectively, random mask values can be made partially equal by setting S′=R′L when R′ is separated into higher-order 4 bits value R′H and lower-order 4 bits value R′L as represented by R′=R′H∥R′L. A method, applicable to the 8-bit×4-bit multiplication represented by U−1=U−17⊚U16, for reducing the overhead of the number of multiplications in accordance with the basic principle-1 by adopting the above described idea is described below (
J1=(X◯R′)⊚(Y◯R′L)
J2=(Y◯R′H)⊚R′H◯R′H2
J3=((X◯R′)◯(Y◯R′L)◯R′L)⊚R′L
where X and R′ are 8 bits, Y, R′H and R′L are 4 bits, and R′=R′H∥R′L. J1, J2 and J3 are calculated, and J0=X⊚Y◯fr is obtained from J0=J1◯(J2∥(0000)2)◯J3◯fr. A circuit for calculating X⊚Y◯fr in accordance with the basic principle-3 is represented with MaskedMul—3(X◯R′, Y◯R′H, Y◯R′L, R′H, R′L, fr) as a symbol. Moreover, if (law-1) to (law-4) are taken into account,
J1=(XH◯R′H)⊚(Y◯R′L)∥(XL◯R′L)⊚(Y◯R′L)=(XH⊚Y◯XH⊚R′L◯Y⊚R′H◯R′H⊚R′L)∥(XL⊚Y◯XL⊚R′L◯Y⊚R′L◯R′L2)
J2∥(0000)2=(Y⊚R′H)∥(0000)2
J3=(XH◯R′H)⊚R′L∥(XL◯R′L◯Y◯R′L◯R′L)⊚R′L=(XH⊚R′L◯R′H⊚R′L)∥(XL⊚R′L◯YL⊚R′L◯R′L2)
where XH and XL are 4-bit values that satisfy X=XH∥XL. Accordingly, J0=J1◯(J2 (0000)2) ◯J3◯fr=((XH⊚Y)(XL⊚Y))◯fr is obtained. If X⊚Y=((XH⊚Y) (XL⊚Y)) is taken into account in accordance with (law-4), J0=J1◯(J2∥(0000)2)◯J3◯fr=X⊚Y◯fr can be derived.
All pieces of data input to the multiplication processes of J1, J2 and J3 are random value masked data. Therefore, the process safe from SPA and DPA can be implemented. The number of multiplications needed for this process is as follows.
For U17=U16⊚U, two 8-bit×4-bit multiplications, one 4-bit×4-bit multiplication, and one 4-bit×4-bit square operation
Furthermore, if it is taken into account that one 8-bit×4-bit multiplication corresponds to two 4-bit×4-bit multiplications and one 4-bit×4-bit square operation costs less than one 4-bit×4-bit multiplication (namely, costs less than one 4-bit×4-bit multiplication), the number of multiplications needed for the basic principle-3 can be also represented as follows.
For U17=U16⊚U, φ 8-bit×4-bit multiplications (2.5<φ<3)
Since the basic principle-3 is based on (law-1) to (law-4), this principle is applicable to an operation of the composite field F(( . . . (2β1) . . . )βγ) that satisfies βγ=2.
[Basic Principle-4]
For an 8-bit×4-bit multiplication represented by U−1=U−17⊚U16, four 8-bit×4-bit multiplications are needed according to the basic principle-1. In the meantime, the number of multiplications can be reduced to φ 8-bit×4-bit multiplications (2.5<φ<3) according to the basic principle-3. A method for further reducing the number of multiplications by using the nature of an 8-bit×4-bit multiplication is the basic principle-4. By using (law-4), an 8-bit×4-bit multiplication can be separated into two 4-bit×4-bit multiplications. According to the basic principle-4, two pieces of data input to each of the 4-bit×4-bit multiplications are XORed with the same random number likewise (basic principle-2) (
J1=(XH◯R′L)⊚(Y◯R′L)
J2=((XH◯R′L)◯(Y◯R′L)◯R′L)⊚R′L
J3=(XL◯R′L)⊚(Y◯R′L)
J4=((XL◯R′L)◯(Y◯R′L)◯R′L)⊚R′L
where X is 8 bits, XH, XL, Y and R′L are 4 bits, and X=XH∥XL. J1, J2, J3 and J4 are calculated, and J0=X⊚Y◯fr is obtained from J0=((J1◯J2) (J3◯J4))◯fr. If (law-1) to (law-4) are taken into account,
J1◯J2=(XH◯R′L)⊚(Y◯R′L)◯(XH◯R′L◯Y◯R′L◯R′L)⊚R′L=XH⊚Y◯XH⊚R′L◯Y⊚R′L◯R′L2◯XH⊚R′L◯Y⊚R′L◯R′L2=XH⊚Y
J3◯J4=(XL◯R′L)⊚(Y◯R′L)◯(XL◯R′L◯Y◯R′L◯R′L)⊚R′L=XL⊚Y◯XL⊚R′L◯Y⊚R′L◯R′L2◯XL⊚R′L◯Y⊚R′L◯R′L2=XL⊚Y
A circuit for calculating X⊚Y◯fr in accordance with the basic principle-4 is represented with MaskedMul—4(XH◯R′L, XL◯R′L, Y◯R′L, R′L, fr) as a symbol. Since X⊚Y=((XH⊚Y) ∥(XL⊚Y)) according to (law-4), J0=((J1◯J2) ∥(J3◯J4))◯fr=X⊚Y◯fr can be verified.
Since all pieces of data input to the multiplication processes of J1, J2, J3 and J4 are random value masked data, the process safe from SPA and DPA can be implemented. The number of multiplications needed for this process is as follows.
The basic principle-4 is based on (law-1) to (law-4). Therefore, this principle is applicable to an operation of the composite field GF(( . . . (2β1) . . . )βγ) that satisfies βγ=2.
Embodiments implemented by applying the techniques of the present invention referred to in the basic principle-1, the basic principle-2, the basic principle-3 and the basic principle-4 to the inverse element operation of the conventional example 3 illustrated in
i. The inverse element operation circuit is a circuit for calculating and outputting an element T−1◯qr of GF(28) with an input of an element T◯pr of GF(28). Note that pr and qr are fixed mask values selected with a random number r.
ii. Calculating δ(T◯pr)=δ(T)◯δ(pr)=U◯gr by performing a δ transformation for the element T◯gr of the input GF(28). Note that gr is a fixed mask value selected with the random number r, and satisfies gr=δ(pr).
iii. Calculating U−1◯fr from U◯gr by performing an operation implemented by combining a multiplication and a table operation for U◯gr. fr represents a fixed mask value selected with the random number r.
iv. Calculating δ−1(U−1◯fr)=δ−1(fr)=T−1◯qr by performing a δ−1 transformation for U−1◯fr. A relational expression δ−1(fr)=qr is satisfied between qr and fr.
Embodiments for implementing SPA and DPA countermeasures by applying the techniques of the present invention referred to in the basic principle-1, the basic principle-2, the basic principle-3 and the basic-principle 4 to the inverse element operation described in iii among the above described i to iv steps are described below.
The calculation of
Masked U16⊚U Calculation
The basic function of this circuit is to calculate and output U17◯cr with an input of U◯gr. Note that cr and gr are fixed mask values selected with the random number r, and are 4 bits and 8 bits, respectively. The fixed mask values cr and gr are given as inputs to this circuit. To perform a multiplication with data masked with a random value within the circuit, the random number R is given as an input. Moreover, two pieces of data represented with U′◯R′ and R′ are output and given as inputs to a masked U−17⊚U16 calculation. The value output as R′ varies depending on an embodiment of this circuit. For a first embodiment using the multiplication circuit according to the basic principle-1, R′=R16. For a second embodiment using the multiplication circuit according to the basic principle-2, R′=R. The first embodiment and the second embodiment will be described in detail later.
Masked U−17⊚U16 Calculation
The basic function of this circuit is to calculate and output U−1◯fr with inputs U−17◯dr and U′◯R′, and a random number R′. Note that dr and fr are fixed mask values selected with the random number r, and are 4 bits and 8 bits, respectively. The fixed mask values dr and fr are given as inputs to this circuit.
A 4-bit value U17◯cr is calculated from an 8-bit value U◯gr with the U16⊚U calculation. For U17◯cr, U−17◯dr is calculated with a 4-bit-to-4-bit transformation table I′r [x] selected with the random number r. If a 4-bit-to-4-bit inverse element transformation table of the element GF(((22)2)2) is represented as I[x]=x−1, this is a table for performing a transformation represented by I′h[x]=I[x◯ch]◯dh for all of h=0, 1, . . . , q−1. By performing the transformation using I′r [x] for U17◯cr, I′ [U17◯cr]=I[U17◯cr) ◯cr]◯dr=I[U17]◯dr=(U17)−1◯dr=U−17◯dr can be calculated. This data is the first input of the two pieces of input data to the masked U−17⊚U16 calculation.
A calculation of U16◯R′ is performed as the second piece of input data to the masked U−17⊚U16 calculation. In the first embodiment to be described later, U16◯R′ results in R′=R16 because data of (U◯R)16=U16◯R16 calculated during the masked U16⊚U calculation is used. In the second embodiment to be described later, U16◯R′ results in R′=R because the value of U16◯R calculated during the masked U16⊚U calculation is used.
The reason that (U◯R)16=U16◯R16 is satisfied is that a 16th power operation is an operation performed by repeating a square operation by four times, and a result of one square operation once satisfies (U◯R)2=U2◯2U⊚R◯R2=U2◯R2, namely, a form of Uk◯Rk for an integer k if (law-3) is taken into account. Accordingly, U16◯R16 is obtained for the 16th power operation.
As described above, U−1◯fr is obtained by giving values resulting from U−17◯dr and U16◯R′ as two pieces of input values to the masked U−17⊚U16 calculation after U−17◯dr and U16◯R′ are calculated.
By using the circuit described in the basic principle-1, the basic principle-2, the basic principle-3 or the basic principle-4 for the above described masked U16⊚U calculation and masked U−17⊚U16 calculation, the process safe from SPA and DPA can be realized. Embodiments implemented by applying the basic principle-1, the basic principle-2, the basic principle-3 and the basic-principle 4 to the masked U16⊚U calculation and the masked U−17⊚U16 calculation are described below.
An AES encryption processing apparatus according to the present invention satisfies (condition-1), (condition-2), (condition-3) and (condition-4) described in the basic principles of the present invention. Therefore, all the problems 1, 2 and 3 that cannot be solved by the conventional examples, 1, 2 and 3 can be overcome. Namely, the AES encryption processing apparatus that can satisfy all the three points such as a small circuit scale (solution to the problem 1), faster processing speed (solution to the problem 2), and the process safe from SPA and DPA (solution to the problem 3) can be implemented although such an apparatus cannot be implemented in the conventional examples. Table 3 represents comparisons between the conventional examples 1, 2 and 3 and the present invention.
Additionally, with the techniques according to the present invention, an encryption processing apparatus that solves the problems 1, 2 and 3 can be implemented not only for AES but for overall common key encryption performing a multiplication process using a composite field. The present invention is also applicable, for example, to CLEFIA (http://www sony.co.jp/Products/clefia/technical/data/clefia-spec-1.0.pdf) that is a 128-bit common key block encryption algorithm.
Basic multiplication circuits for implementing the techniques of the present invention are four types of circuits according to the basic principle-1, the basic principle-2, the basic principle-3 and the basic principle-4. Table 4 represents the number of 8-bit×4-bit multiplications respectively needed for the circuits.
In a multiplication circuit according to the present invention, the number of 8-bit×4-bit multiplications needed varies depending on which of the first to the fifth embodiments is applied to the two calculations such as the masked U16⊚U calculation and the masked U−17⊚U16 calculation. The number of multiplications is evaluated based on a total of the number of multiplications respectively needed according to the basic principle-1 to the basic principle-4 that are a base of the embodiments. Table 5 represents evaluation results. In the evaluations of Table 5, the number of 16th power operations is not included. This is because the 16th power operation of GF(((22)2)2) is a special operation that can be implemented with a very small circuit scale. Specifically, results X16 of the 16th power operation of X can be calculated only with a 4-bit XOR operation like X16=XH∥(XL◯XH) by using the higher-order 4 bits XH and the lower-order 4 bits XL of X, and this is a ignorable size due to its smallness compared with the circuit scale of a multiplication circuit.
All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the invention and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions, nor does the organization of such examples in the specification relate to a showing of the superiority and inferiority of the invention. Although the embodiment (s) of the present invention has (have) been described in detail, it should be understood that the various changes, substitutions, and alterations could be made hereto without departing from the spirit and scope of the invention.
This application is a continuation application of International PCT Application No. PCT/JP2008/000837 which was filed on Mar. 31, 2008, the entire contents of which are incorporated herein by reference.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/JP2008/000837 | Mar 2008 | US |
Child | 12889096 | US |