Claims
- 1. A method for implementing RSA with the Chinese Remainder Theorem for use in a cryptographic system, with resistance to leakage attacks against said cryptographic system, comprising the steps of:
(a) obtaining a representation of an RSA private key corresponding to an RSA public key, said private key characterized by secret factors p and q; (b) storing said representation of said private key in a memory; (c) obtaining a message for use in an RSA cryptographic operation; (d) computing a first modulus, corresponding to a multiple of p, where the value of said multiple of p and the value of said multiple of p divided by p are both unknown to an attacker of said cryptographic system; (e) reducing said message modulo said first modulus; (f) performing modular exponentiation on the result of step (e); (g) computing a second modulus, corresponding to a multiple of q, where the value of said multiple of q and the value of said multiple of q divided by q are both unknown to an attacker of said cryptographic system; (h) reducing said message modulo said second modulus; (i) performing modular exponentiation on the result of step (h); (j) combining the results of said steps (e) and (h) to produce a result which, if operated on with an RSA public key operation using said RSA public key, yields said message; and (k) repeating steps (c) through 0) a plurality of times using different values for said multiple of p and for said multiple of q.
- 2. The method of claim 1 where:
(i) said step (b) includes storing an exponent dp of said RSA private key in said memory as a plurality of parameters; (ii) an arithmetic fimction of at least one of said plurality of parameters is congruent to dp, modulo (p−1); (iii) none of said parameters comprising said stored dp is equal to dp; (iv) an exponent used in said step (f) is at least one of said parameters; (v) at least one of said parameters in said memory changes with said repetitions of said steps (c) through (j).
- 3. The method of claim 2 where said plurality of parameters includes a first parameter equal to said dp plus a multiple of phi(p), and also includes a second parameter equal to a multiple of phi(p), where phi denotes Euler's totient function.
- 4. The method of claim 1 where the value of said multiple of p divided by p is equal to the value of said multiple of q divided by q.
- 5. The method of claim 1 where said multiple of p and said multiple of q used in said steps (c) through (j) are updated and modified in said memory after said step (b).
- 6. The method of claim 1 performed in a smart card.
- 7. The method of claim 1 where at least two of said steps are performed in an order other than (a) through (k).
- 8. A method for implementing RSA for use in a cryptographic system, with resistance to leakage attacks against said cryptographic system, comprising the steps of:
(a) obtaining an RSA private key corresponding to an RSA public key, said RSA public key having an RSA modulus n; (b) storing said private key in a memory in a form whereby a secret parameter of said key is stored as an arithmetic combination of phi(x) and a first at least one key masking parameter, where
(i) an operand x in said phi(x) is an exact multiple of at least one factor of said modulus n of said RSA public key; and (ii) said first key masking parameter is unknown to an attacker of said cryptosystem; (iii) a representation of said first key masking parameter is stored in said memory; (iv) phi denotes Euler's totient function; (c) receiving a message; (d) deriving an RSA input from said message; (e) performing modular exponentiation to raise said RSA input to a power dependent on said secret parameter, modulo an RSA modulus stored in said memory, to produce an RSA result such that said RSA result raised to the power of the public exponent of said RSA public key, modulo the modulus of said RSA public key, equals said RSA input; (f) updating said secret parameter in said memory by:
(i) modifing said first key masking parameter to produce a new key masking parameter, where said modification is performed in a manner such that an attacker with partial useful information about said first key masking parameter has less useful information about said new key masking parameter; and (ii) using said new key masking parameter to update said secret parameter in said memory; (g) repeating steps (d) through (f) a plurality of times, where the power used for each of said modular exponentiation steps (e) is different.
- 9. The method of claim 8 where said operand x in said phi(x) corresponds to said RSA modulus n of said RSA public key.
- 10. The method of claim 8 where said operand x in said phi(x) corresponds to a prime factor of said RSA modulus n of said RSA public key, and where said modular exponentiation of said step (e) is performed using the Chinese Remainder Theorem.
- 11. A method for implementing exponential key exchange for use in a cryptographic system, with resistance to leakage attacks against said cryptographic system, comprising the steps of:
(a) obtaining, and storing in a memory, exponential key exchange parameters g and p, and a plurality of secret exponent parameters on which an arithmetic relationship may be computed to produce an exponent x; (b) using a key update transformation to produce a plurality of updated secret exponent parameters while maintaining said arithmetic relationship thereamong; (c) receiving a public value y from a party with whom said key exchange is desired; (d) using said updated secret exponent parameters to perform a cryptographic computation yielding an exponential key exchange result z=y x mod p; (e) using said result z to secure an electronic communication with said party; and (f) performing said steps (b), (c), (d), and (e) in a plurality of transactions.
- 12. The method of claim 11 where each of said transactions involves a different said party.
- 13. The method of claim 11 where said arithmetic relationship is such that said exponential key exchange result is a product of certain of said secret exponent parameters, both before and after said step (b).
- 14. The method of claim 11 where said key update transformation includes choosing a random key update value r; and where said step (b) includes multiplying one of said secret exponent parameters by r and another of said secret exponent parameters by an inverse of r, said multiplication being performed modulo phi(p), where phi is Euler's totient function.
- 15. The method of claim 11 where said key update transformation includes choosing a random key update value r; and where said step (b) includes adding r to one of said secret exponent parameters and subtracting r from another of said secret exponent parameters.
- 16. The method of claim 15 where said secret exponent parameters include two values x1 and x2 such that x1+x2 is congruent to x, modulo phi(p), where phi is Euler's totient function, and where said step of performing said cryptographic computation yielding said exponential key exchange result includes computing z1=yx1 mod p, Z2=yx2 mod p, and z=z1z2 mod p.
- 17. A cryptographic token configured to perform cryptographic operations using a secret key in a secure manner, comprising:
(a) an interface configured to receive power from a source external to said token; (b) a memory containing said secret key; (c) a processor:
(i) configured to receive said power delivered via said interface; (ii) configured to perform said processing using said secret key from said memory; (d) said token having a power consumption characteristic:
(i) that is externally measurable; and (ii) that varies over time in a manner measurably correlated with said cryptographic operations; and (e) a source of unpredictable information usable in said cryptographic operations to make determination of said secret key infeasible from external measurements of said power consumption characteristic.
- 18. The cryptographic token of claim 17, in the form of a secure microprocessor.
- 19. The cryptographic token of claim 17, in the form of a smart card.
- 20. The cryptographic token of claim 19, wherein said cryptographic operations performed by said smart card enable a holder thereof to decrypt an encrypted communication received via a computer network.
- 21. The cryptographic token of claim 19, wherein said smart card is configured to store value in an electronic cash scheme.
- 22. The cryptographic token of claim 21, wherein said cryptographic operations include authenticating that a balance of said stored value has been decreased.
- 23. The cryptographic token of claim 17, wherein said cryptographic operations include asymmetric private key operations.
- 24. The cryptographic token of claim 23 wherein said cryptographic operations include exponential key agreement operations.
- 25. The cryptographic token of claim 23, wherein said cryptographic operations include DSA signing operations.
- 26. The cryptographic token of claim 23, wherein said cryptographic operations include ElGamal private key operations.
- 27. The cryptographic token of claim 23, wherein said asymmetric private key operations include RSA private key operations.
- 28. The cryptographic token of claim 27 wherein said private key operations include Chinese Remainder Theorem operations.
- 29. The cryptographic token of claim 17, wherein said cryptographic operations include symmetric encryption operations.
- 30. The cryptographic token of claim 17, wherein said cryptographic operations include symmetric decryption operations.
- 31. The cryptographic token of claim 17, wherein said cryptographic operations include symmetric authentication operations using said secret key.
- 32. The cryptographic token of claim 17, wherein said cryptographic operations include authenticating a payment.
- 33. The cryptographic token of claim 17, wherein said cryptographic operations include securing a broadcast communications signal.
- 34. The cryptographic token of claim 33, wherein said cryptographic operations include decrypting a satellite broadcast.
- 35. A method for securely managing and using a private key in a computing environment where information about said private key may leak to attackers, comprising the steps of:
(a) using a first private key, complementary to a public key, to perform first asymmetric cryptographic operation; (b) reading at least a portion of said first private key from a memory; (c) transforming said read portion of said first private key to produce a second private key:
(i) said second private key usable to perform a subsequent asymmetric cryptographic operation in a manner that remains complementary to said public key, and (ii) said transformation enabling said asymmetric cryptographic operations to be performed in a manner such that information leaked during said first asymmetric cryptographic operation does not provide incrementally useful information about said second private key; (d) obtaining a datum; (e) using said second private key to perform said subsequent asymmetric cryptographic operation on said datum.
- 36. The method of claim 35 where said asymmetric cryptographic operation includes a digital signing operation.
- 37. The method of claim 36 where said signing operation is an RSA operation.
- 38. The method of claim 36 where said signing operation is an DSA operation.
- 39. The method of claim 36 where said signing operation is an ElGamal operation.
- 40. The method of claim 35 where said asymmetric cryptographic operation includes a decryption operation.
- 41. The method of claim 40 where said decryption operation is an RSA operation.
- 42. The method of claim 40 where said decryption operation is an ElGamal operation.
- 43. The method of claim 35 where at least two of said steps are performed in an order different than (a), (b), (c), (d), (e).
- 44. The method of claim 35 further com prising the step, after at least said step (c), of replacing said private key in said memory with said second private key.
- 45. The method of claim 35, performed in a smart card.
- 46. The method of claim 35, further comprising the steps of: prior to at least said step (c), incrementing a counter stored in a nonvolatile memory and verifying that said counter has not exceeded a threshold value; and after at least said step (c) has completed successfully, decreasing a value of said counter.
- 47. A method for performing cryptographic transactions while protecting a stored cryptographic key against compromise due to leakage attacks, comprising the steps of:
(a) retrieving a stored private cryptographic key stored in a memory, said stored key having been used in a previous cryptographic transaction; (b) using a first cryptographic function to derive from said stored key an updated key, about which useful information about said stored key obtained through monitoring of leaked information is effectively uncorrelated to said updated key; (c) replacing said stored key in said memory with said updated key; (d) using an asymmetric cryptographic function, cryptographically processing a datum with said updated key; and (e) sending said cryptographically processed datum to an external device having a public key corresponding to said stored key.
- 48. The method of claim 47 where said stored key includes a first plurality of parameters, and where said updated key includes a second plurality of parameters.
- 49. The method of claim 48 where no secret value within said first plurality of parameters is included within said second plurality of parameters.
- 50. The method of claim 49 where said first plurality of parameters is different than said second plurality of parameters, yet a predetermined relationship among said first plurality of parameters is also maintained among said second plurality of parameters.
- 51. The method of claim 50 where said relationship among said plurality of parameters is an arithmetic finction involving at least two of said plurality of parameters.
- 52. The method of claim 51 where said arithmetic fuinction is the sum of said parameters.
- 53. The method of claim 51 where said relationship includes a bitwise combination of said parameters.
- 54. The method of claim 53 where said bitwise combination is an exclusive OR.
- 55. The method of claim 47 where said step (b) includes using pseudorandomness to derive said updated key.
- 56. A method for implementing a private key operation for an asymmetric cryptographic system with resistance to leakage attacks against said cryptographic system, comprising the steps of:
(a) encoding a portion of a private key as at least two component parts, such that an arithmetic function of said parts yields said portion; (b) modifing said component parts to produce updated component parts, but where said arithmetic function of said updated parts still yields said private key portion; (c) obtaining a message for use in an asymmetric private key cryptographic operation; (d) separately applying said component parts to said message to produce an intermediate result; (e) deriving a final result from said intermediate result such that said final result is a valid result of applying said private key to said message; and (f) repeating steps (b) through (e) a plurality of times.
- 57. The method of claim 56 where said private key portion includes an exponent, and where said intermediate result represents the result of raising said message to the power of said exponent, modulo a second key portion.
- 58. The method of claim 57 where said private key operation is configured for 2 use with an RSA cryptosystem.
- 59. The method of claim 57 where said private key operation is configured for 2 use with an ElGamal cryptosystem.
- 60. The method of claim 56 where said private key operation is configured for use with a DSA cryptosystem.
- 61. The method of claim 60 where said private key is represented by secret parameters ak and k whose product, modulo a predetermined DSA prime q for said private key, yields said private key portion.
- 62. The method of claim 56 implemented in a smart card.
- 63. The method of claim 56 where said private key is configured for use with an elliptic curve cryptosystem.
- 64. A method for performing cryptographic transactions in a cryptographic token while protecting a stored cryptographic key against compromise due to leakage attacks, including the steps of:
(a) retrieving said stored key from a memory; (b) cryptographically processing said key, to derive an updated key, by executing a cryptographic update finction that:
(i) prevents partial information about said stored key from revealing useful information about said updated key, and (ii) also prevents partial information about said updated key from revealing useful information about said stored key; (c) replacing said stored key in said memory with said updated key; (d) performing a cryptographic operation using said updated key; and (e) repeating steps (a) through (d) a plurality of times.
- 65. The method of claim 64 where said cryptographic update function of said step (b) includes a one-way hash operation.
- 66. The method of claim 64 where said cryptographic operation of said step (d) is a symmetric cryptographic operation; and comprising the further step of sending a result of said cryptographic operation to a party capable of rederiving said updated key.
- 67. The method of claim 64 further comprising the step, prior to said step (a), of receiving from a second party a symmetric authentication code and a parameter; and said where said step (b) includes iterating a cryptographic transformation a number of times determined from said parameter; and where said step (d) includes performing a symmetric message authentication code verification operation.
- 68. The method of claim 66 where said step (d) of performing said cryptographic operation includes using said updated key to encrypt a datum.
- 69. The method of claim 66 where said updated key contains unpredictable information such that said updated key is not stored in its entirety anywhere outside of said cryptographic token; and where the result of said step (d) is independent of said unpredictable information.
- 70. The method of claim 64 where said step (c) of replacing said stored key includes:
(i) explicitly erasing a region of said memory containing said stored key; and (ii) storing said updated key in said region of memory.
- 71. The method of claim 64 performed within a smart card.
Parent Case Info
[0001] This application claims the benefit of U.S. Provisional application Ser. No. 60/070,344 filed Jan. 2, 1998, and U.S. Provisional application Ser. No. 60/089,529 filed June 15, 1998.
Provisional Applications (2)
|
Number |
Date |
Country |
|
60070344 |
Jan 1998 |
US |
|
60089529 |
Jun 1998 |
US |
Divisions (1)
|
Number |
Date |
Country |
Parent |
09224682 |
Dec 1998 |
US |
Child |
09737182 |
Dec 2000 |
US |