Patent Grant
11132466
The present invention generally relates to the field of cryptography.
It relates more specifically to a method for determining an integrity sum, as well as an associated computer program and an associated electronic entity.
Secure electronic entities must make it possible to ensure confidentiality of the data that they store. Such entities are, for example, designed to protect the confidentiality of some cryptographic keys (in particular, secret keys), used in particular in applications for decrypting electronic messages, electronic signatures or identification signatures.
These secure electronic entities are designed to make it almost impossible for any intrusion into the functioning thereof, but it is preferable to verify that stored data is uncorrupted, i.e. not altered, while ensuring the confidentiality thereof.
Conventionally, two methods can be proceeded with, when the integrity of encrypted stored data is sought to be verified.
The first solution uses an integrity sum associated with raw data (before encryption). Before being stored, this data is encrypted. Verifying the integrity of the stored (encrypted) data thus consists of decrypting the encrypted data, then calculating the associated integrity sum thereof. The latter integrity sum is compared with the integrity sum associated with the raw data. However, this solution involves the handling of clear data (after decryption). The confidentiality of the stored data is no longer necessarily ensured.
The second solution proposes to store, in the electronic entity, an integrity sum associated with the encrypted data. A test for verifying the integrity of the stored (encrypted) data thus consists of independently determining another integrity sum associated with the encrypted data, then of comparing this sum with the one stored in the electronic entity. This method has the advantage of being executed on encrypted data; stored data is therefore not handled clearly. However, as encrypted data is itself known, a hacker could replace this encrypted data with another set of data corresponding to the same integrity sum. The integrity verification would thus be validated falsely. A hacker would also have the possibility of replacing the integrity sum with a suitable value, as they could calculate it from a set of data being substituted for the encrypted data.
In addition, by construction, determining an integrity sum depends on the encrypted data, which itself depends on the used encryption key. Thus, when data stored on two different entities are encrypted from two different keys, the second solution is not suitable (since it would thus be necessary to handle and compare two different integrity sum values, and therefore make two different applications of the checksum function, in order to be able to verify the integrity of the data).
The present invention proposes to improve the verification of the integrity of sensitive data without affecting the confidentiality of this data.
More specifically, according to the invention, a method for determining a first integrity sum is proposed, comprising the following steps:
Thus, according to this method, in order to verify the integrity of the input data, the encrypted data is first masked. This is then masked data which is decrypted and from which an integrity sum is calculated. The decryption step therefore does not disclose the input data clearly and verifying the integrity of the data is therefore done by ensuring the confidentiality of the input data.
Other non-limiting and advantageous characteristics of the method for determining a first integrity sum according to the invention, taken individually or according to all the combinations that are technically possible, are as follows:
The invention also proposes a computer program comprising instructions that can be executed by a processor and suitable for implementing a method for determining a first integrity sum when these instructions are executed by the processor.
The invention also proposes an electronic entity for determining a first integrity sum comprising:
The electronic entity can also comprise:
The following description regarding the appended drawings, given as non-limiting examples, will make what the invention consists of well understood, and how it can be achieved.
In the appended drawings:
The electronic entity 1 comprises a processor 2 (here a microprocessor), a random-access memory 4 and a rewritable non-volatile memory 6 (for example, of the EEPROM type—Electrically Erasable and Programmable Read-Only Memory). The electronic entity 1 could possibly further comprise a read-only memory. The random-access memory 4 and the rewritable non-volatile memory 6 (as well as, if necessary, the read-only memory) are each connected to the processor 2 such that the processor 2 can read or write data in each of these memories.
One of these memories, for example the rewritable non-volatile memory 6, stores computer program instructions which make it possible for the implementation of at least one of the methods described below in reference to
The memories 4, 6 also store data representing values used during the implementation of the methods described below. For example, the rewritable non-volatile memory 6 stores a cryptographic key K.
The random-access memory 4 moreover stores, for example within variables, data processed during the methods described below.
The electronic entity 1 also comprises a set of modules (not represented). These modules can, in practice, be produced by a combination of material elements and software elements. Each module has a functionality described in the methods that conform with the invention and outlined below. Thus, for each module, the electronic entity 1 stores, for example, software instructions that can be executed by the processor 2 of the electronic entity 1 in order to use a material element (for example, a communication interface or a memory) and thus implement the functionality offered by the module.
This method constitutes a method for cryptographically processing an item of input data D, of which the integrity is sought to be ensured, while maintaining the confidentiality thereof.
The case where an encrypted item of data C is obtained by encrypting the item of input data D, of which the confidentiality and integrity is sought to be ensured is now studied.
Specifically, the item of input data D has been encrypted beforehand by application of a cryptographic encryption function F, in order to obtain an encrypted item of data C.
The cryptographic encryption function F is, for example, of the Cipher Feedback (CFB), or Output Feedback (OFB), or CounTerR (CTR) type.
The encryption is for example done in a processor of an electronic entity, distinct from the electronic entity 1. In order to do this, in cases of block encryption mentioned above, the item of input data D can be split into P blocks of data Di. Thus, P encryption blocks are successively applied, and for each encryption block, a variable X is used, having a bit length identical to that of the blocks of data Di. For the first encryption block, the variable X is equal to an item of initialization data. This item of initialization data can be an initialization vector, an initialization vector previously encrypted or a value obtained by counter. For each following encryption block, the variable X is equal to a value obtained by counter, or to the result obtained as the output of the previous encryption block, possibly combined by an “exclusive OR” operation with an input data block.
The encryption of each block of data Di is based on the iteration i of the encryption block, of which the variable X is a parameter. This encryption block uses a cryptographic key stored for the application of a cryptographic algorithm fK to the variable X and results in obtaining the variable fK(X).
For each block of data Di, an encrypted data block Ci is then determined by application of an “exclusive OR” operation between the block of data Di and the variable fK(X) resulting from the iteration i of the encryption block: Ci=Di⊕fKX). It is reminded that the logical “exclusive OR” (or XOR) operation corresponds to the symbol ⊕ between the variables considered. The encrypted item of data C is formed from all the P blocks of encrypted data Ci. The cryptographic encryption function F is, in this case, the combination of the successive applications of the cryptographic algorithm fK and of the “exclusive OR” operation. The cryptographic encryption function F is thus a linear transformation of data with respect to the “exclusive OR” operation.
Also, the case where an integrity sum TD associated with the item of input data D is obtained by application of a checksum function Cks to the item of input data D is studied. This checksum function Cks is subsequently described in more detail in this description.
As represented in
At step E6, the processor 2 randomly generates a data mask R.
This data mask R is then used at step E8 to mask the encrypted item of data C received at step E4. The masking step is carried out by application of an “exclusive OR” operation between the encrypted item of data C and the data mask R. A masked item of data C′ is thus obtained from this step E8: C′=C⊕R.
According to the first example of the method that conforms with the invention, a cryptographic decryption function G is then applied to the masked item of data C′ at step E10. This cryptographic decryption function G makes it possible for the decryption of the masked item of data C′.
The cryptographic decryption function G, applied to the masked item of data C′, makes it possible to decrypt the encrypted item of data C (by application of the inverse function F−1 of the cryptographic encryption function F) while maintaining the mask R. In other words, the cryptographic decryption function G verifies: G(C′)=G(C⊕R)=F−1(C)⊕R.
For example, document EP2296307 can be referred to for more explanations about the handling of masks in relation to a cryptographic function.
The cryptographic decryption function G thus makes it possible, for example, for a Cipher Feedback (CFB), or Output Feedback (OFB) or CounTerR (CTR) type decryption.
At step E10, a decrypted item of data D′ is thus obtained by application of the cryptographic decryption function G to the masked item of data C′ (i.e. to the result obtained by application of an “exclusive OR” operation between the encrypted item of data C and the data mask R): D′=G(C′)=G(C⊕R).
In a variant, the cryptographic encryption function F and the inverse function F−1 (implemented within the cryptographic decryption function G) can be identical.
According to another variant, the cryptographic encryption function F, the inverse function F−1 and the cryptographic decryption function G can be identical. This is, for example, the case for Output Feedback (OFB) or CounTerR (CTR) type encryption/decryption functions.
The use of the data mask R, generated randomly, makes it possible to ensure the confidentiality of the item of input data D during this decryption step, as the result of the application of the cryptographic decryption function G is also a random result: D′=G(C⊕R)=F−1(C)⊕R=D⊕R. This decryption step does not therefore disclose the item of input data D clearly.
Following the method according to the invention, at step E12, an integrity sum T0 associated with the decrypted (masked) item of data D′ is determined. In order to do this, the checksum function Cks is applied to the decrypted item of data D′: T0=Cks(D′)=Cks(D⊕R).
The checksum function Cks is, for example, of the parity byte or Cyclic Redundancy Check (CRC) type.
This checksum function Cks is, in the cases mentioned above, an affine transformation of data. The checksum function Cks verifies therefore the linearity properties with respect to an “exclusive OR” operation.
For example, for a CRC type function, the linearity property is written, by considering two variables Y and Z: CRC(Y⊕Z)=CRC(Y)⊕CRC(Z).
The checksum function Cks generally uses, at the input, an initialization vector IV. This initialization vector IV occurs by being combined by an “exclusive OR” operation to the item of data used as a parameter of the checksum function Cks.
For example, for a CRC type function, for which the initialization vector IV is a parameter of the checksum function, the following relation is verified: CRC(IV, Y⊕Z)=CRC(IV,Y)⊕CRC(0,Z), with Y and Z as two variables.
According to this example, the integrity sum T0 is written:
In a variant, the initialization vector IV can, for example, be set to 0.
At the same time, at step E14, an integrity sum T1 associated with the data mask R is determined. The integrity sum T1 is obtained by application of the checksum function Cks to the data mask R: T1=Cks(R).
In the case of the example above, the integrity sum T1 is written: T1=CRC(0,R).
The integrity sum T0 associated with the decrypted item of data D′ obtained at step E12 and the integrity sum T1 associated with the data mask R obtained at step E14 are combined, at step E16, by application of an “exclusive OR” operation to determine the integrity sum T. The linearity property of the checksum function makes it possible to show that the integrity sum T is associated with the item of input data D: T=T0⊕T1=Cks(D′)⊕Cks(R)=Cks(D′⊕R)=Cks(D⊕R⊕R)=Cks(D).
By considering the example presented above, the integrity sum T is written: T=T0⊕T1=CRC (I V,D′)⊕CRC(0,R)=CRC(I V,D′⊕R)=CRC(I V,D⊕R⊕R)=CRC(I V,D).
The integrity sum T and the integrity sum TD are then used to verify the integrity of the item of input data D.
Step E20 thus corresponds to a step of verifying integrity of the item of input data D. In order to do this, the integrity sum T and the integrity sum TD are compared.
If the equality T=TD is verified at step E20, the processor 2 can conclude on the conservation of integrity of the item of input data D (at step E24). The processor 2 can, for example, then implement a succession of operations using the masked item of data D′. This succession of operations also takes into account the data mask R.
The succession of operations corresponds, for example, to a cryptographic algorithm of which the material implementation is done in an entity external to the electronic entity 1. For example, it can be done in a cryptoprocessor or a coprocessor. The cryptographic algorithm can, for example, be of the “advanced encryption standard” (AES) or “triple DES” (3DES) or “SEED” type, or also of “governmental standard” (GOST) type.
If the equality T=TD is not verified at step E20, the processor 2 implements an error processing step (step E22). Such an error processing step E22 comprises, for example, the script of an item of blocking data (or lock) in the rewritable non-volatile memory 6. The presence of an item of blocking data in the rewritable non-volatile memory 6 will prevent any later functioning of the electronic entity 1. In order to do this, the processor 2 consults, for example, the potential storing zone of the item of blocking data during the start-up of the functioning thereof and stops the functioning thereof in case of detecting the item of blocking data.
According to this second example of the method represented in
In this case, the cryptographic decryption function G can be represented as a function of several variables, of which the data mask R is an input parameter. The cryptographic decryption function G thus verifies: (D′,S)=G(C′,R)=G(C⊕R,R), with D′=F−1(C)⊕S and S corresponding to another data mask resulting from the application of the cryptographic function G.
Document EP2296307 can also be referred to, for example, for more explanations about the handling of masks in relation to a cryptographic function.
As represented in
As described above, with the use of the data masks R, S, R being generated randomly, this makes it possible to ensure confidentiality of the item of input data D during this decryption step, as the result of the application of the cryptographic decryption function G is also a random result: D′=F−1(C)⊕S=D⊕S. This decryption step does not therefore disclose the item of input data D clearly either.
In the further steps of the method according to the invention, as described above, at step E32, an integrity sum T0 associated with the decrypted (masked) item of data D′ is determined. In order to do this, the checksum function Cks is applied to the decrypted item of data D′: T0=Cks(D′)=Cks(D⊕S).
In the case where the checksum function is of the cyclic redundancy check (CRC) type, and uses the initialization vector IV as a parameter, the integrity sum T0 is written: T0=CRC(I V,D′)=CRC(I V,D⊕S)=CRC(I V,D)⊕CRC(0,S).
At the same time, as represented in
In the case of the example mentioned above, the integrity sum T1 is thus written: T1=CRC(0,S).
The integrity sum T0 associated with the decrypted item of data D′ obtained at step E32 and the integrity sum T1 associated with the other data mask S obtained at step E34 are combined, at step E36, by application of an “exclusive OR” operation to determine the integrity sum T. The linearity property of the checksum function makes it possible to show that the integrity sum T is associated with the item of input data D: T=T0⊕T1=Cks(D′)⊕Cks(S)=Cks(D′⊕S)=Cks(D⊕S⊕S)=Cks(D).
In the case of the example presented, the integrity sum T is written: T=T0⊕T=CRC(I V,D′)⊕CRC(0,S)=CRC(I V,D′⊕S)=CRC(I V,D⊕S⊕S)=CRC(I V,D).
The integrity verification steps E40 to E44 are similar to steps E20 to E24 described above.
In a variant of this second example of the method according to the invention, a first data mask R1 and a second data mask R2 can be used at step E8 (after having been generated beforehand, randomly during a step of type E6). In this case, the masked item of data C′ is obtained by application of an “exclusive OR” operation between the encrypted item of data C, the first data mask R1 and the second data mask R2: C′=C⊕R1⊕R2.
The application of the cryptographic decryption function G to the masked item of data makes it possible to obtain at the output, a triplet of data (D′, S1, S2): (D′,S1,S2)=G(C⊕R1⊕R2)=G(C⊕R1⊕R2,R1,R2) wherein the decrypted item of data D′ is expressed by D′=F−1(C)⊕S1⊕S2=D⊕S1⊕S2 (as previously, the other data masks S1 and S2 generated at the output of the application of the cryptographic decryption function G are stored for the further steps of the method).
In this variant, at step E34, an integrity sum T5 and an integrity sum T6 can be respectively obtained by application of the checksum function to the data mask S1 and to the data mask S2. The integrity sum T is thus obtained by application of an “exclusive OR” operation between the integrity sum T0 associated with the decrypted item of data D′, the integrity sum T5 associated with the first mask S1 and the integrity sum T6 associated with the second mask S2:
In the case of a checksum function of the cyclic redundancy check (CRC) type, which uses the initialization vector IV as a parameter, the following is obtained:
The integrity verification steps E40 to E44 are similar to steps E20 to E24 described above.
| Number | Date | Country | Kind |
|---|---|---|---|
| 1762965 | Dec 2017 | FR | national |
| Number | Name | Date | Kind |
|---|---|---|---|
| 20150082435 | Roussellet | Mar 2015 | A1 |
| 20170116437 | Gammel | Apr 2017 | A1 |
| Number | Date | Country |
|---|---|---|
| 2296307 | Mar 2011 | EP |
| Entry |
|---|
| Christophe et al.: “Passive and Active c=Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis”, Fault Diagnosis and tolerance in Cryptography (FDTC), 2010 Workshop on IEEE, Piscataway, NJ, USA, Aug. 21, 2010, pp. 10-19, XP031757066. |
| FR Search Report, dated Jun. 25, 2018, from corresponding FR 1762965 application. |
| Number | Date | Country | |
|---|---|---|---|
| 20190197259 A1 | Jun 2019 | US |
