The invention relates to software and data cryptography. In particular, the invention relates to a method for hiding intermediate results of a modular exponentiation.
Till not so long ago, cryptography was concerned only by the protection of the communication of the message into a hostile environment. In classical scheme (a.k.a. black-box model), the attacker had only access to the inputs of the decryption device. With the emergence of Pay-TV, digital contents protected by DRM (movie, music in smart-phone, personal computer or in CD/DVD), attacker has now physically access to the decryption device and its outputs meaning that not only he can passively study the state and intermediate values of the encryption device, but also actively affect its computations.
Specifically, in 1996 appeared the notion of fault analysis: when submitting the decryption device to abnormal conditions (wrong input, abnormal temperature, strong electromagnetic radiations . . . ), the decryption algorithm can output faulty plaintext which gives information about the key used in the decryption device. See “On the Importance of Checking Cryptographic Protocols for Faults” of Dan Boneh, Richard A. DeMillo and Richard J. Lipton in the proceedings of Eurocrypt 1997.
In the same year appeared the notion of side-channel attacks: the physical signals (timing of processing, power consumption, electromagnetic radiations . . . ) that are output by the decryption device during the processing of the decryption can leak information (side-channel information) about the internal variables of the decryption algorithm. From this internal variables and statistic analysis, the attacker can retrieve information about the key used in the decryption device. See “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems” of Paul C. Kocher in the proceedings of Crypto 1996.
Fault analysis and side-channel analysis belong to the grey-box model: the attacker has a limited knowledge about the implementation of the cryptographic algorithm and about its internal data. These attacks were successfully used to retrieve the keys and code source of smartcards used in pay-TV systems.
For music and movie on personal computer or on CD/DVD, the content keys are protected by obfuscation of software (DRM) because it is much less expensive than to distribute smartcards. In this case the environment is even more hostile than in the grey-box model, the attacker has a full access of the inner part of the software. This is what is called the white-box model. In 2002 appeared the concept of White-Box Cryptography. White-Box Cryptography is an obfuscation technique intended to implement cryptographic primitives in such a way, that even an adversary who has full access to the implementation and its execution platform, is unable to extract key information [1].
As described in the thesis of Brecht Wyseur about White-Box Cryptography, a countermeasure that is efficient against attacks in the white-box model is also efficient against attacks in the grey-box model.
Modular exponentiation is involved in some important cryptographic protocols for key exchange or encryption or signature (Diffie-Hellman, ElGamal, RSA, DSS . . . ). It is well known in the art that the most basic method to perform a modular exponentiation is the so-called “square-and-multiply” algorithm [2] which consists in processing the exponent bit by bit and performing multiplication according to its value. In the following we review some of the notions relative to the notion of modular exponentiation as well as some of the state-of-the-art algorithms.
INPUT: an integer g of n bits and integer e of t+1 bits i.e. e=(etet−1 . . . e1e0) where ei is the i-th least significant bit of e, m the modulus of n bits.
OUTPUT: ge mod m
1. A=1.
2. For i from t down to 0 do the following:
3. Return(A)
INPUT: g of n bits, e of (t+1)×b bits i.e e=(etet-1 . . . e1e0)b, where b=2k for some k>1 and a modulus m of n bits
OUTPUT: ge mod m
1. Precomputation.
2. A=1.
3. For i from t down to 0 do the following:
4. Return(A)
It should be emphasized that the goal of the attacker in any of the above models is to obtain the secret key in order to use it for its own illegal purposes. For modular exponentiation, if the exponent is properly protected by obfuscation techniques, the attacker will try to have information about the key by monitoring the intermediate results of the modular exponentiation. Those skilled in the art would notice in fact that in the case of the basic square-and-multiply method the secret key value (the exponent) can be trivially obtained by the attacker by simply observing the execution of the exponentiation algorithm and measuring the time (or the power consumed) of every step involved in the computation. The window method is also prone to some advanced side channel attack techniques such as Differential Power Analysis (DPA) described in [3].
Prior art for obfuscating cryptographic computations include a method proposed in [4]. The advantage of the present invention compared to the solution presented in [4] is that it requires no additional computations in the main loop except the “blinding” of the precomputed window factors hence performing the window-based exponentiation substantially faster.
While some number of other method for obfuscating and securing modular exponentiation operation were proposed in the prior art such as, for instance [5], they all do perform a masking (blinding) of the encrypted message itself (C) or the decryption exponent (d). Present invention proposes a new method where the masking is applied on the pre-calculated window values making it much more difficult to the attacker to bypass the blinding by one fault attack or software modification. Those skilled in the art understand that by “blinding” or “masking” the operation of randomization of a variable or a value is assumed such that the said variable or value frequently changes a hence cannot be identified and studied by an attacker using side channel attack methods.
The aim of the present invention is to provide a way to blind the intermediate results of the modular exponentiation in such a way that the blinding method is more difficult to bypass by advanced side channel analysis that the blinding method described in known art such as [4] and [5] as well as in “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems” of Paul C. Kocher in the proceedings of Crypto 1996.
The present invention proposes a method for protecting modular exponentiation, based on a window method with a window size of k bits so using 2k pre-calculated variables (Yi=Xi mod N for i=0 to 2k−1), on input data X of n bits to obtain output data S of n bits, S=Xd mod N, where d is the exponent of size m bits and N is the modulus of n bits, comprising the steps of:
The present invention will be better understood thanks to the attached FIGURE showing a processing unit able to execute the various steps of the claimed method.
The present invention describes a method for protection for a modular exponentiation operation using the so-called window method in an open software environment. By an open software environment we assume binary code which is executed on the said PC system and which can be accessed by an attacker.
This invention can be implemented in a processing unit dedicated to execute cryptographic operations as illustrated in the
According to the preferred embodiment we consider a PC system or a processing unit which executes the said modular exponentiation operation using window method the said method implemented in the said software environment. Let X be the input data of n bits and K be the key which comprises an exponent d having m bits and a modulus N having n bits. The modular exponentiation operation implemented in the said PC system comprises two steps: pre-calculation and exponentiation. During the pre-calculation step values Yi=Xi mod N are pre-computed. Those skilled in the art notice that in the window method i varies between 0 to 2k−1 and k represent the size of a window applied to the exponent d. During the exponentiation step the said pre-computed values Yi are used.
Below the implementation of the invention is described in pseudocode. It is important to note that the steps described below are solely presented for the purpose of the preferred embodiment of the present invention and are not, in any case, limiting.
Use a register A of n bits, initialized with the value 1, for temporary storage of intermediate results of the exponentiation algorithm.
Use a register C of n bits, initialized with the value 1, for temporary storage of the last used random value,
Use a register v of log(m) bits, initialized with the value m/k
The person skilled in the art would apprehend the advantage of this blinding method which consists in the fact that the blinding is involved in several computations (as many computations as the size of the windows), so it is more difficult for a side channel attacker to bypass the blinding by one fault attack or one software modification.
Another advantage with respect to the known prior art is the renewability of the blinding inside the algorithm which makes it more difficult to bypass the blinding for a fault attack or by means of software modifications.
The method according to claim 1, where the blinding value B1 is renewed after the processing of several windows and the unblinding of the intermediate result is done by the multiplication by a variable C1 which depends of the size of the window (k), the number of windows which were processed (w), the modulus N and the initial blinding value B1: C1=(B1h)−1 mod N where h equals the concatenation of w times the value “1” coded on k bits.
Another advantage is that a hacker can not find a specific function T such that submitting T(X) as input of the modular exponentiation will make the intermediate results stored in A independent of the blinding variable B, even if B is a known constant.
The overhead of the countermeasure if the unblinding steps are not pre-computed, compared to the classical exponentiation algorithm, is an exponentiation with the same length than the input exponent d and as many inversions as the number of blinding updates.
According to another particular embodiment, when implemented on the said PC system the claimed method can be simplified when constraints on speed exist by blinding the pre-calculated variables once at the very beginning of the exponentiation algorithm and then removing the blinding at the end of the exponentiation. The overhead of the countermeasure is then one exponentiation with the same length than the input exponent d and only one inversion.
Those skilled in the art know that the modular exponentiation method is usually used in the context of RSA cryptosystem. According to a particular embodiment, when the modular exponentiation algorithm is used for RSA computation with a private key d (which might be relatively large in size in terms of bits), the claimed method can be speed up according to the followings steps:
By this way, the blinding overhead is reduced to one exponentiation with a small exponent (exponentiation by e′) and one inversion.
According to the preferred embodiment the pseudorandom variable B can be renewed by different methods. Furthermore values of B used between two executions of the main method can also be different. Below such implementations are described in accordance with the preferred embodiment.
One way of speed up is to create a link between the new and the previous blinding. In the case of the blinding value B is renewed after the processing of w windows, the blinding values used during the exponentiation is an array of sub-blocks B=(B1, B2, B3, . . . Bn), the subsequent sub-block Bi+1 being the square value modulo N of the preceding Bi, each sub-block Bi being a pseudo-random variable of the size of the modulus and lower than the modulus, the unblinding values used during the exponentiation is an array of sub-blocks C=(C1, C2, C3 . . . Cn) the subsequent sub-block Ci+1 being the square value of the preceding Ci, Ci=(Big)−1 mod N where g equals the concatenation of w times the value “1” coded on k bits but only C1 is computed using the inversion, the other Ci being the square of the preceding.
B can be updated inside the main algorithm but the same values for B can be used between two executions of the main method: the different values of B and of Cg can thus be pre-computed to remove the overhead of the exponentiation and of the inversions.
In a particular case of the preferred embodiment, the method comprises a step of pre-computing and storing the value Cg where the blinding value B is a digest of all or part of the modular exponentiation code.
Number | Date | Country | Kind |
---|---|---|---|
10290532.0 | Oct 2010 | EP | regional |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/EP2011/066952 | 9/29/2011 | WO | 00 | 7/8/2013 |
Number | Date | Country | |
---|---|---|---|
61387517 | Sep 2010 | US |