CA2243761A1 - Timing attack resistant cryptographic system - Google Patents

Timing attack resistant cryptographic system Download PDF

Info

Publication number
CA2243761A1
CA2243761A1 CA002243761A CA2243761A CA2243761A1 CA 2243761 A1 CA2243761 A1 CA 2243761A1 CA 002243761 A CA002243761 A CA 002243761A CA 2243761 A CA2243761 A CA 2243761A CA 2243761 A1 CA2243761 A1 CA 2243761A1
Authority
CA
Canada
Prior art keywords
group
intermediate element
replacing
cryptographic system
bits
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002243761A
Other languages
French (fr)
Other versions
CA2243761C (en
Inventor
Ashok Vadekar
Robert J. Lambert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Certicom Corp
Original Assignee
Certicom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CA002243761A priority Critical patent/CA2243761C/en
Application filed by Certicom Corp filed Critical Certicom Corp
Priority to PCT/CA1999/000658 priority patent/WO2000005837A1/en
Priority to AT99932571T priority patent/ATE460027T1/en
Priority to EP99932571A priority patent/EP1097541B1/en
Priority to JP2000561725A priority patent/JP4699610B2/en
Priority to DE69942094T priority patent/DE69942094D1/en
Priority to AU48917/99A priority patent/AU4891799A/en
Publication of CA2243761A1 publication Critical patent/CA2243761A1/en
Priority to US09/761,700 priority patent/US7020281B2/en
Application granted granted Critical
Publication of CA2243761C publication Critical patent/CA2243761C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3005Arrangements for executing specific machine instructions to perform operations for flow control
    • G06F9/30058Conditional branch instructions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/724Finite field arithmetic
    • G06F7/725Finite field arithmetic over elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/005Countermeasures against attacks on cryptographic mechanisms for timing attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • G06F2207/7261Uniform execution, e.g. avoiding jumps, or using formulae with the same power profile
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/38Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
    • G06F7/48Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
    • G06F7/4824Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices using signed-digit representation

Abstract

A method for determining a result of a group operation performed an integral number of times on a selected element of the group, the method comprises the steps of :representing the integral number as a binary vector; initializing an intermediate element to the group identity element; selecting successive bits, beginning with a left most bit, of the vector. For each of the selected bits; performing the group operation on the intermediate element to derive a new intermediate element; replacing the intermediate element with the new intermediate element; performing the group operation on the intermediate element and an element, selected from the group consisting of: the group element if the selected bit is a one; and an inverse element of the group element if the selected bit is a zero; replacing the intermediate element with the new intermediate element. In a final step, performing the group operation on the intermediate value and the inverse element if the last selected bit is a zero; and replacing the intermediate element therewith, to obtain the result, whereby each of the bits of the integral is processed with substantially equal operations thereby minimizing timing attacks on the cryptographic system.
CA002243761A 1998-07-21 1998-07-21 Timing attack resistant cryptographic system Expired - Lifetime CA2243761C (en)

Priority Applications (8)

Application Number Priority Date Filing Date Title
CA002243761A CA2243761C (en) 1998-07-21 1998-07-21 Timing attack resistant cryptographic system
AT99932571T ATE460027T1 (en) 1998-07-21 1999-07-21 TACT ATTACK RESISTANT CRYPTOGRAPHIC SYSTEM
EP99932571A EP1097541B1 (en) 1998-07-21 1999-07-21 Timing attack resistant cryptographic system
JP2000561725A JP4699610B2 (en) 1998-07-21 1999-07-21 Anti-timing encryption system
PCT/CA1999/000658 WO2000005837A1 (en) 1998-07-21 1999-07-21 Timing attack resistant cryptographic system
DE69942094T DE69942094D1 (en) 1998-07-21 1999-07-21 CLAIM-ATTACKING CRYPTOGRAPHIC SYSTEM
AU48917/99A AU4891799A (en) 1998-07-21 1999-07-21 Timing attack resistant cryptographic system
US09/761,700 US7020281B2 (en) 1998-07-21 2001-01-18 Timing attack resistant cryptographic system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA002243761A CA2243761C (en) 1998-07-21 1998-07-21 Timing attack resistant cryptographic system

Publications (2)

Publication Number Publication Date
CA2243761A1 true CA2243761A1 (en) 2000-01-21
CA2243761C CA2243761C (en) 2009-10-06

Family

ID=4162681

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002243761A Expired - Lifetime CA2243761C (en) 1998-07-21 1998-07-21 Timing attack resistant cryptographic system

Country Status (8)

Country Link
US (1) US7020281B2 (en)
EP (1) EP1097541B1 (en)
JP (1) JP4699610B2 (en)
AT (1) ATE460027T1 (en)
AU (1) AU4891799A (en)
CA (1) CA2243761C (en)
DE (1) DE69942094D1 (en)
WO (1) WO2000005837A1 (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2252078C (en) * 1998-10-28 2009-02-17 Certicom Corp. Power signature attack resistant cryptographic system
US6948065B2 (en) * 2000-12-27 2005-09-20 Intel Corporation Platform and method for securely transmitting an authorization secret
DE10122504A1 (en) * 2001-05-10 2003-01-02 Giesecke & Devrient Gmbh Calculation of a multiple of a group element for cryptographic purposes
US7233663B2 (en) * 2001-10-29 2007-06-19 Safenet, Inc. Key generation performance improvement
FR2838210B1 (en) * 2002-04-03 2005-11-04 Gemplus Card Int CRYPTOGRAPHIC METHOD PROTECTED FROM CACHE-CHANNEL TYPE ATTACKS
DE10254658A1 (en) * 2002-11-22 2004-06-03 Philips Intellectual Property & Standards Gmbh Microcontroller and associated method for processing the programming of the microcontroller
US7555122B2 (en) 2002-12-04 2009-06-30 Wired Communications LLC Method for elliptic curve point multiplication
GB2406943B (en) * 2002-12-12 2005-10-05 Advanced Risc Mach Ltd Processing activity masking in a data processing system
US7302056B2 (en) * 2003-06-30 2007-11-27 Lucent Technologies Inc. Method and system for determining sequence parameters to limit cycle attacks in timed release cryptography
JP2009532973A (en) * 2006-04-06 2009-09-10 エヌエックスピー ビー ヴィ Secure decryption method
KR100867989B1 (en) * 2006-12-06 2008-11-10 한국전자통신연구원 SPA-resistant Left-to-Right Recoding and Unified Scalar Multiplication Methods
US7991162B2 (en) * 2007-09-14 2011-08-02 University Of Ottawa Accelerating scalar multiplication on elliptic curve cryptosystems over prime fields
FR2946819B1 (en) * 2009-06-16 2011-07-01 Sagem Securite CRYPTOGRAPHY ON AN ELLIPTICAL CURVE.
US20140314229A1 (en) 2011-12-09 2014-10-23 Morpho Cryptography on a simplified elliptical curve
FR2946818B1 (en) * 2009-06-16 2011-07-01 Sagem Securite CRYPTOGRAPHY ON A SIMPLIFIED ELLIPTICAL CURVE.
US20170207918A1 (en) 2009-06-16 2017-07-20 Morpho Cryptography on an elliptical curve
ES2599986T3 (en) 2009-08-11 2017-02-06 Curna, Inc. Treatment of adiponectin-related diseases (ADIPOQ) by inhibiting a natural antisense transcript of an adiponectin (ADIPOQ)
GB2479871A (en) * 2010-04-26 2011-11-02 David Coyne System for preventing side channel attacks on a synchronous logic device.
US8635467B2 (en) 2011-10-27 2014-01-21 Certicom Corp. Integrated circuit with logic circuitry and multiple concealing circuits
US8334705B1 (en) 2011-10-27 2012-12-18 Certicom Corp. Analog circuitry to conceal activity of logic circuitry
US9239926B2 (en) 2012-06-29 2016-01-19 International Business Machines Corporation Static analysis for discovery of timing attack vulnerabilities in a computer software application
US9979543B2 (en) 2013-12-23 2018-05-22 Nxp B.V. Optimized hardware architecture and method for ECC point doubling using jacobian coordinates over short weierstrass curves
US9929862B2 (en) 2013-12-23 2018-03-27 Nxp B.V. Optimized hardware architecture and method for ECC point doubling using Jacobian coordinates over short Weierstrass curves
US9900154B2 (en) * 2013-12-23 2018-02-20 Nxp B.V. Optimized hardward architecture and method for ECC point addition using mixed affine-jacobian coordinates over short weierstrass curves
FR3015726B1 (en) * 2013-12-24 2016-01-08 Morpho SECURE COMPARATIVE PROCESSING METHOD
WO2022271163A1 (en) * 2021-06-23 2022-12-29 Pqsecure Technologies, Llc Computer processing architecture and method for supporting multiple public-key cryptosystems based on exponentiation
CN116647318A (en) * 2022-02-16 2023-08-25 瑞昱半导体股份有限公司 Method for defending time attack of cipher system and cipher system processing circuit

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5197024A (en) * 1989-06-14 1993-03-23 Pickett Lester C Method and apparatus for exponential/logarithmic computation
US5600324A (en) * 1992-05-11 1997-02-04 Rockwell International Corporation Keyless entry system using a rolling code
DE69326072T2 (en) * 1993-11-02 1999-12-23 Bull Sa Procedure for testing a sequential finite state machine
US5504817A (en) * 1994-05-09 1996-04-02 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for memory efficient variants of public key encryption and identification schemes for smart card applications
US5553012A (en) * 1995-03-10 1996-09-03 Motorola, Inc. Exponentiation circuit utilizing shift means and method of using same
US5623527A (en) * 1996-01-30 1997-04-22 Hewlett-Packard Company Method and apparatus for determining an integer power of a floating point number
GB9713138D0 (en) * 1997-06-20 1997-08-27 Certicom Corp Accelerated finite field operations on an elliptic curve
CA2228493C (en) * 1997-02-03 2005-05-03 Nippon Telegraph And Telephone Corporation Scheme for carrying out modular calculations based on redundant binary calculation
US5991415A (en) * 1997-05-12 1999-11-23 Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science Method and apparatus for protecting public key schemes from timing and fault attacks
US5987131A (en) * 1997-08-18 1999-11-16 Picturetel Corporation Cryptographic key exchange using pre-computation
EP0938790B1 (en) * 1997-09-16 2007-02-07 Koninklijke Philips Electronics N.V. A method and device for executing a decrypting mechanism through calculating a standardized modular exponentiation for thwarting timing attacks
JP4462511B2 (en) * 1997-10-10 2010-05-12 サーティコム コーポレーション Session parameter generation method for Elgamal-like protocol
WO1999035782A1 (en) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus
US6041122A (en) * 1998-02-27 2000-03-21 Intel Corporation Method and apparatus for hiding crytographic keys utilizing autocorrelation timing encoding and computation
DE69905145T2 (en) * 1998-03-25 2003-06-05 Certicom Corp ACCELERATED LIMITED FIELD OPERATIONS ON AN ELLIPTIC CURVE
ATE418099T1 (en) * 1998-06-03 2009-01-15 Cryptography Res Inc SECURED MODULAR POTENTIATION WITH LEAK MINIMIZATION FOR CHIP CARDS AND OTHER CRYPTO SYSTEMS
WO1999063696A1 (en) * 1998-06-03 1999-12-09 Cryptography Research, Inc. Using unpredictable information to minimize leakage from smartcards and other cryptosystems
DE69935913T2 (en) * 1998-07-02 2008-01-10 Cryptography Research Inc., San Francisco LACK RESISTANT UPGRADE OF AN INDEXED CRYPTOGRAPHIC KEY

Also Published As

Publication number Publication date
JP4699610B2 (en) 2011-06-15
DE69942094D1 (en) 2010-04-15
WO2000005837A1 (en) 2000-02-03
US20010033655A1 (en) 2001-10-25
CA2243761C (en) 2009-10-06
ATE460027T1 (en) 2010-03-15
JP2002521724A (en) 2002-07-16
EP1097541A1 (en) 2001-05-09
AU4891799A (en) 2000-02-14
EP1097541B1 (en) 2010-03-03
US7020281B2 (en) 2006-03-28

Similar Documents

Publication Publication Date Title
CA2243761A1 (en) Timing attack resistant cryptographic system
KR960013027A (en) Fast blind equalization method of adaptive equalizer
Coron et al. On boolean and arithmetic masking against differential power analysis
CA2252078A1 (en) Power signature attack resistant cryptographic system
EP0792043A3 (en) Method of sharing cryptokey
CA2162361A1 (en) Antisense oligonucleotides which combat aberrant splicing and methods of using the same
WO2004013777B1 (en) System and method of parallel pattern matching
EP0862143A3 (en) Method and arrangement for generating and checking a security imprint
CA2249979A1 (en) Transition controlled balanced encoding scheme
WO1999004351A3 (en) Schema change within a data-base
CA2298275A1 (en) Method for processing network messages
CA2186348A1 (en) Data Level Selection For Multilevel VSB Transmission System
WO2004017155A3 (en) Method of extraction of a secret key
WO2004046017A3 (en) Integer division method against covert channel attacks
AU2001284673A1 (en) Cryptography private key storage and recovery method and apparatus
DE59712172D1 (en) METHOD FOR OPTIMIZED TRANSMISSION OF ATM CELLS OVER CONNECTION SECTIONS
CA2350751A1 (en) Mitigating errors in a distributed speech recognition process
EP0994424A3 (en) High speed prime numbers calculation
AU2003292338A1 (en) Molecular identification of bacteria of genus less thanigreater thanstreptococcusless than/igreater than and related genuses
EP0953928A3 (en) Data-driven process generator
WO2002011359A3 (en) Method of encryption
EP0939374A3 (en) Processor for information processing equipment and control method
PL342036A1 (en) Method of cryptographically converting binary data blocks
Füredi The order dimension of two levels of the Boolean lattice
AU2002214511A1 (en) Methods and systems for accumulating metrics generated by a sequence estimation algorithm

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20180723