Securing implementation of a cryptographic process having fixed or dynamic keys

摘要

In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against attack by protecting the round keys by (1) combining several cipher operations using a pair of sub-keys (round keys) into one table look-up, or (2) a key masking process which obscures the round keys by providing a masked version of the key operations for carrying out encryption or decryption using the cipher. This approach is especially advantageous in an insecure “White Box” environment where an attacker has full access to execution of the cipher algorithm, including the algorithm's internal state during its execution.

主权项

1. A method of performing a cryptographic process comprising a plurality of rounds, each round having an associated round key, on a message, wherein each round comprises applying a predetermined set of operations, the method comprising:
receiving the message; generating a key schedule comprising a round key for each round of the cryptographic process; for a pair of consecutive rounds of the cryptographic process, generating a table that expresses a subset of the operations of the pair of rounds, wherein the subset of operations expressed in the table comprises add round key operations from each of the pair of rounds that use the round keys associated with each of the pair of rounds; to perform the set of operations for the two consecutive rounds, applying (i) the generated table and (ii) additional operations of the pair of rounds to a portion of the message to provide a result of the set of operations; and storing an output of the pair of rounds.