| 发明名称 | Securing the implementation of a cryptographic process using key expansion | ||
| 摘要 | In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by protecting the cipher key by means of a key expansion process which obscures the cipher and/or the round keys by increasing their lengths to provide an expanded version of the keys for carrying out encryption or decryption using the cipher. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key. | ||
| 申请公布号 | US8966279(B2) | 申请公布日期 | 2015.02.24 |
| 申请号 | US201012975123 | 申请日期 | 2010.12.21 |
| 申请人 | Apple Inc. | 发明人 | Farrugia Augustin J.;Chevallier-Mames Benoit;Ciet Mathieu;Icart Thomas;Kindarji Bruno |
| 分类号 | G06F12/14;H04L9/00;H04L9/06 | 主分类号 | G06F12/14 |
| 代理机构 | Adeli LLP | 代理人 | Adeli LLP |
| 主权项 | 1. A method for applying a cryptographic process to a message using at least one key, the method comprising: expanding a key for the cryptographic process into a plurality of new keys using a first expansion function, each new key associated with a different round of the cryptographic process; prior to using a particular one of the new keys for an associated particular round of the cryptographic process, applying a second expansion function to the particular new key that uniquely maps each bit of the particular new key to a different location in an expanded new key in a different order, wherein the expanded new key includes additional bits between the mapped bits; applying the particular round of the cryptographic process to a portion of the message using the expanded new key to produce an expanded result; and recovering an encrypted version of the message portion from the expanded result using a recovery function, wherein the recovery function recovers only bits from the expanded result that have been subject to a cryptographic operation involving the mapped bits from the expanded new key. | ||
| 地址 | Cupertino CA US | ||