发明名称 |
Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component |
摘要 |
A method of secure cryptographic calculation includes formulating a first list of first random quantities, formulating a first non-linear substitution operator masked with at least part of the first list, and formulating a second list determined from the first list. The second list includes second random quantities respectively determined from the first random quantities. A second non-linear substitution operator masked with at least part of the second list is formulated. At least two successive implementations of a cryptographic calculation algorithm are performed that includes N rounds of calculations carried out successively to obtain output data based on input data and of a secret key, with a data path of the cryptographic calculation algorithm being masked. |
申请公布号 |
US8958556(B2) |
申请公布日期 |
2015.02.17 |
申请号 |
US201213441180 |
申请日期 |
2012.04.06 |
申请人 |
STMicroelectronics (Rousset) SAS |
发明人 |
Liardet Pierre Yvan;Romain Fabrice |
分类号 |
H04L9/00 |
主分类号 |
H04L9/00 |
代理机构 |
Allen, Dyer, Doppelt, Milbrath & Gilchrist, P.A. |
代理人 |
Allen, Dyer, Doppelt, Milbrath & Gilchrist, P.A. |
主权项 |
1. A method of secure cryptographic calculation comprising:
operating a processor and a memory associated therewith to perform a secure cryptographic calculation comprising
formulating a first list comprising first random quantities;formulating a first non-linear substitution operator masked with at least part of the first list;formulating a second list determined from the first list, and comprising second random quantities respectively determined from the first random quantities;formulating a second non-linear substitution operator masked with at least part of the second list;at least two successive implementations of a cryptographic calculation algorithm comprising N rounds of calculations carried out successively to obtain output data based on input data and of a secret key, with a data path of the cryptographic calculation algorithm being masked,
a first of the two successive implementations comprising a masking of the data path of the cryptographic calculation algorithm involving the first list of first random quantities and the masked first non-linear substitution operator, anda second of the two successive implementations comprising a masking of the data path of the cryptographic calculation algorithm involving the second list of second random quantities and the masked second non-linear substitution operator; andverifying consistency between the two successive implementations. |
地址 |
Rousset FR |