| 发明名称 | Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component | ||
| 摘要 | A method of secure cryptographic calculation includes formulating a first list of first random quantities, formulating a first non-linear substitution operator masked with at least part of the first list, and formulating a second list determined from the first list. The second list includes second random quantities respectively determined from the first random quantities. A second non-linear substitution operator masked with at least part of the second list is formulated. At least two successive implementations of a cryptographic calculation algorithm are performed that includes N rounds of calculations carried out successively to obtain output data based on input data and of a secret key, with a data path of the cryptographic calculation algorithm being masked. | ||
| 申请公布号 | US8958556(B2) | 申请公布日期 | 2015.02.17 |
| 申请号 | US201213441180 | 申请日期 | 2012.04.06 |
| 申请人 | STMicroelectronics (Rousset) SAS | 发明人 | Liardet Pierre Yvan;Romain Fabrice |
| 分类号 | H04L9/00 | 主分类号 | H04L9/00 |
| 代理机构 | Allen, Dyer, Doppelt, Milbrath & Gilchrist, P.A. | 代理人 | Allen, Dyer, Doppelt, Milbrath & Gilchrist, P.A. |
| 主权项 | 1. A method of secure cryptographic calculation comprising: operating a processor and a memory associated therewith to perform a secure cryptographic calculation comprising formulating a first list comprising first random quantities;formulating a first non-linear substitution operator masked with at least part of the first list;formulating a second list determined from the first list, and comprising second random quantities respectively determined from the first random quantities;formulating a second non-linear substitution operator masked with at least part of the second list;at least two successive implementations of a cryptographic calculation algorithm comprising N rounds of calculations carried out successively to obtain output data based on input data and of a secret key, with a data path of the cryptographic calculation algorithm being masked, a first of the two successive implementations comprising a masking of the data path of the cryptographic calculation algorithm involving the first list of first random quantities and the masked first non-linear substitution operator, anda second of the two successive implementations comprising a masking of the data path of the cryptographic calculation algorithm involving the second list of second random quantities and the masked second non-linear substitution operator; andverifying consistency between the two successive implementations. | ||
| 地址 | Rousset FR | ||