| 摘要 |
<p>Based on an encrypting method for performing an exponential remainder calculation y=a d (mod n) from an u-bit exponent d=(d u-1 , ..., d 0 ) 2 , input data a, and a modulo n, calculating a'=a 2 (mod n) is performed first. Next, calculating y=(a') f (mod n) is performed on f=(d u-1 , d u-2 , ..., d 1 ) 2 . Then, when d 0 =1, calculating y=y×a (mod n) is performed. Then, outputting y=a d (mod n) is performed. In the first step, although an attacker inputs data including a minus value such as a=-1 and a=s, -s, etc., only plus values can be constantly generated in multiplication and squaring. Therefore, the method makes it hard to estimate a secret key using power analyzing attacks such as the SPA and the DPA, thereby realizing an encryption processor having high tamper-resistance.</p> |
