摘要 |
A scalar multiplication apparatus and method for a Different Faults Analysis (DFA) countermeasure. The scalar multiplication apparatus and method may include a first encryptor, a second encryptor, a first logic circuit and a logic circuit. The first encryptor may generate a first output point from an input point and a secret key. The second encryptor may generate a second output point from the input point and the secret key by performing the same operation as in the first encryptor. The first logic circuit may perform a logic operation on the encrypted first output point and the encrypted second output point. The second logic circuit may perform a second logic operation of an operation result of the first logic circuit and the secret key. The encryptors may generate their encrypted output point by performing an elliptic curve (EC) operation using parameters input from a non-volatile memory, which also stores the secret key. Each of the encryptors may receive a modified secret key if a fault is detected (by comparing their outputs) to protect against an attack to determine the secret key. Random numbers may also be introduced into the logic operations (Figure 7). A second arrangement (Figures 5 and 8) involves using an inverse EC operation.
|