| 摘要 |
A data processing unit is provided that performs a modular exponentiation operation of the form m<d> mod N, having base (or plaintext) m, exponent d and modulus N. The data processing unit has a base blinding unit that modifies the base before the exponentiation operation such that the output of the modulus operation is unaffected. This is done by generating an integer k, multiplying k by N and adding this result to the base m. This has the effect of randomising the time that the encryption process takes such that the amount of useful side channel information leaked is reduced. The integer k could be generated by a random number generator so as to make the blinding random. Also the exponent blinding could be used, by multiplying the exponent d by the Euler totient function of N. The modulus could also be blinded, by multiplying N by an integer j to give W, then performing the modular exponentiation operation as (m<d> mod W) mod N. The operation can be part of an RSA cryptographic algorithm. The embodiment given is as used on a smart card.
|
