Encryption apparatus and method with side-channel attack resistance

摘要

Ciphertext X and a constant C having relationships C> p and C> q with respect to secret keys p and q are input, and correction values C<-dp> and C<-dq> (dp = d mod (p-1), dq = d mod (q-1)) are obtained. Then, the ciphertext X is multiplied by the constant C. A remainder operation using the secret key p or q as a remainder value is conducted with respect to the multiplication result. A modular exponentiation operation based on a Chinese remainder theorem is conducted with respect to the remainder operation result, and a correction operation using a correction value C<-dp> or C<-dq> is conducted. Thereafter, plaintext Y before being encrypted is calculated. <IMAGE>