Electrical computers and digital processing systems: support – Data processing protection using cryptography – Tamper resistant
Reexamination Certificate
1999-08-13
2004-10-12
Smithers, Matthew (Department: 2137)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Tamper resistant
C713S193000, C380S030000
Reexamination Certificate
active
06804782
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates generally to the field of cryptography and more specifically to preventing the breaking of a cryptographic system's private key through the use of power-monitoring and timing-monitoring techniques.
Recently, it has been discovered that cryptographic key information can be obtained from a secure processor by monitoring the time it takes the processor to perform coding and/or decoding operations. In addition, monitoring the power during the course of such operations can be used as a way to attack the processor's security. For example, this can occur when the functions of multiplication and squaring utilize different amounts of time and power. Thus, an individual who is mounting an attack can break a private key by tracking the amount of time and power required for many different messages input to a secure device. Being able to watch power use and time use eventually can reveal the key.
Although countermeasures exist to combat discerning keys by power or timing attacks, these countermeasures have not produced a technique that is effective against both types of monitoring. Also, the use of these countermeasures can require large amounts of memory, processor cycles, additional circuitry, power, or other resources. This is unacceptable, for example, when the secure processor is in a power-limited environment such as in a battery-powered “smart card” where power, speed, and available surface area for circuitry are important.
Thus, it is desirable to provide a countermeasure technique that works effectively against both power and timing monitoring attacks while still having a low resource requirement. It is also desirable to counter these power and timing attacks while incurring a limited performance penalty.
SUMMARY OF THE INVENTION
The present invention uses emulated cryptographic operations to disguise time usage and/or power usage by a cryptography system. For example, one embodiment of the invention performs unnecessary mathematical operations and/or unnecessary storage of data in order to disguise whether a mathematical operation or store actually took place in an algorithm. The total number of emulated operations can be controlled so that the power and processor cycle time used by the emulated multiplies remains efficient.
In one embodiment, the invention provides a method of disguising power usage and time usage in a processing system that uses a private key to perform cryptographic operations. The processor performs emulated multiply operation(s) in order to mask one or more bits of the key. This embodiment of the invention can be advantageous in that it disguises whether the key dictated that a multiply operation should or should not be performed. Because of the unnecessary multiply operation, an attacker sees unpredictable time usage and similar power usage regardless of the value of the bit in the key. Hence, the value of the key is maintained as secure. As a further act, the result of the emulated multiplication can be stored to a dummy memory location—which further emulates the procedure followed when a necessary multiplication/store feature is dictated by the key.
Further advantages and features of the invention will be apparent to those skilled in the art from a consideration of the following description taken in conjunction with the accompanying drawings. It is understood that the invention is not limited to the details disclosed, but rather, includes all such variations and modifications that fall within the spirit of the invention and scope of the appended claims.
REFERENCES:
patent: 5802063 (1998-09-01), Deiss
patent: 5920572 (1999-07-01), Washington
patent: 5920626 (1999-07-01), Durden et al.
patent: 5923385 (1999-07-01), Mills
patent: 5926647 (1999-07-01), Adams et al.
patent: 5937067 (1999-08-01), Thatcher et al.
patent: 6064740 (2000-05-01), Curiger et al.
patent: 6298442 (2001-10-01), Kocher et al.
High Speed RSA Implementation, RSA Laboratories Technical Report TR-201 Version 2.0, Nov. 22, 1994 by Cetin Kaya Koc.
Timing Attacks on Implementations on Diffie-Hellman, RSA, DSS and Other Systems, Cryptography Research, May 11, 1999 by Paul C. Kocher.
Cryptographers Discuss Finding of Security Flaw in “Smart Cards”, The New York Times, Jun. 10, 1998 by Peter Wayner.
Code Breaker Cracks Smart Cards' Digital Safe, The New York Times, Jun. 22, 1998 by Peter Wayner.
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, vol. 21, No. 2, Feb. 1978 by R.L. Rivest, A. Shamir and L. Adleman.
Timing Attacks on Cryptosystems, A Bulletin from RSA Laboratories, No. 2, Jan. 23, 1996 by Dr. Burt Kaliski.
Introduction to Differential Power Analysis and Related Attacks, Cryptography Research, Inc., 1978 by Paul Kocher, Joshua Jaffe, and Benjamin Jun.
U.S. Provisional application No. 60/087,829, Kocher et al.
Cook Lawrence R.
Qiu Xin
Simon Daniel Z.
Sprunk Eric J.
Tang Lawrence
General Instrument Corporation
Smithers Matthew
Townsend and Townsend / and Crew LLP
Vobach William F.
LandOfFree
Countermeasure to power attack and timing attack on... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Countermeasure to power attack and timing attack on..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Countermeasure to power attack and timing attack on... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3292828