[go: up one dir, main page]

CN106571916B - Decryption device, method and circuit - Google Patents

Decryption device, method and circuit Download PDF

Info

Publication number
CN106571916B
CN106571916B CN201510657731.8A CN201510657731A CN106571916B CN 106571916 B CN106571916 B CN 106571916B CN 201510657731 A CN201510657731 A CN 201510657731A CN 106571916 B CN106571916 B CN 106571916B
Authority
CN
China
Prior art keywords
output
pseudo
decryption
encrypted data
multiplier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510657731.8A
Other languages
Chinese (zh)
Other versions
CN106571916A (en
Inventor
吴宗叡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Realtek Semiconductor Corp
Original Assignee
Realtek Semiconductor Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Realtek Semiconductor Corp filed Critical Realtek Semiconductor Corp
Priority to CN201510657731.8A priority Critical patent/CN106571916B/en
Publication of CN106571916A publication Critical patent/CN106571916A/en
Application granted granted Critical
Publication of CN106571916B publication Critical patent/CN106571916B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A decryption method includes: receiving encrypted data, wherein the encrypted data is encrypted by an RSA public key; and performing at least one multiplication operation and at least one square operation according to the RSA private key and the encrypted data to obtain decrypted data; wherein a pseudo-square operation is performed according to the encrypted data while performing one of the at least one multiplication operations, or a pseudo-multiplication operation is performed according to the encrypted data while performing one of the at least one square operation.

Description

解密装置、方法及电路Decryption device, method and circuit

技术领域technical field

本案涉及一种装置、方法及电路。具体而言,本案涉及一种解密装置、方法及电路。This case relates to a device, method and circuit. Specifically, this case relates to a decryption device, method and circuit.

背景技术Background technique

RSA加密算法是一种非对称加密算法。加密装置可利用RSA公钥对讯息进行加密,且解密装置在接收到加密后的讯息后,可利用RSA私钥对此加密后的讯息进行解密。RSA encryption algorithm is an asymmetric encryption algorithm. The encryption device can use the RSA public key to encrypt the message, and after receiving the encrypted message, the decryption device can use the RSA private key to decrypt the encrypted message.

然而,在解密装置进行解密时,攻击者可藉由量测解密装置的相关讯号(如电压或功率)来判断解密装置所进行的运算,进而得知解密装置所使用的RSA私钥。However, when the decryption device decrypts, the attacker can determine the operation performed by the decryption device by measuring the relevant signals (such as voltage or power) of the decryption device, and then know the RSA private key used by the decryption device.

因此,一种可防御量测攻击的解密方法当被提出。Therefore, a decryption method that can defend against measurement attacks should be proposed.

发明内容SUMMARY OF THE INVENTION

为解决上述问题,本案的一实施例涉及一种解密方法,包括:接收加密资料,其中加密资料是经RSA公钥加密;以及根据RSA私钥与加密资料进行至少乘法运算以及至少一平方运算,以获得解密资料;其中,在进行至少一乘法运算的一者的同时,根据加密资料进行至少一第一伪平方运算,或在进行至少一平方运算的一者的同时,根据加密资料进行第一伪乘法运算。In order to solve the above problem, an embodiment of the present case relates to a decryption method, comprising: receiving encrypted data, wherein the encrypted data is encrypted by an RSA public key; and performing at least a multiplication operation and at least a square operation according to the RSA private key and the encrypted data, to obtain decrypted data; wherein, at least one first pseudo-square operation is performed according to the encrypted data while one of the at least one multiplication operation is performed, or while one of the at least one square operation is performed, the first one is performed according to the encrypted data. Pseudo multiplication operation.

本案的另一实施例涉及一种解密装置,包括通讯模块以及解密元件。解密元件用以:透过通讯模块接收加密资料,其中加密资料是经RSA公钥加密;以及根据RSA私钥与加密资料进行至少一乘法运算以及至少一平方运算,以获得解密资料。在进行至少一乘法运算的一者时,根据加密资料进行第一伪平方运算,或在进行至少一平方运算的一者时,根据加密资料进行第一伪乘法运算。Another embodiment of the present application relates to a decryption device, which includes a communication module and a decryption element. The decryption element is used for: receiving encrypted data through the communication module, wherein the encrypted data is encrypted by the RSA public key; and performing at least one multiplication operation and at least one square operation according to the RSA private key and the encrypted data to obtain the decrypted data. When one of the at least one multiplication operation is performed, a first pseudo-square operation is performed according to the encrypted data, or when one of the at least one square operation is performed, the first pseudo-multiplication operation is performed according to the encrypted data.

本案的另一实施例涉及一种解密电路,包括平方器、乘法器、多工器及暂存器。平方器用以接收输入数值,并对输入数值进行平方运算,以产生平方器输出。乘法器用以接收输入数值以及加密资料,并对输入数值以及加密资料进行乘法运算,以产生乘法器输出。多工器用以接收平方器输出以及乘法器输出,并用以根据RSA私钥输出平方器输出及乘法器输出中的一者,作为多工器输出。暂存器用以暂存多工器输出,并提供多工器输出至平方器与乘法器,作为新的输入数值。平方运算与乘法运算是同时进行。Another embodiment of the present application relates to a decryption circuit including a squarer, a multiplier, a multiplexer and a scratchpad. The squarer is used for receiving an input value and performing a square operation on the input value to generate a squarer output. The multiplier is used for receiving the input value and the encrypted data, and performing a multiplication operation on the input value and the encrypted data to generate the multiplier output. The multiplexer is used for receiving the squarer output and the multiplier output, and is used for outputting one of the squarer output and the multiplier output as the multiplexer output according to the RSA private key. The scratchpad is used to temporarily store the multiplexer output and provide the multiplexer output to the squarer and multiplier as a new input value. The squaring operation and the multiplication operation are performed simultaneously.

透过应用上述一实施例,解密装置即可在进行解密运算时防御量测攻击。By applying the above-mentioned embodiment, the decryption device can defend against measurement attacks when performing decryption operations.

附图说明Description of drawings

图1为根据本案一实施例所绘示的解密系统的示意图;1 is a schematic diagram of a decryption system according to an embodiment of the present application;

图2为根据本案一实施例所绘示的解密方法的流程图;2 is a flowchart of a decryption method according to an embodiment of the present application;

图3为根据本案一实施例所绘示的解密方法的示意图;3 is a schematic diagram of a decryption method according to an embodiment of the present application;

图4为根据本案另一实施例所绘示的解密方法的示意图;4 is a schematic diagram of a decryption method according to another embodiment of the present application;

图5为根据本案另一实施例所绘示的解密方法的示意图;5 is a schematic diagram of a decryption method according to another embodiment of the present application;

图6为根据本案一实施例所绘示的解密电路的示意图;以及FIG. 6 is a schematic diagram of a decryption circuit according to an embodiment of the present invention; and

图7为根据本案一实施例所绘示的解密电路的示意图。FIG. 7 is a schematic diagram of a decryption circuit according to an embodiment of the present invention.

符号说明Symbol Description

10:解密系统10: Decryption system

20:加密装置20: Encryption device

100:解密装置100: Decryption device

110:解密元件110: Decryption components

112:解密电路112: Decryption circuit

114:解密电路114: Decryption circuit

120:通讯模块120: Communication module

200:解密方法200: Decryption method

S1-S2:步骤S1-S2: Steps

2、4、6、8、22、24、26:序列2, 4, 6, 8, 22, 24, 26: Sequence

SQ、MT、SQ’、MT’、SQ"、MT":运算SQ, MT, SQ', MT', SQ", MT": Operation

a1、a2:特征值a1, a2: eigenvalues

MUX:多工器MUX: Multiplexer

MTC:乘法器MTC: Multiplier

SQC:平方器SQC: Squarer

REG:暂存器REG: scratchpad

CTL:控制器CTL: Controller

N:加密资料N: encrypted data

CS:控制讯号CS: Control signal

T1-T8、P1-P5、Q1-Q4:期间T1-T8, P1-P5, Q1-Q4: Period

具体实施方式Detailed ways

图1为根据本案一实施例所绘示的解密系统10的示意图。解密系统10包括解密装置100与加密装置20。加密装置20用以利用RSA公钥对讯息加密,以产生加密资料N,解密装置100用以接收加密资料N,并对其进行解密。FIG. 1 is a schematic diagram of a decryption system 10 according to an embodiment of the present application. The decryption system 10 includes a decryption device 100 and an encryption device 20 . The encryption device 20 is used for encrypting the message by using the RSA public key to generate encrypted data N, and the decryption device 100 is used for receiving the encrypted data N and decrypting it.

解密装置100包括相互电性连接的解密元件110及通讯模块120。通讯模块120用以接收来自加密装置20的加密资料N,并将加密资料N传送至解密元件110。解密元件110用以对加密资料N进行解密。The decryption device 100 includes a decryption element 110 and a communication module 120 that are electrically connected to each other. The communication module 120 is used to receive the encrypted data N from the encryption device 20 and transmit the encrypted data N to the decryption element 110 . The decryption element 110 is used for decrypting the encrypted data N.

解密元件110可用处理器或其它适当计算元件执行特定指令或程序所实现,或可用电路实现。在一实施例中,通讯模块120可用有线或无线的通讯元件实现。Decryption element 110 may be implemented with a processor or other suitable computing element executing specific instructions or programs, or may be implemented with circuitry. In one embodiment, the communication module 120 can be implemented with wired or wireless communication elements.

一并参照图2,图2中的解密方法200可应用于相同或相似于图1中所示的解密装置100。以下将以图1中的解密装置100为例进行对解密方法200叙述。Referring to FIG. 2 together, the decryption method 200 in FIG. 2 may be applied to the same or similar decryption apparatus 100 shown in FIG. 1 . The decryption method 200 will be described below by taking the decryption apparatus 100 in FIG. 1 as an example.

步骤S1:解密元件110透过通讯模块120接收来自加密装置20的加密资料N,加密资料N是经RSA公钥加密。Step S1: The decryption element 110 receives the encrypted data N from the encryption device 20 through the communication module 120, and the encrypted data N is encrypted by the RSA public key.

步骤S2:解密元件110对加密资料N进行解密操作。解密元件110是根据对应于前述RSA公钥的RSA私钥与加密资料N,进行至少一乘法运算以及至少一平方运算,以对加密资料N进行解密,并获得解密资料。Step S2: The decryption element 110 decrypts the encrypted data N. The decryption element 110 performs at least one multiplication operation and at least one square operation according to the RSA private key corresponding to the aforementioned RSA public key and the encrypted data N, so as to decrypt the encrypted data N and obtain the decrypted data.

举例而言,参照表一,在前述RSA私钥的数值为123时,其二进位形式为2’b1111011。因此,在进行解密时,是依序进行对应于每一位元的乘法运算及/或平方运算。以图3的运算序列2为例,在期间T1,解密元件110进行平方运算SQ。在期间T2、T3,由于RSA私钥的二进位形式左数第二位元为1,解密元件110依序进行乘法运算MT与平方运算SQ。在期间T8,由于RSA私钥的二进位形式左数第五位元为0,解密元件110进行平方运算MT。For example, referring to Table 1, when the value of the aforementioned RSA private key is 123, its binary form is 2'b1111011. Therefore, when decrypting, the multiplication and/or squaring operation corresponding to each bit is performed in sequence. Taking the operation sequence 2 of FIG. 3 as an example, in the period T1, the decryption element 110 performs the square operation SQ. During periods T2 and T3, since the second digit from the left of the binary form of the RSA private key is 1, the decryption element 110 performs the multiplication operation MT and the squaring operation SQ in sequence. During the period T8, since the fifth bit from the left of the binary form of the RSA private key is 0, the decryption element 110 performs a square operation MT.

二进位形式binary form 11 11 11 11 00 11 11 乘法运算multiplication -- ˇˇ ˇˇ ˇˇ -- ˇˇ ˇˇ 平方运算square operation ˇˇ ˇˇ ˇˇ ˇˇ ˇˇ ˇˇ --

表一Table I

在解密操作中,前述乘法运算所进行的次数是相应于RSA私钥的二进位形式中数值为1的数量。例如,在表一中,除了左数第一位元外,数值为1的位元的数量为5,故进行5次乘法运算。此外,前述平方运算所进行的次数相应于前述RSA私钥的二进位位元长度(bitlength)。例如,前述RSA私钥的二进位位元长度为7位元,解密元件110需执行7-1=6次平方运算。In the decryption operation, the number of times the aforementioned multiplication is performed is the number corresponding to the value 1 in the binary form of the RSA private key. For example, in Table 1, except for the first bit from the left, the number of bits whose value is 1 is 5, so 5 multiplications are performed. Furthermore, the number of times the aforementioned squaring operation is performed corresponds to the bitlength of the aforementioned RSA private key. For example, the binary bit length of the aforementioned RSA private key is 7 bits, and the decryption element 110 needs to perform 7-1=6 square operations.

值得注意的是,在进行乘法运算的同时,解密元件110更根据加密资料N进行第一伪平方运算;在进行平方运算的同时,解密元件110更根据加密资料N进行第一伪乘法运算。其中,第一伪平方运算或第一伪乘法运算的运算结果不用来产生解密资料。由于在进行乘法运算或平方运算时,同时进行相应的第一伪平方运算或第一伪乘法运算,攻击者即无法藉由量测解密装置100的相关讯号(如功率、电流、电压、温度、频率等),得知解密装置100于解密时所进行的操作及其对应的RSA私钥。It is worth noting that while performing the multiplication operation, the decryption element 110 further performs the first pseudo-square operation according to the encrypted data N; while performing the squaring operation, the decryption element 110 further performs the first pseudo-multiplication operation according to the encrypted data N. The operation result of the first pseudo-square operation or the first pseudo-multiplication operation is not used to generate decrypted data. Since the corresponding first pseudo-square operation or the first pseudo-multiplication operation is performed at the same time when the multiplication operation or the square operation is performed, the attacker cannot measure the relevant signals of the decryption device 100 (such as power, current, voltage, temperature, etc.). frequency, etc.), to know the operations performed by the decryption device 100 during decryption and the corresponding RSA private key.

在一实施例中,第一伪乘法运算所进行的次数可相同于或小于进行前述平方运算的次数。相似地,前述第一伪平方运算所进行的次数可相同于或小于进行前述乘法运算的次数。In one embodiment, the number of times the first pseudo-multiplication operation is performed may be the same as or less than the number of times that the aforementioned square operation is performed. Similarly, the number of times that the aforementioned first pseudo-square operation is performed may be the same as or less than the number of times that the aforementioned multiplication operations are performed.

以下将搭配图3提供一操作例,在本操作例中,RSA私钥的数值为123,其二进位形式为2’b1111011。在解密元件110进行平方运算SQ时,解密装置100的相关讯号的对应波形具有特征值(如振幅)a1,且在解密元件110进行乘法运算MT时,解密装置100的相关讯号的对应波形具有特征值a2。An operation example will be provided below in conjunction with Figure 3. In this operation example, the value of the RSA private key is 123, and its binary form is 2'b1111011. When the decryption element 110 performs the square operation SQ, the corresponding waveform of the relevant signal of the decryption device 100 has a characteristic value (eg amplitude) a1, and when the decryption element 110 performs the multiplication operation MT, the corresponding waveform of the relevant signal of the decryption device 100 has the characteristic value value a2.

此外,在本操作例中,在解密元件110依序执行运算序列2的同时,解密元件110依序执行运算序列4中的第一伪乘法运算MT’与第一伪平方运算SQ’,以使得每一平方运算SQ与第一伪乘法运算MT’同时进行,并使每一乘法运算MT与第一伪平方运算SQ’同时进行。其中,在解密元件110进行第一伪平方运算SQ’时,解密装置100的相关讯号的对应波形具有特征值a1,且在解密元件110进行第一伪乘法运算MT’时,解密装置100的相关讯号的对应波形的具有特征值a2。In addition, in the present operation example, while the decryption element 110 sequentially executes the operation sequence 2, the decryption element 110 sequentially executes the first pseudo-multiplication operation MT' and the first pseudo-square operation SQ' in the operation sequence 4, so that the Each squaring operation SQ is performed simultaneously with the first pseudo-multiplication operation MT', and each multiplication operation MT is performed simultaneously with the first pseudo-square operation SQ'. Wherein, when the decryption element 110 performs the first pseudo-square operation SQ′, the corresponding waveform of the correlation signal of the decryption device 100 has the characteristic value a1, and when the decryption element 110 performs the first pseudo-multiplication operation MT′, the correlation signal of the decryption device 100 The corresponding waveform of the signal has the characteristic value a2.

如此一来,在解密操作中,即便攻击者量测解密装置100的相关讯号,攻击者仅能得到加总运算序列2与运算序列4的对应讯号的序列6,而难以从量测结果中辨识出RSA私钥。In this way, in the decryption operation, even if the attacker measures the relevant signals of the decryption device 100, the attacker can only obtain the sequence 6 of the corresponding signal of the summing operation sequence 2 and the operation sequence 4, and it is difficult to identify from the measurement results. Get the RSA private key.

再者,在本案的一些实施例中,在进行前述的乘法运算或前述的平方运算之前或之后,解密元件110更可根据加密资料N进行至少一第二伪平方运算或至少一第二伪乘法运算。其中,第二伪平方运算与第二伪乘法运算是无效运算,用以插入于原始运算序列(如图3中的运算序列2)之前、之中、或之后,以误导使用量测攻击的攻击者。Furthermore, in some embodiments of the present application, before or after performing the aforementioned multiplication operation or the aforementioned squaring operation, the decryption element 110 may further perform at least one second pseudo-square operation or at least one second pseudo-multiplication according to the encrypted data N. operation. Among them, the second pseudo-square operation and the second pseudo-multiplication operation are invalid operations, which are used to insert before, during, or after the original operation sequence (operation sequence 2 in FIG. 3 ) to mislead the attack using the measurement attack By.

在一实施例中,在进行两次第二伪乘法运算、进行两次乘法运算之间、或进行一次第二伪乘法运算与一次乘法运算之间,解密元件110至少进行一次平方运算或第二伪平方运算。如此一来,可避免因插入第二伪平方运算或第二伪乘法运算后的运算序列异常,而使攻击者得知额外信息。In one embodiment, the decryption element 110 performs at least one squaring operation or a second Pseudo-square operation. In this way, it is possible to prevent an attacker from learning additional information due to an abnormal operation sequence after inserting the second pseudo-square operation or the second pseudo-multiplication operation.

以下将搭配图4提供一操作例,在本操作例中,RSA私钥的数值为123,其二进位形式为2’b1111011。在解密操作中,解密元件110依序执行运算序列8中的平方运算SQ、乘法运算MT、第二伪平方运算SQ"及第二伪乘法运算MT"。其中,第二伪平方运算SQ"及第二伪乘法运算MT"的运算结果并不用以产生解密资料。如此一来,在解密操作中,即便攻击者量测解密装置100的相关讯号以得知解密装置100执行运算序列8中的运算,攻击者也无法据以辨识出RSA私钥。An operation example will be provided below in conjunction with Figure 4. In this operation example, the value of the RSA private key is 123, and its binary form is 2'b1111011. In the decryption operation, the decryption element 110 sequentially performs the square operation SQ, the multiplication operation MT, the second pseudo-square operation SQ" and the second pseudo-multiplication operation MT" in the operation sequence 8. The operation results of the second pseudo-square operation SQ" and the second pseudo-multiplication operation MT" are not used to generate decrypted data. In this way, during the decryption operation, even if the attacker measures the relevant signals of the decryption device 100 to know that the decryption device 100 performs the operations in the operation sequence 8, the attacker cannot identify the RSA private key accordingly.

参照图5,解密元件110可进行插入第二伪平方运算SQ"及第二伪乘法运算MT"的运算序列22。其中,在进行运算序列22的同时,解密元件110亦可进行运算序列24,以在进行运算序列22中平方运算SQ及第二伪平方运算SQ"中的至少一者的同时,进行相应的第一伪乘法运算MT',并在进行运算序列22中的乘法运算MT及第二伪乘法运算MT"中的至少一者的同时,进行相应的第一伪平方运算SQ'。如此一来,在解密操作中,攻击者即难以从量测到的运算序列26辨识出RSA私钥。5, the decryption element 110 may perform an operation sequence 22 inserting a second pseudo-square operation SQ" and a second pseudo-multiplication operation MT". Wherein, while performing the operation sequence 22, the decryption element 110 can also perform the operation sequence 24, so as to perform the corresponding first operation while performing at least one of the square operation SQ and the second pseudo-square operation SQ″ in the operation sequence 22. A pseudo-multiplication operation MT', and at least one of the multiplication operation MT and the second pseudo-multiplication operation MT" in the operation sequence 22 is performed, and a corresponding first pseudo-square operation SQ' is performed. As a result, it is difficult for an attacker to identify the RSA private key from the measured sequence of operations 26 during the decryption operation.

在本发明一实施例中,解密元件110可包括一解密电路(如图6的解密电路112),用以进行前述解密操作。如图6所示,解密电路112包括平方器SQC、乘法器MTC、多工器MUX及暂存器REG。平方器SQC的输入端及乘法器MTC的第一输入端电性连接暂存器REG的输出端以及加密资料N的来源端。乘法器MTC的第二输入端接收加密资料N。平方器SQC的输出端及乘法器MTC的输出端分别电性连接多工器MUX的第一及第二输入端。多工器MUX的控制端接收控制讯号CS,多工器MUX的输出端电性连接暂存器REG的输入端,其中控制讯号CS相应于RSA私钥。In an embodiment of the present invention, the decryption element 110 may include a decryption circuit (such as the decryption circuit 112 in FIG. 6 ) for performing the aforementioned decryption operation. As shown in FIG. 6 , the decryption circuit 112 includes a squarer SQC, a multiplier MTC, a multiplexer MUX and a temporary register REG. The input end of the squarer SQC and the first input end of the multiplier MTC are electrically connected to the output end of the register REG and the source end of the encrypted data N. The second input terminal of the multiplier MTC receives the encrypted data N. The output terminal of the squarer SQC and the output terminal of the multiplier MTC are respectively electrically connected to the first and second input terminals of the multiplexer MUX. The control terminal of the multiplexer MUX receives the control signal CS, and the output terminal of the multiplexer MUX is electrically connected to the input terminal of the register REG, wherein the control signal CS corresponds to the RSA private key.

平方器SQC对输入数值进行平方运算,以产生平方器输出,乘法器MTC对输入数值以及加密资料N进行乘法运算,以产生乘法器输出,其中输入数值可为加密资料N或为暂存器REG的输出。多工器MUX根据控制讯号CS输出平方器输出及乘法器输出中的一者,作为多工器输出。暂存器REG接收并暂存多工器输出,并输出至平方器SQC与乘法器MTC,作为新的输入数值。The squarer SQC performs a square operation on the input value to generate a squarer output, and the multiplier MTC performs a multiplication operation on the input value and the encrypted data N to generate a multiplier output, wherein the input value can be the encrypted data N or the register REG. Output. The multiplexer MUX outputs one of a squarer output and a multiplier output as a multiplexer output according to the control signal CS. The register REG receives and temporarily stores the multiplexer output, and outputs it to the squarer SQC and the multiplier MTC as a new input value.

在本实施例中,平方器SQC与乘法器MTC是同时进行平方运算以及乘法运算,以使攻击者无法藉由量测解密装置100的相关讯号,得知解密装置100于解密时所进行的操作及其对应的RSA私钥。In this embodiment, the squarer SQC and the multiplier MTC perform the square operation and the multiplication operation at the same time, so that the attacker cannot know the operation performed by the decryption device 100 during decryption by measuring the relevant signals of the decryption device 100 and its corresponding RSA private key.

举例而言,同时参照图3,在期间T1,平方器SQC与乘法器MTC的输入数值皆为N,故平方器SQC进行平方运算并输出N^2,且同时乘法器MTC进行乘法运算并输出N^2。多工器MUX根据控制讯号CS选择平方器输出做为第一多工器输出。暂存器REG暂存第一多工器输出,并在次一轮运算中,提供第一多工器输出至平方器SQC与乘法器MTC。For example, referring to FIG. 3 at the same time, in the period T1, the input values of the squarer SQC and the multiplier MTC are both N, so the squarer SQC performs a squaring operation and outputs N^2, and at the same time the multiplier MTC performs a multiplication operation and outputs N^2. The multiplexer MUX selects the squarer output as the first multiplexer output according to the control signal CS. The register REG temporarily stores the output of the first multiplexer, and provides the output of the first multiplexer to the squarer SQC and the multiplier MTC in the next round of operation.

在期间T2,平方器SQC与乘法器MTC的输入数值皆为N^2,故平方器SQC进行平方运算并输出N^4,且同时乘法器MTC进行乘法运算并输出N^3。多工器MUX根据控制讯号CS选择乘法器输出(即N^3)做为第二多工器输出。暂存器REG暂存第二多工器输出,并在次一轮运算中,提供第二多工器输出至平方器SQC与乘法器MTC。其余运算以此类推。During the period T2, the input values of the squarer SQC and the multiplier MTC are both N^2, so the squarer SQC performs a square operation and outputs N^4, and at the same time, the multiplier MTC performs a multiplication operation and outputs N^3. The multiplexer MUX selects the multiplier output (ie, N^3) as the second multiplexer output according to the control signal CS. The register REG temporarily stores the output of the second multiplexer, and provides the output of the second multiplexer to the squarer SQC and the multiplier MTC in the next round of operation. The rest of the operations are analogous.

藉由上述操作,即可使攻击者无法藉由量测解密装置100的相关讯号,得知解密装置100于解密时所进行的操作及其对应的RSA私钥。Through the above operations, the attacker cannot know the operations performed by the decryption device 100 during decryption and the corresponding RSA private key by measuring the relevant signals of the decryption device 100 .

在一实施例中,解密电路112更可包括控制器CTL(虚线),控制器CTL电性连接暂存器REG,用以控制暂存器REG是否提供新的多工器输出至平方器SQC与乘法器MTC。In one embodiment, the decryption circuit 112 may further include a controller CTL (dotted line), the controller CTL is electrically connected to the register REG to control whether the register REG provides a new multiplexer output to the squarer SQC and Multiplier MTC.

例如,在第一操作状态下,在暂存器REG接收到新的多工器输出时,控制器CTL可控制暂存器REG保存原始的多工器输出,并提供原始的多工器输出至平方器SQC与乘法器MTC。另外,在第二操作状态下,在暂存器REG接收到一新的多工器输出时,控制器CTL可控制暂存器REG暂存新的多工器输出,并提供新的多工器输出至平方器SQC与乘法器MTC。For example, in the first operating state, when the register REG receives a new multiplexer output, the controller CTL may control the register REG to save the original multiplexer output and provide the original multiplexer output to Squarer SQC and Multiplier MTC. In addition, in the second operating state, when the register REG receives a new multiplexer output, the controller CTL can control the register REG to temporarily store the new multiplexer output and provide a new multiplexer output Output to squarer SQC and multiplier MTC.

举例而言,同时参照图5,在期间Q1,平方器SQC与乘法器MTC的输入数值皆为N,故平方器SQC输出及乘法器MTC均输出N^2。多工器MUX根据控制讯号CS选择平方器输出为第一多工器输出。控制器CTL控制暂存器REG暂存第一多工器输出,并在次一轮运算中,提供第一多工器输出至平方器SQC与乘法器MTC。For example, referring to FIG. 5 at the same time, in the period Q1, the input values of the squarer SQC and the multiplier MTC are both N, so the output of the squarer SQC and the output of the multiplier MTC are both N^2. The multiplexer MUX selects the squarer output as the first multiplexer output according to the control signal CS. The controller CTL controls the register REG to temporarily store the output of the first multiplexer, and provides the output of the first multiplexer to the squarer SQC and the multiplier MTC in the next round of operation.

在期间Q2,平方器SQC与乘法器MTC的输入数值皆为N^2,故平方器SQC输出N^4,且同时乘法器MTC输出N^3。多工器MUX根据控制讯号CS选择乘法器输出做为第二多工器输出。控制器CTL控制暂存器REG保存第一多工器输出,并在次一轮运算中,提供第一多工器输出至平方器SQC与乘法器MTC。In the period Q2, the input values of the squarer SQC and the multiplier MTC are both N^2, so the squarer SQC outputs N^4, and the multiplier MTC outputs N^3 at the same time. The multiplexer MUX selects the multiplier output as the second multiplexer output according to the control signal CS. The controller CTL controls the register REG to store the output of the first multiplexer, and provides the output of the first multiplexer to the squarer SQC and the multiplier MTC in the next round of operation.

在期间Q3,平方器SQC与乘法器MTC的输入数值皆为N^2,平方器SQC输出N^4,乘法器MTC输出N^3。多工器MUX根据控制讯号CS选择平方器输出做为第三多工器输出。控制器CTL控制暂存器REG保存第一多工器输出,并在次一轮运算中,提供第一多工器输出至平方器SQC与乘法器MTC。In the period Q3, the input values of the squarer SQC and the multiplier MTC are both N^2, the squarer SQC outputs N^4, and the multiplier MTC outputs N^3. The multiplexer MUX selects the squarer output as the third multiplexer output according to the control signal CS. The controller CTL controls the register REG to store the output of the first multiplexer, and provides the output of the first multiplexer to the squarer SQC and the multiplier MTC in the next round of operation.

在期间Q4,平方器SQC与乘法器MTC的输入数值皆为N^2,故平方器SQC输出N^4,且同时乘法器MTC输出N^3。多工器MUX根据控制讯号CS选择乘法器输出(即N^3)做为第四多工器输出。控制器CTL控制暂存器REG暂存第四多工器输出,并在次一轮运算中,提供第四多工器输出至平方器SQC与乘法器MTC,做为新的输入数值。In the period Q4, the input values of the squarer SQC and the multiplier MTC are both N^2, so the squarer SQC outputs N^4, and the multiplier MTC outputs N^3 at the same time. The multiplexer MUX selects the multiplier output (ie, N^3) as the fourth multiplexer output according to the control signal CS. The controller CTL controls the register REG to temporarily store the output of the fourth multiplexer, and provides the output of the fourth multiplexer to the squarer SQC and the multiplier MTC as a new input value in the next round of operation.

藉由上述操作,即可使攻击者无法藉由量测解密装置100的相关讯号,得知解密装置100于解密时所进行的操作及其对应的RSA私钥。Through the above operations, the attacker cannot know the operations performed by the decryption device 100 during decryption and the corresponding RSA private key by measuring the relevant signals of the decryption device 100 .

图7为根据本发明一实施例的解密电路114的示意图。在本实施例中,解密电路114包括乘法器MTC、多工器MUX、暂存器REG及控制器CTL。多工器MUX的第一输入端电性连接暂存器REG的输出端以及加密资料N的来源端,多工器MUX的第二输入端接收加密资料N,多工器MUX的控制端接收控制讯号CS,多工器MUX的输出端电性连接乘法器MTC的第一输入端。乘法器MTC的第二输入端电性连接暂存器REG的输出端以及加密资料N的来源端,乘法器MTC的输出端电性连接暂存器REG。控制器CTL电性连接暂存器REG。FIG. 7 is a schematic diagram of the decryption circuit 114 according to an embodiment of the present invention. In this embodiment, the decryption circuit 114 includes a multiplier MTC, a multiplexer MUX, a temporary register REG, and a controller CTL. The first input end of the multiplexer MUX is electrically connected to the output end of the register REG and the source end of the encrypted data N, the second input end of the multiplexer MUX receives the encrypted data N, and the control end of the multiplexer MUX receives the control For the signal CS, the output terminal of the multiplexer MUX is electrically connected to the first input terminal of the multiplier MTC. The second input terminal of the multiplier MTC is electrically connected to the output terminal of the register REG and the source terminal of the encrypted data N, and the output terminal of the multiplier MTC is electrically connected to the register REG. The controller CTL is electrically connected to the register REG.

多工器MUX用以根据RSA私钥(如控制讯号CS)输出接收到的输入数值或加密资料N。其中输入数值可为加密资料N或为暂存器REG的输出。乘法器MTC用以对输入数值以及多工器输出进行乘法运算,以产生乘法器输出。暂存器REG用以接收并暂存乘法器输出,并提供乘法器输出至多工器MUX与乘法器MTC,作为一新的输入数值。控制器CTL用以控制暂存器REG是否提供新的乘法器输出至多工器MUX与乘法器MTC,其中,控制器CTL的功能可例如为图6所是的控制器CTL。The multiplexer MUX is used for outputting the received input value or encrypted data N according to the RSA private key (eg, the control signal CS). The input value can be the encrypted data N or the output of the register REG. The multiplier MTC is used to multiply the input value and the multiplexer output to generate the multiplier output. The register REG is used to receive and temporarily store the multiplier output, and provide the multiplier output to the multiplexer MUX and the multiplier MTC as a new input value. The controller CTL is used to control whether the register REG provides a new multiplier output to the multiplexer MUX and the multiplier MTC, wherein the function of the controller CTL can be, for example, the controller CTL shown in FIG. 6 .

举例而言,同时参照图4,在期间P1,多工器MUX与乘法器MTC的输入数值皆为N。多工器MUX根据控制讯号CS选择输入数值做为多工器输出。乘法器MTC输出N^2作为第一乘法器输出。控制器CTL控制暂存器REG保持原始数值(例如为空数值(NULL)),并在次一轮运算(如期间P2)中提供原始数值至多工器MUX与乘法器MTC。For example, referring to FIG. 4 at the same time, in the period P1, the input values of the multiplexer MUX and the multiplier MTC are both N. The multiplexer MUX selects the input value as the multiplexer output according to the control signal CS. The multiplier MTC outputs N^2 as the first multiplier output. The controller CTL controls the register REG to keep the original value (eg, NULL), and provides the original value to the multiplexer MUX and the multiplier MTC in the next round of operation (eg, period P2 ).

在期间P2,多工器MUX与乘法器MTC的输入数值皆仍为N。多工器MUX根据控制讯号CS选择加密资料N做为多工器输出。乘法器MTC输出N^2作为第二乘法器输出。控制器CTL控制暂存器REG保持原始数值,并在次一轮运算中提供原始数值至多工器MUX与乘法器MTC。During the period P2, the input values of the multiplexer MUX and the multiplier MTC are both still N. The multiplexer MUX selects the encrypted data N as the multiplexer output according to the control signal CS. The multiplier MTC outputs N^2 as the second multiplier output. The controller CTL controls the register REG to keep the original value, and provides the original value to the multiplexer MUX and the multiplier MTC in the next round of operation.

期间P3与期间P1中的操作相仿,在此不赘述。The operations in the period P3 are similar to those in the period P1, and are not repeated here.

在期间P4中,多工器MUX与乘法器MTC的输入数值皆仍为N。多工器MUX根据控制讯号CS选择输入数值做为多工器输出。乘法器MTC输出N^2作为第四乘法器输出。控制器CTL控制暂存器REG暂存第四乘法器输出,并在次一轮运算中提供第四乘法器输出至多工器MUX与乘法器MTC。其余步骤以此类推。In the period P4, the input values of the multiplexer MUX and the multiplier MTC are both still N. The multiplexer MUX selects the input value as the multiplexer output according to the control signal CS. The multiplier MTC outputs N^2 as the fourth multiplier output. The controller CTL controls the register REG to temporarily store the output of the fourth multiplier, and provides the output of the fourth multiplier to the multiplexer MUX and the multiplier MTC in the next round of operation. The rest of the steps are analogous.

藉由上述操作,即可使攻击者无法藉由量测解密装置100的相关讯号,得知解密装置100于解密时所进行的操作及其对应的RSA私钥。Through the above operations, the attacker cannot know the operations performed by the decryption device 100 during decryption and the corresponding RSA private key by measuring the relevant signals of the decryption device 100 .

虽然本发明已以实施例揭露如上,然其并非用以限定本发明,任何熟习此技艺者,在不脱离本发明的精神和范围内,当可作各种的更动与润饰,因此本发明的保护范围当视后附的申请专利范围所界定者为准。Although the present invention has been disclosed by the above embodiments, it is not intended to limit the present invention. Anyone skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of protection shall be determined by the scope of the appended patent application.

Claims (10)

1.一种解密方法,包括:1. A decryption method, comprising: 接收一加密资料,其中该加密资料是经一RSA公钥加密;以及receiving an encrypted data, wherein the encrypted data is encrypted with an RSA public key; and 根据一RSA私钥与该加密资料进行至少一乘法运算以及至少一平方运算,以获得一解密资料;Perform at least one multiplication operation and at least one square operation on the encrypted data according to an RSA private key to obtain a decrypted data; 其中在进行该至少一乘法运算的一者的同时,根据该加密资料进行一第一伪平方运算以改变该乘法运算对应波形的特征值,或在进行该至少一平方运算的一者的同时,根据该加密资料进行一第一伪乘法运算以改变该平方运算对应波形的特征值。Wherein, while performing one of the at least one multiplication operation, a first pseudo-square operation is performed according to the encrypted data to change the characteristic value of the waveform corresponding to the multiplication operation, or while performing one of the at least one square operation, A first pseudo-multiplication operation is performed according to the encrypted data to change the characteristic value of the waveform corresponding to the square operation. 2.根据权利要求1所述的解密方法,其中进行该第一伪平方运算的运算结果或进行该第一伪乘法运算的运算结果不用以产生该解密资料。2 . The decryption method according to claim 1 , wherein the operation result of performing the first pseudo-square operation or the operation result of performing the first pseudo-multiplication operation is not used to generate the decrypted data. 3 . 3.根据权利要求1所述的解密方法,更包括:3. The decryption method according to claim 1, further comprising: 在进行该至少一乘法运算的一者或该至少一平方运算的一者之前或之后,根据该加密资料进行一第二伪平方运算或一第二伪乘法运算。Before or after performing one of the at least one multiplication operation or one of the at least one squaring operation, a second pseudo-squaring operation or a second pseudo-multiplication operation is performed according to the encrypted data. 4.根据权利要求3所述的解密方法,其中在进行两次该第二伪乘法运算、两次该乘法运算之间、或一次该第二伪乘法运算与一次该乘法运算之间,进行该平方运算或该第二伪平方运算。4. The decryption method according to claim 3 , wherein the second pseudo-multiplication operation is performed twice, between the multiplication operations twice, or between the second pseudo-multiplication operation and the multiplication operation once. The squaring operation or the second pseudo-squaring operation. 5.一种解密装置,包括:5. A decryption device, comprising: 一通讯模块;以及a communication module; and 一解密元件,用以:A decryption element to: 透过该通讯模块,接收一加密资料,其中该加密资料是经一RSA公钥加密;以及receiving, through the communication module, encrypted data, wherein the encrypted data is encrypted with an RSA public key; and 根据一RSA私钥与该加密资料进行至少一乘法运算以及至少一平方运算,以获得一解密资料;Perform at least one multiplication operation and at least one square operation on the encrypted data according to an RSA private key to obtain a decrypted data; 其中在进行该至少一乘法运算的一者的同时,根据该加密资料进行一第一伪平方运算以改变该乘法运算对应波形的特征值,或在进行该至少一平方运算的一者的同时,根据该加密资料进行一第一伪乘法运算以改变该平方运算对应波形的特征值。Wherein, while performing one of the at least one multiplication operation, a first pseudo-square operation is performed according to the encrypted data to change the characteristic value of the waveform corresponding to the multiplication operation, or while performing one of the at least one square operation, A first pseudo-multiplication operation is performed according to the encrypted data to change the characteristic value of the waveform corresponding to the square operation. 6.根据权利要求5所述的解密装置,其中该平方运算所进行的次数相应于该RSA私钥的一二进位位元长度。6. The decryption apparatus of claim 5, wherein the number of times the square operation is performed corresponds to a length of one binary bit of the RSA private key. 7.根据权利要求6所述的解密装置,其中该第一伪乘法运算所进行的次数相同于或小于进行该平方运算的次数。7. The decryption apparatus of claim 6, wherein the number of times the first pseudo-multiplication operation is performed is the same as or less than the number of times the square operation is performed. 8.根据权利要求5所述的解密装置,其中该第一伪平方运算所进行的次数相同于或小于进行该乘法运算的次数。8. The decryption apparatus of claim 5, wherein the number of times the first pseudo-square operation is performed is the same as or less than the number of times the multiplication operation is performed. 9.一种解密电路,包括:9. A decryption circuit, comprising: 一平方器,用以接收一输入数值,并对该输入数值进行一平方运算,以产生一平方器输出;a squarer for receiving an input value and performing a square operation on the input value to generate a squarer output; 一乘法器,用以接收该输入数值以及一加密资料,并对该输入数值以及该加密资料进行一乘法运算,以产生一乘法器输出;a multiplier for receiving the input value and an encrypted data, and performing a multiplication operation on the input value and the encrypted data to generate a multiplier output; 一多工器,用以接收该平方器输出以及该乘法器输出,并用以根据一RSA私钥输出该平方器输出及该乘法器输出中的一者,作为一多工器输出;以及a multiplexer for receiving the squarer output and the multiplier output and for outputting one of the squarer output and the multiplier output as a multiplexer output according to an RSA private key; and 一暂存器,用以暂存该多工器输出,并提供该多工器输出至该平方器与该乘法器,作为一新的输入数值;a register for temporarily storing the multiplexer output and providing the multiplexer output to the squarer and the multiplier as a new input value; 其中该平方运算与该乘法运算是同时进行以改变该平方器输出及该乘法器输出中的该一者对应波形的特征值。The squaring operation and the multiplication operation are performed simultaneously to change the characteristic value of the waveform corresponding to the one of the output of the squarer and the output of the multiplier. 10.根据权利要求9所述的解密电路,更包括:10. The decryption circuit according to claim 9, further comprising: 一控制器,其中在一第一操作状态下,在该暂存器接收到一新的多工器输出时,该控制器控制该暂存器保存该多工器输出,并提供该多工器输出至该平方器与该乘法器;并在一第二操作状态下,在该暂存器接收到该新的多工器输出时,该控制器控制该暂存器暂存该新的多工器输出,并提供该新的多工器输出至该平方器与该乘法器。a controller, wherein in a first operating state, when the register receives a new multiplexer output, the controller controls the register to save the multiplexer output and provides the multiplexer output to the squarer and the multiplier; and in a second operating state, when the register receives the new multiplexer output, the controller controls the register to temporarily store the new multiplexer and provide the new multiplexer output to the squarer and the multiplier.
CN201510657731.8A 2015-10-12 2015-10-12 Decryption device, method and circuit Active CN106571916B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510657731.8A CN106571916B (en) 2015-10-12 2015-10-12 Decryption device, method and circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510657731.8A CN106571916B (en) 2015-10-12 2015-10-12 Decryption device, method and circuit

Publications (2)

Publication Number Publication Date
CN106571916A CN106571916A (en) 2017-04-19
CN106571916B true CN106571916B (en) 2020-06-30

Family

ID=58508558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510657731.8A Active CN106571916B (en) 2015-10-12 2015-10-12 Decryption device, method and circuit

Country Status (1)

Country Link
CN (1) CN106571916B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1835207A (en) * 2005-03-17 2006-09-20 联想(北京)有限公司 Method of preventing energy analysis attack to RSA algorithm
CN103259647A (en) * 2012-03-31 2013-08-21 成都信息工程学院 Encryption system side channel attack test method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009532973A (en) * 2006-04-06 2009-09-10 エヌエックスピー ビー ヴィ Secure decryption method
JP2010139544A (en) * 2008-12-09 2010-06-24 Renesas Electronics Corp Apparatus and method for calculating remainder
FR2972064B1 (en) * 2011-02-25 2013-03-15 Inside Secure CRYPTOGRAPHY METHOD COMPRISING AN EXPONENTIATION OPERATION
EP2523096A1 (en) * 2011-05-11 2012-11-14 Thomson Licensing Modular exponentiation and device resistant against side-channel attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1835207A (en) * 2005-03-17 2006-09-20 联想(北京)有限公司 Method of preventing energy analysis attack to RSA algorithm
CN103259647A (en) * 2012-03-31 2013-08-21 成都信息工程学院 Encryption system side channel attack test method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《智能卡RSA算法DPA的攻击与防御》;靳济方等;《电信科学》;20080715;第80页右栏倒数第一段,81页左栏1-3段,81页右栏第1段 *
靳济方等.《智能卡RSA算法DPA的攻击与防御》.《电信科学》.2008,79-81. *

Also Published As

Publication number Publication date
CN106571916A (en) 2017-04-19

Similar Documents

Publication Publication Date Title
CN106416124B (en) Semidefiniteness digital signature generates
CN106664204B (en) Differential power analysis strategy
TWI488477B (en) Method and system for electronically securing an electronic device using physically unclonable functions
Genkin et al. Physical key extraction attacks on PCs
US9645794B2 (en) Homogeneous atomic pattern for double, add, and subtract operations for digital authentication using elliptic curve cryptography
JP6110577B1 (en) Elliptic curve point multiplication procedure to resist side channel information leakage
US20160352509A1 (en) Method and system for constant time cryptography using a co-processor
WO2017053014A1 (en) Data protection keys
US11101981B2 (en) Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
Yang et al. Implementation of encryption algorithm and wireless image transmission system on FPGA
Raso et al. Implementation of elliptic curve diffie hellman in ultra-low power microcontroller
WO2018213875A1 (en) Asymmetric cryptography and authentication
CN104639310A (en) Method for detecting capacity of SHA-1 algorithm for resisting attack of differential fault
US20250233732A1 (en) A method for protecting modular exponential algorithms against deep-learning side-channel attack (dl-sca)
TWI575924B (en) Decryption device, method and circuit
US10057063B2 (en) Decryption device, method, and circuit
CN106571916B (en) Decryption device, method and circuit
CN106571922B (en) Decryption device, method and circuit
WO2024086243A1 (en) Protection of polynomial cryptographic operations against side-channel attacks with change-of-variable transformations
Rathnala et al. A practical approach to differential power analysis using PIC micrcontroller based embedded system
EP4485244A1 (en) Method for protecting against software-based side channel attacks an electronic system comprising a secure processor and an integrated sensor
Chmielowiec et al. Energy efficient ECC authenticated key exchange protocol for wireless sensor networks with star topology, Journal of Telecommunications and Information Technology, 2024, nr 1
JP6516610B2 (en) Memory device, host device, and memory system
JP6473874B2 (en) Memory device, host device, and memory system
Lalonde Private and public-key side-channel threats against hardware accelerated cryptosystems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant