What technology area does this patent fall under?

Primary CPC classification G09C1/00. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jan 22 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Protection of a rijndael algorithm

US10187198B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10187198-B2
Application number	US-201615046114-A
Country	US
Kind code	B2
Filing date	Feb 17, 2016
Priority date	Sep 2, 2015
Publication date	Jan 22, 2019
Grant date	Jan 22, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method of protecting a Rijndael-type algorithm executed by an electronic circuit against side channel attacks, wherein: each block of data to be encrypted or decrypted is masked with a first mask before applying a non-linear block substitution operation from a first substitution box, and is then unmasked by a second mask after the substitution; the substitution box is recalculated, block by block, before applying the non-linear operation, the processing order of the blocks of the substitution box being submitted to a random permutation; and the recalculation of the substitution box uses the second mask as well as third and fourth masks, the sum of the third and fourth masks being equal to the first mask.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method, comprising: protecting an electronic circuit against side channel attacks during processing of data by the electronic circuit, by: masking, by the electronic circuit, each block of data to be processed with a first mask; applying, by the electronic circuit, a non-linear block substitution operation based on a first substitution box to the masked data; and unmasking, by the electronic circuit, a result of the application of the non-linear block substitution operation with a second mask, wherein, before applying the non-linear substitution operation, the first substitution box is recalculated, block by block, with an order of processing of blocks of the first substitution box is-randomly permutated, and the recalculation of the first substitution box uses the second mask as well as third and fourth masks, with a combination of the third and fourth masks being equal to the first mask. 2. The method of claim 1 , comprising: successively for each block in the first substitution box: submitting a rank of a current block to said permutation and combining a result of the permutation of the rank of the current block with the third mask; and replacing the current block of a second box with a combination of the second mask with a block of the first box identified by the result of the permutation of the rank of the current block; and successively for each block in the second substitution box: submitting a rank of a current block to said permutation and combining a result of the permutation of the rank of the current block with the fourth mask; and replacing the current block of the first substitution box with a block of the second box identified by the result of the permutation of the rank of the current block. 3. The method of claim 2 , wherein the first box is the recalculated substitution box. 4. The method of claim 1 , comprising: successively for each block in the first box: in a first step, applying the permutation to a rank of a current block, combining a result of the permutation of the rank of the current block with the first mask, and storing a result of the combination in a first variable; in a second step, storing in a second variable a result of a combination of the second mask with a block of the first box having a rank of the result of the permutation applied to the rank of the current block; and storing the second variable in a block of a second box having a rank of the first variable; and successively for each block in the second box: in a third step, applying the permutation to a rank of a current block, combining a result of the permutation of the rank of the current block with the second mask, and storing a result of the combination in the first variable; in a fourth step, storing in the second variable the block of the second box having a rank of the result of the permutation applied to the rank of the current block; and storing the second variable in a block of the first box having a rank of the first variable. 5. The method of claim 1 , comprising: copying the blocks of the first box into a second box; successively for each block in the second box: submitting a rank of a current block to said permutation and combining a result of the permutation of the rank with the third mask; and replacing the current block of the first box with a combination of the second mask and a block of the second box identified by the result of the permutation of the rank; and successively for each block in the first box: submitting a rank of a current block to said permutation and combining a result of the permutation of the rank with the fourth mask; and replacing the current block of the second box with a block of the first box having a rank of the result of the permutation of the rank of the current block. 6. The method of claim 5 wherein the second box is the recalculated substitution box. 7. The method of claim 1 , comprising: copying the blocks of the first box into a second box; successively for each block in the second box: in a first step, applying the permutation to a rank of a current block, combining a result of the permutation of the rank with the first mask, and storing the combination in a first variable; in a second step, storing in a second variable a result of a combination of the second mask with a block of the second box having a rank of the result of the permutation of the rank of the current block; and storing the second variable in a block of the first box having a rank of the first variable; and successively for each block in the first box: in a third step, applying the permutation to a rank of a current block, combining a result of the permutation of the rank with the second mask, and storing the combination in the first variable; in a fourth step, storing in the second variable a block of the first box having a rank of the result of the permutation of the current rank; and storing the second variable in a block of the second box having a rank of the first variable. 8. The method of claim 1 wherein the masks are random numbers. 9. The method of claim 1 wherein the masks have a same size as a block. 10. The method of claim 1 wherein the combinations are of XOR type. 11. The method of claim 1 wherein the processing comprises applying an Advanced Encryption Standard (AES) algorithm. 12. The method of claim 1 wherein the processing comprises applying a Rijndael-type algorithm to the data. 13. An apparatus, comprising: one or more registers; and circuitry coupled to the one or more registers, the circuitry, in operation, protecting the apparatus against side channel attacks during processing of data by the apparatus, by: masking each block of data to be processed with a first mask; applying a non-linear block substitution operation based on a first substitution box to the masked data; and unmasking a result of the application of the non-linear block substitution operation with a second mask, wherein, before applying the non-linear substitution operation, the first substitution box is recalculated, block by block, with an order of processing of blocks of the substitution box is-randomly permutated, and the recalculation of the first substitution box uses the second mask as well as third and fourth masks, with a combination of the third and fourth masks being equal to the first mask. 14. The apparatus of claim 13 wherein the protecting the apparatus against side channel attacks includes: successively for each block in the first substitution box: submitting a rank of a current block to said permutation and combining a result of the permutation of the rank of the current block with the third mask; and replacing the current block of a second box with a combination of the second mask with a block of the first box identified by the result of the permutation of the rank of the current block; and successively for each block in the second substitution box: submitting the rank of a current block to said permutation and combining a result of the permutation of the rank of the current block with the fourth mask; and replacing the current block of the first box with a block of the second box identified by a result of the permutation of the rank of the current block. 15. The apparatus of claim 14 wherein the recalculated substitution box is the first box. 16. The apparatus of claim 13 wherein the protecting the apparatus from side channel attacks includes: successively for each block in the first box: applying the permutation to a rank of a current block, combining a result of th

Assignees

St Microelectronics Rousset

Inventors

Bruneau Nicolas

Classifications

G09C1/00Primary
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
H04L9/005Primary
for timing attacks · CPC title
H04L9/003
for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA] · CPC title
H04L9/0631Primary
Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms · CPC title
H04L2209/046
of operations, operands or results of the operations · CPC title

Patent family

Related publications grouped by family.

View patent family 55135271

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10187198B2 cover?: A method of protecting a Rijndael-type algorithm executed by an electronic circuit against side channel attacks, wherein: each block of data to be encrypted or decrypted is masked with a first mask before applying a non-linear block substitution operation from a first substitution box, and is then unmasked by a second mask after the substitution; the substitution box is recalculated, block by b…
Who is the assignee on this patent?: St Microelectronics Rousset
What technology area does this patent fall under?: Primary CPC classification G09C1/00. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jan 22 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).