Method and system for protecting cryptographic operations against side-channel attacks
US-2024187206-A1 · Jun 6, 2024 · US
Exponent splitting for cryptographic operations
US11032060B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11032060-B2 |
| Application number | US-201916534719-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 7, 2019 |
| Priority date | Oct 3, 2014 |
| Publication date | Jun 8, 2021 |
| Grant date | Jun 8, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving a first share value and a second share value, wherein a combination of the first share value and the second share value corresponds to a value associated with a cryptographic operation; updating a first value of a first register by performing a first operation with the first and second share values as inputs to the first operation; updating a second value of a second register by performing a second operation with the second share value as an input to the second operation; selecting, by a processing device, one of the first value of the first register or the second value of the second register based on a particular bit of the second share value; and performing the cryptographic operation with the selected one of the first value of the first register or the second value of the second register. 2. The method of claim 1 , wherein the particular bit corresponds to a least significant bit of the second share value. 3. The method of claim 1 , wherein the particular bit corresponds to a most significant bit of the second share value. 4. The method of claim 1 , wherein the cryptographic operation corresponds to a generation of a signature. 5. The method of claim 1 , wherein the value associated with the cryptographic operation corresponds to an exponent value used in the cryptographic operation. 6. The method of claim 1 , wherein the first operation and the second operation are each associated with power consumption to reduce susceptibility to a Differential Power Analysis (DPA) attack. 7. The method of claim 1 , wherein the first value of the first register is selected to be used in the cryptographic operation responsive to the particular bit value of the second share value being at a first value and the second value of the second register is selected to be used in the cryptographic operation responsive to the particular bit value of the second share value being at a second value that is different than the first value. 8. A system comprising: a memory; and a processing device, operatively coupled with the memory, to: receive a first share value and a second share value, wherein a combination of the first share value and the second share value corresponds to a value associated with a cryptographic operation; update a first value of a first register by performing a first operation with the first and second share values as inputs to the first operation; update a second value of a second register by performing a second operation with the second share value as an input to the second operation; select one of the first value of the first register or the second value of the second register based on a particular bit of the second share value; and perform the cryptographic operation with the selected one of the first value of the first register or the second value of the second register. 9. The system of claim 8 , wherein the particular bit corresponds to a least significant bit of the second share value. 10. The system of claim 8 , wherein the particular bit corresponds to a most significant bit of the second share value. 11. The system of claim 8 , wherein the cryptographic operation corresponds to a generation of a signature. 12. The system of claim 8 , wherein the value associated with the cryptographic operation corresponds to an exponent value used in the cryptographic operation. 13. The system of claim 8 , wherein the first operation and the second operation are each associated with power consumption to reduce susceptibility to a Differential Power Analysis (DPA) attack. 14. The system of claim 8 , wherein the first value of the first register is selected to be used in the cryptographic operation responsive to the particular bit value of the second share value being at a first value and the second value of the second register is selected to be used in the cryptographic operation responsive to the particular bit value of the second share value being at a second value that is different than the first value. 15. A non-transitory computer readable medium comprising instructions, which when executed by a processing device, cause the processing device to perform operations comprising: receiving a first share value and a second share value, wherein a combination of the first share value and the second share value corresponds to a value associated with a cryptographic operation; updating a first value of a first register by performing a first operation with the first and second share values as inputs to the first operation; updating a second value of a second register by performing a second operation with the second share value as an input to the second operation; selecting one of the first value of the first register or the second value of the second register based on a particular bit of the second share value; and performing the cryptographic operation with the selected one of the first value of the first register or the second value of the second register. 16. The non-transitory computer readable medium of claim 15 , wherein the particular bit corresponds to a least significant bit of the second share value. 17. The non-transitory computer readable medium of claim 15 , wherein the particular bit corresponds to a most significant bit of the second share value. 18. The non-transitory computer readable medium of claim 15 , wherein the cryptographic operation corresponds to a generation of a signature. 19. The non-transitory computer readable medium of claim 15 , wherein the first value of the first register is selected to be used in the cryptographic operation responsive to the particular bit value of the second share value being at a first value and the second value of the second register is selected to be used in the cryptographic operation responsive to the particular bit value of the second share value being at a second value that is different than the first value. 20. The non-transitory computer readable medium of claim 15 , wherein the value associated with the cryptographic operation corresponds to an exponent value used in the cryptographic operation.
Assignees
Inventors
Classifications
Exponent masking, i.e. key masking, e.g. A**(e+r) mod n; (k+r).P · CPC title
- H04L9/003Primary
for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA] · CPC title
with measures against power attack · CPC title
Modular exponentiation (G06F7/724, G06F7/727, G06F7/728 take precedence) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11032060B2 cover?
- A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of…
- Who is the assignee on this patent?
- Cryptography Res Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/003. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 08 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).