Method and system for protecting cryptographic operations against side-channel attacks
US-2024187206-A1 · Jun 6, 2024 · US
Exponent splitting for cryptographic operations
US11658799B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11658799-B2 |
| Application number | US-202117339689-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 4, 2021 |
| Priority date | Oct 3, 2014 |
| Publication date | May 23, 2023 |
| Grant date | May 23, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving an indication of an exponent value for a cryptographic operation that uses an exponentiation method to encode plaintext based on the exponent value; splitting the exponent value into a first share value and a second share value, wherein a result of a logical or arithmetic operation of the first share value and the second share value is equal to the exponent value; updating a first value of a first register based on a first equation with the first and second share values as inputs to the first equation; updating a second value of a second register based on a second equation with the second share value as an input to the second equation, wherein one of the first equation and the second equation includes additional calculations such that power consumption to update the first register and power consumption to update the second register prevents retrieval of the exponent value from a Differential Power Analysis (DPA) attack; and performing at least a portion of the cryptographic operation with a selected one of the first value of the first register or the second value of the second register. 2. The method of claim 1 , further comprising selecting one of the first value of the first register or the second value of the second register based on a particular bit of the second share value. 3. The method of claim 1 , further comprising selecting one of the first value of the first register or the second value of the second register based on a least significant bit of the second share value. 4. The method of claim 1 , further comprising selecting one of the first value of the first register or the second value of the second register based on a most significant bit of the second share value. 5. The method of claim 1 , wherein the logical or arithmetic operation is an XOR operation. 6. The method of claim 1 , wherein the logical or arithmetic operation is an addition operation. 7. The method of claim 1 , wherein the cryptographic operation comprises generating a signature for a message. 8. The method of claim 1 , wherein the exponentiation method is a group exponentiation method in which the cryptographic operation uses the exponent value in a group exponentiation to generate a signature. 9. The method of claim 8 , wherein the group exponentiation is a modular exponentiation. 10. The method of claim 8 , wherein the group exponentiation is based on elliptic curve arithmetic. 11. A system comprising: a memory; and a processing device, operatively coupled with the memory, to: receive an indication of an exponent value for a cryptographic operation that uses an exponentiation method to encode plaintext based on the exponent value; split the exponent value into a first share value and a second share value, wherein a result of a logical or arithmetic operation of the first share value and the second share value is equal to the exponent value; update a first value of a first register based on a first equation with the first and second share values as inputs to the first equation; update a second value of a second register based on a second equation with the second share value as an input to the second equation, wherein one of the first equation and the second equation includes additional calculations such that power consumption to update the first register and power consumption to update the second register prevents retrieval of the exponent value from a Differential Power Analysis (DPA) attack; and perform at least a portion of the cryptographic operation with a selected one of the first value of the first register or the second value of the second register. 12. The system of claim 11 , wherein the processing device is further to select one of the first value of the first register or the second value of the second register based on a particular bit of the second share value. 13. The system of claim 11 , wherein the processing device is further to select one of the first value of the first register or the second value of the second register based on a least significant bit of the second share value. 14. The system of claim 11 , wherein the processing device is further to select one of the first value of the first register or the second value of the second register based on a most significant bit of the second share value. 15. The system of claim 11 , wherein the logical or arithmetic operation is an XOR operation. 16. The system of claim 11 , wherein the exponentiation method is a group exponentiation method in which the cryptographic operation uses the exponent value in a group exponentiation to generate a signature. 17. The system of claim 16 , wherein the group exponentiation is a modular exponentiation. 18. The system of claim 16 , wherein the group exponentiation is based on elliptic curve arithmetic. 19. A non-transitory computer readable medium comprising instructions, which when executed by a processing device, cause the processing device to perform operations comprising: receiving an indication of an exponent value for a cryptographic operation that uses an exponentiation method to encode plaintext based on the exponent value; splitting the exponent value into a first share value and a second share value, wherein a result of a logical or arithmetic operation of the first share value and the second share value is equal to the exponent value; updating a first value of a first register based on a first equation with the first and second share values as inputs to the first equation; updating a second value of a second register based on a second equation with the second share value as an input to the second equation, wherein one of the first equation and the second equation includes additional calculations such that power consumption to update the first register and power consumption to update the second register prevents retrieval of the exponent value from a Differential Power Analysis (DPA) attack; and performing at least a portion of the cryptographic operation with a selected one of the first value of the first register or the second value of the second register. 20. The non-transitory computer readable medium of claim 19 , wherein the processing device is further to select one of the first value of the first register or the second value of the second register based on a particular bit of the second share value, wherein the logical or arithmetic operation is an XOR operation.
Assignees
Inventors
Classifications
with measures against power attack · CPC title
Modular exponentiation (G06F7/724, G06F7/727, G06F7/728 take precedence) · CPC title
- H04L9/003Primary
for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA] · CPC title
Exponent masking, i.e. key masking, e.g. A**(e+r) mod n; (k+r).P · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11658799B2 cover?
- A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of…
- Who is the assignee on this patent?
- Cryptography Res Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/003. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 23 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).