Apparatus and method for ciphertext comparison capable of preventing side channel attack

The invention claimed is: 1 . A ciphertext comparison method performed by a processor in a computing apparatus, the method comprising: segmenting a first ciphertext and a second ciphertext into m part bitstreams (in this instance, m is a natural number satisfying 1<m), respectively; extracting a value corresponding to a j−1 th part bitstream (in this instance, j=i+1, i is a natural number satisfying 0≤i≤m−1) of the first ciphertext and a j−1 th part bitstream of the second ciphertext, as a j th intermediate value between a first value and a second value in a first lookup table including the first value and the second value of which Hamming weights are identical; extracting a value corresponding to the j th intermediate value and a j−1 th result value, as a j th result value between a third value and a fourth value in a second lookup table including the third value and the fourth value of which Hamming weights are identical; and in a case of j≠m, repeatedly performing extraction as the j th intermediate value and extraction as the j th result value by increasing J; and in a case of j=m, outputting an m th result value as a result value of comparison between the first ciphertext and the second ciphertext. 2 . The method of claim 1 , wherein the segmenting comprises segmenting, based on a predetermined segmentation unit, the first ciphertext and the second ciphertext into m part bitstreams, respectively. 3 . The method of claim 1 , wherein the extracting as the j th intermediate value comprises extracting a value of which an index is identical to a bitstream obtained by concatenating the j−1 th part bitstream of the first ciphertext and the j−1 th part bitstream of the second ciphertext, as the j th intermediate value between the first value and the second value in the first lookup table, and wherein the extracting as the j th result value comprises extracting a value of which an index is identical to a value obtained by concatenating the j th intermediate value and the j−1 th result value, as the j th result value between the third value and the fourth value in the second lookup table. 4 . The method of claim 1 , wherein the first value and the second value are predetermined values indicating whether the j−1 th part bitstream of the first ciphertext and the j−1 th part bitstream of the second ciphertext are identical, and wherein the third value and the fourth value are predetermined values indicating whether the first ciphertext and the second ciphertext are identical. 5 . The method of claim 1 , wherein the j th intermediate value satisfies Equation 2 below, t ⁢ m ⁢ p j = T 1 [ C j - 1 ⁢  C j - 1 ′ ] = { A 1 , if C j - 1 = C j - 1 ′ A 2 , if C j - 1 ≠ C j - 1 ′ [ Equation ⁢ 2 ] (in this instance, C j−1 denotes the j−1 th part bitstream of the first ciphertext that satisfies C j−1 ∈[0,2 n ), C′ j−1 denotes the j−1 th part bitstream of the second ciphertext that satisfies C′ j−1 ∈[0,2 n ), n denotes a predetermined segmentation unit, A 1 denotes the first value, A 2 denotes the second value, and T 1 [C j−1 ||C′ j−1 ] denotes a value of which an index is C j−1 ||C′ j−1 in the first lookup table). 6 . The method of claim 5 , wherein the j th result value satisfies Equation 3 or Equation 4 below, r j =