patent and technology licensing
differential power analysis
A patent license from Cryptography Research is required to make, use, or sell DPA-resistant smart cards or other products. Flexible licensing options are available, including no-cost licenses for academic research. To learn more about patent and technology licensing or to incorporate DPA into a product, please contact Cryptography Research at dpa@cryptography.com.
tamper resistance & dpa patents
Cryptography Research's DPA intellectual property portfolio includes a broad range of issued and pending patents in the U.S. and internationally, including:
DES and Other Cryptographic Processes with Leak Minimization for Smartcards and Other Cryptosystems
Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P {K1} XOR K2P {K2} equals the "standard" DES key K, and M1P {M1} XOR M2P {M2} equals the "standard" message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.
Secure Modular Exponentiation for Leak Minimization in Smartcards and Other Cryptosystems
Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. In general, this is accomplished by implementing critical operations using "branchless" or fixed execution path routines whereby the execution path does not vary in any manner that can reveal new information about the secret key during subsequent operations. More particularly, various embodiments of the invention include: implementing modular exponentiation without key-dependent conditional jumps; implementing modular exponentiation with fixed memory access patterns; implementing modular multiplication without using leak-prone multiplication-by-one operations; and implementing leak-minimizing multiplication (and other operations) for elliptic curve cryptosystems.
Leak Resistant Cryptographic Method and Apparatus
The present invention provides a method and apparatus for securing cryptographic devices against attacks involving external monitoring and analysis. A "self-healing" property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations of the invention are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption, ElGamal digital signing, and the Digital Signature Algorithm.
Using Unpredictable Information to Minimize Leakage from Smartcards and other Cryptosystems
Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. This is generally accomplished by incorporating unpredictable information into the cryptographic processing. Various embodiments of the invention use techniques such as reduction of signal to noise ratios, random noise generation, clock skipping, and introducing entropy into the order of processing operations or the execution path. The techniques may be implemented in hardware or software, may use a combination of digital and analog techniques, and may be deployed in a variety of cryptographic devices.
Leak Resistant Cryptographic Method and Apparatus
The present invention provides a method and apparatus for securing cryptographic devices against attacks involving external monitoring and analysis. A "self-healing" property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations of the invention are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption, ElGamal digital signing, and the Digital Signature Algorithm.
Balanced Cryptographic Computational Method and Apparatus for Leak Minimization in Smartcards and other Cryptosystems
Cryptographic devices that leak information about their secrets through externally monitorable characteristics (such as electromagnetic radiation and power consumption) may be vulnerable to attack, and previously-known methods that could address such leaking are inappropriate for smartcards and many other cryptographic applications. Methods and apparatuses are disclosed for performing computations in which the representation of data, the number of system state transitions at each computational step, and the Hamming weights of all operands are independent of computation inputs, intermediate values, or results. Exemplary embodiments implemented using conventional (leaky) hardware elements (such as electronic components, logic gates, etc.) as well as software executing on conventional (leaky) microprocessors are described. Smartcards and other tamper-resistant devices of the invention provide greatly improved resistance to cryptographic attacks involving external monitoring.
Leak Resistant Cryptographic Indexed Key Update
Methods and apparatuses for increasing the leak-resistance of cryptographic systems using an indexed key update technique are disclosed. In one embodiment, a cryptographic client device maintains a secret key value as part of its state. The client can update its secret value at any time, for example before each transaction, using an update process that makes partial information that might have previously leaked to attackers about the secret no longer usefully describe the new updated secret value. By repeatedly applying the update process, information leaking during cryptographic operations that is collected by attackers rapidly becomes obsolete. Thus, such a system can remain secure (and in some embodiments is provably secure) against attacks involving analysis of measurements of the device's power consumption, electromagnetic characteristics, or other information leaked during transactions. The present invention can be used in connection with a client and server using such a protocol. To perform a transaction with the client, the server obtains the client's current transaction counter. The server then performs a series of operations to determine the sequence of transformations needed to re-derive the correct session key from the client's initial secret value. These transformations are performed, and the result is used as a transaction session key. The present invention includes a sequence of client-side updating processes that allow for significant improvements in the performance of the corresponding server operations.
Hardware-Level Mitigation and DPA Countermeasures for Cryptographic Devices
Differential power analysis is a powerful cryptanalytic method that can be used to extract secret keys from cryptographic hardware during operation. To reduce the risk of compromise, cryptographic hardware can employ countermeasures to reduce the amount of secret information that can be deduced by power consumption measurements during processing. Such countermeasures can include balancing circuitry inside a cryptographic hardware device to reduce the amount of variation in power consumption that is correlated to data parameters being manipulated. This can be facilitated by using a constant-Hamming-weight representation when representing and manipulating secret parameters. Low-level operation modules, such a Boolean logic gates, can be built to process input parameters in a manner that balances the number of ON transistors while simultaneously maintaining a data-independent number of transistor transistions during computation. Leakage reduction may be used with other countermeasures, including introducing noise, unrelated to data being processes, into the power measurements.
IMPROVED DES AND OTHER CRYPTOGRAPHIC PROCESSES WITH LEAK MINIMIZATION FOR SMARTCARDS AND OTHER CRYPTOSYSTEMS
PERFECTIONNEMENT DE NORMES CRYPTOGRAPHIQUES ET AUTRES PROCEDES CRYPTOGRAPHIQUES A REDUCTION DES FUITES POUR CARTES A PUCES ET AUTRES SYSTEMES CRYPTOGRAPHIQUES
Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P {Kl} XOR K2P {K2} equals the "standard" DES key K, and M1P {M1} XOR M2P {M2} equals the "standard" message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.
IMPROVED DES AND OTHER CRYPTOGRAPHIC PROCESSES WITH LEAK MINIMIZATION FOR SMARTCARDS AND OTHER CRYPTOSYSTEMS
European Patent No. EP1050133B1
LEAK-RESISTANT CRYPTOGRAPHIC METHOD AND APPARATUS
LECKRESISTENTES KRYPTOGRAPHISCHES VERFAHREN UND VORRICHTUNG
PROCEDE ET APPAREIL CRYPTOGRAPHIQUES RESISTANT AUX FUITES
The method and apparatus of the present invention relate generally to cryptographic systems and, more specifically, to securing cryptographic tokens that must maintain the security of secret information in hostile environments.