Recently, encryption devices having authentication functions have been integrated in various objects. For example, such encryption devices are used for authenticating cartridges in printers, and for authenticating disposable parts in medical apparatuses. By using encryption devices, genuine articles and counterfeits may be distinguished, thereby protecting customers from damages caused by low quality counterfeits.
As typical examples of encryption schemes used for authentication functions, a public key encryption scheme and a common key encryption scheme are known. A public key encryption scheme is a scheme which uses different keys for encryption and decryption, and the scheme maintains security by making a key (a secret key) for decrypting encrypted text be secret information only for recipients instead of publicly disclosing a key (a public key) for encrypting the text. On the other hand, a so-called common key encryption scheme is a scheme which uses the same key for encryption and decryption (a secret key), and the scheme maintains security by making the secret key information not known to a third party but only to senders and recipients. Cases for employing both the public key encryption scheme and common key encryption scheme are based on the most important premise that the secret key is not leaked to the outside, in view of security. So long as the premise is secured, authentication is safe regardless of whether the public key encryption or the common key encryption is employed. However, since a circuit scale is smaller in the common key encryption than in the public key encryption and is more suitable for cost reduction, the authentication which uses the common key encryption is widely used, in particular, in embedded equipment.
As a property required for embedded equipment which includes security functions, there is so-called tamper resistance. Tamper resistance means prevention of secret observation and it refers to a property for preventing leakage in important information that is stored in the embedded equipment by information being observed from outside of the embedded equipment. In order to realize tamper resistance, it is necessary to prevent information leakage caused by accesses from regular input/output terminals included in the embedded equipment, and further, it is necessary to prevent information leakage against non-regular accesses which directly secretly observe into internal circuits by using microprobes. A typical hardware configuration of an IC chip cannot absorb such attacks of directly secretly observing into internal circuits with microprobes. Accordingly, in order to realize tamper resistance, it is required to fabricate an IC chip that has a hardware configuration exclusively for preventing physical and logical unauthorized accesses from outside.
As a typical method for realizing safe authentication, a method is employed that writes the secret key used for authentication in tamper resistant authentication equipment when fabricating equipment and that does not fetch the key outside after the fabrication. It has been considered that with this, an unauthorized third party cannot obtain the secret key and counterfeits of authentication equipment may be prevented.    Patent Document 1: Japanese National Publication of International Patent Application No. 2008-526078    Patent Document 2: Japanese Laid-open Patent Publication No. 2010-226707    Patent Document 3: Japanese Laid-open Patent Publication No. 4-117038    Non Patent Document 1: Paul C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” Advances in cryptology-CRYPTO 1996, Springer-Verlag, pp. 104-113    Non Patent Document 2: Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, “Power Analysis Attacks of Modular Exponentitiation in Smartcards,” Cryptographic Hardware and Embedded Systems (CHES' 99), Springer-Verlag, pp. 144-157    Non Patent Document 3: Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis,” in proceedings of Advances in Cryptology-CRYPTO '99, Springer-Verlag, 1999, pp. 388-397    Non Patent Document 4: S Chari, C. Jutla, J. R. Rao, P. Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards,” Second Advanced Encryption Standard Candidate Conference, March 1999    Non Patent Document 5: T. S. Messerge, Ezzy A. Dabbish and Robert H. Sloan, “Investigations of Power Attacks on Smartcards,” Processings of USENIX Workshop on Smartcard Technology, March 1999    Non Patent Document 6: Thomas S. Messerges, “Securing the AES Finalists Against Power Analysis Attacks,” in proceedings of Fast Software Encryption Workshop 2000, Springer-Verlag, April 2000    Non Patent Document 7: Soichi Okada, Naoya Torii, and Takayuki Hasebe, “Experiments of AES hardware for Smartcards”, Technical report of IEICE, ISEC 101 (214), pp. 111-118, 2001-07-18