To ensure that a cryptographic method is sufficiently secure against attacks, both the inherent security of the mathematical cryptography algorithm used and the technical implementation are of importance. For example, efforts are made to protect the technical implementation of a cryptographic application against side channel attacks.
Side channel attacks are a class of methods for crypto-analysis. In contrast to conventional attacks on cryptographic applications, an attacker does not attempt to crack the underlying abstract mathematical algorithm, but attacks a specific technical implementation of a cryptographic method. To do this, the attacker uses accessible physical measurement parameters of the specific implementation such as, for example, the runtime of the calculation, power consumption and electromagnetic radiation of the processor during the calculation of the behavior of the implementation in the event of induced errors. The physical measurement parameters of an individual calculation can be analyzed directly, e.g. by means of a simple power analysis. Alternatively, an attacker can record the measurement values of a plurality of calculations, for example using a storage oscilloscope, and then statistically analyze the measurement values, for example by means of a differential power analysis. Side channel attacks are frequently substantially more effective and therefore also more dangerous than conventional crypto-analytical techniques, and can even crack methods which are regarded as secure from the point of view of the algorithms, if the implementation of these algorithms is not protected against side channel attacks of this type. Countermeasures against side channel attacks are advantageous for all security products (i.e. products using cryptographic methods), for example for smartcards and embedded applications.
A fundamental precondition for the performance of side channel attacks with statistical analysis of the measurement data is the correct alignment of the measurement data. This is understood to mean that the data from different measurements are processed before the analysis in such a way that the switching processes to be observed of the attacked electronics take place in different measurements at the same time relative to the respective reference time and therefore affect the samples of the measurement data which are allocated to one another, i.e. which are then to be statistically compared with one another. Under this precondition, it is possible that the effects of the switching processes from the individual measurements amplify one another to the extent that the attacker has a clearly distinguishable signal, which provides him with information on the secret key material.
Attempts are therefore made in the case of security products to make the alignment of measurement data more difficult for an attacker. An essentially known method for doing so is the generation of random wait states. For this purpose, the hardware and/or software by means of which the cryptographic application to be protected is implemented is provided with a mechanism which pauses the running of the algorithms at random times for one or more clocks. This “faltering” of the run breaks up the calculation at randomly selected places and displaces the pieces in different measurements in a random manner in relation to one another. As a direct consequence, many of the statistical side channel attack techniques fail, or they are at least made substantially more difficult, e.g. in that so many measurement values are required that the attacks are no longer feasible.
FIGS. 1a and 1b show two simulated measurement curves of the type that could be obtained through a side channel attack, for example by means of a storage oscilloscope. In each case, the same time segment of two runs of a cryptographic method can be seen in which random wait states are used. Due to the randomly occurring wait states, the curve of FIG. 1b is displaced in an irregular manner compared with the curve of FIG. 1a. An alignment of the measurement data and consequently a statistical analysis of parameters relevant to the side attack are made significantly more difficult as a result.
However, a disadvantage of known methods for generating random wait states lies in the fact that they represent a performance loss for the application. The main problem here does not necessarily lie in the average performance loss associated with the probability of the occurrence of wait states. Particularly for real-time applications, it is instead more important also to control the maximum performance loss of the application resulting from wait states. This is more difficult, since the number of random wait states fluctuates according to their random nature.
In order to be able to indicate an upper limit for the delay of the running of the application due to random wait states, it would in principle be conceivable, following the occurrence of a wait state, for the generation of further wait states to be blocked for a specific number of clocks. This method would enable an upper limit for the delay of the application due to random wait states, but would induce a complicated and unnatural probability distribution of the wait states as would not be expected from randomly and independently occurring events. Furthermore, it may be that the time windows caused by the dependencies between the wait states in which no new wait states can occur are visible to an attacker and can be used for an attack.
A further disadvantage of known methods for generating random wait states lies in the fact that these methods are only efficient if, for the probabilities of the occurrence of random wait states, powers of 2 of the probability are selected for an individual random bit. The reason for this lies in the fact that these methods are based on digital circuit elements. Other probabilities require complex approximation. An approximation of this type requires a higher number of random bits (depending on the accuracy) in order to generate a single wait state. The data rate at which random wait states can be generated is normally limited as a result.