Various side channel attacks have been contrived. Such attacks use physical information of an operating encryption module including processing time, power consumption, and electromagnetic waves. There are analysis methods that use the power consumption information such as simple power analysis (SPA), differential power analysis (DPA), and correlation power analysis (CPA). The DPA is an attack method which statistically analyzes power consumption during the encryption processing to extract internal information. As the countermeasure against the DPA or CPA, a mask method is known.
In the mask method, a random number or a fixed value called a mask is added to data under encryption processing and the encryption processing is continued, thereby eliminating the correlation between power consumption and data under encryption processing. However, if secondary DPA or higher-order DPA which is extended from the secondary DPA is used, the encryption key can also be analyzed from an encryption circuit to which the mask method is applied. The secondary DPA is an attack method which determines the presence/absence of the correlation between power consumption and data under encryption processing in consideration of the effect of the mask using power at two points on the power consumption waveform. With regard to the two points on the power consumption waveform, for example, use is made of power consumption at a point at which masked data for intermediate data of the encryption processing is processed and power consumption at a point at which masked data is processed, or use is made of power consumption at points at which two pieces of data with the same mask are processed. As the countermeasure against the DPA or CPA, a duplication method is known. The duplication method is a method which segments data under encryption processing into two pieces of data, thereby eliminating the correlation between power consumption and data under encryption processing.
The duplication method is vulnerable to the secondary DPA.