Recently, information security technology has become more and more important. In addition, as one of the basic techniques of information security, public-key cryptography has been more widely studied.
There are some types of public-key cryptography, and a Rivest, Shamir, Adleman (RSA) algorithm which use modular exponentiation calculation, elliptical curve cryptography (ECC) using a scalar multiplication of a point on an elliptical curve, etc. are well known.
In using the public-key cryptography, it is important to keep a private key secret to maintain the security. However, there have been some aggressive methods to break a private key. Therefore, it is necessary for a tamper-proof equipment unit for performing a process using public-key cryptography to be implemented with a countermeasure against at least known aggressive methods.
For example, an aggressive method called a power analysis (PA) attack is known as a type of side channel attack. Furthermore, the PA includes two types of analyses, that is, a simple power analysis (SPA) and a differential power analysis (DPA).
Therefore, when an equipment unit performs a process using the public-key cryptography, it is requested to be secure against the SPA attack and the DPA attack. For example, one of the countermeasures against the SPA attack is a method called a window method, and one of the countermeasures against the DPA attack a method for randomizing data. Furthermore, a cryptography device for realizing a modular exponentiation and scalar multiplication of a point of efficient tamper-proof and for an encrypting method for performing a modular exponentiation, a cryptography processor for making difficult the estimation of a private key using a PA attack have been proposed.