The present invention relates to an information processing equipment, and more particularly to a tamper resistance device such as an IC card (smart cart) having high security.
An IC card is mainly used for storing information in a manner so as not to be altered by a third party or for enciphering data or deciphering a cipher text by using a cipher key which is kept in secret. Since the IC card is not provided with a power source, it becomes operable when it is inserted into a reader-writer. The IC card receives a command from the reader-writer to execute data transfer. A general explanation of IC cards is given, for example, in xe2x80x9cIC Cardxe2x80x9d by Jyunichi Mizusawa, by Ohm Publication Co., compiled by the Institute of Electronics, Information and Communication Engineers.
As shown in FIG. 1, an IC card has the structure that an IC card chip 102 is fabricated on a card 101. A general IC card has contacts via which a power is supplied from a reader-writer and data is transferred.
The structure of an IC card chip is basically the same as that of a microcomputer. As shown in FIG. 2, the IC card chip includes a central processor 201, a storage memory 204, an input/output port 207, and a co-processor 202. The central processor 201 executes logical and arithmetic calculations, and the storage memory 204 stores programs and data. The input/output port 207 communicates with a reader-writer. The co-processor is a special calculation device for executing modular calculations, and is used for calculations in anti-symmetric RSA or the like. Many of IC card processors have no co-processor. A data bus 203 interconnects components of the IC card.
The storage memory 204 includes a ROM (Read Only Memory), a RAM (Random Access Memory), an EEPROM (Electrically Erasable Programmable Read Only Memory) and the like. ROM is a memory whose contents cannot be rewritten freely and stores mainly programs. RAM is a memory whose contents can be rewritten freely and are erased if a power supply is intercepted. When the IC card is disconnected from the reader-writer, a supply of the power is intercepted so that the contents of RAM cannot be retained. EEPROM is a memory whose contents can be retained even if a supply of the power is intercepted. Therefore, EEPROM is used for storing data which may be rewritten and can be retained even if the IC card is disconnected from the reader-writer. For example, the number of prepaid times of a prepaid card is stored in EEPROM because it is updated each time the card is used and the contents thereof are required to be retained even if the card is disconnected from the reader-writer.
An IC card is used for storing programs and important information in the IC card chip to execute a cipher process. It has been long considered that the difficulty in decryption of a cipher process executed in the IC card is the same as decryption of a ciphering algorithm. However, it has been suggested recently that there is a possibility of presuming the contents of a cipher process and a cipher key by measuring and analyzing a consumption current while the cipher process is executed, easier than decryption of a cipher algorithm. The consumption current can be monitored by measuring the current supplied from the reader-writer. This possible danger is described in xe2x80x9cSmart Card Handbookxe2x80x9d, by W. Rankl and W. Effing, John Wiley and Sons, paragraph 8.5.1.1 xe2x80x9cPassive protective mechanismsxe2x80x9d, at p. 263.
CMOSs constituting an IC card chip consume current when an output state changes from xe2x80x9c1xe2x80x9d to xe2x80x9c0xe2x80x9d or vice versa. The data bus 203 in particular flows a large current when its state changes from xe2x80x9c1xe2x80x9d to xe2x80x9c0xe2x80x9d or vice versa, because it has a large electrical capacitance. This suggests a possibility of presuming the operation state in the IC card chip by monitoring the consumption current.
FIG. 5 shows wave shapes of consumption current during one cycle of an IC card chip. Depending upon processed data, the current wave shape becomes different as indicated at 501 and 502. This difference is generated depending upon data on the bus 203 and data processed by the central processor 201.
The co-processor 202 can execute a modular calculation of a long train of bits, e.g., 512 bits, in parallel with the central processor 201. Therefore, it is possible to monitor the wave shape of a consumption current different from that of the central processing unit 201 during a long period of time. By monitoring its distinctive wave shape, the number of operations of the co-processor can be easily measured. If there is any correlation between the number of operations of the co-processor and a cipher key, it is possible to presume the cipher key from the number of operations of the co-processor.
If the calculation contents of the co-processor have any shift specific to the cipher key, there is also a possibility of presuming a cipher key by identifying the shift from the consumption current. Such possibilities are also applicable to the central processor. Since the value of bits of a cipher key is fixed, an influence of the value of bits of the cipher key may possibly be monitored by monitoring the consumption current by changing data to be processed.
The main issue to be solved by the invention is to reduce the correlation or dependency between data processing and its consumption current of an IC card chip. If the correlation between data processing and its consumption current is reduced, it becomes difficult to presume the operation of the IC card chip and a cipher key from the monitored wave shape of a consumption current. The invention pays attention to that a presumption of the operation and cipher key from the wave shape of a consumption current can be made difficult by randomizing the process sequence in an IC card chip and inserting a dummy process.
A tamper resistance device, typically an IC card, can be considered as an information processing equipment having a program storage unit for storing a program and a data storage unit for storing data and a central processing unit for executing a predetermined process in accordance with the program to process the data, the program including one or more data process units each having a process instruction for giving an execution instruction to the central processing unit. In this invention, as one method of reducing the dependency of consumption current of an IC chip upon data process, normal input data and its bit inverted data are processed. By using the normal input data and its bit inverted data by the same instruction, the number of transitions of the data on a data bus, from xe2x80x9c0xe2x80x9d to xe2x80x9c1xe2x80x9d or vice versa, can be made constant. The data transition on the data bus consumes large current. By making the number of transitions on the data bus constant, the number of current consumptions is made constant so that the dependency of consumption current upon data process can be reduced.
As an alternative method of processing normal data and bit inverted data in the same manner, a routine of processing the bit inverted data by an instruction same as the normal instruction, if the same routine cannot process both the normal data and bit inverted data. Normal input data and bit inverted data are always generated for the data once processed in order to process the normal data and bit inverted data in the same manner.
As an alternative method of reducing the dependency of consumption current upon data process, if there are repetitive processes as many as the number of data sets to be processed, the data is not processed in the predetermined order but the process order is changed randomly. Another method is to add a dummy process which does not influence the corresponding process of a program, so that what operation of the equipment is executed at which place cannot be known. A combination of dummy processes and random execution of repetitive processes is effective for reducing the dependency of consumption current upon data process.
Use of both the normal data and bit inverted data and a combination of dummy processes and random execution of repetitive processes is particularly effective for reducing the dependency of consumption current upon data process during a data permutation process and data substitution process on a byte-unit basis.
Cryptosystems such as DES (data encryption standard) use many exclusive logical OR operations. Therefore, an exclusive logical OR unit for performing an exclusive logical OR of input data and cipher key data and a bit inverted exclusive logical OR unit for performing an exclusive logical OR of bit inverted input data and cipher key data, are effective for reducing the dependency of consumption current upon data process. A nonlinear substitution process unit for nonlinearly substituting input data and generating a substitution result and bit inverted substitution result and a nonlinear substitution process unit for nonlinearly substituting input bit inverted data and generating a substitution result and bit inverted substitution result, are effective for reducing the dependency of consumption current upon data process. A nonlinear permutation process unit for nonlinearly permuting input data and generating a permutation result and bit inverted permutation result and a nonlinear permutation process unit for nonlinearly permuting input bit inverted data and generating a permutation result and bit inverted permutation result, are effective for reducing the dependency of consumption current upon data process.
A combination of: the nonlinear substitution process unit for nonlinearly substituting input data and generating a substitution result and bit inverted substitution result; the nonlinear substitution process unit for nonlinearly substituting input bit inverted data and generating a substitution result and bit inverted substitution result; the nonlinear permutation process unit for nonlinearly permuting input data and generating a permutation result and bit inverted permutation result; and the nonlinear permutation process unit for non linearly permuting input bit inverted data and generating a permutation result and bit inverted permutation result, is effective for reducing the dependency of consumption current upon data process.
In the RSA cryptosystem utilizing a difficulty in prime factorization, a modular exponentiation calculation is performed by repeating a modular multiplication by using input data and a cipher key. One method of reducing the dependency of consumption current upon data process uses a modular multiplication process unit for performing a modular multiplication of input data multiplied by an intermediate modular calculation result irrespective of a value of bits of the cipher key and a modular multiplication result selection unit for using a modular multiplication result by the modular multiplication process unit if the value of bits of the cipher key is 1, and neglecting the modular multiplication result by the modular multiplication process unit if the value if 0. It is therefore possible to perform a modular multiplication irrespective of the value of bits of the cipher key. In this manner, the dependency of consumption current upon data process can be reduced, and it becomes difficult to presume the cipher key from the number of modular multiplication executions.
The performance of RSA can be improved by using a modular exponentiation process unit for performing a modular exponentiation of input data in correspondence with each value of a plurality of bits and a modular multiplication process unit for performing a modular multiplication of the modular exponentiation result by the modular exponentiation process unit multiplied by an intermediate modular calculation result. With this method, however, a pair of modular exponentiation results is always used so that there is a possibility of presuming the cipher key from the dependency of consumption current upon data process. One method of solving this is to use a modular exponential result change process unit for changing the modular exponentiation result at a timing while the modular multiplication process unit processes to change the modular exponentiation result at a constant cycle pitch. With this method, although it depends upon the change method, there is a case in which the modular exponentiation result is required to be changed to the original value. As one method for this, an inverse process unit is used for recovering the modular exponentiation result before the result is changed by the modular exponentiation process result change process unit. The inverse process unit can be realized by several method. One method is to add an integer multiple of a modulus of a modular calculation to the modular exponentiation result. In an another method, the modular exponentiation result change process unit performs a modular exponentiation of the modular exponentiation result multiplied by v or v raised to a certain power among two values u and v whose molecular multiplication by using the modulus in the modular calculation is 1 and the inverse process unit performs a modular exponentiation of u raised to the power whose order corresponds to the number of times during the modular multiplication through multiplication by v. One method of calculating the values v and u is to make the modular exponentiation result change process unit use two values 2 and (N+1)/2 whose molecular multiplication by using the modulus N in the modular calculation is 1. For the RSA cryptosystem, if the modular exponentiation process unit performs a modular exponentiation of input data raised to a certain power corresponding to each of all combinations of M bits of 0 and 1 of the cipher key; if the modular exponentiation result change process unit executes at a certain timing a modular exponentiation of the modular exponentiation result multiplied by v or v raised to a certain power among two values u and v whose molecular multiplication by using the modulus N in the modular calculation is 1; if the modular multiplication process unit performs a modular multiplication of a modular exponentiation result by the modular exponentiation process unit multiplied by an intermediate modular multiplication result in correspondence to each of the value of the M bits of the cipher key; and if the inverse process unit performs a modular exponentiation of u raised to the power whose order corresponds to the number of times during the modular multiplication through multiplication by v, then the dependency of consumption current upon data process can be reduced effectively. In this case, the values v and u can be obtained easily if the modular exponentiation result change process unit executes at a certain timing a modular exponentiation of the modular exponentiation result multiplied by v which takes an arbitrary binary power by using the modulus N in the modular calculation, and if the inverse process unit performs a modular exponentiation of (n+1)/2 raised to the power whose order corresponds to the number of times during the modular multiplication through multiplication by 2.