In general, in a block cipher algorithm such as the DES method determined by FIPS46-3 (FIPS: Federal Information Processing Standard), data is encrypted/decrypted by repeating a predetermined operation processing a predetermined number of times. Concretely, whenever the operation processing is executed, an operation result is temporarily stored in a memory means (Ex. Register). The next operation processing is executed using the current operation result, and the next operation result is overwritten in the memory means. Briefly, encryption/decryption is executed while updating the operation processing stored in the memory means.
Aim at data change in the memory means is explained. Hamming distance is represented as a difference between two operation results continued on a time axis. If there is correlation between Hamming distance and power consumption, then an attacker reveals secret information in an encryption/decryption apparatus. And one method for estimating secret information in the encryption/decryption apparatus is the DPA (Differential Power Analysis), which using analysis data for transition of change of power consumption and data.
By using the DPA, if a change of the power consumption of a circuit (having encryption function) or a processor (executing encryption operation) relates to secret data during operation, the secret data can be disclosed. The DPA is an attack without a destroy package. By watching an outside of a chip (or a device), it is not decided whether key information is extracted with the attack or not, and it is feared that damage by unauthorized use expands. Accordingly, in the circuit for encryption, protection against a DPA attack is necessary.
One of a countermeasure for the DPA is the data mask method for hiding any correlation between the power consumption and the operation data from an attacker. For example, the data mask method is disclosed in “An implementation of DES and AES, secure against some attacks”, Proceedings of CHES 2001, LNCS 2162, pp. 309-318, 2001.
In the data mask method, a random number is used as data for masking. By performing Exclusive OR between data for operation and data for masking, the data for operation is masked. Briefly, by masking data with the random number during operation, the attacker cannot correctly estimate the data on operation. As a result, secret information in the encryption module cannot be disclosed.
In case of executing the DPA protection by the data mask method, it is desired that a random number of necessary quantity is always obtained. However, if constraint of the power consumption and a circuit scale is strict such as an IC card, output data width of a random number generation circuit need be miniaturized.
In this case, in order to obtain the random number for masking from the random number generation circuit, several clocks are necessary. Furthermore, by relationship between an output data width of the random number generation circuit and a data width for masking, operation processing often waits several clock periods. Briefly, during processing of encryption/decryption, wait time for generation of random number occurs at each operation.
Accordingly, in each timing of encryption/decryption, operation data is masked with the same random number by Exclusive OR. Hereinafter, “masking” means Exclusive OR between data for masking and data for operation.
In case of writing two continuous masked data (Masked Data A and Masked Data B) into the memory means, Hamming distance of data is explained. As for the Masked Data a firstly written into the memory means, Data A being on operation is masked by data (“RN”) for masking. As for the Masked Data B secondly written into the memory means, Data B being on operation is masked by data (“RN”) for masking.
The Hamming distance of data in the memory means is the same as the operation result of Exclusive OR of two written data. Accordingly, the Hamming distance is represented as follows.The Hamming distance of data=Masked Data A^Masked Data B=(Data A^RN) ^(Data B^RN)=Data A^Data B^RN^RN=Data A^Data B 
In this way, data for masking (“RN”) is eliminated. This corresponds to the change quantity of two continuous data in the memory means. Therefore if an attacker can correctly estimate the change quantity (Hamming distance) in the memory means, secret information can be disclosed and safety cannot be guaranteed. (Analysis model aiming at Hamming distance of two continuous data is called a state transition model.)