A high-functioning power system Advanced Metering Infrastructure (AMI, or smart meter) is attracting attention, which has a communication function and automatically transmits electric usage in a home or a business place to an electric company at a regular interval. A known Automated Meter Reading (AMR) system has been realized from the need of reduction in labor cost or reduction in operation cost. The AMI system has more functions than the AMR system. This enables bidirectional communication between equipment, such as an air conditioner or an illumination in the home or the business place, and a meter, or between the meter and the electric company. This also allows the optimization of the use of energy resources.
While the introduction of the AMI system is useful from the viewpoint of energy resources, it is necessary to provide a countermeasure against an intrusion of privacy and to sufficiently ensure the credibility (security) of information which is exchanged in the AMI system. In order to solve the problems regarding security, it is necessary to provide an encryption/decryption device.
The encryption/decryption device encrypts/decrypts plain data/encrypted data using a specific algorithm, making it possible to ensure the security of information. However, it has been reported that a countermeasure against a side channel attack, which does not leave a trace of attack, needs to be implemented for the encryption/decryption device. The side channel attack is a passive attack and includes Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Electromagnetic Analysis (EMA), in which an internal private key is derived only by measuring power or electromagnetic waves in operation.
The side channel attack is realized by deriving a private key having high similarity to power consumption or electromagnetic waves which can be measured during the arithmetic operation of the encryption/decryption device and intermediate data which can be calculated from an estimated private key. An attack is possible because the key space of the estimated private key is small. In a known side channel countermeasure, intermediate data is disturbed by masking intermediate data using a random number device, making it difficult to perform high-similarity determination.
As described above, in order to solve the problems regarding security necessary for the AMI system, there is a need for an encryption/decryption device in which a side channel countermeasure is provided. Meanwhile, from the viewpoint of the effective utilization of energy resources, there is a need for a side channel countermeasure with power consumption lower than a mask countermeasure that has high power consumption and unsatisfactory energy efficiency.
However, since the random number generation processing is comparatively heavy processing, the method using a random number in the related art has a problem in that there is an adverse effect on speed, circuit size, power, processing performance, and the like.