A Rivest-Shamir-Adleman (RSA) algorithm is a high-security public key encryption algorithm, and may be applied to encryption and decryption processes of a security chip. The security chip includes a financial integrated circuit (IC) card chip, a mobile payment chip, a Universal Serial Bus (USB) key, and the like. However, with continuous development of password attack technologies, security of the RSA algorithm in the security chip is gradually threatened. Common password attack technologies may be divided into a non-intrusive attack, a semi-intrusive attack, and an intrusive attack. Because the semi-intrusive attack and the non-intrusive attack do not cause permanent damage to the security chip, they become mainstream development directions of the password attack technologies.
It should be understood that, a core process of the RSA algorithm is a modular exponentiation operation. At present, a common method for implementing a modular exponentiation operation by a security chip is to break the modular exponentiation operation into several modular square operations and several modular multiplication operations. In a prior-art security chip, a modular square operation and a modular multiplication operation are implemented by using two different hardware circuits, and therefore, it is difficult for the security chip to resist a simple power analysis (SPA) attack in non-intrusive attacks. The meaning of the SPA attack is explained herein. An attacker obtains a power consumption graph (which is shown in FIG. 5) by collecting power consumption that is generated when the RSA algorithm is used during a decryption process, and determines, from the power consumption graph, that an operation corresponding to relatively high peak power consumption is a modular multiplication operation and that an operation corresponding to relatively low peak power consumption is a modular square operation, so as to decipher bits of a private key. It can be learned that, it is difficult for the prior-art security chip to resist an SPA attack, and consequently, a private key is deciphered and low security is caused.