Cryptographic devices and cryptologic algorithms are exposed to attacks in which protected data are to be read or manipulated. With the encryption methods customary today, for example, the Advanced Encryption Standard (AES), the keys used are not ascertainable by trial and error (so-called brute force attacks), even using high-speed computer technology, because the keys are at least 128 bits long. An attacker will therefore also investigate the side effects of an implementation, such as the variation of the power consumption over time, the duration or electromagnetic emission of a circuit in encryption operations. These attacks are referred to as side channel attacks, because they are not aimed directly at the function.
These side channel attacks utilize the physical implementation of a cryptosystem in a device. The control unit is then observed using cryptographic functions in implementation of the cryptologic algorithms to find correlations between the observed data and the hypotheses for the private key.
There are numerous side channel attacks such as those discussed in the publication by Mangard, Oswald and Popp in “Power Analysis Attacks,” Springer 2007. The successful attack on the private key of the AES may be implemented in practical terms by using differential power analysis (DPA) in particular.
In this method, the power consumption by a microprocessor during cryptographic calculations is recorded and traces of the power consumption are compared with hypotheses by using statistical methods.
There are believed to be methods which make DPA difficult intervene in the algorithm itself. In masking, the operations are performed using randomly varied operands; as a result, the random value is then recalculated, which means that random chance does not affect the result. Another possibility is the so-called hiding, in which an attempt is made to compensate for high-low transitions through corresponding low-high transitions.
U.S. Pat. No. 6,510,518 B1 discusses a cryptographic method for so-called smartcards and other cryptologic systems. This document also describes a method for using a private key for cryptographic processing of a message. The received message is processed in a hardware unit, where a plurality of suboperations is performed. Each suboperation transmits an input to an output via an intermediate stage, performing a number of state transformations, which in turn does not depend on the message to be processed and the key used.
U.S. Pat. No. 6,327,661 B1 discusses a method for protecting cryptologic systems from attacks from the outside. The quantity of usable information is reduced in this method. For this purpose, unpredictable data or information are/is included in the cryptographic processing. Implementations using different techniques are described, for example, a reduction in signal/noise ratio. The techniques presented here may be implemented in hardware or software, may use a combination of digital and analog techniques, and may be used in a plurality of cryptologic devices.