1. Field of the Invention
The present invention relates to an encryption apparatus and method provided with a Feistel type algorithm, and more particularly, to an encryption apparatus and method resistant to a differential power analysis attack.
2. Description of the Related Art
In a conventional differential power analysis (“DPA”) attack, an attacker produces a graph related to power consumption during an encryption operation of an encryption operation circuit. Using the power consumption graph, the attacker can steal key information stored in the encryption operation circuit.
In an DPA attack, an attacker inputs a plurality of pieces of data into an encryption operation circuit and obtains measurements of the corresponding power consumption of the encryption operation circuit. Next, the attacker estimates the key information stored in the encryption operation circuit. At this time, if a correlation value between the estimated key information and the power consumption is large, then the estimated key information is correct, otherwise the estimated key information is incorrect. In other words, the DPA attack uses a principle of correlation between the estimated key information and the power consumption of the encryption operation circuit.
In the event of a DPA attack, users of the encryption operation circuit cannot determine, by inspecting the physical appearance of the circuit, whether or not the key information has been stolen by the DPA attack because the DPA attack does not damage or destroy the encryption operation circuit. Therefore, potential damage from the DPA attack is greater than from other types of attacks because the attack is harder to detect. Accordingly, a countermeasure to the DPA attack is important in protecting an encryption operation circuit.
Most common key block cryptosystems, for example smart cards and secure tokens, employ a Feistel type encryption algorithm which was developed by Horst Feistel. Japanese Patent Laid-Open No. 2000-66585 discloses a countermeasure to the DPA attack for an encryption operation circuit utilizing the Feistel type encryption algorithm. More particularly, Japanese Patent Laid-Open No. 2000-66585 discloses that the key information is masked during an operation using the key information so that there is no correlation between the power consumption during the operation using the key information and the key information. This technique disclosed in Japanese Patent Laid-Open No. 2000-66585 is an effective countermeasure to a DPA attack occurring at the end of an operation, but is not the effective countermeasure to a DPA attack occurring after the end of the operation.