A symmetric key cipher is a technique that transforms plain data into intermediate data using a partial encryption processing based on an encryption key to calculate. The technique repeats a plurality of steps of partial encryption processing to update the intermediate data, and then performs a partial encryption processing on the final intermediate data to calculate encrypted data. Various side channel attacks, which analyze the encryption key, have been contrived. The attacks use physical information such as processing time, power consumption, and radiated electromagnetic waves during an operation of an encryption module. Among the side channel attacks, exemplary analysis methods that use the power consumption information include Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Correlation Power Analysis (CPA). The DPA is an attack method that predicts a part of the encryption key. The DPA statistically analyzes the intermediate data which is calculated from the predicted encryption key and plain data, and power consumption during the encryption processing. The DPA determines whether or not the predicted encryption key is correct, so as to identify the encryption key. For the DPA, analysis methods that are called second-order DPA and Zero-Offset 2DPA (ZO-2DPA) are further proposed.
As a countermeasure against the DPA and CPA, a mask method is known. The mask method is a technique that adds a random number called a mask onto intermediate data under encryption processing and then continues the encryption processing. This eliminates the correlation between power consumption and the intermediate data.
Power consumption of a register in a CMOS circuit depends on the number of bit transitions of data at continuous clocks. The encryption device stores intermediate data under the encryption processing in a register and calculates encrypted data from plain data. The power consumption has strong correlation with the Hamming distance of the intermediate data, which is output from continuous partial encryption processing. Thus, if the intermediate data output from the encryption processings is directly stored into a register, an encryption key is possibly analyzed by statistically analyzing the power consumption and the intermediate data. Accordingly, to ensure enhanced resistance against power analysis, the register is required to be protected such that power consumption at the register does not have correlation with the intermediate data.
There is a need to provide an encryption device with resistance against power analysis.