Device for protecting encrypted data and associated method
11436346 · 2022-09-06
Assignee
Inventors
Cpc classification
H04L2209/12
ELECTRICITY
International classification
G06F9/30
PHYSICS
Abstract
A method and device for protecting encrypted data are disclosed. In an embodiment an integrated circuit includes a secure module including a first register containing a first mask and a second register containing masked data, the first mask and the masked data forming a secret key and a processor configured to generate a second mask and mask the secret key with the second mask when the secret key is not used for an encryption operation and during reception of a validation signal, wherein the first and second registers are disposed in the secure module so that the outputs of the registers are not simultaneously optically viewable.
Claims
1. A method for protecting contents of registers of a secure module of an integrated circuit, wherein the secure module comprises a first register containing a first mask and a second register containing masked data, the first mask and the masked data forming a secret key, the method comprising: randomly generating a second mask in the secure module; and masking the secret key using the second mask when the secret key is not used for an encryption operation and during a reception of a validation signal, wherein the first register is spaced apart from the second register by a distance of at least 80 μm, and wherein the integrated circuit is incorporated in a smart card.
2. The method according to claim 1, wherein masking of the secret key comprises applying first logical operators on the second mask and on a content of each of the first and second registers, and wherein generating the second mask comprises randomly drawing an initial data item that is smaller than the second mask, splitting the initial data item into a plurality of data items that are each smaller than the initial data item, and assembling data using a second logical operator.
3. The method according to claim 2, wherein splitting the initial data item comprises splitting the initial data item into a first data item, a second data item and a third data item that are each smaller than the initial data item, and the first, second and third data items are assembled by the second logical operator.
4. The method according to claim 3, wherein the initial data item comprises a 32 bit data item, the first data item comprises a 16 bit data item, the second data item and the third data item each comprises 8 bit data items, and the first and second logical operators comprise EXCLUSIVE OR operators.
5. The method according to claim 2, wherein the first logical operators and the second logical operator comprise EXCLUSIVE OR operators.
6. The method according to claim 1, further comprising generating the second mask and the masking of the secret key upon each occurrence of the validation signal in a reiteration, and each reiteration includes overwriting contents of the first and second registers respectively, with previous contents of the first and second registers masked by the second mask.
7. The method according to claim 1, wherein the validation signal is randomly generated.
8. The method according to claim 1, further comprising modifying contents of the first and second registers after each encryption operation using the secret key.
9. The method according to claim 1, wherein the first and second registers are configured to store 128 bit data items.
10. An integrated circuit comprising: a secure module comprising a first register configured to store a first mask and a second register configured to store masked data, the first mask and the masked data forming a secret key; and a processor configured to: generate a second mask; and mask the secret key with the second mask when the secret key is not used for an encryption operation and during a reception of a validation signal, wherein the first register is paced apart from the second register by a distance of at least 80 μm, and wherein the integrated circuit is incorporated in a smart card.
11. The integrated circuit according to claim 10, wherein the processor comprises a generator configured to generate the second mask and a masking unit comprising first logical operators configured to mask contents of the first and second registers with the second mask, and wherein the generator comprising an occurrence generator configured to generate the validation signal, a random generator configured to randomly generate an initial data item that is smaller than the second mask and a processing module configured to split the initial data item into data items that are each smaller than the initial data item, the processing module configured to assemble data using a second logical operator in order to create the second mask.
12. The integrated circuit according to claim 11, wherein the processing module is configured to split the initial data item into a first data item, a second data item and a third data item that are smaller than the initial data item, and wherein the processing module is configured to assemble the first, second and third data items using the second logical operator in order to create the second mask.
13. The integrated circuit according to claim 12, wherein the initial data item comprises a 32 bit data item, the first data item comprises a 16 bit data item, the second data item and the third data item comprise 8 bit data items each.
14. The integrated circuit according to claim 11, wherein the first logical operators and the second logical operator comprise EXCLUSIVE OR operators.
15. The integrated circuit according to claim 11, wherein the occurrence generator is configured to randomly generate the validation signal.
16. The integrated circuit according to claim 10, wherein the processor is configured to: generate the second mask; mask the secret key; and overwrite contents of the first and second registers respectively, with previous contents of the first and second registers masked anew by the second mask upon each occurrence of the validation signal.
17. The integrated circuit according to claim 10, further comprising a first processing unit configured to: transmit the secret key to the first and second registers; and modify contents of the first and second registers after each encryption operation using the secret key.
18. The integrated circuit according to claim 10, wherein the first and second registers are configured to store 128 bit data items.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) Further advantages and features of the invention will become apparent from examining the detailed description of embodiments, which are by no means limiting, and the accompanying drawings, in which:
(2)
(3)
DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
(4) Reference is made to
(5) The integrated circuit CI comprises a system for protecting masked data comprising a module 2, for example, a secure module, and a first processing unit 3, for example, a secure processing unit.
(6) The secure module 2 comprises a communication interface 4 connected, on the one hand, to the first secure processing unit 3 and, on the other hand, to a data bus 5.
(7) The module 2 further comprises a first and a second register 6 and 7 each connected to the bus 5, a second processing unit 8 connected to the first and second registers 6 and 7.
(8) The first register 6 comprises masked data items A and the second register 7 comprises a first mask B, with the content of the two registers 6 and 7 forming a secret key.
(9) Of course, the mask B can be contained in the first register 6 and the masked data items A can be contained in the second register 7.
(10) The module 2 further comprises processing means configured to generate a second mask M and to mask the secret key with the second mask M, when the secret key is not used for an encryption operation and during the reception of a validation signal VALID.
(11) Masking the secret key allows sequential acquisition of the state of the outputs of the registers containing the secret key to be prevented.
(12) The processing means comprise generation means configured to generate the second mask and masking means comprising first EXCLUSIVE OR operators OP1 and OP2 able to mask the content of the first and second registers 6 and 7 with the second mask M.
(13) The generation means comprise an occurrence generator 9 able to generate the validation signal VALID, a random generator able to randomly generate an initial data item C, and a processing module 10 able to split the initial data item into a first data item E, a second data item F and a third data item G smaller than the initial data item.
(14) The processing module 10 is able to assemble the first, second and third data items using a second logical operator 100.
(15) The occurrence generator module 9 and the processing module 10 are each connected to the first and second registers 6 and 7, the random generator 11 is connected to the processing module 10 and to the occurrence generator module 9.
(16) The processing module 10 is also connected to a first input of the operators OP1 and OP2.
(17) A second input of the operator OP1 is connected to the first register 6, a second input of the operator OP2 is connected to the register 7, an output of the operator OP1 is connected to the first register 6 and an output of the operator OP2 is connected to the second register 7, so that when the second mask M is transmitted to the first input of the operators OP1 and OP2 by the processing module, the operators OP1 and OP2 mask the content of the first and second registers with the second mask M and therefore mask the secret key.
(18) The first and second registers 6 and 7 are disposed in the secure module 2 so that the outputs of these registers are not simultaneously optically viewable, for example, using an optical device comprising a scanning microscope 13 having an analysis chamber and a screen 14.
(19) The two registers are spaced apart by a distance DIST that is selected, for example, so that on the screen 14 of the microscope it is not possible to simultaneously view the two registers 6 and 7, as well as the state of their outputs, in view of the resolution of the microscope.
(20) By way of an example, a distance DIST of at least 80 μm is acceptable.
(21) As the distance DIST separating the two registers forming the secret key is greater than the distance for simultaneously viewing the two registers 6 and 7, as well as the state of their outputs, in view of the resolution of the microscope, it is not possible to simultaneously determine the state of the outputs of the registers containing the secret key.
(22) The module 2 further comprises a third register 12 connected, on the one hand, to the bus 5 and, on the other hand, to a second processing unit 8 that uses the secret key to encrypt input data.
(23) The first processing unit 3 communicates with the secure module 2 by means of the interface 4 and of the data bus 5.
(24) The secure module 2 is clocked by a clock, not shown.
(25) The first, second and third registers 6, 7 and 12 are of the volatile type, for example, a volatile memory.
(26) The first register 6 comprises masked data items A comprising 128 bits A[i], with i varying from 1 to 128, and the second register 7 comprises a mask B comprising 128 bits B[j], with j varying from 0 to 128.
(27) The first and second registers 6 and 7 containing the data items A and B are configured to store 128 bit data items.
(28) According to another embodiment, the data items A and B forming the secret key can comprise more or less than 128 bits, with the first and second registers 6 and 7 being configured to store the masked data items A and the mask B.
(29) Dividing the secret key into two data items A and B allows the secret key to be protected against side channel attacks.
(30) The masked data items A and the mask B are supplied by the first processing unit 3.
(31) The first processing unit 3 is also able to modify the contents of the first and second registers 6 and 7 after each encryption operation by the unit 8 using said secret key.
(32) The first processing unit 3 also supplies input data DATA intended to be encrypted.
(33) The data DATA is saved in the third register 12.
(34) The second processing unit 8 is able to encrypt the data DATA contained in the third register 12 on the basis of the secret key contained in the first and second registers 6 and 7.
(35) The second processing unit 8 generates output data CRYPT corresponding to the encrypted input data DATA.
(36) The data CRYPT is saved in the third register 12 so as to overwrite the data DATA.
(37) The second processing unit 8 is produced, for example, from a microprocessor, but it can be any device able to encrypt data on the basis of a secret key contained in two registers, and to save the encrypted data in a register.
(38) The first processing unit 3 loads the masked data items A into the first register 6 and loads the mask B into the second register 7.
(39) Furthermore, the first processing unit 3 loads that data to be encrypted DATA into the third register 12 and retrieves the encrypted data CRYPT saved in the third register 12.
(40) The first processing unit 3 is produced, for example, from a microprocessor, but it can be any device able to load the masked data items A into the first register 6, able to load the mask B into the second register 7, able to load the data to be encrypted DATA into the third register 12 and able to retrieve the encrypted data CRYPT saved in the third register 12.
(41) The occurrence generator module 9 randomly generates, for example, a validation signal VALID.
(42) By way of a variant, the occurrence generator module 9 deterministically generates the validation signal VALID.
(43) The signal VALID is transmitted to the first and second registers 6 and 7, and to the random generator 11.
(44) The occurrence generator module 9 is, for example, produced by a counter comprising toggles, for example.
(45) Hereafter, it is assumed that the initial data item C comprises a 32 bit data item, the first data item E comprises a 16 bit data item, the second data item F and the third data item G comprise data items of 8 bits each, and the second logical operator 100 comprises EXCLUSIVE OR operators.
(46) The random generator 11 carries out a random draw, upon reception of the signal VALID emitted by the occurrence generator module 9, of the initial data item C comprising 32 bits C[k], with k varying from 1 to 32.
(47) The data item C is transmitted to the processing module 10.
(48) On the basis of the data item C, the processing module 10 generates the second mask M comprising 128 bits M[l], with l varying from 1 to 128.
(49) More specifically, the processing unit 10 randomly splits the initial data item C in order to obtain the first, second and third data items E, F and G.
(50) The processing module 10 then generates the mask M according to the following equation (1):
M[l]=E[ENT[l mod 16]]XOR F[ENT[l/16]]XOR G[ENT[(l+l/16)mod 8)]],
with l varying from 1 to 128, where ENT[ ] is the integer part, mod is the modulo, E is the data item E comprising 16 bits E[p], with p varying from 1 to 16, F is the data item F comprising 8 bits F[q], with q varying from 1 to 8, and G is the data item G comprising 8 bits G[r], with r varying from 1 to 8, and XOR is the Boolean EXCLUSIVE OR operator 100.
(51) The initial data item C of 32 bits simply needs to be drawn in order to create the second mask M of 128 bits. The energy consumption for generating the second mask M is reduced.
(52) Furthermore, a generator generating 32 bits occupies less space on the silicon than a generator generating 128 bits.
(53) Of course, the embodiment of the mask M comprising 128 bits on the basis of the initial data item C comprising 32 bits is applicable for a different sized initial data item and for a different sized second mask.
(54) By way of a variant, the initial data item C can be split into a plurality of data items, for example, two or more than three data items, each being smaller than the initial data item, with the processing module 10 splitting the initial data item C into data items that are each smaller than the initial data item and assembling the data using the second logical operator 100 in order to create said second mask M.
(55) The data items that are smaller than the initial data item C are sized so that the second mask M is the same size as the secret key for using encryption algorithms implementing different sized secret keys.
(56) The processing module 10 is defined, for example, on the basis of logic circuits.
(57)
(58) During a step 20, for example, the first processing unit 3 loads the masked data items A and the mask B into the first and second registers 6 and 7.
(59) Furthermore, the first processing unit 3 can load the data DATA to be encrypted into the third register 12.
(60) If the third register 12 contains data DATA to be encrypted, then the system proceeds to step 21, for example.
(61) During step 21, for example, the second processing unit 8 encrypts the data DATA contained in the third register 12 by using the secret key formed by the masked data items A and the mask B contained in the first and second registers 6 and 7 in order to obtain the encrypted data CRYPT.
(62) When the encrypted data CRYPT has been generated by the second processing unit 8, the data CRYPT is saved in the third register 12 so as to overwrite the previous content of the third register 12.
(63) Then, in a step 22, for example, when the data CRYPT has been saved in the third register 12, the first processing unit 3 loads, for example, in an internal memory, the encrypted data CRYPT for subsequent use.
(64) The system then returns to step 20, in which step the first processing unit 3 modifies the masked data items A and the mask B so that the content of the first and second registers 6 and 7 is unique.
(65) The contents of the first and second registers 6 and 7 are modified after each encryption operation using the secret key.
(66) If the secret key is used or if the occurrence generator module 9 does not deliver a signal VALID, then the system returns to step 20.
(67) If the secret key is not used and the occurrence generator module 9 delivers the signal VALID, then the system proceeds to step 23.
(68) During step 23, the random generator 11 generates the initial data item C of 32 bits upon reception of the signal VALID.
(69) Then, in step 24, for example, the processing module 10 generates the second mask M according to equation (1).
(70) When the second mask M is generated, during a step 25, for example, the content of the first and second registers 6 and 7 is updated according to the following equations:
A[i]=A[i]XOR M[i]; and
B[i]=B[i]XOR M[i],
(71) with i varying from 1 to 128 and n=0, with XOR being the EXCLUSIVE OR operator used in this example by both the operators referenced OP1 and OP2.
(72) The system then returns to step 20.
(73) Upon each occurrence of the validation signal VALID, the generation of the second mask M and the masking of the secret key with the second mask is reiterated and the contents of the first and second registers 6 and 7, respectively, are overwritten by the contents of these two registers masked by the second mask M.
(74) The first processing unit 3 can load data items A and B into the first and second registers 6 and 7, and data items DATA into the third register 12, whilst the second processing unit 8 does not proceed with the encryption of data DATA.
(75) The maximum duration separating two occurrences of the signal VALID is selected so that it is shorter than the acquisition duration of an optical display device, so that it is not possible to determine the state of the outputs of the first and second registers before an encryption operation of the secret key by the dynamic mask.
(76) The maximum duration separating two occurrences of the valid signal is shorter than 1 ms, for example.
(77) Furthermore, the development of the second mask and the masking of the secret key are carried out automatically and do not require the intervention of a processing unit allowing the resources and the consumption to be optimized.