Method for performing a sensitive data encryption with masking, and corresponding encryption apparatus and computer program product

Abstract

Cryptographic circuitry masks sensitive data values. The masking includes extracting unique combinations of random mask values from one or more sets of random mask values. Each sensitive data value is masked using a respective unique combination. The unique combinations have a combination class greater than or equal to a determined integer corresponding to a protection-level against side-channel attacks, and a number of unique combinations greater than or equal to a number of the sensitive data values. A number of random mask values in the one or more sets of random mask values is based on the number of unique combinations and the class of the plurality of unique combinations.

Claims

1. A method, comprising: masking, using cryptographic circuitry, sensitive data values by: extracting, from at least one set of random mask values, a plurality of unique combinations of random mask values, wherein at least one of the random mask values of the at least one set of random mask values is included in more than one of the plurality of unique combinations of random mask values; and masking each sensitive data value using a respective combination of the plurality of unique combinations of random mask values; and performing a cryptographic procedure, said sensitive data values comprising state bytes for rounds of the cryptographic procedure, wherein: each of the plurality of unique combinations has a protection-level class against side-channel attacks having a value which is greater than or equal to a value of a determined protection-level class against side-channel attacks; and a number of the plurality of unique combinations is greater than or equal to a number of the sensitive data values, wherein a number of random mask values in the at least one set of random mask values is based on the number of the plurality of unique combinations and the value of the protection-level class of the plurality of unique combinations.

2. The method according to claim 1 wherein the at least one set of random mask values comprises a plurality of distinct sets of random mask values.

3. The method according to claim 1, comprising extracting a plurality of unique combinations having a distance from one another with a value greater than or equal to the value of the determined protection-level class minus one.

4. The method according to claim 3, comprising using distinct sets of random mask values for different mask positions in the unique combinations.

5. The method according to claim 1, comprising: dividing a pool of random mask values into a number of distinct partitions greater than or equal to half the value of the determined protection-level class plus one; and including mask values from first, second and third distinct partitions in the unique combinations, wherein pairs of masks values from the second partition and the third partition are not reused in the unique combinations.

6. The method according to claim 1, comprising: dividing a pool of random mask values into a number of distinct partitions greater than or equal to half the value of the determined protection-level class plus one, wherein extracting a unique combination of random mask values comprises: selecting a mask value from the first partition to include in the unique combination; selecting a mask value from the second partition to include in the unique combination; and for each non-trivial partition of the distinct partitions after the first partition and the second partition, selecting a mask value in the non-trivial partition to include in the unique combination, the mask value having a position index in the non-trivial partition based on a base cyclic permutation having a cycle length equal to a prime number greater than or equal to a maximum between a size of the first partition and a size of the second partition.

7. The method of claim 6, comprising: selecting additional mask values to include in the unique combination from trivial partitions.

8. The method according to claim 6 wherein the base cyclic permutation is a rotation by one position.

9. The method according to claim 1, comprising: dividing a pool of random mask values into a number of distinct partitions, wherein a product of a number of values of a first partition and a number of values of a second partition is greater than or equal to the number of the sensitive data values.

10. The method according to claim 1 wherein said cryptographic procedure is an Advanced Encryption Standard (AES) encryption procedure including at least one first set of random mask values, which corresponds to intermediate masks that may be the same for all bytes of a state and applied in the intermediate steps of the AES rounds, and at least one second set of random mask values, each value corresponding, according to an index, to the bytes of the AES state.

11. An apparatus, comprising: one or more memories; and cryptographic circuitry, which, in operation, processes sensitive data values, the processing including: extracting, from at least one set of random mask values, a plurality of unique combinations of random mask values, wherein at least one of the random mask values of the at least one set of random mask values is included in more than one of the plurality of unique combinations of random mask values; and masking each sensitive data value using a respective combination of the plurality of unique combinations of random mask values, wherein: each of the plurality of unique combinations has a protection-level class against side-channel attacks having a value greater than or equal to a value of a determined protection-level class against side-channel attacks; and a number of the plurality of unique combinations is greater than or equal to a number of the sensitive data values, wherein a number of random mask values in the at least one set of random mask values is based on the number of the plurality of unique combinations and the value of the protection-level class of the plurality of unique combinations; and performs a cryptographic procedure, said sensitive data values comprising state bytes for rounds of the cryptographic procedure.

12. The apparatus according to claim 11 wherein the at least one set of random mask values comprises a plurality of distinct sets of random mask values.

13. The apparatus according to claim 11 wherein the cryptographic circuitry, in operation, extracts a plurality of unique combinations having a distance from one another with a value greater than or equal to the value of the determined protection-level class minus one.

14. The apparatus according to claim 11 wherein the cryptographic circuitry, in operation, uses distinct sets of random mask values for different mask positions in the unique combinations.

15. The apparatus according to claim 11 wherein the cryptographic circuitry, in operation: divides a pool of random mask values into a number of distinct partitions greater than or equal to half the value of the determined protection-level class plus one; and includes mask values from first, second and third distinct partitions in the unique combinations, wherein pairs of masks values from the second partition and the third partition are not reused in the unique combinations.

16. The apparatus according to claim 11 wherein the cryptographic circuitry, in operation: divides a pool of random mask values into a number of distinct partitions greater than or equal to half the value of the determined protection-level class plus one, wherein extracting a unique combination of random mask values comprises: selecting a mask value from the first partition to include in the unique combination; selecting a mask value from the second partition to include in the unique combination; and for each non-trivial partition of the distinct partitions after the first partition and the second partition, selecting a mask value in the non-trivial partition to include in the unique combination, the mask value having a position index in the non-trivial partition based on a base cyclic permutation having a cycle length equal to a prime number greater than or equal to a maximum between a size of the first partition and a size of the second partition.

17. The apparatus according to claim 11 wherein said cryptographic procedure comprises application of an Advanced Encryption Standard (AES) encryption.

18. A system, comprising: one or more integrated circuits; and cryptographic circuitry, which, in operation, processes sensitive data values, the processing including: extracting, from at least one set of random mask values, a plurality of unique combinations of random mask values, wherein at least one of the random mask values of the at least one set of random mask values is included in more than one of the plurality of unique combinations of random mask values; and masking each sensitive data value using a respective combination of the plurality of unique combinations of random mask values, wherein: each of the plurality of unique combinations has a protection-level class against side-channel attacks having a value greater than or equal to a value of a determined protection-level class against side-channel attacks; and a number of the plurality of unique combinations is greater than or equal to a number of the sensitive data values, wherein a number of random mask values in the at least one set of random mask values is based on the number of the plurality of unique combinations and the value of the protection-level class of the plurality of unique combinations; and performs a cryptographic procedure, said sensitive data values comprising state bytes for rounds of the cryptographic procedure.

19. The system of claim 18 wherein one of the one or more integrated circuits includes the cryptographic circuitry.

20. The system of claim 18 wherein at least one of the one or more integrated circuits, in operation, provides set-top-box functionality.

21. The system of claim 18 wherein the cryptographic circuitry, in operation: divides a pool of random mask values into a number of distinct partitions greater than or equal to half the value of the determined protection-level class plus one; and includes mask values from first, second and third distinct partitions in the unique combinations, wherein pairs of masks values from the second partition and the third partition are not reused in the unique combinations.

22. The system of claim 18 wherein the at least one set of random mask values is stored in a look-up table.

23. A non-transitory computer-readable medium having contents which configure cryptographic circuitry to process sensitive data, the processing of the sensitive data comprising: extracting, from at least one set of random mask values, a plurality of unique combinations of random mask values, wherein at least one of the random mask values of the at least one set of random mask values is included in more than one of the plurality of unique combinations of random mask values; masking each sensitive data value using a respective combination of the plurality of unique combinations of random mask values; and performing a cryptographic procedure, said sensitive data values comprising state bytes for rounds of the cryptographic procedure, wherein: 10each of the plurality of unique combinations has a protection-level class against side-channel attacks having a value greater than or equal to a value of a determined protection-level class against side-channel attacks; and a number of the plurality of unique combinations is greater than or equal to a number of the sensitive data values, wherein a number of random mask values in the at least one set of random mask values is based on the number of the plurality of unique combinations and the value of the protection-level class of the plurality of unique combinations.

24. The non-transitory computer-readable medium of claim 23 wherein the plurality of unique combinations have a distance from one another with a value greater than or equal to the value of the determined protection-level class minus one.

25. The non-transitory computer-readable medium of claim 23 wherein the processing the sensitive data comprises: dividing a pool of random mask values into a number of distinct partitions greater than or equal to half the value of the determined protection-level class plus one; and including mask values from first, second and third distinct partitions in the unique combinations, wherein pairs of masks values from the second partition and the third partition are not reused in the unique combinations.

Description

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

(1) Various embodiments will now be described, purely by way of example, with reference to the annexed drawings, wherein:

(2) FIGS. 1A and 1B show block diagrams illustrating AES encryption operations;

(3) FIG. 2 shows a flowchart illustrating an embodiment of an encryption method described;

(4) FIG. 3 shows a flowchart illustrating an embodiment of an encryption method described; and

(5) FIG. 4 shows a flowchart illustrating an embodiment of an encryption method described.

DETAILED DESCRIPTION

(6) In the ensuing description numerous specific details are illustrated to facilitate understanding of the embodiments provided by way of example. The embodiments may be implemented with or without specific details, or else with other methods, components, materials, etc. In other circumstances, well-known structures, materials, or operations are not shown or described in detail so that aspects of the embodiments will not be obscured. Reference, in the course of this description, to an embodiment or one embodiment means that a particular structure, peculiarity, or characteristic described in connection with the embodiment is comprised in at least one embodiment. Hence, phrases such as in an embodiment or in one embodiment that may be present in various points of this description do not necessarily refer to one and the same embodiment. Moreover, the particular structures, peculiarities, or characteristics may be combined in any convenient way in one or more embodiments.

(7) The notation and references used herein are provided only for convenience of the reader and do not define the scope or the meaning of the embodiments.

(8) An embodiment described herein envisages in general use, for protecting a sensitive-data value belonging to a set of sensitive-data values, of a combination of true random masks taken from a set of masks the number of which is greater than or equal to the desired protection level. Each combination associated to a given sensitive-data value differs at least for one mask from each of the combinations of masks associated to the other sensitive data. In other words, an embodiment described herein may facilitate reduction or minimization of the number of true random masks to ensure a desired level of protection.

(9) In particular, FIG. 2 shows a flowchart representing an embodiment of an encryption method described, which envisages performing an encryption procedure, such as for example the procedure 200 described with reference to FIG. 1B, that comprises operations of masking of sensitive-data values by applying random mask valueswhich in FIG. 2 are in general denoted by the set of random values {R.sub.0, R.sub.1, . . . , R.sub.n1}, the generic element of which is R.sub.j, the subscript j representing the position index of the set of valuesto the sensitive-data values, which are designated as a whole by A. A set of sensitive-data values A, for example the initial AES state, comprises a number of bytes A.sub.1 where 1 is the position index in the state. In the case of the AES state, the bytes are a number s of values of the state equal to 16, and hence the position index 1 ranges from 0 to s1, e.g., 15.

(10) Designated by 110 is a step of generating and/or making available a set of random mask values Y, specifically the set {R.sub.0, R.sub.1, . . . , R.sub.n1}. The number n of these random values in the set {R.sub.0, R.sub.1, . . . , R.sub.n1} is such as to enable generation of a number

(11) $(\begin{matrix} n \\ k \end{matrix})$
of unique combinations C.sup.k of one and the same given class k (e.g., combinations formed by k elements) from among the random values in the set {R.sub.0, R.sub.1, . . . , R.sub.n1}. The combinations C.sup.k of masks may be seen as words of fixed length of k symbols, where repetition of a symbol within one and the same word does not occur. The alphabet of symbols of the combinations is the first set of random values.

(12) Step 110 envisages generating and/or making available the above random mask values Y. In fact, as described in the examples illustrated in what follows, the random values may be in sets generated, in particular during the encryption operations, or else in sets of random values already available, for example the mask values for the intermediate steps L, M, N, O indicated in FIG. 1B, or else in distinct sets purposely generated and already available for other reasons.

(13) The random values Y may be: pre-generated and then simply made available in step 110; or else be generated just before they become necessary, during masking of the values, hence basically in step 110; or else be derived from other random values already used for convenience of the evolution of the masks during the algorithm, hence derived before step 110, which hence makes them available, or during step 110.

(14) In a subsequent step 120, it is then envisaged to extract from the set of random mask values Y, specifically the set {R.sub.0, R.sub.1, . . . , R.sub.n1}, a plurality of unique combinations C.sup.k of these random mask values.

(15) Hence, steps 110 and 120 determine a pair of values n, k, respectively. In FIG. 2 the determination process is represented by the operations 102-106.

(16) The encryption method described herein envisages satisfying a first condition of protection wherein the class k of the aforesaid plurality of combinations C.sup.k is greater than or equal to a desired or determined level of protection d from side-channel attacks. Block 102 represents evaluation of the first condition of protection.

(17) Given the first condition of protection that determines the class k, a corresponding condition is evaluated on the number n of the random values of the set {R.sub.0, R.sub.1, . . . , R.sub.n1}. The number n is such as to be able to generate a number NK, expressed by the binomial coefficient

(18) $(\begin{matrix} n \\ k \end{matrix}),$
of unique combinations C.sup.k of the same given class k that is greater than or equal to a number t of sensitive data to be protected. Designated by 106 is the step of evaluation of this condition on the number n of random values, namely, NKt.

(19) The number t of sensitive data to be protected is determined on the basis of the encryption procedure to be protected, in the example described herein starting from the state A. With reference to FIG. 1A-1B, the state A has a number s of values, which can be extracted in a step 103. If the operation to be protected operates just once, with just one step the number t of the sensitive data to be protected is equal to the number s of the bytes of the state A, e.g., for example 16 in the case of ABS. However, in general, the encryption operations such as those of the procedure 200 comprise a plurality of stages, which include a plurality of rounds r and a plurality of intermediate steps p. Hence, in a step 104, the number of values t is calculated as product of the number s of bytes, of the number nr of rounds rand of the number np of steps p, e.g., t=s.Math.nr.Math.np. In general, the number of steps np depends upon the specific implementation. As discussed in what follows, in the ABS encryption there may be, for example, nr=10 rounds and np=2 intermediate steps, hence V=16.Math.10.Math.2=320 bytes. Steps 103 and 104 to obtain the number t of values may be in general optional if the number t of values is known or in any case may be different if the number t of values is not calculated in terms of number s of bytes, of the number nr of rounds r, and of the number np of steps p.

(20) As regards the number n of the random values of the set {R.sub.0, R.sub.1, . . . , R.sub.n1}, the condition referred to above indicates its lower limit as a function of the class k; e.g., the number n of the random values is such that the number

(21) $(\begin{matrix} n \\ k \end{matrix})$
of unique combinations C.sup.k is greater than or equal to the number t of the sensitive data to be protected (step 106).

(22) The upper limit of the value of the number n of the random values of the set Y may be identified as a function of the time of generation of the random values and of the space for storage of the random values.

(23) Also for the class k the value chosen takes into account the latency in execution of the protection scheme. Each mask may be calculated for this purpose separately.

(24) Once the above number NK of unique combinations C.sup.k has been obtained, a step 130 is envisaged of application of a different unique combination C.sup.k as mask to each respective sensitive-data value {A.sub.0, A.sub.1 . . . , A.sub.s1}.sub.r,p to be protected for each stage, e.g., for each round r and each step p of the encryption procedure 200, as mentioned previously. For example, as illustrated in Table 1 appearing hereinafter, for the sensitive-data value A.sub.0 at the first round and at the first step we shall have A.sub.0R.sub.0R.sub.1R.sub.2R.sub.3R.sub.4.

(25) To illustrate the method 100 described with reference to FIG. 2, as a first example, an example of protection of the AES state against second-order attacks is now described.

(26) Using completely independent masks according to the techniques of the known art, since, as has been mentioned, there are 320 bytes of sensitive values to be protected, 16 state bytes, and at least 2 intermediate values per round, with 10 rounds (or 12 or 14 according to the size of the key), at least 2 masks are necessary for each sensitive value in order to obtain a second-order protection level. Hence, to protect 16 data bytes of the state A there would normally be necessary t.Math.2 random values, e.g., 320.Math.2=640 bytes.

(27) Using an embodiment of the solution described herein, which adopts combinations of masks taken from a set of random-value masks {R.sub.0, R.sub.1, . . . , R.sub.n1}, given a number t equal to 320 of bytes of sensitive values to be protected, at least 320 unique combinations C.sup.k are necessary, and hence the value of the binomial coefficient

(28) $(\begin{matrix} n \\ k \end{matrix})$
is greater than or equal to 320. To obtain a level of protection from second-order side-channel attacks, d=2, it is necessary to satisfy the condition (see step 102 of FIG. 2 that imposes the first protection condition) that the class k be greater than or equal to 2. For example, setting k=5 for step 120 and n=11 for step 110, the binomial coefficient is

(29) $(\begin{matrix} 11 \\ 5 \end{matrix}) = 462.$
In other words, with only 11 bytes of random values we obtain a second-order protection.

(30) Hence, in the example of AES implementation it is envisaged to provide (step 110) a set of random-value masks {R.sub.0, R.sub.1, . . . , R.sub.n1} comprising a number n of random values that is equal to 11; consequently, in the example, there is a set of 11 values R.sub.0, R.sub.1, . . . , R.sub.10. Each sensitive value A.sub.1 is protected by a number k, in the example 5, of masks.

(31) Table 1 below shows an example of the combinations C.sup.k generated in step 120. The rows indicate the round r and the intermediate step p of the round in an SBOX as illustrated in FIG. 1B, for example Round 1, SBOX in, the columns indicate the bytes of the state: Byte0, A.sub.0; Byte1, A.sub.1; etc. Appearing in each cell of Table 1 is the corresponding different unique combination C.sup.k of k masks applied to the byte of the state A. For simplicity, only some combinations that are all unique are listed by way of example.

(32) TABLE-US-00001 TABLE 1 Round r, Step p Byte 0, A0 Byte 1, A1 . . . Byte 6, A6 Byte 7, A7 . . . Round 1, R.sub.0 R.sub.1 R.sub.2 R.sub.0 R.sub.1 R.sub.2 . . . R.sub.0 R.sub.1 R.sub.2 R.sub.0 R.sub.1 R.sub.2 . . . SBOX in R.sub.3 R.sub.4 R.sub.3 R.sub.5 R.sub.3 R.sub.10 R.sub.4 R.sub.5 Round 1, R.sub.0 R.sub.1 R.sub.2 R.sub.0 R.sub.1 R.sub.2 . . . . . . . . . . . . SBOX out R.sub.5 R.sub.9 R.sub.5 R.sub.10 . . . . . . . . . . . . . . . . . . . . .

(33) It is necessary to choose t combinations from among all the NK possible combinations defined by the binomial coefficient

(34) $(\begin{matrix} n \\ k \end{matrix})$
and then associate each combination to each of the t sensitive values to be protected. For the second-order protection desired, these combinations may be chosen freely in step 120.

(35) The first condition of protection evaluated in step 102, and in general the method 100 described with reference to FIG. 2, provide a first degree of protection that is fully effective up to the protection level d=2.

(36) It has moreover been found that, for desired protection levels d greater than 2, the protection also depends upon a minimum number of masks not in common between a pair of values to be protected, e.g., upon the minimum distance dist between two combinations C.sup.k.

(37) To provide the desired protection, in particular for d>2, the minimum distance dist is greater than or equal to the desired protection level d minus one. Hence, in variants of the method described herein, it is envisaged that in step 120 during generation of the unique combinations C.sup.k a second condition of protection will be evaluated, e.g., whether the unique combinations C.sup.k satisfy the condition where dist(C.sup.k) is greater than or equal to the protection level d minus one, dist(C.sup.k)d1. Hence, a second condition of protection that can be used by the method described herein is that the distance dist(C.sup.k) be greater than or equal to the protection level d minus one.

(38) In the foregoing example regarding ABS encryption, by construction each pair of values in any point of the algorithm differs for at least two masks (minimum distance=2); consequently, the method provides a second-order protection from the side-channel attacks, e.g., d=2 as desired.

(39) Once again for values of desired protection level greater than 2, e.g., d>2, a further vulnerability derives from the combinations of a number of masked values.

(40) The method described herein, in an embodiment, comprises verifying also that, when the intermediate values originating from the intermediate steps are combined together for requirements of the calculation envisaged by the encryption procedure, the result will still be protected, e.g., that, as a result of the operations of calculation, the masks will not be removed.

(41) Provided hereinafter, to enable a better understanding, is an example of the problem that an embodiment facilitates addressing. For example, if to three values, A, B, C that are the three inputs of an XOR operation in a given step of an encryption procedure, the following masks are applied on the basis of the mask values M.sub.0, M.sub.1, M.sub.2:
AM.sub.0M.sub.1
BM.sub.0M.sub.2
CM.sub.1M.sub.2
the result of the XOR operation will not be protected by any mask:
(AM.sub.0M.sub.1)(BM.sub.0M.sub.2)(CM.sub.1M.sub.2)=ABC

(42) Hence, a side-channel attack that were to consider (for example, through power consumption) the XOR of the above masked values, hence using in this case three leakage operations
(AM.sub.0M.sub.1)
(BM.sub.0M.sub.2)
(CM.sub.1M.sub.2)
would remove the protection. It should be noted that the use of three leakage operations for the attack in itself determines the need for a protection level d equal to 3.

(43) The protection depends upon the fact that the masks that identify the minimum distance, e.g., the distance dist(C.sup.k), greater than or equal to the protection level d minus one, set according to the previous criterion, in the example just shown the masks M.sub.1 and M.sub.2, never appear combined together to protect a third sensitive value.

(44) In this case, it is necessary to proceed in such a way that the number of combinations between values, e.g., of leakage operations , necessary to remove all the masks is greater than the desired protection level d.

(45) What has been described above is obtained in general in an embodiment of the method described herein using different distinct pools, namely, distinct sets of independent elements, of random mask values for different mask positions in the combination C.sup.k. Given a combination C.sup.k of k masks M.sub.0M.sub.1 . . . M.sub.h . . . M.sub.k1, h indicates the mask position.

(46) Hence, a third condition of protection applied by the method described herein is that of using different independent pools of random mask values for different mask positions h in the combination C.sup.k.

(47) With reference to what has just been discussed, FIG. 3 shows a flowchart of a method for performing an encryption 300 that, as compared to the method 100 of FIG. 2, also envisages verifying the two further conditions of protection discussed hereinafter, namely, that the unique combinations C.sup.k generated satisfy the condition of dist(C.sup.k) being greater than or equal to the protection level d minus one, and using different independent pools of random mask values for different mask positions h in the combination C.sup.k, so that the combination of intermediate values originating from the intermediate steps for the requirements of calculation gives rise to a result that is still protected, e.g., that the masks are not removed.

(48) FIGS. 2-4 also illustrate processing circuitry P, memory M (e.g., one or more registers, a ROM, a RAM, etc., and various combinations thereof), and discrete circuitry DC, which may be used alone or in various combinations to implement the functionality of the method disclosed herein. For example, a cryptographic processor may be configured to implement an embodiment of a method described herein.

(49) In the flowchart of FIG. 3 operations similar to those represented in FIG. 2 are designated by the same numbers. In particular, the method 300 comprises the same determination process as that represented through the operations 102-106.

(50) However, the step 110 of generating and/or making available a set of random mask values {R.sub.0, R.sub.1, . . . , R.sub.n1} is, in this case, a step 310 of generating and/or making available a plurality of distinct sets of random values Y where the number of these sets may correspond, for example, to the class k of the unique combinations C.sup.k. As exemplified hereinafter, in the case where d=2 to which the flowchart of FIG. 3 refers, it is possible to choose as two distinct sets of random values, Y.sub.0 and Y.sub.1, the values of the masks of the intermediate steps {L, M, . . . } and the random mask values {R.sub.0, R.sub.1, . . . , R.sub.n1} corresponding to the byte indices of the ABS state. According to a different, more general, embodiment, illustrated for example with reference to FIG. 4, the step 310 of generating and/or making available a plurality of distinct sets Y.sub.i of random values envisages making partitions X.sub.i in a pool P of random values such that these partitions X.sub.i will correspond to distinct sets of random values Y.sub.i.

(51) With reference to FIG. 3, it is possible to consider in particular different values of n and k for the different distinct sets Y.sub.i. In the specific case of two distinct sets Y.sub.i discussed herein, there are obtained numbers of values in the distinct sets that are equal, respectively, to n.sub.0 and n.sub.1 (hence, for example, the number of values of the masks of the intermediate steps {L, M, . . . } is n.sub.0, whereas the number of values of the masks for the bytes of the state {R.sub.0, R.sub.1, . . . , R.sub.n.sub.1.sub.1} is n.sub.1) and classes k.sub.0, k.sub.1. The following properties apply: the binomial coefficients are calculated separately (n.sub.0 on k.sub.0) and (n.sub.1 on k.sub.1), to obtain two different numbers NK0 and NK1 of unique combinations; the number of unique combinations NK necessary to satisfy the second condition at step 106 is given by the product of the two numbers of unique combinations for the two distinct sets Y.sub.i: NK0.Math.NK1=NK, NK0.Math.NK1t; in the specific case of AES, NK0=20, NK1=16 (since k.sub.0=1 and k.sub.1=1, hence NK0=n.sub.0 and NK1=n.sub.1 and hence 16.Math.20=320=t; and for the protection, the numbers of values k.sub.0 and k.sub.1 extracted at the same time from the distinct sets Y.sub.0 and Y.sub.1 are summed up to evaluate the first condition of protection at step 102, e.g., k.sub.0+k.sub.1=kd.

(52) Hence, in particular, for application of the third condition of protection, the associated condition on the number n of random values becomes in general that the product H of the number of unique combinations determined by each of the distinct sets is greater than the number t of sensitive values to be protected. In FIG. 3, step 106 is replaced by a step 306 of verification of the above condition on the number n, namely, NK.sub.it.

(53) The aforesaid plurality of distinct sets Y.sub.i of random values is thus supplied to a step 320 of extraction of a plurality of sets of masks to generate a plurality of unique combinations C.sup.k.

(54) In step 320 it is envisaged for example to:

(55) a) use different sets Y.sub.i of random values for filling different mask positions h in the combination C.sup.k; and

(56) b) verify whether these unique combinations C.sup.k satisfy the condition of dist(C.sup.k) being greater than or equal to the protection level d minus one.

(57) The operation a) in FIG. 3 may be understood to use the different sets Y.sub.i of random mask values to fill different mask positions h in the combination C.sup.k so as to obtain by construction masks that prevent their removal in the intermediate steps.

(58) For example, once again in the ABS case with second-order protection with two masks it is possible, in order to carry out step 320, to use two different sets Y.sub.0, Y.sub.1 of random mask values to fill two different mask positions h in the combination C.sup.k, which correspond to the values of the masks of the intermediate steps {L, M, . . . } and to the sets of random mask values {R.sub.0, R.sub.1, . . . , R.sub.n1} corresponding to the byte indices of the ABS state, carrying out, that is, composition of two values for is mask that is applied to the ABS state, namely: a first value that depends upon the intermediate step, L, M, N, . . . ; each value is of 1 byte; in the case of 2 steps per round and 10 rounds, 20 bytes are used; and a second value that depends upon the byte index of the state, R.sub.0, . . . , R.sub.15; In this way, there are 16 values to be used for masking the 16 bytes of the state A; the same mask value R.sub.1 is used for each byte with the same index 1 in each round.

(59) It is emphasized how the first and second mask values, with position index h=0 and h=1, respectively, are thus extracted from two distinct sets of random values.

(60) This is exemplified in Table 2 below, where the rows indicate the round r and the step p, e.g., the step of the round, for example for Round 1, SBOX in, the first column indicates the mask of the intermediate step, L, M, N, . . . , taken from the first distinct set, and the remaining columns indicate the state bytes, Byte0, Byte1, Byte15. The contents of each cell indicate the combination of two masks used for protecting the corresponding intermediate sensitive value for a given byte Byte0, Byte1, . . . , Byte15:

(61) TABLE-US-00002 TABLE 2 Round r, Step p Mask, step Byte0 Byte1 . . . Byte15 Round 1, SBOX L L R.sub.0 L R.sub.1 L R.sub.15 in Round 1, SBOX M M R.sub.0 M R.sub.1 M R.sub.15 out Round 2, SBOX N N R.sub.0 N R.sub.1 N R.sub.15 in Round 2, SBOX O O R.sub.0 O R.sub.1 O R.sub.15 out . . . Round 10, W W R.sub.0 W R.sub.1 W R.sub.15 SBOX in Round 10, Z Z R.sub.0 Z R.sub.1 Z R.sub.15 SBOX out

(62) W, Z are further masks in the pool of the masks L, M, N, . . . associated to the final round.

(63) The embodiment exemplified in Table 2 is effective in so far as the values are in this way protected at least by the minimum number of masks, e.g., k=2 for protection level d=2, thus respecting the first condition 102. In fact, all the values calculated in the intermediate steps are associated to different combinations. The masks R.sub.1 of the second set of values independent of one another guarantee second-order protection within one and the same round. A different mask of the first set of values L, M, N for each round r and step p provides that there is no second-order vulnerability between one step and the other employing values that use the same mask R.sub.1 of the second set of values. The solution presented also ensures that the masks will be preserved and remain effective for a second-order protection even for all the intermediate values of the linear operations ShiftRows+MixColumns+AddKey.

(64) The above embodiment moreover adopts a number of random values in each of the two distinct sets that is low.

(65) There is a minimum number of intermediate values to be calculated on the masks in order to preserve the results at the end. For example, use of a mask for all the bytes of the ABS state at the input of the linear part causes also the state at the end of the linear part to be masked exactly by the same mask, without any need of deriving therefrom the final mask value. The reason for this is that when the linear part of ABS is applied to 16 identical bytes, the result is still made up of the same 16 identical bytes.

(66) It should be noted that in the method described herein the size of the masks for a Boolean masking may be chosen so as to have for all the masks the same size in bits as the sensitive-data values to be protected.

(67) In the case where the intermediate values have the same size (8 bits in the ABS case), all the random values have the same size.

(68) In the case where the intermediate values have a different size (as in the DES case described hereinafter) each random value has the same size of the largest sensitive value that it protects. For the smaller sensitive values, the bits over of the mask may simply be discarded. For example, in the case of the DES (Data Encryption Standard) SBOX the input in the SBOX is a 6-bit input, and the output is a 4-bit output. The mask L of the first round at input is hence of 6 bits, since it protects 6-bit input values, whereas the mask M of the first round at output is of 4 bits, since it protects 4-bit output values. The masks R.sub.0, R.sub.1, . . . of the first set of masks have a size of 6 bits because they protect 4-bit and 6-bit values. As has been said, these 6-bit masks of the first set, R.sub.0, R.sub.1, . . . can be replaced by their 4-bit subsets, R.sub.0, R.sub.1, . . . , discarding two bits. Table 3 below exemplifies this protection for the case of the DES SBOX.

(69) TABLE-US-00003 TABLE 3 Round, Step Mask, step Byte0 Byte1 . . . Round 1, SBOX in L L R.sub.0 L R.sub.1 . . . Round 1, SBOX out M M R.sub.0 M R.sub.1 . . . . . . . . . . . . . . . . . .

(70) Alternatively, step 320 of extraction can be carried out, given a certain protection level d to be guaranteed, by selecting at this step a combination, in particular via distinct sets Y.sub.i if the protection level d is greater than 2, and then making an analysis of the vulnerabilities in the intermediate steps.

(71) Hence, as regards selection of the combinations C.sup.k within one and the same protection level d there are different possible solutions, according to the trade-off between the number of random values, latency of the protection scheme, simplicity of implementation, and simplicity of analysis of the vulnerabilities. For the class k the value chosen at step 102 may take into account more than the protection level d and the latency in execution of the protection scheme.

(72) As has been discussed, to obtain a second-order protection it is possible to use a set Y of random mask values imposing the first condition 102 on the class k and choosing the number n of values of the set Y so as to determine a number of combinations that is greater than or equal to the number of values t to be protected, whereas to obtain upper-order protection may have moreover: a minimum distance dist between the combinations C.sup.k (second protection condition); and distinct sets Y.sub.i of random numbers for different mask positions h (third protection condition).

(73) In this contingency (d>2), the product of the coefficients of the binomial on the number n.sub.i and class k.sub.i for each distinct set Y.sub.i is greater than or equal to the number t of sensitive values to be protected.

(74) Starting from this, to provide a given protection level on the basis of the first, second, and third protection conditions, in particular because the protection level d is higher than 2, it is possible to proceed either in an exhaustive way or by construction, namely: a set of combinations is selected and an exhaustive analysis of the vulnerabilities is carried out; or else combinations are generated that satisfy by construction the required protection scheme, e.g., the three conditions indicated above.

(75) There now follows a description of an embodiment of the method for performing an encryption that takes into account all three protection criteria (k>d, dist(C.sup.k)>d+1, distinct sets of masks) with a more general field of application, in particular not depending upon the specific use of an AES or DES encryption, by constructing sets of random masks that in particular satisfy the second and third protection criteria to be applied in step 320, which is applicable also to cases where the state A is not the AES state and the desired protection level d is higher than 2.

(76) Hence, given a pool of random variables P, denoted by u in what follows is a number of partitions X.sub.i of the pool of random variables P. X.sub.i is the set of values of the i-th partition, n.sub.i is the number of random values contained in the i-th partition X.sub.i, e.g., its size, k.sub.i is the number of values extracted at the same moment from the i-th partition X.sub.i, while x.sub.i is the mask position h corresponding to the i-th partition X.sub.i, and x.sub.i.sup.j is the j-th value of the i-th partition, e.g., the effective value of the mask x.sub.i. Finally t is the number of sensitive variables to be protected.

(77) In this framework, as regards the number of distinct sets Y.sub.i to be chosen according to the protection level, it is envisaged to divide the pool of random values P into partitions X.sub.i, where each element of the pool P belongs to one and only one partition X.sub.i. The number u of partitions X.sub.i corresponds to the distinct sets Y.sub.i.

(78) Moreover, it is envisaged to choose the number u of partitions X.sub.i to be used according to the following criterion:

(79) a) for the cases with desired protection level d equal to 2 a single partition of random values is sufficient (as in Table 1 or in the method 100 of FIG. 2), apart from the requirements deriving from the other conditions of protection; in fact, as seen previously, a single partition of random values provides a protection for a desired protection level d lower than 3;

(80) b) for a desired protection level d>2, a number u of partitions is used other than one; u partitions guarantee protection up to a protection level d lower than 2u, d<2u; hence, 2 partitions protect up to d<4, and 3 partitions up to d<6, as exemplified hereinafter in the example regarding a protection level d=5; it is here specified that u represents the number of non-trivial partitions X.sub.i, e.g., ones comprising more than a single element.

(81) In what follows, it is assumed for simplicity that for the first two partitions the number of values extracted at the same moment is k.sub.0=k.sub.1=1; e.g., for each of the partitions a single mask is extracted. The case may be extended to k.sub.i>1 where a value is replaced by a unique combination of extracted values.

(82) Likewise, imposing that the partitions X.sub.0, X.sub.1 have the same size enables easier construction. A variant embodiment with partitions of different size n.sub.i is discussed hereinafter.

(83) The number of masks k is defined by the other constraints. u partitions means u masks, with k.sub.i=1. For the first criterion of protection, k is greater than or equal to d. If u<d, the du missing masks can be extracted from dedicated trivial partitions (ones containing a single element).

(84) The minimum number u of the partitions for any value of protection level d is hence
u=floor((d+1)/2)
where u masks are extracted from the u partitions. The function floor(x), as is known, calculates the integer part of the argument, e.g., the largest integer smaller than or equal to x.

(85) A total of d masks is required; hence, du masks are extracted from other partitions (also trivial partitions with a single value, as mentioned).

(86) In what follows, before indicating a general criterion of construction, specific examples are illustrated to explain the meaning of certain operations.

(87) There hence follows an example, with reference to Table 4 below, of construction of combinations of masks satisfying the first, second, and third conditions of protection for a protection level d=5.

(88) For the first condition of protection, the class k of the aforesaid plurality of combinations C.sup.k is greater than or equal to a protection level d, e.g., the class k is at least 5. According to what has been said previously, d=5 implies a number u of partitions X.sub.i at least equal to 3: u=(d+1)/2.

(89) Hence, three partitions X.sub.0, X.sub.1, X.sub.2 are assumed for the masks x.sub.0, x.sub.1, x.sub.2, whereas for the masks x.sub.3, x.sub.4 it is possible to use any value of the pool not belonging to the three partitions X.sub.0, X.sub.1, X.sub.2, even two single values from two trivial partitions. As has been said, in this case n.sub.0=n.sub.1=n.sub.2; e.g., the partitions X.sub.0, X.sub.1, X.sub.2 have the same size. As has been said previously, the condition n.sub.0.Math.n.sub.1t is satisfied.

(90) The values in each partition X.sub.i are ordered according to an index j, even though of course, since they are random values, they are not in general ordered in the partitions.

(91) Each sensitive value is associated to a specific combination of values x.sub.0, x.sub.1. Also the order of the combinations is not in general significant, but in the example described here, to understand better the general example, the order in the table below is adopted, where x.sub.i.sup.j is the j-th value of the i-th partition associated to a given sensitive value. The rows of Table 4 below each correspond to a different generic sensitive value. Appearing in the columns of Table 4 is the partition X.sub.i from which the value x.sub.i.sup.j is extracted.

(92) TABLE-US-00004 TABLE 4 Partition X.sub.0 Partition X.sub.1 Partition X.sub.2 x.sub.0.sup.0 x.sub.1.sup.0 x.sub.2.sup.0 x.sub.0.sup.0 x.sub.1.sup.1 x.sub.2.sup.1 x.sub.0.sup.0 x.sub.1.sup.2 x.sub.2.sup.2 x.sub.0.sup.0 x.sub.1.sup.3 x.sub.2.sup.3 x.sub.0.sup.0 . . . . . . x.sub.0.sup.0 x.sub.1.sup.n.sup.1.sup.1 x.sub.2.sup.n.sup.2.sup.1 x.sub.0.sup.1 x.sub.1.sup.0 x.sub.2.sup.1 x.sub.0.sup.1 x.sub.1.sup.1 x.sub.2.sup.2 x.sub.0.sup.1 x.sub.1.sup.2 x.sub.2.sup.3 x.sub.0.sup.1 x.sub.1.sup.3 x.sub.2.sup.4 . . . . . . . . . x.sub.0.sup.1 x.sub.1.sup.n.sup.1.sup.2 x.sub.2.sup.n.sup.2.sup.1 x.sub.0.sup.1 x.sub.1.sup.n.sup.1.sup.1 x.sub.2.sup.0 . . . . . . . . . x.sub.0.sup.n.sup.0.sup.1 x.sub.1.sup.n.sup.1.sup.1 . . .

(93) As may be noted, the value x.sub.2 of the third partition X.sub.2 is chosen as a permutation of the value x.sub.1 in the second partition X.sub.1. The reason for this is to implement the criterion whereby, except for the rows where the index j of the value x.sub.0 of the first partition is zero, e.g., it is the first value taken from the first partition, there are not be rows in which the index j of x.sub.1 is equal to that of x.sub.2.

(94) This occurs, for example, if the permutation is a simple rotation to the left by 1:

(95) $= (\begin{matrix} 0 & 1 & 2 .Math. & n_{1} & - 2 & n_{1} & - 1 \\ 1 & 2 & 3 .Math. & n_{1} & - 1 & 0 \end{matrix})$

(96) The permutation may equivalently be a rotation to the right.

(97) The permutation is applied a number of times equal to the number of values of the first partition X.sub.0. The index of the first mask x.sub.0, j=0, defines the starting point of the cycle.

(98) With reference to Table 5 below, there now follows instead an example of construction of combinations of masks satisfying the first, second, and third condition of protection for the protection level d=7.

(99) According to what has been mentioned previously for d=7 it is necessary to have a number u of independent partitions equal to 4 or more. Hence, from four partitions X.sub.0, X.sub.1, X.sub.2, X.sub.3 for example four respective values x.sub.0, x.sub.1, x.sub.2, x.sub.3 are extracted. Since k is to be greater than or equal to the protection level d, 7 masks are, however, necessary in all. The masks x.sub.4, x.sub.5, x.sub.6 may be chosen of any value in the pool P that does not belong to the four partitions X.sub.0, X.sub.1, X.sub.2, X.sub.3.

(100) Maintaining for simplicity the same size for the partitions, e.g., n.sub.0=n.sub.1=n.sub.2=n.sub.3 equal to a prime number, n.sub.0 n.sub.1 is greater than or equal to t.

(101) The value of x.sub.2 is chosen in such a way that its index is a permutation of the index value used for selecting the mask x.sub.1, as has been seen previously for d=5. A cycle of length n.sub.2, or n.sub.2-cycle, where n.sub.2 is the size of the second partition, of permutations enables generation of n.sub.2 cyclic permutations, changing only the starting point from which fetching of values in a partition is started. Each of the n.sub.2 permutations is associated to the index j of the first mask x.sub.0; e.g., the permutation is applied a number of times equal to the number of values of the first partition of the first mask x.sub.0. The index of the first mask x.sub.0, j=0, defines the starting point of the cycle.

(102) The value of x.sub.3 is chosen in such a way that its index is a different permutation of the index used for selecting the mask x.sub.2. The new permutation changes all the positions. As has been said previously, except for the rows where the index j of the value of the first mask x.sub.0 of the first partition X.sub.0 is zero, e.g., is the first value taken from the first partition, there are not any rows where the index j of x.sub.2 is equal to that of x.sub.3.

(103) If is the first permutation applied to the partition X.sub.2 and T the second permutation applied to the partition X.sub.3, it is possible to impose that the second permutation is equal to .sup.2, e.g., to the permutation applied twice to the index j (both of the permutations are referred to the order of the elements in X.sub.1).

(104) This leads to a table such as Table 5 below, similar to the previous one but comprising an additional column for the further partition X.sub.3:

(105) TABLE-US-00005 TABLE 5 Partition X.sub.0 Partition X.sub.1 Partition X.sub.2 Partition X.sub.3 x.sub.0.sup.0 x.sub.1.sup.0 x.sub.2.sup.0 x.sub.3.sup.0 x.sub.0.sup.0 x.sub.1.sup.1 x.sub.2.sup.1 x.sub.3.sup.1 x.sub.0.sup.0 x.sub.1.sup.2 x.sub.2.sup.2 x.sub.3.sup.2 x.sub.0.sup.0 x.sub.1.sup.3 x.sub.2.sup.3 x.sub.3.sup.3 x.sub.0.sup.0 . . . . . . . . . x.sub.0.sup.0 x.sub.1.sup.n.sup.1.sup.1 x.sub.2.sup.n.sup.2.sup.1 x.sub.2.sup.n.sup.3.sup.1 x.sub.0.sup.1 x.sub.1.sup.0 x.sub.2.sup.1 x.sub.3.sup.2 x.sub.0.sup.1 x.sub.1.sup.1 x.sub.2.sup.2 x.sub.0.sup.1 x.sub.1.sup.2 x.sub.2.sup.3 x.sub.0.sup.1 x.sub.1.sup.3 x.sub.2.sup.4 . . . . . . . . . . . . x.sub.0.sup.1 x.sub.1.sup.n.sup.1.sup.2 x.sub.2.sup.n.sup.2.sup.1 x.sub.0.sup.1 x.sub.1.sup.n.sup.1.sup.1 x.sub.2.sup.0 . . . . . . . . . . . . x.sub.0.sup.n.sup.0.sup.1 x.sub.1.sup.n.sup.1.sup.1 . . . . . .

(106) Even though in the previous examples the sizes n.sub.0 and n.sub.1 of the first two partitions have been represented as being the same, they may have any value. The product n.sub.0 n.sub.1 is greater than or equal to the number t of sensitive variables to be protected.

(107) In practice, the sizes n.sub.0 and n.sub.1 are chosen with the purpose of enabling easy mapping with respect to the structure of the algorithm, as in the case of the AES described previously. In general, the choice n.sub.0=n.sub.1=n.sub.u is the most efficient one.

(108) As regards the sizes of the other partitions, n.sub.2= . . . =n.sub.u. These sizes are equal to a prime number n.sub.u such that n.sub.u is greater than or equal to the maximum between n.sub.0 and n.sub.1, max(n.sub.0, n.sub.1).

(109) Table 6 below represents a construction via permutations starting from an base n-cyclic permutation that can be used in general according to an embodiment of the present method, for example for d>2.

(110) TABLE-US-00006 TABLE 6 Partition Partition 0, X.sub.0 Partition 1, X.sub.1 2, X.sub.2 Partition 3, X.sub.3 Partition 4, X.sub.4 x.sub.0.sup.0 I I I I x.sub.0.sup.1 I x.sub.0.sup.2 I 2 2 2 x.sub.0.sup.3 I 3 3 3 x.sub.0.sup.4 I 4 4 4 x.sub.0.sup.5 I 5 5 5 . . . . . . . . . . . . . . .
where , .sup.2, .sup.3, . . . are generated through a cycle of length n.sub.u.

(111) We have: =.sup.2; =.sup.3.

(112) On the basis of what has just been said, a method for performing an encryption in a variant that can be applied to values of level d>2 may in general, with reference to the flowchart of FIG. 4, comprise the following steps: in a step 510 identifying the number t of variables to be protected in the encryption procedure; this step 510 can be implemented via the steps 103 and 104 of FIG. 2 or FIG. 3; in this step 510 it may be convenient to divide the variables according to two directions, for example, as in the case of the AES, number of steps or rounds n.sub.0 and number of bytes per step n.sub.1 such that n.sub.0.Math.n.sub.1=t; in a step 520 selecting the desired protection level d; in a step 530 (corresponding to the step 102 of evaluation of the first condition of protection) selecting the number k of masks per value such that kd; in a step 540, dividing a pool P of random values into a number u of partitions such that u(d+1)/2; in an embodiment, the partition X.sub.0 has n.sub.0 elements, the partition X.sub.1 has n.sub.1 elements, the partitions X.sub.2, . . . , X.sub.u have n.sub.u elements where n.sub.umax(n.sub.0,n.sub.1), and n.sub.u is a prime number; the partitions u+1, . . . , k, in the case where these exist, have one element; e.g., they are trivial partitions; this step 540 corresponds to an embodiment of the step 310 of FIG. 3; in a step 550 the t unique combinations of k masks are generated so that for each combination of x.sub.i1.sup.j1, x.sub.i2.sup.i2, the values j1 and j2 of the index j are never present together twice; i1 and i2 are values of the index i, which indicates two different partitions of the partitions X.sub.i; this means, for example, that, when the partition X.sub.2 is defined for the position value h=2, it never happens that the same pair x.sub.1.sup.j1, x.sub.2.sup.j2 is selected for two different values of the partition X.sub.0; this means, for example, that, when the partition X.sub.3 is defined for the position value h=3, it never happens that the same pair x.sub.1.sup.j1, x.sub.3.sup.j2 is selected for two different values of the partition X.sub.0, but nor does it ever happen that two pairs x.sub.1.sup.j1, x.sub.2.sup.j2 and x.sub.1.sup.j1, x.sub.3.sup.j2 are present together for two different values of the partition X.sub.0; the same procedure is thus followed for all the other masks; more in general, step 550 may also be formulated as generating a number of unique combinations C.sup.k such that for all the combinations C.sup.k of masks having in common one and the same mask value x.sub.0.sup.j of a first partition X.sub.0 from among those partitions, except for the first mask value x.sub.0.sup.0 of the first partition X.sub.0, taking in pairs, from different partitions, the remaining mask values corresponding to the remaining partitions, for example X.sub.1, X.sub.2, X.sub.3, X.sub.4, in each of these pairs the two values will have a position index j in the respective partition that is different; as has been mentioned, combinations that meet the conditions referred to may be obtained, for example, in one of the following two ways: (i) by selecting in a random way the combinations and checking posteriori in an exhaustive way that the conditions are always satisfied; or else (ii) by following a rule that guarantees a priori by construction that the conditions indicated above are always satisfied; an example of this second way, with priori rule, which can be implemented in step 550 envisages the following substeps: a step 551 of selecting a base cyclic permutation with cycle length n.sub.u, for example rotation to the left by one position; a step 552 where generation of all the combinations of the partitions X.sub.0 and X.sub.1 starts; a step 553 where the index of the element extracted from each partition X.sub.h, where h is mask-position index, for 1<h<u is defined via a permutation on the second partition X.sub.1, which is generated starting from the cyclic permutation and depends upon the first mask value x.sub.0; for example, if j1 is the index of the element x.sub.0 and j2 the mask index corresponding to the partition X.sub.h1 (e.g., j2=h1), then the permutation to be applied to the order of the elements in X.sub.1 to obtain the order of the elements in X.sub.h corresponding to the same value of x.sub.0 is .sup.(j1.Math.j2)mod n.sup.u (X.sub.1), where .sup.0 corresponds to the identity permutation I; hence, the indices for the u1 partitions X.sub.1, . . . , X.sub.u are thus generated; for example, the order of the elements of X.sub.2 (hence h=2, j2=1) is .sup.0(X.sub.1) (e.g., the same as that of X.sub.1) for the rows with x.sub.0.sup.0 (since j1=0), .sup.1(X.sub.1) for the rows with x.sub.0.sup.1 (since j1=1), .sup.2(X.sub.1) for the rows with x.sub.0.sup.2 (since j1=2), and so forth; instead, the order of the elements of X.sub.3 (hence h=3, j2=2) is .sup.0(X.sub.1) (e.g., the same as that of X.sub.1) for the rows with x.sub.0.sup.0, .sup.2(X.sub.1) for the rows with x.sub.0.sup.1, .sup.4(X.sub.1) for the rows with x.sub.0.sup.2, and so forth; for example, assuming that n.sub.u=23 (as in the ensuing ABS example), if we were to calculate the index of the elements of X.sub.4 (hence j2=3) when x.sub.0=14 (j1=14), we should use the permutation .sup.(3.Math.14)mod 23=.sup.19; and a step 554 where all the other masks X.sub.u+i, . . . are extracted from trivial partitions with one element.

(113) Step 540 corresponds to an embodiment of step 310 of FIG. 3.

(114) Hence, in a step 560, corresponding to step 330, a different unique combination C.sup.k obtained via step 550 is applied as mask to each respective sensitive-data values {A.sub.0, A.sub.1, . . . , A.sub.s1}.sub.r,p, to be protected for each stage, e.g., for each round r and each step p of the encryption procedure 200.

(115) Hence, according to the embodiment provided by way of example of FIG. 4, in various embodiments the operation 550 of generating a number of unique combinations C.sup.k may more in general comprise: selecting a base cyclic permutation with a given cycle length n.sub.u that is a prime number at least equal to the maximum max(n.sub.0, n.sub.1) between the size n.sub.0 of the first partition and the size n.sub.1 of the second partition; generating all the combinations of the values x.sub.0x.sub.1 of the first partition X.sub.0 and of the second partition X.sub.1; defining each further partition X.sub.h with index h up to the number u of distinct and independent partitions (X.sub.i) via a permutation (for example I or .sup.0, ; or ) applied on the second partition X.sub.1 generated starting from the cyclic permutation and depending upon the index j of the first mask value x.sub.0; and extracting possible further masks X.sub.u+1, . . . from one-element partitions.

(116) An example of implementation according to the embodiment of FIG. 4 is now described. The example below applies to the ABS case with protection level d=5.

(117) As has already been said for the protection level d, the number t of sensitive variables to be protected is 320; hence, a number of unique combinations of masks is required greater than or equal to 320, with a number k of masks for each sensitive value greater than or equal to 5.

(118) On the basis of what has been mentioned above, the number u of non-trivial partitions of the random pool P is greater than or equal to 3.

(119) It is possible to adopt as starting point the previous example for protection of the ABS against second-order attacks (d=2).

(120) Denoted by x.sub.0 is the mask extracted from the partition X.sub.0, {x.sub.0.sup.0, x.sub.0.sup.1, x.sub.0.sup.2, . . . , x.sub.0.sup.n.sup.0.sup.1}, where n.sub.0 is equal to 20. In this way, this partition X.sub.0 may be, for example, the set {L, M, N, . . . } of intermediate masks with 20 elements.

(121) Denoted by x.sub.1 is the mask extracted from the partition X.sub.1, {x.sub.1.sup.0, x.sub.1.sup.1, x.sub.1.sup.2, . . . , x.sub.1.sup.n.sup.1.sup.1}, where n.sub.1 is equal to 16. In this way, this partition X.sub.1 may, for example, be the set {R.sub.0, R.sub.1, . . . , R.sub.15} corresponding, according to the index, to the bytes of the ABS state A, hence with 16 elements.

(122) Denoted by x.sub.2 is the mask extracted from the partition X.sub.2, {x.sub.2.sup.0, x.sub.2.sup.1, x.sub.2.sup.2, . . . , x.sub.2.sup.n.sup.2.sup.1}, where n.sub.2 is equal to 23. The number n.sub.2 is the smallest prime number greater than or equal to max(n.sub.0, n.sub.1). It corresponds to n.sub.1, in the general formulation.

(123) Denoted by x.sub.3 is the mask extracted from the partition X.sub.3, {x.sub.3.sup.0}.

(124) Denoted by x.sub.4 is the mask extracted from the partition X.sub.4, {x.sub.4.sup.0}.

(125) Hence, there are three non-trivial partitions, X.sub.0, X.sub.1, X.sub.2, having respective sizes n.sub.0=20, n.sub.1=16, n.sub.2=23, and two trivial one-element partitions with size n.sub.3=n.sub.4=1.

(126) A mask is extracted from each partition, e.g., k.sub.0=k.sub.1=k.sub.2=k.sub.3=k.sub.4=1. The class k is equal to the sum of the classes k.sub.i, e.g., in this case equal to 5.

(127) The indices of the masks x.sub.2 are defined via the base permutation rotation to the left by one position (which represents an n.sub.u-cyclic, e.g., 23-cyclic, permutation).

(128) For the first mask value x.sub.0.sup.0 of the first partition X.sub.0, X.sub.2=X.sub.1, the index j2 of x.sub.2.sup.j2 is hence equal to the index j1 of x.sub.1.sup.j1.

(129) For the second mask value x.sub.0.sup.1 of the first partition X.sub.0, X.sub.2=(X.sub.1), the index j2 is hence equal to (j1+1)mod 23.

(130) For the j-th mask value x.sub.0.sup.j of the first partition X.sub.0, X.sub.2=.sup.j(X.sub.1), the index j2 is hence equal to (j1+j)mod 23.

(131) This configuration generates n.sub.0.Math.n.sub.1=320 unique combinations.

(132) Operating as mentioned, 20+16+23+1+1=61 bytes of random values are necessary to provide a fifth-order protection. Without the method described herein, 320.Math.5=1600 bytes would be necessary.

(133) Table 7 below shows the combinations of masks for each step of the ABS.

(134) With the method described herein, 5 masks per value (of 1 byte each) are used:

(135) one mask based upon the intermediate calculation steps {L, M, N, . . . }, which are in general 20, for example, the mask L;

(136) one mask based upon the index bytes of the ABS state R, e.g., on the set {R.sub.0, R.sub.1, . . . , R.sub.15}, and

(137) three masks selected from a combination for the fifth-order protection.

(138) TABLE-US-00007 TABLE 7 Round r, Step p, byte X.sub.0 X.sub.1 X.sub.2 X.sub.3 X.sub.4 Round 1, SBOX in, byte 0 x.sub.0.sup.0 x.sub.1.sup.0 x.sub.2.sup.0 x.sub.3.sup.0 x.sub.4.sup.0 Round 1, SBOX in, byte 1 x.sub.0.sup.0 x.sub.1.sup.1 x.sub.2.sup.1 x.sub.4.sup.0 Round 1, SBOX in, byte 2 x.sub.0.sup.0 x.sub.1.sup.2 x.sub.2.sup.2 x.sub.3.sup.0 x.sub.4.sup.0 . . . Round 1, SBOX in, byte 15 x.sub.0.sup.0 x.sub.1.sup.15 x.sub.2.sup.15 x.sub.3.sup.0 x.sub.4.sup.0 Round 1, SBOX out, byte 0 x.sub.0.sup.1 x.sub.1.sup.0 x.sub.2.sup.1 x.sub.3.sup.0 x.sub.4.sup.0 Round 1, SBOX out, byte 1 x.sub.0.sup.1 x.sub.1.sup.1 x.sub.2.sup.2 x.sub.4.sup.0 Round 1, SBOX out, byte 2 x.sub.0.sup.1 x.sub.1.sup.2 x.sub.2.sup.3 x.sub.3.sup.0 x.sub.4.sup.0 . . . Round 1, SBOX out, byte 15 x.sub.0.sup.1 x.sub.1.sup.15 x.sub.2.sup.16 x.sub.3.sup.0 x.sub.4.sup.0 . . . Round 10, SBOX out, byte 0 x.sub.0.sup.19 x.sub.1.sup.0 x.sub.2.sup.19 x.sub.3.sup.0 x.sub.4.sup.0 . . . Round 10, SBOX out, byte 15 x.sub.0.sup.19 x.sub.1.sup.15 x.sub.2.sup.11 x.sub.3.sup.0 x.sub.4.sup.0

(139) Hence, from the foregoing description potential advantages of the solution described emerge clearly.

(140) The encryption method described advantageously facilitates reducing the number of independent masks to be generated randomly.

(141) The encryption method described facilitates reuse of masks without jeopardizing the protection level provided by the masking protection scheme.

(142) The encryption method described may be extended to protection with higher levels of protection, maintaining a high efficiency in terms of masks.

(143) Of course, without prejudice to the principle of the solution described herein, the details and the embodiments may vary, even considerably, with respect to what is described purely by way of example herein, without thereby departing from the sphere of the disclosure.

(144) The method described herein applies in general to data stored in data media and in particular data stored in data media of any apparatus that envisages execution of an encryption algorithm comprising operations that include access to a look-up table, in particular an ABS encryption system, for example in set-top boxes or in smartcards. In an embodiment, an ABS encryption system may be regarded as a peripheral within a System-on-Chip, which is not used as stand-alone component, but is integrated in a chip of a smartcard or a chip of a set-top box or also a chip of other applications that require AES encryption.

(145) The method described herein may in any case be applied also to other encryption systems with symmetric ciphers, for example the DES (Data Encryption Standard) system and its SBOX.

(146) In general, the present apparatus comprises or is associated to data-processing means, in particular including one or more processors.

(147) Some embodiments may take the form of or comprise computer program products. For example, according to one embodiment there is provided a computer readable medium comprising a computer program adapted to perform one or more of the methods or functions described above. The medium may be a physical storage medium such as for example a Read Only Memory (ROM) chip, or a disk such as a Digital Versatile Disk (DVD-ROM), Compact Disk (CD-ROM), a hard disk, a memory, a network, or a portable media article to be read by an appropriate drive or via an appropriate connection, including as encoded in one or more barcodes or other related codes stored on one or more such computer-readable mediums and being readable by an appropriate reader device.

(148) Furthermore, in some embodiments, some or all of the methods and/or functionality may be implemented or provided in other manners, such as at least partially in firmware and/or hardware, including, but not limited to, one or more application-specific integrated circuits (ASICs), digital signal processors, discrete circuitry, logic gates, standard integrated circuits, controllers (e.g., by executing appropriate instructions, and including microcontrollers and/or embedded controllers), field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), etc., as well as devices that employ RFID technology, and various combinations thereof.

(149) The various embodiments described above can be combined to provide further embodiments. Aspects of the embodiments can be modified, if necessary to employ concepts of the various patents, applications and publications to provide yet further embodiments.

(150) These and other changes can be made to the embodiments in light of the above-detailed description. In general, in the following claims, the terms used should not be construed to limit the claims to the specific embodiments disclosed in the specification and the claims, but should be construed to include all possible embodiments along with the full scope of equivalents to which such claims are entitled. Accordingly, the claims are not limited by the disclosure.

Method for performing a sensitive data encryption with masking, and corresponding encryption apparatus and computer program product

Assignee

Inventors

Cpc classification

Classification Explorer

H04L9/003

ELECTRICITY

Classification Explorer

H04L2209/34

ELECTRICITY

Classification Explorer

G06F7/588

PHYSICS

Classification Explorer

H04L2209/046

ELECTRICITY

Classification Explorer

H04L9/005

ELECTRICITY

International classification

Classification Explorer

G06F21/72

PHYSICS

Classification Explorer

G06F7/58

PHYSICS

Classification Explorer

H04L9/00

ELECTRICITY

Abstract

Claims

Description