[go: up one dir, main page]

WO2002028008A1 - Procede de traitement d'une cle secrete - Google Patents

Procede de traitement d'une cle secrete Download PDF

Info

Publication number
WO2002028008A1
WO2002028008A1 PCT/FI2001/000835 FI0100835W WO0228008A1 WO 2002028008 A1 WO2002028008 A1 WO 2002028008A1 FI 0100835 W FI0100835 W FI 0100835W WO 0228008 A1 WO0228008 A1 WO 0228008A1
Authority
WO
WIPO (PCT)
Prior art keywords
contributory factors
contributory
secret key
factors
numbers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FI2001/000835
Other languages
English (en)
Inventor
Lauri Paatero
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gemalto Oy
Original Assignee
Setec Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Setec Oy filed Critical Setec Oy
Priority to AU2001291912A priority Critical patent/AU2001291912A1/en
Publication of WO2002028008A1 publication Critical patent/WO2002028008A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Definitions

  • the present invention relates to handling a secret key such that it can be ensured that no information that would enable an external attacker to find out the secret key will become known to such an attacker while the secret key is being handled.
  • secret keys are used e.g. in authentication procedures e.g. for ensuring the authenticity of a certain smart card by feeding an input to the smart card, to which input the smart card responds utilizing a predetermined calculation algorithm and a smart-card-specific secret key.
  • a se- cret key can also be applied e.g. to encryption and electronic signatures.
  • Encryption and electronic signature processes commonly employ a so-called RSA algorithm. The algorithm was introduced in 1977 by Ronald Rivest, Adi Shamir and Leonard Adelman.
  • a problem with handling a secret key is that reading such a key from memory and utilizing it in calculation procedures may give an exter- nal attacker information that enables such an attacker to find out the secret key.
  • the external attacker is able to feed e.g. thousands of inputs to a smart card and to compile statistical information on the responses generated by the smart card, the current consumed for generating the responses and the radiation caused by generating a response, there is a risk that the secret key might be found out.
  • An object of the invention is to alleviate the problem described above and to provide a solution which makes a secret key more secure to handle and which makes it more difficult for an external attacker to find out the secret key.
  • This object is achieved by a method of the invention, which is characterized by dividing the secret key into contributory factors such that a sum of the contributory factors corresponds to a value of the secret key, at least one contributory factor consisting of numbers to be multiplied with each other and at least one such number being a random number, storing said contributory factors in a memory, while said at least one contributory factor is stored in the memory such that said numbers to be multiplied with each other are stored in the memory separately, and retrieving the contributory factors from the memory in order to generate a response, and calculating the response to an input by means of the contributory factors and a predetermined calculation algorithm.
  • the invention further relates to an apparatus for applying the method of the invention.
  • the apparatus of the invention comprises an inlet for receiving an input, an outlet for forwarding a response, and calculating means for generating a response in response to the input received through the inlet by applying a predetermined calculation algorithm.
  • the apparatus of the invention is characterized in that the apparatus comprises a memory with contribu- tory factors of a secret key stored therein such that a sum of said contributory factors corresponds to a value of the secret key, at least one of said contributory factors consisting of numbers to be multiplied with each other and at least one such number being a random number, while said contributory factor consisting of numbers to be multiplied with each other is stored in the memory as separate numbers, and that the calculating means are arranged to utilize said contributory factors stored in the memory in order to calculate the response by applying said calculation algorithm.
  • a secret key becomes more secure to handle when the secret key is divided into contributory factors to be stored in a memory and to be utilized for calculating a response. Consequently, the secret key does not need to be stored or handled in an un- coded format, but it will suffice that necessary procedures are carried out utilizing the contributory factors of the secret key.
  • the response is thus calculated "piece by piece", which means that the value of a final response is dependent on calculation procedures carried out utilizing single contributory factors.
  • the secret key is recoded by changing at least two of its contributory factors such that the values of the contributory factors change while a sum of the changed contributory factors corresponds to the sum of said contributory factors before the change. It is thus possible to change the contributory factors of the secret key whenever desired, e.g. while calculating each single response; despite this change, however, the secret key consisting of the sum of the contributory factors remains unchanged.
  • FIG. 1 is a flow diagram showing a first preferred embodiment of a method of the invention
  • Figure 2 is a flow diagram showing a second preferred embodiment of the method of the invention.
  • Figure 3 is a block diagram showing a first preferred em- bodiment of an apparatus of the invention.
  • Figure 1 is a flow diagram showing a first preferred embodiment of a method of the invention.
  • the flow diagram of Figure 1 can be utilized e.g. in authentication of a smart card employing a request/response procedure.
  • a secret key is divided into contributory factors
  • K0,...,Kn which are selected such that a value of the secret key C corresponds to a sum of the contributory factors.
  • the contributory factors are selected such that some of the contributory factors consist of two numbers to be multiplied with each other, one of the numbers being a random number.
  • the contributory factors are stored in a memory of a smart card or the like.
  • the contributory factor or factors which consist of numbers to be multiplied with each other are stored by storing the numbers of single contributory factors separately.
  • the procedures of blocks A and B are carried out e.g. during the manufacture of the smart card. It is thus not necessary to store the se- cret key in the memory of the smart card but it will suffice to store the above- mentioned contributory factors in the memory of the smart card.
  • block C the process waits an input to be received.
  • block D the contributory factors of the secret key stored in the memory of the smart card are then retrieved therefrom.
  • block E a response is calculated using these contributory factors by applying a predetermined calculation algo- rithm.
  • Figure 2 is a flow diagram showing a second preferred embodiment of the method of the invention.
  • the secret key is divided into contributory factors.
  • the contributory factors are then selected such that some of the contributory factors consist of two numbers to be multiplied with each other, one such number being a random number.
  • K0, K1 there are three contributory factors, i.e. K0, K1 , whose value consists of a random number RND1 multiplied by a number L1 , and K2, whose value consists of a random number RND2 multiplied by a number L2.
  • the contributory factors are selected by first allotting the random numbers RND1 and RND2 and then selecting the rest of the numbers, i.e. K0, L1 and L2, to give a sum of the contributory factors which corresponds to the value of the secret key C.
  • C K0+(RND1*L1)+(RND2*L2).
  • the contributory factors are stored in the mem- ory. All numbers contained in the contributory factors are then stored separately. In the present exemplary case, K0, RND1 , L1 , RND2 and L2 are thus stored.
  • block C the process waits for an input to be received. After receiving one, the contributory factors stored in the memory are retrieved in block D'. Using these contributory factors and the predetermined calculation algorithm, a response to the input is generated in block E'.
  • the secret key can be recoded e.g. after each calculation procedure, after a predetermined number of calculation procedures, or at random.
  • the important thing is that it is possible to avoid a situation wherein the same secret key, or, actually, the same contributory factors of the secret key, is/are repeatedly time after time used for generating the response. If the same contributory factors of the secret key are repeatedly time after time used for generating the response, the external attacker may be given the chance to find out the secret key through statistics about information obtained in connection with the generation of the response.
  • the process starts recoding the secret key.
  • recoding is carried out by changing the value of at least two contributory factors of the secret key to give a sum of the changed contributory factors which corresponds to the sum of the particular contributory factors before the change.
  • the value of the secret key thus remains unchanged.
  • the calculations should be carried out such that there is no need to calculate the value of the secret key at any stage of the process.
  • the contributory factors of the secret key have thus changed while the value of the secret key has remained unchanged, which also means that the responses generated utilizing the secret key are comparable with the responses generated using the previous contributory factors.
  • the contributory factors can be stored in the memory by storing the single numbers K0', RND1 , L1 , RND2' and L2' contained in the contributory factors separately.
  • a calculation example will be set forth showing how the embodiment of Figure 2 can be applied in practice. Assume that the smart card is authenticated using a calculation algorithm which employs a sliding window method to carry out single calculation procedures.
  • the sliding window method is a known method for carrying out multiplication or exponen- tiation procedures in a binary system.
  • a value 5 (101 in the binary system) is allotted to be the value of the multiplier, i.e. the random number RND1 , to be used in the sliding window method.
  • the values of the numbers K0 and L1 are to be found using the following calculation:
  • Figure 3 is a block diagram showing a first preferred embodiment of an apparatus of the invention.
  • the apparatus 1 is a smart cart which enables the method de- scribed in connection with Figures 1 or 2 for authenticating a smart card to be applied thereto.
  • the numbers K0, RND1 , L1 ,..., RNDn, Ln contained in the contributory factors are stored in the memory M.
  • an input is fed into an inlet 2.
  • a processor P Utilizing a predetermined calculation algorithm and the contributory factors of the secret key stored in the memory M, a processor P then calculates a response, which is forwarded by the apparatus 1 through an outlet 3.
  • the processor P carries out the necessary calculations for dividing the secret key into new contributory factors, e.g. as described in connection with the flow diagram of Figure 2.
  • the processor P is given new random numbers by a random number generator RND.
  • the apparatus 1 stores them in the memory M, replacing the previous contributory factors.
  • the apparatus 1 of Figure 3 may be an apparatus other than a smart card.
  • the invention can also be applied e.g. to delivering confidential information over an unreliable data transmission channel, such as the Internet. It is then necessary to be able to encrypt a message to make it impossible for an outsider to read the message, or alternatively, to equip a message with an electronic signature, in which case the receiver of the message is able to check the origin of the message.
  • an electronic signature is produced utilizing a secret key while the correctness of the signature is checked by a public key.
  • the apparatus 1 of Figure 3 may thus be e.g. a computer which receives a message equipped with an electronic signature and which, utilizing the secret key and the method of the invention, checks the correctness of the electronic signature. The response then consists of information indicating whether or not the signature is correct.
  • the apparatus 1 of Figure 3 is a computer which, utilizing a secret key, decrypts a received encrypted message encrypted using a public key matching the secret key.
  • the response thus consists of a message in an uncoded format.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un appareil (1) comportant une admission (2) pour recevoir une entrée, une sortie (3) pour transmettre une réponse et un dispositif de calcul (P). Afin de s'assurer qu'un pirate ne prendra pas connaissance des informations pendant le traitement de la clé secrète, l'appareil (1) comprend une mémoire (M), des facteurs contributoires de la clé secrète étant stockés dans cette dernière, de façon que la somme desdits facteurs contributoires corresponde à une valeur de la clé secrète. Un des facteurs contributoires est constitué de nombres à multiplier les uns avec les autres et stocké dans la mémoire en tant que nombres séparés.
PCT/FI2001/000835 2000-09-29 2001-09-26 Procede de traitement d'une cle secrete Ceased WO2002028008A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001291912A AU2001291912A1 (en) 2000-09-29 2001-09-26 Method for handling a secret key

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20002152 2000-09-29
FI20002152A FI112707B (fi) 2000-09-29 2000-09-29 Menetelmä salaisen avaimen käsittelemiseksi

Publications (1)

Publication Number Publication Date
WO2002028008A1 true WO2002028008A1 (fr) 2002-04-04

Family

ID=8559196

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2001/000835 Ceased WO2002028008A1 (fr) 2000-09-29 2001-09-26 Procede de traitement d'une cle secrete

Country Status (3)

Country Link
AU (1) AU2001291912A1 (fr)
FI (1) FI112707B (fr)
WO (1) WO2002028008A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014089640A (ja) * 2012-10-31 2014-05-15 Renesas Electronics Corp 半導体装置及び暗号鍵書き込み方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586186A (en) * 1994-07-15 1996-12-17 Microsoft Corporation Method and system for controlling unauthorized access to information distributed to users
US5588061A (en) * 1994-07-20 1996-12-24 Bell Atlantic Network Services, Inc. System and method for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
WO1999035782A1 (fr) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Procede et appareil cryptographiques resistant aux fuites
US5956407A (en) * 1996-11-01 1999-09-21 Slavin; Keith R. Public key cryptographic system having nested security levels

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586186A (en) * 1994-07-15 1996-12-17 Microsoft Corporation Method and system for controlling unauthorized access to information distributed to users
US5588061A (en) * 1994-07-20 1996-12-24 Bell Atlantic Network Services, Inc. System and method for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
US5956407A (en) * 1996-11-01 1999-09-21 Slavin; Keith R. Public key cryptographic system having nested security levels
WO1999035782A1 (fr) * 1998-01-02 1999-07-15 Cryptography Research, Inc. Procede et appareil cryptographiques resistant aux fuites

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014089640A (ja) * 2012-10-31 2014-05-15 Renesas Electronics Corp 半導体装置及び暗号鍵書き込み方法
EP2728509A3 (fr) * 2012-10-31 2016-10-26 Renesas Electronics Corporation Dispositif semi-conducteur et procédé d'écriture de la clé de cryptage

Also Published As

Publication number Publication date
AU2001291912A1 (en) 2002-04-08
FI20002152L (fi) 2002-03-30
FI20002152A0 (fi) 2000-09-29
FI112707B (fi) 2003-12-31

Similar Documents

Publication Publication Date Title
EP0257585A2 (fr) Procédé de distribution de clé
US6178507B1 (en) Data card verification system
CN109672537B (zh) 基于公钥池的抗量子证书获取系统及获取方法
EP1751913B1 (fr) Méthode de génération et de vérification de signature utilisant un time lock puzzle
EP1758293A1 (fr) Systeme de fourniture de contenu, dispositif de traitement d"informations et carte de memoire
EP0851629B1 (fr) Procédé de gestion de clé, système de chiffrage et système de signature numérique partagée a structure hiérarchique
US20080240443A1 (en) Method and apparatus for securely processing secret data
KR20020025630A (ko) 비밀 정보의 처리 장치, 프로그램 또는 시스템
GB2321834A (en) Cryptographic signature verification using two private keys.
US20090138708A1 (en) Cryptographic module distribution system, apparatus, and program
WO1998034202A9 (fr) Systeme pour verifier des cartes de donnees
US20040165728A1 (en) Limiting service provision to group members
WO2008056613A1 (fr) Authentificateur
EP1000481A1 (fr) Etablissement d'un code secret initial comprenant des dispositifs de verification d'identite
JP2010277085A (ja) Rsaアルゴリズムにおける素数生成の保護
JP5648177B2 (ja) サイドチャネル攻撃に対する素数生成の保護
EP0792045A2 (fr) Procédé et dispositif de l'authentification utilisant des signatures numériques
JP2002535878A (ja) 公開鍵および秘密鍵による暗号化方法
US7248692B2 (en) Method of and apparatus for determining a key pair and for generating RSA keys
CN101292274A (zh) 信息安全装置、信息安全方法、计算机程序、计算机可读取的记录媒体及集成电路
JP3626340B2 (ja) 暗号装置及び暗号鍵生成方法、並びに素数生成装置及び素数生成方法
EP1443393B1 (fr) Elévation à la puissance sur une courbe elliptique pouvant contrer une attaque différentielle basée sur des fautes
KR20010024912A (ko) 컴퓨터용 타원 곡선 암호화 방법 및 장치
US6501840B1 (en) Cryptographic processing apparatus cryptographic processing method and recording medium for recording a cryptographic processing program
EP1366594A2 (fr) Schema cryptographique a seuil destine a des systemes d'authentification de message

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP