Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method suitable for RSA modular exponentiation calculation

A modular exponentiation and modulus technology, applied in the application of chips, fast and safe, can solve the problems of no randomization, power consumption difference, high time cost, etc., and achieve the effect of reducing the number of cycles, safe calculation, and reducing time cost

Inactive Publication Date: 2012-05-23
SHANGHAI HUAHONG INTEGRATED CIRCUIT
View PDF4 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] It can be seen from Algorithm 1 that in traditional RSA modular exponentiation, when the exponent is "1", the modular square and the modular multiplication will be calculated once, and when the exponent is "0", only the modular square will be calculated once. The difference in the calculation process of the conditional branch will cause the difference in power consumption, which is vulnerable to SPA attacks; in addition, the input of the modular exponent is not randomized, so there will be a certain correlation between the exponent and power consumption, so it is vulnerable to DPA attacks
Here, the data length of RSA is assumed to be 1024 bits, and the average ratio of "0" and "1" in the exponent is 1:1. Then it can be deduced that the traditional method to perform an RSA modular exponentiation operation needs to calculate 1024 times of modular squares and 512 times of modular multiplications. high time cost

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method suitable for RSA modular exponentiation calculation
  • Method suitable for RSA modular exponentiation calculation
  • Method suitable for RSA modular exponentiation calculation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention proposes a fast and safe method suitable for RSA modular exponentiation calculation, comprising the following steps:

[0018] Step 1. Obtain a random number R';

[0019] Step 2. Calculate the inverse value R of R' to the RSA modulus n, that is, R=R' -1 mod n;

[0020] Step 3. Divide the index into r segments on average, and the length of each segment is s bits;

[0021] Step 4. Calculate T 1 =M(RSA modular power base), T i+1 = 2 s ·T i , where (i=1, 2, ..., n);

[0022] Step 5, pass figure 1 The flow shown performs RSA modular exponentiation calculation, where "*" represents a modular multiplication operation, and "X 2 "Indicates the modular square operation, the modulus is the modulus n of RSA, and the value of B(i, j) is {0, 1}.

[0023] A random number R' described in step 1 includes all random numbers with more than 16 bits (including 16 bits).

[0024] Calculation R' described in step 2 is to the modular inverse value R of RSA modul...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method suitable for RSA modular exponentiation calculation. The method comprises the following steps of: 1, acquiring a random number R'; 2, calculating a modular inverse value R of R' to an RSA modulus n, namely R=R'-1mod n; 3, averagely dividing an index into r segments, and ensuring that the length of each segment is s-bit; 4, calculating T1=M (RSA modular exponentiation base number) and Ti+1=2s.Ti, wherein i=1,2,..., n; and 5, performing RSA modular exponentiation calculation. By the quick and safe method suitable for the RSA modular exponentiation calculation, the RSA modular exponentiation calculation can be completed by taking measures of combining average segmentation of the index and base number mask, so that the cycle index in the modular exponentiation calculation is reduced, time cost required by the modular exponentiation calculation is reduced, calculation flows in various conditional branches are balanced, and random elements are added in an input part of modular exponentiation; and therefore, the modular exponentiation calculation can be carried out more quickly and safely.

Description

technical field [0001] The invention relates to modular exponentiation calculation in RSA cryptographic operation (including decryption and signature in the application), in particular to a fast and safe method suitable for RSA modular exponentiation calculation, especially suitable for the application of chips containing the RSA algorithm. Background technique [0002] The RSA algorithm is a widely used encryption algorithm, but the RSA algorithm is vulnerable to SPA (Simple Power Analysis) and DPA (Differential Power Analysis) attacks. The idea of ​​fighting against SPA attacks is to balance the calculation process in each different conditional branch in RSA modular exponentiation, so that the power consumption of each conditional branch is basically the same; while the idea of ​​fighting against DPA is to use a random number to The input of the operation is masked, and the modular exponentiation is calculated with the masked data, and finally the correct calculation resul...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/30
Inventor 马博包斯刚
Owner SHANGHAI HUAHONG INTEGRATED CIRCUIT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com