公开(公告)号：US08744072B2

公开(公告)日：2014-06-03

申请号：US13138584

申请日：2010-03-01

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/28 ,  H04L9/30 ,  G06F7/72 ,  G06F7/38

CPC分类号： H04L9/002 ,  G06F7/38 ,  G06F7/72 ,  G06F7/723 ,  G06F7/724 ,  G06F7/728 ,  G06F2207/7261 ,  H04L9/003 ,  H04L9/004 ,  H04L9/30 ,  H04L9/3066

摘要： An exponentiation method resistant against side-channel attacks and safe-error attacks. Input to the method is g in a multiplicatively written group G and a /-digit exponent d with a radix m>1 and output is z=gd-1·(d−1) is expressed as a series of (/−1) non-zero digits, d*0 . . . d*I-2, in the set {m−1, . . . , 2m−2} and an extra digit d*I-1 that is equal to dI-1−1, where dI-1 represents the most significant radix-m digit of d, and gd-1 is evaluated through a m-ary exponentiation algorithm on input g and (d−1) represented by d*0 . . . d*I-1. Also provided are an apparatus and a computer program product.

摘要翻译： 一种抗侧向攻击和安全错误攻击的取幂方法。 该方法的输入为g，乘法编写的组G和a / -digit指数d，基数m> 1，输出为z = gd-1·（d-1）表示为一系列（/ -1） 非零数字，d * 0。 。 。 d * I-2，在集合{m-1，。 。 。 ，2m-2}和等于dI-1-1的额外数字d * I-1，其中dI-1表示d的最显着的rad-m数字，并且gd-1通过m-ar 由d * 0表示的输入g和（d-1）的求幂算法。 。 。 d * I-1。 还提供了一种装置和计算机程序产品。

公开(公告)号：US08548162B2

公开(公告)日：2013-10-01

申请号：US13377663

申请日：2010-06-10

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： H04L9/00

CPC分类号： H04L9/3013 ,  H04L9/302 ,  H04L9/3255 ,  H04L2209/12 ,  H04L2209/30

摘要： At CRYPTO 2003, Rubin and Silverberg introduced the concept of torus-based cryptography over a finite field. The present invention extends their setting to the ring of integers modulo N, thus obtaining compact representations for cryptographic systems that base their security on the discrete logarithm problem and the factoring problem. This can result in small key sizes and substantial savings in memory and bandwidth. However, unlike the case of finite field, analogous trace-based compression methods cannot be adapted to accommodate the extended setting of the invention when the underlying systems require more than a mere exponentiation. The invention finds particular application in a torus-based implementation of the ACJT group signature scheme. Also provided is a processor.

摘要翻译： 在CRYPTO 2003年，Rubin和Silverberg在有限的领域上介绍了基于环面的加密技术的概念。 本发明将它们的设置扩展到模N的整数环，从而获得基于离散对数问题和保理问题的安全性的密码系统的紧凑表示。 这可能导致小的密钥大小，并显着节省内存和带宽。 然而，与有限域的情况不同，当底层系统需要的不仅仅是求幂时，类似的基于跟踪的压缩方法不能适应于适应本发明的扩展设置。 本发明在ACJT组签名方案的基于环面的实现中发现具体应用。 还提供了处理器。

公开(公告)号：US08223963B2

公开(公告)日：2012-07-17

申请号：US12737073

申请日：2009-06-02

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： G06F21/00

CPC分类号： H04L9/3249 ,  H04L9/302 ,  H04L2209/56 ,  H04L2209/80

摘要： A method of generating a signature σ for a message m, the method enabling online/offline signatures. Two random primes p and q are generated, with N=pq; two random quadratic residues g and x are chosen in Z*N, and, for an integer z, h=g−z mod N is calculated. This gives the public key {g, h, x, N} and the private key {p, q, z}. Then, an integer t and a prime e are chosen. The offline signature part y may then be calculated as y=(xg−t)1/eb mod N where b is an integer bigger than 0, predetermined in the signature scheme. The online part k of the signature on message m is then calculated as k=t+mz and the signature σ on message m is generated as σ=(k, y, e) and returned. To verify the signature, it is checked that 1) e is an odd IE-bit integer, 2) k is an IK-bit integer, and 3) yebgkhm≡x(mod N). An advantage of the method is that it may be performed without hashing. Also provided are a signing device, a verification device, and computer program supports.

摘要翻译： 生成签名和方法的方法 对于消息m，该方法启用在线/离线签名。 产生两个随机素数p和q，其中N = pq; 在Z * N中选择两个随机二次残差g和x，对于整数z，计算h = g-z mod N。 这给出公钥{g，h，x，N}和私钥{p，q，z}。 然后，选择整数t和素数e。 然后可以将离线签名部分y计算为y =（xg-t）1 / eb mod N，其中b是大于0的整数，在签名方案中是预定的。 然后，消息m上的签名的在线部分k被计算为k = t + mz和签名＆sgr; on消息m生成为＆sgr; =（k，y，e）并返回。 为了验证签名，检查1）e是奇数IE位整数，2）k是IK位整数，以及3）yebgkhm≡x（mod N）。 该方法的优点在于可以不进行散列来执行。 还提供了签名装置，验证装置和计算机程序支持。

公开(公告)号：US20120159189A1

公开(公告)日：2012-06-21

申请号：US13392259

申请日：2010-09-06

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： G06F21/00 ,  G06F7/60

CPC分类号： G06F21/72 ,  G06F7/722 ,  G06F7/723 ,  G06F7/725 ,  G06F7/728 ,  G06F2207/7271 ,  H04L9/002 ,  H04L9/3066

摘要： An exponentiation method resistant against skipping attacks. A main idea of the present invention is to evaluate, in parallel with the exponentiation such as y=gd, a value based on the exponent, e.g. f=d·1. These evaluations are performed using the same exponentiation algorithm by “gluing” together the group operations underlying the computation of y and f so that a perturbation to one operation also perturbs the other. This makes it possible to verify that f indeed equals d before returning the result. Also provided are an apparatus and a computer program product.

摘要翻译： 一种抵抗跳跃攻击的取幂方法。 本发明的主要思想是与诸如y = gd的求幂平行地评估基于指数的值，例如， f = d·1。 使用相同的求幂算法，通过将y和f的计算的基础操作“粘合”在一起来进行这些评估，使得对一个操作的扰动也扰乱了另一个操作。 这样可以在返回结果之前验证f确实等于d。 还提供了一种装置和计算机程序产品。

公开(公告)号：US20110016311A1

公开(公告)日：2011-01-20

申请号：US12736262

申请日：2009-04-07

申请人： Alain Durand ,  Marc Joye ,  Mohamed Karroumi ,  Yan-Mei Tang Talpin

发明人： Alain Durand ,  Marc Joye ,  Mohamed Karroumi ,  Yan-Mei Tang Talpin

IPC分类号： H04L9/08

CPC分类号： H04L9/3247 ,  H04L9/0836 ,  H04L2209/60

摘要： A method for distributing content in a content distribution system is disclosed which comprises the steps of: encrypting at a Content Packager a content using a content encryption key to generate an encrypted content; sending the content encryption key to a Licensing Authority; receiving from the Licensing Authority a distribution key containing an encryption of the content decryption key (Kc) for a given set of authorized devices; creating a secure link between the content encryption key (Kc) and the content protected by this content encryption key using a signature of the content; and distributing the encrypted content together with the signature of the content. A method for receiving content distributed according to the above-mentioned method in a device able to play back the content is also disclosed where the content signature is checked before any play back of the content.

摘要翻译： 公开了一种在内容分发系统中分发内容的方法，包括以下步骤：使用内容加密密钥在内容打包机处加密内容以生成加密的内容; 将内容加密密钥发送给授权机构; 从授权机构接收包含对于给定的授权设备集合的内容解密密钥（Kc）的加密的分发密钥; 使用内容的签名在内容加密密钥（Kc）和由该内容加密密钥保护的内容之间建立安全链接; 并且将加密的内容与内容的签名一起分发。 还公开了一种在能够回放内容的设备中接收根据上述方法分发的内容的方法，其中在内容的任何回放之前检查内容签名。

公开(公告)号：US20100310066A1

公开(公告)日：2010-12-09

申请号：US12735757

申请日：2009-02-12

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： H04L9/28

CPC分类号： H04L9/0861 ,  G06F7/725 ,  H04L9/06 ,  H04L9/28 ,  H04L9/3066

摘要： A device and a method for calculating a multiple of a point on an elliptic curve from the right to the left by repeated point doubling and point addition. Each point doubling is evaluated with an extended set of coordinates and each point addition is evaluated by taking as input a restricted set of the extended set of coordinates. The at least one coordinate of the extended set that is not part of the restricted set is stored in a memory between each iteration of the point doubling. This can enable speeding up the calculations as compared to prior art solutions. Also provided is a computer program product.

摘要翻译： 一种通过重复点加倍和点加法从右向左计算椭圆曲线上的点的倍数的装置和方法。 每个点加倍用一组扩展坐标进行评估，并且通过将扩展坐标系的一组限制作为输入来评估每个点加法。 不是限制集的一部分的扩展集合的至少一个坐标存储在点加倍的每次迭代之间的存储器中。 与现有技术的解决方案相比，这可以加快计算速度。 还提供了一个计算机程序产品。

公开(公告)号：US07742595B2

公开(公告)日：2010-06-22

申请号：US10509876

申请日：2003-04-03

申请人： Marc Joye ,  Benoit Chevallier-Mames

发明人： Marc Joye ,  Benoit Chevallier-Mames

IPC分类号： H04L9/28 ,  H04K1/00

CPC分类号： G06F7/725 ,  G06F7/723 ,  G06F21/755 ,  G06F2207/7261

摘要： The invention relates to a cryptographic method secured against a covert channel attack. According to the invention, in order to carry out a selected block of instructions as a function of an input variable amongst N predefined instruction blocks, a common block is carried out on the predefined N instruction blocks, a predefined number of times, the predefined number being associated with the selected instruction block.

摘要翻译： 本发明涉及一种抵御隐蔽通道攻击的密码方法。 根据本发明，为了根据N个预定义指令块中的输入变量执行所选择的指令块，在预定义的N个指令块上执行公共块，预定义次数，预定义数量 与所选择的指令块相关联。

公开(公告)号：US20090323934A1

公开(公告)日：2009-12-31

申请号：US12154869

申请日：2008-05-28

申请人： Eric Diehl ,  Marc Joye

发明人： Eric Diehl ,  Marc Joye

IPC分类号： H04L9/30

CPC分类号： H04L9/302 ,  H04L9/0861 ,  H04L2209/30

摘要： A method for generating a compressed RSA modulus, allowing up to two thirds of the bits of a modulus N to be fixed. N has a predetermined portion NH, which comprises two parts Nh and Nm. A candidate RSA modulus that shares the Nh part is generated, and the candidate is then modified using Euclidian-type computations until it shares both Nh and Nm. Also provided is an apparatus for calculating compressed RSA moduli according to the method and a computer program product.

摘要翻译： 一种用于产生压缩RSA模数的方法，允许高达模数N的三分之二的位被固定。 N具有预定部分NH，其包括两部分Nh和Nm。 生成共享Nh部分的候选RSA模数，然后使用欧几里德型计算修改候选，直到它共享Nh和Nm。 还提供了根据该方法和计算机程序产品来计算压缩RSA模量的装置。

公开(公告)号：US07639796B2

公开(公告)日：2009-12-29

申请号：US10537300

申请日：2003-12-11

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： H04L9/00 ,  G06F11/30

CPC分类号： G06F7/535 ,  G06F7/72 ,  G06F2207/7238 ,  G06F2207/7257 ,  H04L9/003 ,  H04L9/302 ,  H04L2209/04

摘要： The invention concerns a cryptographic method which includes integer division of the type q=a div b and/or a modular reduction of the type r=a mod b, with q being a quotient, a being a number of m bits, b being a number of n bits, n being not more than m and bn−1 being the most significant bit of the number b. The number a is masked by a random number p before performing the integer division and/or the modular reduction. The invention also concerns an electronic component for implementing the method. The invention is applicable for making smart cards secure against hidden channel attacks, and in particular differential attacks.

摘要翻译： 本发明涉及一种加密方法，其包括类型为q = a div b的整数除法和/或类型为r = a mod b的模块化减少，其中q为商，a为m比特数，b为 n位数，n不大于m，bn-1是数字b的最高有效位。 在执行整数除法和/或模块化减少之前，数字a由随机数p屏蔽。 本发明还涉及用于实现该方法的电子部件。 本发明适用于使智能卡安全抵御隐藏的信道攻击，特别是差分攻击。

公开(公告)号：US20060282491A1

公开(公告)日：2006-12-14

申请号：US10561234

申请日：2004-06-17

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： G06F7/00

CPC分类号： G06F7/725 ,  G06F7/723 ,  G06F2207/7228 ,  G06F2207/7247 ,  G06F2207/7285

摘要： The invention relates to a method for countermeasuring in an electronic component while using a public key cryptographic algorithm. The invention is characterized in that the method comprises an exponentiation calculation with a left-to-right exponentiation algorithm y=gˆd, in which g and y are elements of the specified group G noted in a multiplicative manner and d is a predetermined number. The inventive method is also characterized by comprising a random selection step at the beginning of or during the execution of said exponentiation algorithm in a deterministic or probabilistic manner for masking the accumulator A.

摘要翻译： 本发明涉及一种使用公共密钥加密算法的电子部件的对策方法。 本发明的特征在于，该方法包括使用从左到右求幂算法y = gd的求幂运算，其中g和y是以乘法方式表示的指定组G的元素，d是预定数。 本发明的方法的特征还在于，以确定性或概率方式包括在执行所述求幂算法的开始时或期间的随机选择步骤来掩蔽累加器A.