WO2016195591A1 - Method and system for protecting private key - Google Patents

Method and system for protecting private key Download PDF

Info

Publication number
WO2016195591A1
WO2016195591A1 PCT/SG2016/050143 SG2016050143W WO2016195591A1 WO 2016195591 A1 WO2016195591 A1 WO 2016195591A1 SG 2016050143 W SG2016050143 W SG 2016050143W WO 2016195591 A1 WO2016195591 A1 WO 2016195591A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
input
private key
modulus
verification
Prior art date
Application number
PCT/SG2016/050143
Other languages
French (fr)
Inventor
Shuang Wu
Hao LEI
Guilin Wang
Original Assignee
Huawei International Pte. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei International Pte. Ltd. filed Critical Huawei International Pte. Ltd.
Priority to CN201680031625.1A priority Critical patent/CN107667501A/en
Priority to EP16714583.8A priority patent/EP3295448A1/en
Publication of WO2016195591A1 publication Critical patent/WO2016195591A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks

Definitions

  • the invention generally relates to cryptography system. More particularly, the invention relates to a method and system for protecting a private key to be used in a public key cryptographic process.
  • a pair of a public key and a private key is used in cryptographic processes, wherein the public key is available to anyone and the private key is kept secret by a user.
  • the private key is stored in a System on Chip (SoC) together with the cryptographic algorithm in which the private key is to be used such that the private key is not exposed outside of the hardware.
  • SoC System on Chip
  • eFuse Electronic fuse
  • eFuse technology is widely used in memory integrated circuit design.
  • private keys are allowed to be stored or written in manufactured chipsets.
  • the manufacturers need not know the private keys and therefore the likelihood of exposing the private keys is decreased.
  • a private key has two parameters, one is a modulus parameter, and the other is an exponent parameter, wherein the modulus parameter is same as the modulus parameter of the corresponding public key of the private key.
  • the exponent parameter of the private key is stored in the SoC using eFuse technology since the modulus parameter is same as that of the corresponding public key and the public key is available to anyone.
  • there is a security risk in this solution which will be explained with reference to Figure 1.
  • the System on chip 100 includes an eFuse circuit 102, a flash memory 106, and a cryptographic calculation module 108, e.g. a RSA calculation module.
  • the eFuse circuit 102 is configured to store the exponent parameter d of the private key.
  • the flash memory 106 is configured to store the exponent parameter e and the modulus parameter N of the public key
  • the cryptographic calculation module 108 is configured to provide a signature interface as shown in Equation (1 ) to receive an input message x and a modulus parameter of the public key y to generate a signature value.
  • the signature interface provided by the cryptographic calculation module 108 allows an attacker to choose any modulus parameter as input modulus parameter of the private key and obtain a signature value calculated by the cryptographic calculation module 108 using the input modulus parameter and the exponent parameter d of the private key stored in the eFuse circuit 102, thus the exponent parameter d may be recovered by solving a modulus equation group.
  • the increase in bits of parameters to be stored in an eFuse circuit will result in a significant increase in the cost of manufacturing an eFuse circuit.
  • Embodiments of the invention provide a cost-effective but high security solution for protecting a private key.
  • a method for protecting a private key includes: generating a verification value based on the input modulus value using a predetermined compression function, and comparing the verification value with a compressed value pre- stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
  • the compressed value the compressed value is generated based on the valid modulus parameter of the private key and at least one supplementary value using the predetermined compression function; and before generating a verification value based on the input modulus value using a predetermined compression function, the method further comprises: receiving the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value, and the generating a verification value based on the input modulus value using a predetermined compression function comprises: generating a verification value based on the input modulus value and the at least one supplementary input value using a predetermined compression function.
  • the receiving the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value includes receiving at least one of the input modulus value and the at least one supplementary input value from a data storage unit.
  • the method further comprises: generating the compressed value based on the valid modulus parameter of the private key using the predetermined compression function, and storing the generated compressed value in the eFuse circuit.
  • the predetermined compression function has a security strength against a second pre-image attack no less than a security strength of a cryptographic algorithm which is used in the cryptographic process.
  • the predetermined compression function is capable of accepting an arbitrary-length bit string input and generating a fixed-length bit string output.
  • the predetermined compression function is a Hash Function.
  • the Hash Function is SHA-256 (Secure Hash Algorithm-256).
  • the method before generating a verification value based on the input modulus value using a predetermined compression function, the method further comprises: receiving an input message, and after determining the input modulus value is valid, the method further comprises: processing the received input message by a cryptographic process using the private key to generate an output message.
  • the cryptographic process is a process for digitally signing the received input message using the private key or a process for decrypting the received input message using the private key.
  • a system for protecting a private key includes: a verification module which is configured to calculate a verification value based on an input modulus value of the private key using a predetermined compression function, and compare the calculated verification value with a compressed value stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
  • the system further comprises an eFuse circuit for storing a valid exponent parameter of the private key and the compressed value generated based on the valid modulus parameter of the private key using the predetermined compression function.
  • the verification module is further configured to before comparing the verification value with a compressed value pre-stored in an eFuse circuit to determine whether the input modulus value is valid, generate the compressed value based on the valid modulus parameter of the private key using the predetermined compression function, and store the generated compressed value in the eFuse circuit.
  • the compressed value is generated based on the valid modulus parameter of the private key and at least one supplementary value using the predetermined compression function; and the verification module is further configured to receive the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value, and generate a verification value based on the input modulus value and the at least one supplementary input value using a predetermined compression function.
  • the system further comprises a data storage unit for storing the input modulus value and/or the at least one supplementary input value, wherein the verification module is further configured to receive the input modulus value and/or the at least one supplementary input value from the data storage unit.
  • the verification module is configured to calculate the compressed value using the predetermined compression function which has a security strength no less than a security strength of a cryptographic algorithm which is used in the cryptographic process.
  • the verification module is further configured to calculate the compressed value with a fixed bit length using the predetermined compression function.
  • the verification module is further configured to calculate the compressed value using a Hash Function.
  • the verification module is further configured to calculate the compressed value using SHA-256 (Secure Hash Algorithm-256).
  • the system further comprises a cryptographic calculation module for receiving an input message to be processed by the cryptographic process using the private key, processing the received message using the private key to generate an output message if the input modulus value is valid.
  • the cryptographic calculation module is configured to perform a process for digitally signing the input message using the private key or a process for decrypting the input message using the private key.
  • the compressed value of the valid modulus parameter of the private key may have a bit length less than, even substantially less than, that of the original valid modulus parameter, therefore as compared to the second prior art solution, the cost of manufacturing an eFuse circuit for storing parameters associated with the private key may be significantly reduced. Furthermore, a step for verifying validity of the input modulus value is performed to ensure the input modulus value is valid, i.e. the input modulus value matches with the valid exponent parameter of the private key to be used in a cryptographic process. Thus the security risk which would result in the first prior art solution is avoided. Therefore, compared with the prior art, the embodiments of the invention provide a low cost but high security solution for protecting the private key.
  • Figure 1 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a first prior art solution
  • Figure 2 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a second prior art solution
  • Figure 3 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a first embodiment of the invention
  • Figure 4 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the first embodiment of the invention
  • Figure 5 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a second embodiment of the invention
  • Figure 6 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the second embodiment of the invention
  • Figure 7 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a third embodiment of the invention.
  • Figure 8 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the third embodiment of the invention.
  • a compressed value of the valid modulus parameter of the private key together with the valid exponent parameter of the private key are stored in an eFuse circuit. Furthermore, to protect the private key against the attack mentioned in the first prior art solution for protecting a private key, a process for verifying validity of the input modulus value associated with the private key is performed to verify that the input modulus value is valid, i.e. the input modulus matches with the valid exponent parameter of the private key stored in the eFuse circuit.
  • Embodiments of the invention provide a method for protecting a private key.
  • the method for protecting a private key includes the following: generating a verification value based on an input modulus value associated with the private key using a predetermined compression function, and comparing the verification value with a compressed value pre-stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
  • Embodiments of the invention also provide a system for protecting a private key.
  • the system for protecting a private key includes: a verification module which is configured to calculate a verification value based on an input modulus value associated with the private key using a predetermined compression function, and compare the calculated verification value with a compressed value stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
  • Figure 3 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a first embodiment of the invention.
  • the public key cryptographic process in embodiments of the invention may be a digital signature process for digitally signing an input message using the private key, or a description process for decrypting an input message using the private key wherein the input message is encrypted using the public key corresponding to the private key.
  • the private key to be protected includes a valid exponent parameter d and a valid modulus parameter N.
  • the system 300 includes an eFuse circuit 302, a verification module 304, a flash memory 306 and a cryptographic calculation module 308.
  • the cryptographic calculation module 308 may be a RSA calculation module.
  • the eFuse circuit 302 is configured to store the valid exponent parameter d of the private key and a compressed value cf(N) generated based on the valid modulus parameter N of the private key using a predetermined compression function.
  • the flash memory 306 is configured to store an input modulus value associated with the private key.
  • the verification module 304 is configured to verify, before the private key is applied to perform a cryptographic process by the cryptographic calculation module 308, whether an input modulus value associated with the private key is valid through the following: reading the input modulus value from the flash memory 306, calculating a verification value based on the input modulus value using the predetermined compression function, and comparing the calculated verification value with the compressed value stored in the eFuse circuit 302 to determine whether the input modulus value is valid.
  • the compression function used by the verification module 304 is same as that used to generate the compressed value pre-stored in the eFuse circuit 302.
  • the cryptographic calculation module 308 is configured to receive an input message, perform the cryptographic process on the input message using a cryptographic algorithm and the private key to generate an output message and return the output message if the private key is valid,.
  • the verification module 304 may include a compression function to be used to calculate the verification value, or the verification module 304 may call a compression function outside of the verification module 304 to calculate the verification value.
  • Figure 4 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the first embodiment of the invention.
  • a compressed value has been generated based on the valid modulus parameter of the private key using a predetermined compression function, e.g. a standard Hash Function SHA-256, and stored in the eFuse circuit 302, and the input modulus value N' has been stored in the flash memory 306.
  • a predetermined compression function e.g. a standard Hash Function SHA-256
  • the input modulus value N' has been stored in the flash memory 306.
  • an input message to be processed using a cryptographic algorithm in the cryptographic process is received by the cryptographic calculation module 308.
  • the verification module 304 reads or receives the input modulus value N' from the flash memory 306.
  • the input modulus value N' is read from the flash memory 306, in other embodiments of the invention, the input modulus value may be inputted or received by other means, e.g. directly input to the verification module 304 through an interface provided by the verification module 304.
  • the verification module 304 calculates a verification value Cf ( ⁇ ') using a predetermined compression function same as the one used for generating the compressed value.
  • the verification module compares the calculated verification value Cf (N') with the compressed value cf (TV) pre-stored in the eFuse circuit 302. If the two values are equal to each other, the flow sequence proceeds to block 1005; if not, to the flow sequence proceeds to block 1006. In block 1005, the verification process succeeds, and the cryptographic calculation module 308 processes the input message using the private key (d, N') and the cryptographic algorithm to generate an output message, and returns the output message.
  • the cryptographic calculation module 308 reads the valid exponent parameter d of the private key from the eFuse circuit 302 and reads the input modulus value N' stored in the flash memory 306, then uses the private key (d, ') to process the input message to generate the output message, and then returns the output message.
  • the cryptographic calculation module 308 performs the digital signature process using the private key (d, N') according to Equation (4) to generate a signature value as the output message, and then returns the signature value.
  • the cryptographic calculation module 308 performs the decryption process using the private key (d, N') according to Equation (5) to generate a decrypted plain text as the output message, and then return the plain text.
  • the verification process fails and the cryptographic calculation module 308 may return an error code, e.g. 0.
  • the predetermined compression function may be any function which can generate an output with a bit length less than that of the input.
  • a compression function which can generate an output with a fixed bit length substantially less than that of the input may be selected.
  • the compressed value calculated by the compression function preferably has a fixed bit length to unify the size of the compressed value and ensure the generated compressed value can be stored in the eFuse circuit.
  • the security strength of the compression function against second pre-image attack must be no less than the security strength of the cryptographic algorithm.
  • the security strength against a second pre-image attack refers to a number associated with the operations/computations, for a given input, required to find a second input different from the given input but the compressed value generated based on the second input is same as that generated based on the given input.
  • the security strength of a cryptographic algorithm/system refers to a number associated with the amount of operations/computations required to break a cryptographic algorithm or system.
  • the security strength of standard cryptographic algorithms can be ascertained by relevant standards, e.g.
  • the security strength of the popular public key cryptographic algorithm RSA-2048 is 112 bits, and the security strength of RSA-4096 is about 150 bits. Therefore in order to make sure the system for protecting private key is adapted for both cryptographic algorithms, the security strength of the compression function against a second- pre-image attack must be no less than the security strength of any of the cryptographic algorithms.
  • the compression function may be a standard Hash Function.
  • a Hash Function can accept an arbitrary-length bit string input and generate a fixed-length bit string.
  • a standard Hash Function SHA-256 may be selected as the compression function since the security strength of the SHA-256 against a second pre-image attack is 256 bits which is greater than the security strength of the RSA-2048 and the RSA-4096.
  • the compressed value stored in the eFuse circuit 302 is generated only based on the valid modulus parameter N of the private key and the verification value calculated by the verification module 304 is generated only based on the input modulus value N' associated with the private key.
  • the both values may be generated based on more than one parameter to further improve the security level of the solution for protecting a private key.
  • the compressed value stored in the eFuse circuit may be generated based on both the valid modulus parameter of the private key and at least one supplementary value.
  • the verification value may be generated based on both the input modulus parameter associated with the private key and at least one supplementary input value corresponding to the at least one supplementary value.
  • the at least one supplementary input value may be stored in a flash memory together with the input modulus value.
  • a compressed value cf(e ⁇ ⁇ N) stored in the eFuse circuit 402 is generated based on both the valid modulus parameter N of the private key and a supplementary value, i.e. a valid exponent parameter e of the public key corresponding to the private key.
  • the verification module 404 is configured to calculate a verification value cf(e' ⁇ ⁇ N') based on both the input modulus value N' and a supplementary input value corresponding to the supplementary value, i.e. an input exponent value e' associated with the public key corresponding to the private key.
  • both the input modulus value N' and the supplementary input value e' are pre-stored in the flash memory 406 and read from the flash memory 406 by the verification module 404 to calculate the verification value.
  • the supplementary value may be other predetermined value instead of the valid exponent parameter of the public key.
  • Figure 6 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the second embodiment of the invention.
  • a compressed value cf (e ⁇ ⁇ N) has been generated based on the valid modulus parameter of the private key and a supplementary value, i.e. the exponent parameter e of the public key corresponding to the private key using a predetermined compression function, e.g. SHA-256, and stored in the eFuse circuit 402.
  • a predetermined compression function e.g. SHA-256
  • an input message to be processed using a cryptographic algorithm in the cryptographic process is received by the cryptographic calculation module 408.
  • the verification module 404 reads or receives the input modulus value N' and the supplementary input value e' from the flash memory 406. It should be noted that although in the second embodiment, the input modulus value N' and the supplementary input value e' are pre-stored and read from the flash memory 406, in other embodiments of the invention, the input modulus value N' and/or the supplementary input value e' may be inputted or received by other means, e.g. directly inputted to the verification module 404 through an interface provided by the verification module 404. Additionally, the supplementary input value may be other predetermined value corresponding to the supplementary value which is used to generate the compressed value pre- stored in the eFuse circuit 402. In block 2003, the verification module 404 calculates a verification value
  • the verification module 404 compares the calculated verification value Cf e' ⁇ ⁇ N') with the compressed value c/ (e
  • the verification process succeeds, and the cryptographic calculation module 408 processes the input message using the private key (d ⁇ ') and the cryptographic algorithm to generate an output message and returns the output message.
  • the detailed cryptographic process conducted by the cryptographic calculation module 408 is same as that conducted by the cryptographic calculation module 308 in the first embodiment of the invention, and will not described here.
  • the verification process fails, and the cryptographic calculation module 408 may return an error code, e.g. 0.
  • the flash memory e.g. flash memory 306 or 406 may be an existing flash memory, e.g. the flash memory 106 on the SoC as shown in Figure 1 , which is for storing a modulus parameter and an exponent parameter of a public key.
  • the verification module reads both the modulus parameter (input modulus value associated with the private key) and an exponent parameter (supplementary input value associated with the private key) of the public key from the flash memory, calculates a verification value based on the both input values, and compares the calculated verification value with the compressed value pre-stored in the eFuse circuit. If the calculated verification value is equal to the compressed value pre-stored in the eFuse circuit, the modulus parameter of the public key stored in the flash memory is verified to be the valid modulus parameter of the private key.
  • the verification module 304/404 is communicably coupled to the cryptographic calculation module 308/408.
  • the verification module 304/404 is configured to perform the verification process after the cryptographic calculation module 308/408 receives an input message. It means that every time when the cryptographic calculation module 308/408 receives an input message, the verification module 304/404 will perform the verification process for verifying the validity of the input modulus value of the private key.
  • the verification process may be performed at a different time.
  • a third embodiment of the invention as shown in Figure 7, there is no connection and communication between the verification module 504 and the cryptographic calculation module 508.
  • the system 500 for protecting a private key is integrated into a SoC (System on Chip)
  • the verification module 504 is configured to perform the verification process only when the SoC starts or reboots. Since the verification process for verifying validity of the input modulus value associated with the private key is only performed once in this embodiment, compared to the first and second embodiments, the solution provided in the third embodiment is more efficient.
  • Figure 8 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the third embodiment of the invention.
  • the verification process is performed only when the SoC into which the system for protecting the private key is integrated, starts or reboots.
  • the process for verifying whether the input modulus value associated with the private key stored in the flash memory 506 is valid is a part of a self-testing process to check the correctness and validity of everything stored on the SoC.
  • a compressed value Cf QV has been generated based on the valid modulus parameter N of the private key using a predetermined compression function, e.g. SHA-256, and stored in the eFuse circuit 502.
  • SoC starts or reboots.
  • the verification module 504 reads or receives the input modulus value N' from a flash memory 506.
  • the verification module 504 calculates a verification value Cf ( ⁇ ') using a predetermined compression function, e.g. Hash Function SHA- 256.
  • a predetermined compression function e.g. Hash Function SHA- 256.
  • the verification module 504 compares the calculated verification value Cf ( ⁇ ') with the compressed value verification value Cf ( ⁇ pre-stored in an eFuse circuit 502. If the two values are equal to each other, the flow sequence proceeds to block 3005; if not, the flow sequence proceeds to block 3006.
  • the verification process succeeds, and the cryptographic calculation module 508 is ready to perform a cryptographic process on an input message using the private key (d, N') and the cryptographic algorithm.
  • the detailed cryptographic process to be conducted by the cryptographic calculation module 508 is same as that conducted by the cryptographic calculation module 308/408 in the first/ second embodiment of the invention, and will not described here.
  • the verification process fails, and an error code, e.g. 0, may be returned by the verification module 504 and the SoC may be turned off.
  • an error code e.g. 0, may be returned by the verification module 504 and the SoC may be turned off.
  • the compressed value stored in the eFuse circuit 502 is generated only based on the valid modulus parameter of the private key, and the verification value is only calculated based on the input modulus value associated with the private key
  • the compressed value stored in the eFuse circuit 502 may also be generated based on both the valid modulus parameter of the private key and at least one supplementary value, e.g. the valid exponent parameter of the corresponding public key, and accordingly the verification value may also be calculated based on both the input modulus value and at least one supplementary input value.
  • the at least one supplementary value may also be stored in the flash memory 506 together with the input modulus value.
  • a compressed value of the valid modulus parameter of the private key instead of the valid modulus parameter itself is stored in an eFuse circuit. Since the compressed value may have a bit length substantially less than that of the original valid modulus parameter, as compared to the prior art, the cost of manufacturing an eFuse circuit for storing parameters associated with the private key may be significantly reduced.
  • the solution provided in the embodiments of the invention is low cost but ensures high security.

Abstract

Embodiments of the invention provide a low cost but high security method and system for protecting a private key. The method comprises a process for verifying whether an input modulus value associated with the private key is valid before applying the private key to perform a cryptographic process. The verification process comprises: generating a verification value based on the input modulus value using a predetermined compression function, and comparing the verification value with a compressed value pre-stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.

Description

METHOD AND SYSTEM FOR PROTECTING PRIVATE KEY
Field of Invention The invention generally relates to cryptography system. More particularly, the invention relates to a method and system for protecting a private key to be used in a public key cryptographic process.
Background
In a public key or asymmetrical cryptosystem, e.g. the Rivest-Shamir- Adieman (RSA) public key cryptosystem, a pair of a public key and a private key is used in cryptographic processes, wherein the public key is available to anyone and the private key is kept secret by a user. Typically, in order to reduce the risk of tampering or theft of the private key by an attacker, e.g. a hacker, the private key is stored in a System on Chip (SoC) together with the cryptographic algorithm in which the private key is to be used such that the private key is not exposed outside of the hardware.
Electronic fuse (eFuse) technology is widely used in memory integrated circuit design. By using eFuse technology, private keys are allowed to be stored or written in manufactured chipsets. Thus during the manufacturing process, the manufacturers need not know the private keys and therefore the likelihood of exposing the private keys is decreased. l It is well known by persons skilled in the art that a private key has two parameters, one is a modulus parameter, and the other is an exponent parameter, wherein the modulus parameter is same as the modulus parameter of the corresponding public key of the private key. In a first prior art solution for protecting a private key, only the exponent parameter of the private key is stored in the SoC using eFuse technology since the modulus parameter is same as that of the corresponding public key and the public key is available to anyone. However, there is a security risk in this solution, which will be explained with reference to Figure 1.
As shown in Figure 1 , the System on chip 100 includes an eFuse circuit 102, a flash memory 106, and a cryptographic calculation module 108, e.g. a RSA calculation module. The eFuse circuit 102 is configured to store the exponent parameter d of the private key. The flash memory 106 is configured to store the exponent parameter e and the modulus parameter N of the public key, the cryptographic calculation module 108 is configured to provide a signature interface as shown in Equation (1 ) to receive an input message x and a modulus parameter of the public key y to generate a signature value. As shown in Equation (2), if the input message x=h, the input modulus parameter of the public key y=N, the generated signature value is hd mod N. The generated signature value is then returned as an output message.
Sign (x,y)=xd mod y (1 ) Signature value =hd mod N (2)
In this solution, the signature interface provided by the cryptographic calculation module 108 allows an attacker to choose any modulus parameter as input modulus parameter of the private key and obtain a signature value calculated by the cryptographic calculation module 108 using the input modulus parameter and the exponent parameter d of the private key stored in the eFuse circuit 102, thus the exponent parameter d may be recovered by solving a modulus equation group.
In order to solve the security problem in the first prior art solution mentioned above, a second prior art solution for protecting a private key is proposed. Referring to Figure 2, in this solution, both the exponent parameter d and the modulus parameter N of the private key are stored in an eFuse circuit 202 in the System on Chip 200. The signature interface provided by the cryptographic calculation module 208 becomes the following Equation (3). Sign (x)=xd mod N (3)
Thus the security risk in the first prior art solution can be avoided. However, there is another problem of high cost of manufacturing the eFuse circuit 202 since both parameters of the private key are required to be stored in the eFuse circuit 202. Moreover, normally during the manufacturing process of an eFuse circuit, a full backup for each of the eFuse bit is required in case some bits of the eFuse circuit fail to work. As a result, if the eFuse circuit is designed to store a parameter with M bits, an eFuse circuit having 2M eFuse bits will have to be prepared. For example, if the eFuse circuit is designed to store the parameters N and d of a private key to be used in a standard RSA-2048 algorithm, the eFuse circuit must be manufactured to have 4X2048=8192 eFuse bits. Thus, the increase in bits of parameters to be stored in an eFuse circuit will result in a significant increase in the cost of manufacturing an eFuse circuit.
In view of the above problem, it is desirable to provide a cost-effective but high security solution for protecting a private key to be used in a cryptographic process.
Summary of Invention Embodiments of the invention provide a cost-effective but high security solution for protecting a private key.
According to a first aspect of the invention, a method for protecting a private key is provided, where the method includes: generating a verification value based on the input modulus value using a predetermined compression function, and comparing the verification value with a compressed value pre- stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the compressed value the compressed value is generated based on the valid modulus parameter of the private key and at least one supplementary value using the predetermined compression function; and before generating a verification value based on the input modulus value using a predetermined compression function, the method further comprises: receiving the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value, and the generating a verification value based on the input modulus value using a predetermined compression function comprises: generating a verification value based on the input modulus value and the at least one supplementary input value using a predetermined compression function.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the receiving the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value includes receiving at least one of the input modulus value and the at least one supplementary input value from a data storage unit. With reference to the first aspect or first possible implementation manner of the first aspect or second possible implementation manner of the first aspect , in a third possible implementation manner of the first aspect, the method further comprises: generating the compressed value based on the valid modulus parameter of the private key using the predetermined compression function, and storing the generated compressed value in the eFuse circuit.
With reference to the first aspect, or any one of the first, second and third possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, the predetermined compression function has a security strength against a second pre-image attack no less than a security strength of a cryptographic algorithm which is used in the cryptographic process.
With reference to the first aspect, or any one of the first to fourth possible implementation manner of the first aspect, in a fifth possible implementation manner of the first aspect, the predetermined compression function is capable of accepting an arbitrary-length bit string input and generating a fixed-length bit string output.
With reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, the predetermined compression function is a Hash Function.
With reference to the sixth possible implementation manner of the first aspect, in a seventh possible implementation manner of the first aspect, the Hash Function is SHA-256 (Secure Hash Algorithm-256). With reference to the first aspect, or any one of the first to seventh possible implementation manner of the first aspect, in a eighth possible implementation manner of the first aspect, before generating a verification value based on the input modulus value using a predetermined compression function, the method further comprises: receiving an input message, and after determining the input modulus value is valid, the method further comprises: processing the received input message by a cryptographic process using the private key to generate an output message. With reference to the eighth possible implementation manner of the first aspect, in a ninth possible implementation manner of the first aspect, the cryptographic process is a process for digitally signing the received input message using the private key or a process for decrypting the received input message using the private key.
According to a second aspect of the invention, a system for protecting a private key is provided, where the system includes: a verification module which is configured to calculate a verification value based on an input modulus value of the private key using a predetermined compression function, and compare the calculated verification value with a compressed value stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the system further comprises an eFuse circuit for storing a valid exponent parameter of the private key and the compressed value generated based on the valid modulus parameter of the private key using the predetermined compression function.
With reference to the second aspect or the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the verification module is further configured to before comparing the verification value with a compressed value pre-stored in an eFuse circuit to determine whether the input modulus value is valid, generate the compressed value based on the valid modulus parameter of the private key using the predetermined compression function, and store the generated compressed value in the eFuse circuit.
With reference to the second aspect or any one of the first and second possible implementation manners of the second aspect, in a third possible implementation manner of the second aspect, the compressed value is generated based on the valid modulus parameter of the private key and at least one supplementary value using the predetermined compression function; and the verification module is further configured to receive the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value, and generate a verification value based on the input modulus value and the at least one supplementary input value using a predetermined compression function.
With reference to the third possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, the system further comprises a data storage unit for storing the input modulus value and/or the at least one supplementary input value, wherein the verification module is further configured to receive the input modulus value and/or the at least one supplementary input value from the data storage unit. With reference to the second aspect, or any one of the first to fourth possible implementation manner of the second aspect, in a fifth possible implementation manner of the second aspect, the verification module is configured to calculate the compressed value using the predetermined compression function which has a security strength no less than a security strength of a cryptographic algorithm which is used in the cryptographic process.
With reference to the second aspect, or any one of the first to fifth possible implementation manner of the second aspect, in a sixth possible implementation manner of the second aspect, the verification module is further configured to calculate the compressed value with a fixed bit length using the predetermined compression function.
With reference to the sixth possible implementation manner of the second aspect, in a seventh possible implementation manner of the second aspect, the verification module is further configured to calculate the compressed value using a Hash Function.
With reference to the seventh possible implementation manner of the second aspect, in a eighth possible implementation manner of the second aspect, the verification module is further configured to calculate the compressed value using SHA-256 (Secure Hash Algorithm-256).
With reference to the second aspect, or any one of the first to eighth possible implementation manner of the second aspect, in a ninth possible implementation manner of the second aspect, the system further comprises a cryptographic calculation module for receiving an input message to be processed by the cryptographic process using the private key, processing the received message using the private key to generate an output message if the input modulus value is valid. With reference to the ninth possible implementation manner of the second aspect, in a tenth possible implementation manner of the second aspect, the cryptographic calculation module is configured to perform a process for digitally signing the input message using the private key or a process for decrypting the input message using the private key.
In the embodiments of the invention, the compressed value of the valid modulus parameter of the private key may have a bit length less than, even substantially less than, that of the original valid modulus parameter, therefore as compared to the second prior art solution, the cost of manufacturing an eFuse circuit for storing parameters associated with the private key may be significantly reduced. Furthermore, a step for verifying validity of the input modulus value is performed to ensure the input modulus value is valid, i.e. the input modulus value matches with the valid exponent parameter of the private key to be used in a cryptographic process. Thus the security risk which would result in the first prior art solution is avoided. Therefore, compared with the prior art, the embodiments of the invention provide a low cost but high security solution for protecting the private key.
Brief Description of the Drawings
The invention will be described in detail with reference to the accompanying drawings, in which:
Figure 1 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a first prior art solution; Figure 2 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a second prior art solution;
Figure 3 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a first embodiment of the invention;
Figure 4 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the first embodiment of the invention; Figure 5 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a second embodiment of the invention;
Figure 6 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the second embodiment of the invention;
Figure 7 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a third embodiment of the invention;
Figure 8 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the third embodiment of the invention. Detailed Description of Embodiments of the Invention
In the following description, numerous specific details are set forth in order to provide a thorough understanding of various illustrative embodiments of the invention. It will be understood, however, to one skilled in the art, that embodiments of the invention may be practiced without some or all of these specific details. It is understood that the terminology used herein is for the purpose of describing particular embodiments only, and is not intended to limit the scope of the invention. In the drawings, like reference numerals refer to same or similar functionalities or features throughout the several views.
According to embodiments of the invention, in order to reduce the cost of manufacturing an eFuse circuit for storing the parameters associated with a private key, a compressed value of the valid modulus parameter of the private key together with the valid exponent parameter of the private key are stored in an eFuse circuit. Furthermore, to protect the private key against the attack mentioned in the first prior art solution for protecting a private key, a process for verifying validity of the input modulus value associated with the private key is performed to verify that the input modulus value is valid, i.e. the input modulus matches with the valid exponent parameter of the private key stored in the eFuse circuit.
Embodiments of the invention provide a method for protecting a private key. In one embodiment of the invention, the method for protecting a private key includes the following: generating a verification value based on an input modulus value associated with the private key using a predetermined compression function, and comparing the verification value with a compressed value pre-stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
Embodiments of the invention also provide a system for protecting a private key. In one embodiment of the invention, the system for protecting a private key includes: a verification module which is configured to calculate a verification value based on an input modulus value associated with the private key using a predetermined compression function, and compare the calculated verification value with a compressed value stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
Figure 3 is a schematic diagram illustrating a system for protecting a private key to be used in a public key cryptographic process according to a first embodiment of the invention. It is to be noted that the public key cryptographic process in embodiments of the invention may be a digital signature process for digitally signing an input message using the private key, or a description process for decrypting an input message using the private key wherein the input message is encrypted using the public key corresponding to the private key. The private key to be protected includes a valid exponent parameter d and a valid modulus parameter N.
As shown in Figure 3, the system 300 includes an eFuse circuit 302, a verification module 304, a flash memory 306 and a cryptographic calculation module 308. The cryptographic calculation module 308 may be a RSA calculation module.
The eFuse circuit 302 is configured to store the valid exponent parameter d of the private key and a compressed value cf(N) generated based on the valid modulus parameter N of the private key using a predetermined compression function.
The flash memory 306 is configured to store an input modulus value associated with the private key.
The verification module 304 is configured to verify, before the private key is applied to perform a cryptographic process by the cryptographic calculation module 308, whether an input modulus value associated with the private key is valid through the following: reading the input modulus value from the flash memory 306, calculating a verification value based on the input modulus value using the predetermined compression function, and comparing the calculated verification value with the compressed value stored in the eFuse circuit 302 to determine whether the input modulus value is valid. It should be noted that the compression function used by the verification module 304 is same as that used to generate the compressed value pre-stored in the eFuse circuit 302.
The cryptographic calculation module 308 is configured to receive an input message, perform the cryptographic process on the input message using a cryptographic algorithm and the private key to generate an output message and return the output message if the private key is valid,.
It is to be noted that the verification module 304 may include a compression function to be used to calculate the verification value, or the verification module 304 may call a compression function outside of the verification module 304 to calculate the verification value.
Figure 4 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the first embodiment of the invention. Before performing the following process for verifying validity of an input modulus value associated with the private key, a compressed value has been generated based on the valid modulus parameter of the private key using a predetermined compression function, e.g. a standard Hash Function SHA-256, and stored in the eFuse circuit 302, and the input modulus value N' has been stored in the flash memory 306. In block 1001 , an input message to be processed using a cryptographic algorithm in the cryptographic process is received by the cryptographic calculation module 308. In block 1002, the verification module 304 reads or receives the input modulus value N' from the flash memory 306.
It should be noted that although in the first embodiment, the input modulus value N' is read from the flash memory 306, in other embodiments of the invention, the input modulus value may be inputted or received by other means, e.g. directly input to the verification module 304 through an interface provided by the verification module 304.
In block 1003, the verification module 304 calculates a verification value Cf (Ν') using a predetermined compression function same as the one used for generating the compressed value.
In block 1004, the verification module compares the calculated verification value Cf (N') with the compressed value cf (TV) pre-stored in the eFuse circuit 302. If the two values are equal to each other, the flow sequence proceeds to block 1005; if not, to the flow sequence proceeds to block 1006. In block 1005, the verification process succeeds, and the cryptographic calculation module 308 processes the input message using the private key (d, N') and the cryptographic algorithm to generate an output message, and returns the output message.
Specifically, the cryptographic calculation module 308 reads the valid exponent parameter d of the private key from the eFuse circuit 302 and reads the input modulus value N' stored in the flash memory 306, then uses the private key (d, ') to process the input message to generate the output message, and then returns the output message.
If the input message is a message M to be digitally signed, then the cryptographic calculation module 308 performs the digital signature process using the private key (d, N') according to Equation (4) to generate a signature value as the output message, and then returns the signature value.
Signature Value =Md mod N' (4)
If the input message is a ciphertext T to be decrypted, then the cryptographic calculation module 308 performs the decryption process using the private key (d, N') according to Equation (5) to generate a decrypted plain text as the output message, and then return the plain text.
Plain Text =Td mod N' (5)
In block 1006, the verification process fails and the cryptographic calculation module 308 may return an error code, e.g. 0. In embodiments of the invention, the predetermined compression function may be any function which can generate an output with a bit length less than that of the input. In order to further reduce the cost of manufacturing the eFuse circuit, a compression function which can generate an output with a fixed bit length substantially less than that of the input may be selected. The compressed value calculated by the compression function preferably has a fixed bit length to unify the size of the compressed value and ensure the generated compressed value can be stored in the eFuse circuit. Further, to maintain security strength of the system/the cryptographic algorithm used in the cryptographic system, the security strength of the compression function against second pre-image attack must be no less than the security strength of the cryptographic algorithm. The security strength against a second pre-image attack refers to a number associated with the operations/computations, for a given input, required to find a second input different from the given input but the compressed value generated based on the second input is same as that generated based on the given input. The security strength of a cryptographic algorithm/system refers to a number associated with the amount of operations/computations required to break a cryptographic algorithm or system. The security strength of standard cryptographic algorithms can be ascertained by relevant standards, e.g. the security strength of the popular public key cryptographic algorithm RSA-2048 is 112 bits, and the security strength of RSA-4096 is about 150 bits. Therefore in order to make sure the system for protecting private key is adapted for both cryptographic algorithms, the security strength of the compression function against a second- pre-image attack must be no less than the security strength of any of the cryptographic algorithms.
Typically, the compression function may be a standard Hash Function. A Hash Function can accept an arbitrary-length bit string input and generate a fixed-length bit string. Preferably, a standard Hash Function SHA-256 may be selected as the compression function since the security strength of the SHA-256 against a second pre-image attack is 256 bits which is greater than the security strength of the RSA-2048 and the RSA-4096.
In the first embodiment, the compressed value stored in the eFuse circuit 302 is generated only based on the valid modulus parameter N of the private key and the verification value calculated by the verification module 304 is generated only based on the input modulus value N' associated with the private key. It is to be noted that in other embodiments of the invention, the both values may be generated based on more than one parameter to further improve the security level of the solution for protecting a private key. Specifically, the compressed value stored in the eFuse circuit may be generated based on both the valid modulus parameter of the private key and at least one supplementary value. Accordingly, the verification value may be generated based on both the input modulus parameter associated with the private key and at least one supplementary input value corresponding to the at least one supplementary value. The at least one supplementary input value may be stored in a flash memory together with the input modulus value.
For example, in a second embodiment of the invention as shown in Figure 5, a compressed value cf(e\ \N) stored in the eFuse circuit 402 is generated based on both the valid modulus parameter N of the private key and a supplementary value, i.e. a valid exponent parameter e of the public key corresponding to the private key. And accordingly the verification module 404 is configured to calculate a verification value cf(e'\ \N') based on both the input modulus value N' and a supplementary input value corresponding to the supplementary value, i.e. an input exponent value e' associated with the public key corresponding to the private key. In this embodiment, both the input modulus value N' and the supplementary input value e' are pre-stored in the flash memory 406 and read from the flash memory 406 by the verification module 404 to calculate the verification value. It is to be appreciated that in other embodiments of the invention, the supplementary value may be other predetermined value instead of the valid exponent parameter of the public key.
Figure 6 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the second embodiment of the invention. Before performing the following process for verifying validity of an input modulus value N' associated with the private key, a compressed value cf (e \ \N) has been generated based on the valid modulus parameter of the private key and a supplementary value, i.e. the exponent parameter e of the public key corresponding to the private key using a predetermined compression function, e.g. SHA-256, and stored in the eFuse circuit 402. And the input modulus value N' and a supplementary input value e' have been pre-stored in the flash memory 406.
In block 2001 , an input message to be processed using a cryptographic algorithm in the cryptographic process is received by the cryptographic calculation module 408.
In block 2002, the verification module 404 reads or receives the input modulus value N' and the supplementary input value e' from the flash memory 406. It should be noted that although in the second embodiment, the input modulus value N' and the supplementary input value e' are pre-stored and read from the flash memory 406, in other embodiments of the invention, the input modulus value N' and/or the supplementary input value e' may be inputted or received by other means, e.g. directly inputted to the verification module 404 through an interface provided by the verification module 404. Additionally, the supplementary input value may be other predetermined value corresponding to the supplementary value which is used to generate the compressed value pre- stored in the eFuse circuit 402. In block 2003, the verification module 404 calculates a verification value
C (e'| |N') using a predetermined compression function, e.g. Hash Function SHA-256.
In block 2004, the verification module 404 compares the calculated verification value Cf e'\ \N') with the compressed value c/ (e| |N) pre-stored in the eFuse circuit 402. If the two values are equal to each other, the flow sequence proceeds to block 2005; if not, if not, the flow sequence proceeds to block 2006.
In block 2005, the verification process succeeds, and the cryptographic calculation module 408 processes the input message using the private key (d Ν') and the cryptographic algorithm to generate an output message and returns the output message. The detailed cryptographic process conducted by the cryptographic calculation module 408 is same as that conducted by the cryptographic calculation module 308 in the first embodiment of the invention, and will not described here. In block 2006, the verification process fails, and the cryptographic calculation module 408 may return an error code, e.g. 0.
In embodiments of the invention, the flash memory, e.g. flash memory 306 or 406, may be an existing flash memory, e.g. the flash memory 106 on the SoC as shown in Figure 1 , which is for storing a modulus parameter and an exponent parameter of a public key. Thus, to verify whether the modulus parameter of the public key stored in the flash memory is the valid modulus parameter of the private key, the verification module reads both the modulus parameter (input modulus value associated with the private key) and an exponent parameter (supplementary input value associated with the private key) of the public key from the flash memory, calculates a verification value based on the both input values, and compares the calculated verification value with the compressed value pre-stored in the eFuse circuit. If the calculated verification value is equal to the compressed value pre-stored in the eFuse circuit, the modulus parameter of the public key stored in the flash memory is verified to be the valid modulus parameter of the private key.
In the first and the second embodiments of the invention, the verification module 304/404 is communicably coupled to the cryptographic calculation module 308/408. The verification module 304/404 is configured to perform the verification process after the cryptographic calculation module 308/408 receives an input message. It means that every time when the cryptographic calculation module 308/408 receives an input message, the verification module 304/404 will perform the verification process for verifying the validity of the input modulus value of the private key.
However, in other embodiments of the invention, the verification process may be performed at a different time. For example, in a third embodiment of the invention, as shown in Figure 7, there is no connection and communication between the verification module 504 and the cryptographic calculation module 508. In this embodiment, the system 500 for protecting a private key is integrated into a SoC (System on Chip), the verification module 504 is configured to perform the verification process only when the SoC starts or reboots. Since the verification process for verifying validity of the input modulus value associated with the private key is only performed once in this embodiment, compared to the first and second embodiments, the solution provided in the third embodiment is more efficient.
Figure 8 is a flow chart illustrating a method for protecting a private key to be used in a public key cryptographic process according to the third embodiment of the invention. In this embodiment, the verification process is performed only when the SoC into which the system for protecting the private key is integrated, starts or reboots. The process for verifying whether the input modulus value associated with the private key stored in the flash memory 506 is valid is a part of a self-testing process to check the correctness and validity of everything stored on the SoC. Before performing the following process for verifying validity of the input modulus value associated with the private key, a compressed value Cf QV) has been generated based on the valid modulus parameter N of the private key using a predetermined compression function, e.g. SHA-256, and stored in the eFuse circuit 502.
In block 3001 , SoC starts or reboots.
In block 3002, the verification module 504 reads or receives the input modulus value N' from a flash memory 506.
In block 3003, the verification module 504 calculates a verification value Cf (Ν') using a predetermined compression function, e.g. Hash Function SHA- 256.
In block 3004, the verification module 504 compares the calculated verification value Cf (Ν') with the compressed value verification value Cf (Λ pre-stored in an eFuse circuit 502. If the two values are equal to each other, the flow sequence proceeds to block 3005; if not, the flow sequence proceeds to block 3006.
In block 3005, the verification process succeeds, and the cryptographic calculation module 508 is ready to perform a cryptographic process on an input message using the private key (d, N') and the cryptographic algorithm. The detailed cryptographic process to be conducted by the cryptographic calculation module 508 is same as that conducted by the cryptographic calculation module 308/408 in the first/ second embodiment of the invention, and will not described here.
In block 3006, the verification process fails, and an error code, e.g. 0, may be returned by the verification module 504 and the SoC may be turned off. Although in the third embodiment, the compressed value stored in the eFuse circuit 502 is generated only based on the valid modulus parameter of the private key, and the verification value is only calculated based on the input modulus value associated with the private key, it is to be appreciated that the compressed value stored in the eFuse circuit 502 may also be generated based on both the valid modulus parameter of the private key and at least one supplementary value, e.g. the valid exponent parameter of the corresponding public key, and accordingly the verification value may also be calculated based on both the input modulus value and at least one supplementary input value. The at least one supplementary value may also be stored in the flash memory 506 together with the input modulus value.
It should be noted that although in the embodiments of the invention, only the eFuse circuit or storing technology is discussed, the invention can be applied to other types of memory devices or storage technology having same or similar function. In the method and system provided by the embodiments of the invention, a compressed value of the valid modulus parameter of the private key instead of the valid modulus parameter itself is stored in an eFuse circuit. Since the compressed value may have a bit length substantially less than that of the original valid modulus parameter, as compared to the prior art, the cost of manufacturing an eFuse circuit for storing parameters associated with the private key may be significantly reduced. Furthermore, before the private key is applied to a cryptographic process, the validity of the input modulus value associated with the private key is to be verified through a verification process described above to avoid the security risk that would result in the first prior art solution. Therefore, compared to the prior art solutions for protecting a private key, the solution provided in the embodiments of the invention is low cost but ensures high security.
It is to be understood that the embodiments and features described above should be considered exemplary and not restrictive. For example, the above- described embodiments may be used in combination with each other. Many other embodiments will be apparent to those skilled in the art from consideration of the specification and practice of the invention. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled. Furthermore, certain terminology has been used for the purposes of descriptive clarity, and not to limit the disclosed embodiments of the invention.

Claims

Claims
1. A method for protecting a private key, comprising: generating a verification value based on an input modulus value associated with the private key using a predetermined compression function, and comparing the verification value with a compressed value pre-stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
2. The method according to claim 1 , wherein the compressed value is generated based on the valid modulus parameter of the private key and at least one supplementary value using the predetermined compression function; before generating a verification value based on the input modulus value using a predetermined compression function, the method further comprises: receiving the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value, and the generating a verification value based on the input modulus value using a predetermined compression function comprises: generating a verification value based on the input modulus value and the at least one supplementary input value using a predetermined compression function.
3. The method according to claim 2, wherein receiving the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value includes receiving at least one of the input modulus value and the at least one supplementary input value from a data storage unit.
4. The method according to any preceding claim, before comparing the verification value with a compressed value pre-stored in an eFuse circuit to determine whether the input modulus value is valid , the method further comprising: generating the compressed value based on the valid modulus parameter of the private key using the predetermined compression function, and storing the generated compressed value in the eFuse circuit.
5. The method according to any preceding claim, wherein the predetermined compression function has a security strength against a second pre-image attack no less than a security strength of a cryptographic algorithm which is used in the cryptographic process.
6. The method according to any preceding claim, wherein the predetermined compression function is capable of accepting an arbitrary-length bit string input and generating a fixed-length bit string output.
7. The method according to claim 6, wherein the predetermined compression function is a Hash Function.
8. The method according to claim 7, wherein the Hash Function is SHA-256 (Secure Hash Algorithm-256).
9. The method according to any preceding claim, wherein before generating a verification value based on the input modulus value using a predetermined compression function, the method further comprises: receiving an input message; and after determining the input modulus value is valid, processing the received input message by a cryptographic process using the private key to generate an output message.
10. The method according to claim 9, wherein the cryptographic process is a process for digitally signing the received input message using the private key or a process for decrypting the received input message using the private key.
11. A system for protecting a private key, comprising: a verification module which is configured to calculate a verification value based on an input modulus value associated with the private key using a predetermined compression function, and compare the calculated verification value with a compressed value pre- stored in an eFuse circuit to determine whether the input modulus value is valid, wherein the pre-stored compressed value is generated based on a valid modulus parameter of the private key using the predetermined compression function.
12. The system according to claim 11 , wherein the compressed value is generated based on the valid modulus parameter of the private key and at least one supplementary value using the predetermined compression function; and the verification module is further configured to receive the input modulus value and at least one supplementary input value corresponding to the at least one supplementary value, and generate a verification value based on the input modulus value and the at least one supplementary input value using a predetermined compression function.
13. The system according to claim 12, further comprising a data storage unit for storing the input modulus value and/or the at least one supplementary input value, wherein the verification module is further configured to receive the input modulus value and/or the at least one supplementary input value from the data storage unit.
14. The system according to any preceding claim, further comprising an eFuse circuit for storing a valid exponent parameter of the private key and the compressed value generated based on the valid modulus parameter of the private key using the predetermined compression function.
15. The system according to any preceding claim, wherein the verification module is further configured to before comparing the verification value with a compressed value pre- stored in an eFuse circuit to determine whether the input modulus value is valid, generate the compressed value based on the valid modulus parameter of the private key using the predetermined compression function, and store the generated compressed value in the eFuse circuit.
16. The system according to any preceding claim, wherein the verification module is configured to calculate the compressed value using the predetermined compression function which has a security strength no less than a security strength of a cryptographic algorithm which is used in the cryptographic process.
17. The system according to any preceding claim, wherein the verification module is further configured to calculate the compressed value with a fixed bit length using the predetermined compression function.
18. The system according to claim 17, wherein the verification module is further configured to calculate the compressed value using a Hash Function.
19. The system according to claim 18, wherein the verification module is further configured to calculate the compressed value using SHA-256 (Secure Hash Algorithm-256).
20. The system according to any preceding claim, further comprising: a cryptographic calculation module for receiving an input message to be processed by the cryptographic process using the private key, processing the received message using the private key to generate an output message if the input modulus value is valid.
21. The system according to claim 20, wherein the cryptographic calculation module is configured to perform a process for digitally signing the input message using the private key or a process for decrypting the input message using the private key.
PCT/SG2016/050143 2015-06-02 2016-03-28 Method and system for protecting private key WO2016195591A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201680031625.1A CN107667501A (en) 2015-06-02 2016-03-28 A kind of private key protection method and system
EP16714583.8A EP3295448A1 (en) 2015-06-02 2016-03-28 Method and system for protecting private key

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG10201504296XA SG10201504296XA (en) 2015-06-02 2015-06-02 Method and system for protecting private key
SG10201504296X 2015-06-02

Publications (1)

Publication Number Publication Date
WO2016195591A1 true WO2016195591A1 (en) 2016-12-08

Family

ID=55661517

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2016/050143 WO2016195591A1 (en) 2015-06-02 2016-03-28 Method and system for protecting private key

Country Status (4)

Country Link
EP (1) EP3295448A1 (en)
CN (1) CN107667501A (en)
SG (1) SG10201504296XA (en)
WO (1) WO2016195591A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5563950A (en) * 1995-03-31 1996-10-08 International Business Machines Corporation System and methods for data encryption using public key cryptography

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5563950A (en) * 1995-03-31 1996-10-08 International Business Machines Corporation System and methods for data encryption using public key cryptography

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ERIC BRIER ET AL: "Why One Should Also Secure RSA Public Key Elements", 10 October 2006, CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2006 LECTURE NOTES IN COMPUTER SCIENCE;;LNCS, SPRINGER, BERLIN, DE, PAGE(S) 324 - 338, ISBN: 978-3-540-46559-1, XP047029586 *
MATHIEU CIET ET AL: "Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults", DESIGNS, CODES AND CRYPTOGRAPHY, KLUWER ACADEMIC PUBLISHERS, BO, vol. 36, no. 1, 1 July 2005 (2005-07-01), pages 33 - 43, XP019205817, ISSN: 1573-7586, DOI: 10.1007/S10623-003-1160-8 *
R. L. RIVEST ET AL: "A method for obtaining digital signatures and public-key cryptosystems", COMMUNICATIONS OF THE ACM, vol. 26, no. 1, 1 January 1983 (1983-01-01), pages 96 - 99, XP055096612, ISSN: 0001-0782, DOI: 10.1145/357980.358017 *

Also Published As

Publication number Publication date
CN107667501A (en) 2018-02-06
SG10201504296XA (en) 2017-01-27
EP3295448A1 (en) 2018-03-21

Similar Documents

Publication Publication Date Title
US8060748B2 (en) Secure end-of-life handling of electronic devices
US9569623B2 (en) Secure boot with resistance to differential power analysis and other external monitoring attacks
US8472621B2 (en) Protection of a prime number generation for an RSA algorithm
US20130238904A1 (en) Protection against side channel attacks with an integrity check
US8938617B2 (en) One way authentication
US8509429B2 (en) Protection of a prime number generation against side-channel attacks
JP2010527219A (en) Method and system for electronically securing electronic device security using functions that cannot be physically copied
US20100241865A1 (en) One-Time Password System Capable of Defending Against Phishing Attacks
US20100161992A1 (en) Device and method for protecting data, computer program, computer program product
US8311212B2 (en) Method of processing data protected against attacks by generating errors and associated device
CN104899524A (en) Central processing unit and method for verifying data of main board
US7454625B2 (en) Method and apparatus for protecting a calculation in a cryptographic algorithm
CN110046489B (en) Trusted access verification system based on domestic Loongson processor, computer and readable storage medium
CN110610079A (en) Safe starting method, device and system
US20190089543A1 (en) FAULT ATTACKS COUNTER-MEASURES FOR EdDSA
CN111104662A (en) Method for authenticating a program and corresponding integrated circuit
CN108242997B (en) Method and apparatus for secure communication
EP3295448A1 (en) Method and system for protecting private key
CN114297673A (en) Password verification method, solid state disk and upper computer
CN115766043B (en) Off-chip firmware signature checking method and device, chip and electronic equipment
KR101677138B1 (en) Method of on-line/off-line electronic signature system for security of off-line token
EP3889816A1 (en) Method for securely processing digital information in a secure element
US20220263661A1 (en) Efficient Data Item Authentication
EP3901797A1 (en) Method for processing digital information
JP2022124424A5 (en)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16714583

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2016714583

Country of ref document: EP