Abstract: Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. This is generally accomplished by incorporating unpredictable information into the cryptographic processing. Various embodiments of the invention use techniques such as reduction of signal to noise ratios, random noise generation, clock skipping, and introducing entropy into the order of processing operations or the execution path. The techniques may be implemented in hardware or software, may use a combination of digital and analog techniques, and may be deployed in a variety of cryptographic devices.

Abstract: Methods and apparatuses are disclosed for securing cryptosystems against external monitoring attacks by reducing the amount (and signal to noise ratio) of useful information leaked during processing. In general, this is accomplished by implementing critical operations using “branchless” or fixed execution path routines whereby the execution path does not vary in any manner that can reveal new information about the secret key during subsequent operations. More particularly, various embodiments of the invention include: implementing modular exponentiation without key-dependent conditional jumps; implementing modular exponentiation with fixed memory access patterns; implementing modular multiplication without using leak-prone multiplication-by-one operations; and implementing leak-minimizing multiplication (and other operations) for elliptic curve cryptosystems.

Abstract: A secure cryptographic rights unit for cryptographically regulating access to digital content includes an interface control processor and a specialized cryptographic unit that protects access to a memory. Rights keys, which allow access to content, are added by the cryptographic unit by transforming data received from the control processor and storing the result in the protected memory. The cryptographic unit then produces content decryption keys by using stored rights keys to transform other data received from the control processor. Because the control processor does not have the ability to directly access the protected memory, the security can remain effective even if the control processor is compromised. To prevent reverse engineering of the cryptographic transformations, the invention provides for an algorithm generator that uses random sources to produce algorithm definitions in machine-readable form. Because the generator itself does not contain any secrets, it can be submitted for open review.

Abstract: Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P {K1} XOR K2P {K2} equals the “standard” DES key K, and M1P {M1} XOR M2P {M2} equals the “standard” message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

Abstract: One embodiment of the present invention includes an apparatus for inserting an error signal onto a bidirectional signal line. The apparatus includes a first switch for decoupling a first terminal of the bidirectional signal line from a second terminal of the bidirectional signal line, a second switch for coupling the error signal to the first terminal, and a third switch for coupling the error signal to the second terminal. The apparatus also includes a control unit for generating a switch enable signal. When the switch enable signal is deasserted, the first switch closes and the second and third switches open, such that the first terminal is coupled to the second terminal. When the switch enable signal is asserted, the first switch opens and the second and third switches close, such that the error signal is coupled to the first and second terminals.

Abstract: A method of booting a portable computing device or a personal digital assistant (PDA) is described. In one embodiment, the PDA comprises a boot ROM, a RAM, and a connector for connecting to an external floppy disk drive (FDD). Operating system software and application software for the PDA is stored on a disk in FDD. To boot the PDA, the PDA is connected to the external FDD, then powered up. The PDA is hardwired to begin executing code from the boot ROM, which contains a program to transfer code from the FDD to the RAM, then jump to an entry point in the newly loaded code in the RAM. The PDA is then disconnected from the FDD. To configure the PDA with different operating system and/or different application software, the FDD is loaded with a disk storing this different software and the boot process is repeated. Thus, the PDA can be configured to support any number of different operating systems and any number of different applications despite having a limited capacity of RAM.

Abstract: A microprocessor having a cache memory unit, an execution unit, and clock masking circuitry is described. Both units are responsive to a clock signal that can be masked by the clock masking circuitry in order to reduce the power consumption of the microprocessor. Based on a signal that indicates a potential impending cache snoop, the clock masking circuitry can unmask the clock signal to the cache unit without unmasking the clock signal to the execution unit.

Abstract: A voltage regulator illustrating one embodiment of the apparatus of the present invention is described. The voltage regulator includes an output stage for providing a primary output voltage on a primary output terminal and a secondary output voltage on a secondary output terminal, a switch for charging the output stage, a switch for discharging the output stage, and a controller for controlling the charging and discharging of the output stage to maintain the stability of the output voltages. The output stage includes a transformer for generating the primary and secondary output voltages, a switch for regulating the secondary output voltage, and capacitors for storing charge to maintain the primary and secondary output voltages. The transformer includes a primary inductor for generating the primary output voltage and a secondary inductor for generating the secondary output voltage.