	US 11,755,288 B2
	Secure transformation from a residue number system to a radix representation
Hendrik Dirk Lodewijk Hollmann, Valkenswaard (NL); Ronald Rietman, Eindhoven (NL); Ludovicus Marinus Gerardus Maria Tolhuizen, Waalre (NL); and Sebastiaan Jacobus Antonius De Hoogh, Oosterhout (NL)
Assigned to Koninklijke Philips N.V., Eindhoven (NL)
Appl. No. 16/347,715
Filed by KONINKLIJKE PHILIPS N.V., Eindhoven (NL)
PCT Filed Oct. 30, 2017, PCT No. PCT/EP2017/077835 § 371(c)(1), (2) Date May 6, 2019, PCT Pub. No. WO2018/086951, PCT Pub. Date May 17, 2018.
Claims priority of application No. 16197707 (EP), filed on Nov. 8, 2016.
Prior Publication US 2019/0272153 A1, Sep. 5, 2019
Int. Cl. G06F 7/72 (2006.01); H04L 9/00 (2022.01)

CPC G06F 7/729 (2013.01) [G06F 7/728 (2013.01); H04L 9/002 (2013.01); H04L 2209/16 (2013.01)]

20 Claims

1. A cryptographic computer device that is configured to perform cryptologic functions in an environment (white-box) wherein the operation of the cryptographic computer device during the execution of the cryptologic functions can be openly monitored and consequently at-risk for leakage of cryptologic information, the cryptographic computer device comprising:

a computer device circuit that executes a cryptographic function,

wherein the cryptographic function requires conversion of a first encoded number that is represented in a residue number system (RNS) into a second encoded number that is represented in a Radix representation;

a calculating device comprising:

an input interface circuit,

wherein the input interface circuit receives the first encoded number in the RNS representation as an encoded input number, and

a processor circuit,

wherein the processor circuit converts the encoded input number in the RNS representation into an encoded output number in the Radix representation,

wherein the processor circuit provides the encoded output number to the cryptographic function as the second encoded number;

wherein the Radix representation of the encoded output number comprises a set of bases,

wherein the encoded output number comprises digits in the Radix representation corresponding to the bases,

wherein the processor circuit iteratively updates an intermediate number represented in the residue number system,

wherein each iteration produces an iteration digit of the encoded output number,

wherein at least one iteration comprises:

computing a modulo of the intermediate number relative to an iteration base of the set of bases corresponding to the at least one iteration to obtain the iteration digit of the encoded output number corresponding to the at least one iteration,

updating the intermediate number by subtracting the iteration digit from the intermediate number,

adding an obfuscating number to the intermediate number, and

dividing the intermediate number by the iteration base,

wherein the obfuscating number is a multiple of a product of one or more of the bases of the set of bases,

wherein the obfuscating number is greater than 0,

wherein the adding of the obfuscating number spreads the intermediate number over a substantially larger range of the intermediate numbers than a range of the intermediate numbers without the adding, thereby reducing the cryptologic leakage of information.