| US 7,599,491 B2 | ||
| Method for strengthening the implementation of ECDSA against power analysis | ||
| Robert J. Lambert, Cambridge (Canada) | ||
| Assigned to Certicom Corp., Mississauga (Canada) | ||
| Filed on Apr. 11, 2002, as Appl. No. 10/119,803. | ||
| Application 10/119803 is a continuation in part of application No. 09/900959, filed on Jul. 10, 2001, granted, now 7,092,523. | ||
| Application 09/900959 is a continuation in part of application No. PCT/CA00/00021, filed on Jan. 11, 2000. | ||
| Application PCT/CA00/00021 is a continuation in part of application No. PCT/CA00/00030, filed on Jan. 14, 2000. | ||
| Claims priority of application No. 2258338 (CA), filed on Jan. 11, 1999; and application No. 2259089 (CA), filed on Jan. 15, 1999. | ||
| Prior Publication US 2003/0194086 A1, Oct. 16, 2003 | ||
| Int. Cl. H04K 1/00 (2006.01); H04L 9/00 (2006.01); G06F 1/26 (2006.01); G08B 29/00 (2006.01) | ||
| U.S. Cl. 380—30 [380/28; 726/36] | 22 Claims |
| 1. A computer-implemented method of masking a cryptographic operation comprising generation of a signature r, s in a public key elliptic curve cryptographic system, said operation utilizing both a long term private key d and a short term private key k, wherein r=Kx mod n with K being a public key derived from the short term private key k and a generating point G, Kx being the representation of the x coordinate of the key K and n the order of the generating point G, and wherein s=1/k (e+dr) with e being a hash of the message to be signed and d being the long term private key, said method comprising the steps of: applying masking values to each of said long term private key and short term private key during at least a portion of said cryptographic operation to produce a result, said result corresponding to that obtained without application of said masking values whereby observation of said private keys is inhibited by said masking values during said cryptographic operation. |