US 11,811,906 B2
Method for performing cryptographic operations on data in a processing device, corresponding processing device and computer program product
Matteo Bocchi, Brugherio (IT)
Assigned to STMICROELECTRONICS S.r.l., Agrate Brianza (IT)
Filed by STMICROELECTRONICS S.r.l., Agrate Brianza (IT)
Filed on Mar. 16, 2021, as Appl. No. 17/203,590.
Claims priority of application No. 102020000006475 (IT), filed on Mar. 27, 2020.
Prior Publication US 2021/0306134 A1, Sep. 30, 2021
Int. Cl. H04L 9/00 (2022.01); G06F 7/76 (2006.01); H04L 9/30 (2006.01)
CPC H04L 9/003 (2013.01) [G06F 7/764 (2013.01); G06F 7/768 (2013.01); H04L 9/3066 (2013.01); H04L 2209/046 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A method, comprising:
performing cryptographic operations on data in a processing device; and
protecting, by the processing device, the performing of the cryptographic operations on the data against horizontal attacks by conditionally swapping a first operand and a second operand based on a control value, wherein the conditional swapping comprises:
setting a first mask of a number of bits and a second mask of the number of bits based on the control value, the first mask and the second mask being complementary and having a same Hamming weight;
performing a bitwise XOR operation on the first operand and the second operand;
storing a result of the bitwise XOR operation on the first operand and the second operand as a temporary value; and
performing a combination of bitwise logical operations, the combination of bitwise logical operations including:
performing a bitwise AND operation between the first mask and the first operand obtaining a first bit subset;
performing a bitwise AND operation between the second mask and the second operand obtaining a second bit subset;
performing a bitwise AND operation between the second mask and the first operand obtaining a third bit subset;
performing a bitwise AND operation between the first mask and the second operand obtaining a fourth bit subset;
performing a bitwise OR operation between the first bit subset and the second bit subset obtaining a fifth bit subset and a bitwise OR operation between the third bit subset and the fourth bit subset obtaining a sixth bit subset;
performing a bitwise AND operation of the fifth bit subset with the first mask obtaining a seventh bit subset and a bitwise AND operation of the sixth bit subset with the second mask obtaining an eighth bit subset;
performing a bitwise OR operation of the seventh bit subset and the eighth bit subset;
storing a result of the bitwise OR operation of the seventh bit subset and the eighth bit subset as a value of first operand;
performing a bitwise XOR of the first operand value and the temporary value; and
storing a result of the bitwise XOR of the first operand value and the temporary value as a value of the second operand.