| CPC H04L 9/0631 (2013.01) [H04L 2209/043 (2013.01); H04L 2209/16 (2013.01)] | 20 Claims |
|
1. A method of performing a cryptographic process in a secured manner, wherein the cryptographic process generates output data based on input data, the generating of the output data involving generating a cryptographically processed data structure comprising a value y based on an initial data structure comprising an amount of data x, the cryptographically processed data structure comprising the value y representing a combination, according to a linear transformation L, of respective outputs from a plurality of S-boxes Sn (n=0, . . . , N−1) for integer N>1, wherein each S-box Sn (n=0, . . . , N−1) implements a respective function Hn that is either (a) the composition of a respective first function Fn and a respective linear or affine second function Gn so that Hn=Gn∘Fn, or (b) the composition of a respective first function Fn, a respective linear or affine second function Gn and a respective third function Wn so that Hn=Gn∘Fn∘Wn, wherein the method comprises:
performing a first processing stage and a second processing stage to generate the cryptographically processed data structure comprising the value y based on the initial data structure comprising the amount of data x, wherein:
the first processing stage uses a plurality of first lookup tables to generate respective outputs, each output being based on at least part of the amount of data x, wherein, for each S-box Sn(n=0, . . . , N−1), the respective first function Fn is implemented by a corresponding first lookup table; and
the second processing stage combines outputs from a plurality of second lookup tables to generate the cryptographically processed data structure comprising the value y, wherein the input to each second lookup table is formed from the output of a plurality of the first lookup tables, and wherein the set of second lookup tables is based on the second functions Gn (n=0, . . . , N−1) and the linear transformation L.
|