(EN) Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions.Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack. At the same time, by using the main key only once (rather than using the main key each time a sub-key is generated), the vulnerability of the main key to a side-channel attack is reduced, because the opportunities for recovering physical information that could lead to the discovery of the main key are reduced. Specific embodiments use parallel or chained execution of sub-functions to generate respective sub-keys. Other specific embodiments generate all sub-keys from a single one-way function in one go.
(ZH) 提供了从主密钥生成用于加密操作的子密钥序列的方法、系统和设备。用包括一个或多个单向函数的变换仅操作主密钥一次以生成该序列的子密钥。使用一个或多个单向函数的相应位值来设置该序列的子密钥的相应位值。有利的,从一个或多个单向函数的相应的输出位中得出子密钥位去除或至少减少了主密钥和子密钥之间的关联、以及子密钥之间的关联,使从单个子密钥恢复主密钥或其他子密钥(如所发现的使用边信道攻击的例子)更困难或甚至是不可能的。同时,通过仅使用一次主密钥(而不是在每次生成子密钥时使用主密钥),减少了主密钥对边信道攻击的脆弱性,因为减少了用于恢复物理信息(可能导致发现主密钥)的机会。具体实施例使用子函数的并行或链式执行以生成相应的子密钥。其他具体实施例从单个单向函数中一次性生成所有子密钥。