EMA protection of a calculation by an electronic circuit

Abstract

A method for masking a digital quantity used by a calculation executed by an electronic circuit and including several iterations, each including at least one operation which is a function of at least one value depending on the digital quantity, the method including at least one first step of displacement of at least one operand of the operation in a storage element selected independently from the value.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1, previously described, shows a smart card of the type to which the present invention applies as an example;

FIG. 2, previously described, very schematically shows an example of an electronic circuit of the type to which the present invention applies;

FIG. 3, previously described, illustrates a technique of electromagnetic attack of a calculation performed by an electronic circuit;

FIG. 4, previously described, is a flowchart describing a conventional example of implementation of an exponentiation calculation by a square-and-multiply technique;

FIG. 5, previously described, very schematically shows an iteration of a DES algorithm;

FIG. 6 very schematically illustrates in the form of blocks the execution of a substitution function in a secret-key algorithm;

FIG. 7 is a flowchart illustrating an embodiment of the present invention applied to an exponentiation calculation;

FIG. 8 is a partial flowchart illustrating a variation applied to the exponentiation calculation; and

FIG. 9 is a schematic block diagram illustrating an embodiment of the present invention applied to substitution tables of a DES algorithm.

Claims

1. A method for masking a digital quantity used by a calculation executed by an electronic circuit and comprising several iterations, each comprising at least one operation which is a function of at least one value depending on said digital quantity, comprising at least one first step of displacement of at least one operand of the operation into a storage element selected independently from said value.

2. The method of claim 1, comprising at least a second step of displacement of at least one result of the operation into a storage element selected independently from said value depending on the digital quantity.

3. The method of claim 2, wherein said displacement steps are performed at least before and after each execution of said operation.

4. The method of claim 2, wherein said operation is a multiplication operation of an exponentiation calculation by a square-and-multiply technique, said value being a bit of the exponents).

5. The method of claim 1, applied to an RSA or DSA algorithm.

6. The method of claim 1, wherein said operation is a substitution operation, said value being used as an index of selection of the substituted operands (SBOX).

7. The method of claim 6, wherein said displacement step is performed at each iteration.

8. The method of claim 1, applied to a DES or AES algorithm.

9. The method of claim 1, wherein the storage element is selected randomly from among a set of available elements.

10. An electronic circuit comprising means for implementing the method of claim 1.

11. A smart card comprising the circuit of claim 10.