Electronic transactions carried out by smart card are secured by using a smart card authentication procedure that uses an encryption algorithm. During the authentication procedure, the terminal used for the transaction sends the smart card a random code. The smart card must respond to the terminal by producing an authentication code which is the transform of the random code by the encryption algorithm. The terminal calculates the transform of the random code and compares the result obtained with the one returned by the card. If the authentication code returned by the card is valid, the transaction is authorized.
In the integrated circuit of a smart card, the encryption algorithm is generally performed by a hard-wired logic circuit, or encryption co-processor, to which a secret key is assigned that is stored in a protected area of the integrated circuit memory. It is essential to guarantee absolute protection of the secret key as the encryption algorithms implemented in the authentication procedures are known, and only the secret key guarantees the tamper resistance of the authentication procedure.
However, in recent years, pirating techniques of integrated circuits have progressed considerably and criminals now have sophisticated analysis methods that enable them to detect the secret keys of the encryption algorithms by monitoring certain logic and/or electric signals that are part of the integrated circuit operation. Some of these methods are based on monitoring the current consumed by an integrated circuit during the execution of confidential operations.
In particular, SPA type (single power analysis) methods and DPA type (differential power analysis) methods can be singled out, the latter being particularly dangerous as they allow a secret key to be discovered without the need to monitor the data circulating on the integrated circuit data bus.
Other pirating methods use electrical probes (so-called probing methods) and are based on monitoring logic signals occurring in the logic circuits, particularly in the encryption circuits. For this purpose, small orifices are made in the integrated circuit board to access the logic circuit nodes. These orifices are then filled with a conductive material to form contact areas on the surface of the integrated circuit from which the polarity of the logic signals can be monitored.
To counter these pirating methods, there are various counter-measures that include, for example, using a random clock signal, using dummy codes, masking the variations in the current consumption of logic circuits by current generators, scrambling the current consumption of these circuits by the use of noise generators, etc.
However, it is well known that each new anti-pirating method devised generally ends up being countered by the criminals, who have powerful calculation and analysis means. Generally speaking, various anti-pirating methods may be combined to provide more efficient protection.