The operations executed by a cryptographic device cause variations of physical quantities. These variations differ according to the data processed, which can be measured by an attacker, for example by measuring the power consumption of the device or its electromagnetic radiation. An attacker can use these measurements to obtain information about the secret data handled in the device. To provide a defense against such an attacker, the designer of the device must adapt the executed operations in such a way that the measurable variations caused by them are independent of the secret data.
One method of attacking a device in order to discover the secret data contained in it, known to those skilled in the art, is the “side channel attack”. In this form of attack, the power consumption of the device is measured and this measurement is used to deduce the information contained in it. A defense against such attacks can be provided by a known protection method in which all the sensitive variables x of the algorithm are combined with a random data r. Thus each intermediate variable handled by the device can be written as a function of x and r, mr(x). One of the limitations of this solution is that it is necessary to ensure that x can be retrieved from mr(x) at any step of the algorithm in question. To achieve this, all the operations executed on the variable x must be adapted to allow for the masking method mr.
In the case of block encryption algorithms, the sensitive data x handled by this type of algorithm are masked by means of the function mr(x)=x+r, where r is a random variable and the sign ‘+’ refers to the Exclusive OR (XOR) operation.
This method, known in the prior art, is easily implemented, because all the linear or affine operations executed by the algorithm to be protected can be adapted immediately. Furthermore, this method is effective against first-order side channel attacks, in other words those using a single measurement point, such as the power consumption of the device.
One of the main problems of the prior art solution using masking with a function of the type mr(x)=x+r is that it has low resistance to higher-order side channel attacks, in other words those using a plurality of measurement points instead of a single point. This is because the information associated with two points in the measurements corresponding to the processing of the variables x1+r and x2+r is strongly correlated with x1+x2, resulting in low resistance to the more advanced forms of attack called k-th order attacks, where k is an integer greater than 1.
However, this problem can be resolved by extending the initial solution to a number k of random variables such that masking with a function mr(x)=x+r1+r2+ . . . +rk is used, where the variables r1, r2, . . . , rk are handled separately. However, this solution does not resolve the problem of an attacker using an indefinite number of measurement points, and moreover it leads to additional implementation costs which are unacceptable in practice when k is large. Furthermore, there is no known solution for implementing such a solution when k is greater than or equal to three.
None of the prior art solutions is capable of resisting known attacks of any order k greater than 1 at an additional complexity cost which is acceptable.