In known fashion, it is customary to store sensitive information, for example secret keys intended for use in cryptographic algorithms, for example DES or AES keys, in so-called “control” registers of a chip card.
These control registers consist of a plurality of storage elements, each able to store one binary element (bit).
These storage elements often consist of D flip-flops or DFFs, which will now be described.
FIG. 1 shows a state-of-the-art D flip-flop, or DFF.
Such a flip-flop is traditionally used as a synchronization element for a clock or as a storage element for a binary element (or bit).
A D flip-flop has two input terminals BD, BCLK, and two output terminals BQ, BQ\ capable of receiving and supplying respectively:
an input signal D;
a clock signal CLK;
an output signal Q; and
a signal Q\ which is the complement of the output signal Q.
Optionally, an additional input terminal can be provided for receiving a reinitialization signal RESET.
The operation of the D flip-flop is illustrated by the timing diagram of FIG. 2: the output signal Q takes on the value of the input signal D on each rising edge of the clock signal CLK, these rising edges being shown with dotted lines.
FIG. 3 shows the details of the D flip-flop of FIG. 1.
In known fashion, a D flip-flop is itself made up of two gates (also known as latches), to with a master latch PM and a slave latch PE.
Each of these gates PM, PE receives an input signal W, W′ corresponding to the inverted clock signal CLK.
When the signal W is low, the master gate (or master latch) PM is said to be latched, each of the outputs Q′ and Q′\ maintaining its value, whatever the value of the input signal D.
When the signal W goes high, the master gate (or master latch) PM is said to be unlatched, the output signals Q′ and Q′\ taking on the value of the input signal D and its complement D\ respectively.
In the D flip-flop of FIG. 3, the presence of an intermediate signal Q′ is noted at the output of the master gate PM, this signal being supplied to the input of the slave latch PE.
FIG. 4 illustrates the timing diagram of the D flip-flop including that of the intermediate signal Q′.
In such a flip-flop:
when the clock is low (coarse hatching), the master gate PM is unlatched and the slave latch PE is latched: the value of the intermediate signal Q′ at the output of the master latch PM is equal to the value of the input signal D; and
when the clock is high (fine hatching), the master gate PM is latched and the slave latch PE unlatched: the value of the output signal Q of the slave latch PE takes on the value of the intermediate signal Q′.
FIG. 5 illustrates in detail a gate (or latch) PM or PE in the form of logic functions, each reference 1 through 4 representing a NOT AND (NAND) logic function, it being recalled that such a logic function produces an output equal to 0 when both its inputs are equal to 1, and an output equal to 1 in the other three cases.
It will be noted in particular that the output signal Q is reinserted at the input to the logical NAND function 4 producing the signal Q\, and likewise, that the signal Q\ is reinserted at the input of the logical NAND function 3 which introduces a time lag between the commutation of the signals Q and Q\.
It will be explained later how the invention makes advantageous use of this time lag.
In known fashion, it is possible to use an additional enable signal ENA to control the edge at which the binary datum must be stored by the D flip-flop.
In practice, the enable signal ENA is provided by a state machine and synchronized with the clock signal CLK.
FIG. 6 illustrates this implementation, the clock signal CLK no longer being provided directly at the input terminal BCLK of the D flip-flop, the so-called “storage” signal MEM at the input of this terminal being the result of a logical AND between the clock signal CLK and the enable signal ENA itself.
In the remainder of this document we will call the input terminal of a logical AND function 8 receiving the enable signal ENA the “enable terminal” BENA, the output signal of this logic function 8, resulting from a logical AND between the enable signal ENA and the clock signal CLK, being supplied at the input of the BCLK terminal of the D flip-flop.
The timing diagram of FIG. 7 illustrates the example of storage of a binary element for a duration equal to one clock cycle, the value Q being stored at the time of the rising edge of the clock signal CLK only if the enable signal ENA is high.
The control registers can be subjected to attack by light pulse, such a pulse having the effect of forcing or altering the value of one or more bits of the control register subjected to said attack.
Conventionally, designers of integrated circuits seeking to protect against this kind of attack duplicate the control registers, later comparing them regularly (typically at every access), a discrepancy between the two registers being considered to be the result of an attack.
This solution is not satisfactory; the fact of duplicating the registers requires additional silicon area that is relatively costly.