Traditionally, when a cryptographic processing method (such as a digital signature) is implemented on an electronic device (in the form of either dedicated hardware or a set of software instructions to be executed by a processor contained in the electronic device), it is important to take account of the constraints induced by the existence of two major classes of attacks (namely, side-channel attacks and fault-injection attacks) to which all devices are electronically vulnerable.
Side-channel attacks consist in observing the normal working of an electronic device without damaging it. These are non-invasive attacks in which the physical effects of the computations on the embedded modules are observed. These observed effects are, for example, execution time, electromagnetic radiation or again consumption of current. The purpose of the observation is to retrieve secret data handled during the execution of a cryptographic processing method. The attacks known as SPA (Simple Power Analysis), DPA (Differential Power Analysis), SEMA (Simple ElectroMagnetic Analysis), and DEMA (Differential ElectroMagnetic Analysis) attacks are examples of side-channel attacks.
In fault-injection attacks, the efficient working of an electronic device is disturbed and an erroneous output is analyzed to obtain information on the secret data stored in this device.
In general, those skilled in the art try to prevent such attacks by incorporating special countermeasures when a cryptographic processing method is being carried out.
To obtain protection against fault-injection attacks, it is common practice either to duplicate the computation and then verify that the two results are equal or to add on an operation that checks the integrity of the computation to be protected.
Thus, in the example where a digital signature method (such as the signature method known as the RSA (Rivest, Shamir and Adleman) method, or one of its variants) has to be implemented, the most efficient technique to counter fault-injection attacks is to verify the result of the signing by using the public key if this public key is available.
One description of a generic implementation of the digital signature method known as the RSA-CRT (Chinese Remainder Theorem) protected, according to known techniques of the prior art, against the two classes of attacks mentioned here above is described with reference to FIG. 1.
However, such a digital signature method proves to be sensitive to any attack combining a side-channel attack and a fault-injection attack. The description of the technical problem formulated by the inventors is described with reference to FIG. 2 of the present patent application. It must be noted that detecting and formulating this security problem inherent in the use of the above-described digital signature method was not obvious to those skilled in the art.
The invention is therefore at least partly a problem invention, corresponding to the detection of this security flaw.
It must be noted that this problem of security exists in numerous implementations of a digital signature method considered to be secured, such as for example the one described in the document US 2010/0223478.