The present invention relates to a countermeasure method in an electronic component using an elliptical curve type public key enciphering algorithm.
In the conventional model of secret key encryption, two persons wishing to communicate by means of a non-secure channel must first agree on a secret enciphering key K. The enciphering function and the deciphering function use the same key K. The drawback of the secret key enciphering system is that the said system requires the prior communication of the key K between the two persons by means of a secure channel, before any enciphered message is sent over the non-secure channel. In practice, it is generally difficult to find a perfectly secure communication channel, particularly if the distance separating the two persons is great. Secure channel means a channel for which it is impossible to know or modify the information passing over the said channel. Such a secure channel can be implemented by means of a cable connecting two terminals, possessed by the said two persons.
The concept of public key encryption was invented by Whitfield Diffie and Martin Hellman in 1976. Public key encryption makes it possible to resolve the problem of the distribution of the keys over a non-secure channel. The principle of public key encryption consists in using a pair of keys, a public enciphering key and a private deciphering key. It must be unfeasible from the calculation point of view to find the private deciphering key from the public enciphering key. A person A wishing to communicate information to a person B uses the public enciphering key of the person B. Only the person B possesses the private key associated with his public key. Only the person B is therefore capable of deciphering the message sent to him.
Another advantage of public key encryption over secret key encryption is that public key encryption allows authentication by the use of an electronic signature.
The first implementation of the public key enciphering scheme was developed in 1977 by Rivest, Shamir and Adleman, who invented the RSA enciphering system. RSA security is based on the difficulty of factorising a large number which is the product of two prime numbers.
Since then, many public key enciphering systems have been proposed, the security of which is based on different calculatory problems (this list is not exhaustive):                Merckle-Hellman backpack:        
This enciphering system is based on the difficulty of the problem of the sum of subsets.                McEliece:        
This enciphering system is based on the theory of algebraic codes. It is based on the problem of the decoding of linear codes.                El Gamal:        
This enciphering system is based on the difficulty of the discrete logarithm in a finite field.                Elliptical curves:        
The elliptical curve enciphering system constitutes a modification to existing cryptographic systems in order to apply them to the field of elliptical curves.
The use of elliptical curves in cryptographic systems was proposed independently by Victor Miller and Neal Koblitz in 1985. Actual applications of elliptical curves were envisaged early in the 1990s.
The advantage of cryptosystems based on elliptical curves is that they provide security equivalent to other cryptosystems but with smaller key sizes. This saving in key size entails a decrease in memory requirements and a reduction in calculation times, which makes the use of elliptical curves particularly suitable for applications of the smart card type.
An elliptical curve on a finite field GF(q^n) (q being a prime number and n an integer) is the set of points (x,y) with x the X-axis and y the Y-axis belonging to GF(q^n) the solution to the equation:y^2=x^3+a*x+b 
if q is greater than or equal to 3 andy^2+x*y=x^3+a*x^2+b 
if q=2.
There are 2 methods for representing a point on an elliptical curve:
Firstly, affine coordinates representation; in this method, a point P on the elliptical curve is represented by its coordinates (x,y).
Secondly, projective coordinates representation.
The advantage of projective coordinates representation is that it makes it possible to avoid divisions in the finite field, the said divisions being the most expensive operations in terms of calculation time.
The most frequently used projective coordinates representation is that consisting of representing a point P on the elliptical curve by the coordinates (X,Y,Z), such that x=X/Z and y=y/Z^3.
The projective coordinates of a point are not unique since the triplet (X,Y,Z) and the triplet (λ^2*X, λ^3*Y, λ*Z) represent the same point whatever the element λ belonging to the finite field on which the elliptical curve is defined.
The two classes of curves which are most used in encryption are the following:
1) Curves defined on the finite field GF(p) (the set of integers modulo p, p being a prime number) having the equation:y^2=x^3+a*x+b 
2) Curves defined on the finite field GF(2^n) having the equationy^2+x*y=x^3+a*x^2+b 
For each of these two classes of curve, the point addition and point doubling operations are defined.
Point addition is the operation which, given two points P and Q, calculates the sum R=P+Q, R being a point on the curve whose coordinates are expressed by means of the coordinates of the points P and Q in accordance with formulae whose expression is given in the work “Elliptical curve public key cryptosystem” by Alfred J. Menezes.
Point doubling is the operation which, given a point P, calculates the point R=2*P, R being a point on the curve whose coordinates are expressed by means of the coordinates of the point P in accordance with the formulae whose expression is given in the work “Elliptical curve public key cryptosystem” by Alfred J. Menezes.
The point addition and point doubling operations make it possible to define a scalar multiplication operation: given a point P belonging to an elliptical curve and an integer d, the result of the scalar multiplication of P by d is the point Q such that Q=d*P=P+P+ . . . +P d times.
The security of encryption algorithms on elliptical curves is based on the difficulty of the problem of the discrete logarithm on elliptical curves, the said problem consisting, using two points Q and P belonging to an elliptical curve E, in finding, if such exists, an integer x such that Q=x*P.
There are many cryptographic algorithms based on the problem of the discrete logarithm. These algorithms are easily transposable to elliptical curves.
Thus it is possible to use algorithms providing authentication, confidentiality, integrity check and key exchange.
A point common to the majority of cryptographic algorithms based on elliptical curves is that they comprise as a parameter an elliptical curve defined on a finite field and a point P belonging to this elliptical curve. The private key is an integer d chosen randomly. The public key is a point on the curve Q such that Q=d*P. These cryptographic algorithms generally involve a scalar multiplication in the calculation of a point R=d*T, where d is the secret key.
In the above section, an enciphering algorithm based on an elliptical curve is described. This scheme is similar to the El Gamal enciphering scheme. A message m is enciphered as follows:
The cipher clerk chooses an integer k randomly and calculates the points k*P=(x1,y1) and k*Q=(x2,y2) on the curve, and the integer c=x2+m. The cipher of m is the triplet (x1,y1,c).
The deciphering clerk, who possesses d, deciphers m by calculating:(x′2,y′2)=d(x1,y1) and m=c−x′2
In order to effect the scalar multiplications necessary in the calculation methods described previously, several algorithms exist:
“Double and add” algorithm;
“Addition-subtraction” algorithm;
Algorithm with addition chains;
Algorithm with window;
Algorithm with signed representation.
This list is not exhaustive. The simplest algorithm and the one which is most used is the “double and add” algorithm. The “double and add” algorithm takes as its input a point P belonging to a given elliptical curve and an integer d. The integer d is denoted d=(d(t),d(t−1), . . . ,d(0)), where (d(t),d(t−1), . . . ,d(0)) is the binary representation of d, with d(t) the most significant bit and d(0) the least significant bit. The algorithm returns as an output the point Q=d.P.
The “double and add” algorithm includes the following three steps:
1) Initialising the point Q with the value P
2) For i ranging from t−1 to 0, executing:                2a) Replacing Q with 2Q        2b) If d(i)=1 replacing Q with Q+P        
3) Returning Q.
It became clear that the implementation of a public key enciphering algorithm of the elliptical curve type on a smart card was vulnerable to attacks consisting of a differential analysis of current consumption making it possible to find the private deciphering key. These attacks are known as DPA attacks, the acronym for Differential Power Analysis. The principle of these DPA attacks is based on the fact that the current consumption of the microprocessor executing the instructions varies according to the data item being manipulated.
In particular, when an instruction is manipulating a data item in which a particular bit is constant, where the value of the other bits may vary, analysis of the current consumption related to the instruction shows that the mean consumption of the instruction is not the same according to whether the particular bit takes the value 0 or 1. The attack of the DPA type therefore makes it possible to obtain additional information on the intermediate data manipulated by the microprocessor of the card when a cryptographic algorithm is being executed. This additional information can in some cases reveal the private parameters of the deciphering algorithm, making the cryptographic system insecure.
In the remainder of this document a description is given of a method of DPA attack on an algorithm of the elliptical curve type performing an operation of the type consisting of the scalar multiplication of a point P by an integer d, the integer d being the secret key. This attack directly reveals the secret key d. It therefore seriously compromises the security of the implementation of elliptical curves on a smart card.
The first step of the attack is the recording of the current consumption corresponding to the execution of the “double and add” algorithm described previously for N distinct points P(1), . . . , P(N). In an algorithm based on elliptical curves, the microprocessor of the smart card will perform N scalar multiplications d.P(1), . . . ,d.P(N)
For clarity of the description of the attack, the first step is to describe a method for obtaining the value of the bit d(t−1) of the secret key d, where (d(t),d(t−1), . . . ,d(0)) is the binary representation of d, with d(t) the most significant bit and d(0) the least significant bit. Next the description of an algorithm which makes it possible to find the value of d is given.
The points P(1) to P(N) are grouped together according to the value of the last bit of the abscissa of 4.P, where P designates one of the points P(1) to P(N). The first group consists of the points P such that the last bit of the abscissa of 4.P is equal to 1.
The second group consists of the points P such that the last bit of the abscissa of 4.P is equal to 0. The mean of the current consumptions corresponding to each of the two groups is calculated, and the difference curve between these two means is calculated.
If the bit d(t−1) of d is equal to 0, then the scalar multiplication algorithm previously described calculates and stores in memory the value of 4.P. This means that, when the algorithm is executed in a smart card, the microprocessor of the card will actually calculate 4.P. In this case, in the first message group, the last bit of the data item manipulated by the microprocessor is always at 1, and in the second message group the last bit of the data item manipulated is always at 0. The mean of the current consumptions corresponding to each group is therefore different. There therefore appears, in the difference curve between the two means, a differential current consumption peak.
If on the other hand the bit d(t−1) of d is equal to 1, the exponentiation algorithm described previously does not calculate the point 4.P. When the algorithm is executed by the smart card, the microprocessor therefore never manipulates the data item 4.P. Therefore no differential consumption peak appears.
This method therefore makes it possible to determine the value of the bit d(t-1) of d.
The algorithm described in the following section is a generalisation of the previous algorithm. It makes it possible to determine the value of the secret key d.
The input is defined by N points denoted P(1) to P(N) corresponding to N calculations performed by the smart card, and the output by an integer h.
The said algorithm is implemented as follows in three steps.
1) Executing h=1;
2) For i ranging from t−1 to 1, executing:                2)1) Classifying the points P(1) to P(N) according to the value of the last bit of the abscissa of (4*h).P;        2)2) Calculating the current consumption mean for each of the two groups;        2)3) Calculating the difference between the two means;        2)4) If the difference shows a differential consumption peak, doing h=h*2; otherwise doing h=h*2+1;        
3) Returning h.
The above algorithm supplies an integer h such that d=2*h or d=2*h+1. In order to obtain the value of d, it then suffices to test the two possible hypotheses.
The attack of the DPA type described therefore makes it possible to find the private key d.