Cryptology may be defined as the science for hiding information. It forms with the physical security of the components and operating systems the essential dimension of security for chip cards. Cryptology includes cryptography which is the art of encrypting and decrypting messages, and cryptological analysis which is the art of breaking secret codes.
In chip cards, cryptography implements various mechanisms which have the purpose of providing either confidentiality of the information, or authentication of the cards or the users, or even the signature of messages. All the means which implement cryptography form a cryptosystem. Such cryptosystems contain confidential information, notably for encryption and decryption of digital messages.
Among this confidential information, the encryption and decryption keys which are parameters of a secret agreement used for encryption and decryption of digital messages may be mentioned. The use of these encryption and decryption keys often requires several data transfers which characterizes them. When they are used within a cryptosystem, the characteristic data of digital keys and other confidential information flow between various memory or processing registers and modules. These transfers between registers and/or modules are expressed by the appearance of electrical currents or magnetic fields bearing pieces of confidential information. These pieces of confidential information may for example, relate to the encryption and decryption keys.
Such cryptosystems pose a problem of visibility from the outside world. A measurement of the electrical signals or the magnetic fields arising from the exchanges of information between different portions of the circuit may provide access to pieces of confidential information which are involved in the protection of data by the encryption or decryption system. For example, one of the electrical signals may be located at the power supply contact of the circuit, whether the latter is internal or external.
When the digital key is used by an authorized component, such as a chip card, a certain visibility, for example on the digital key, is made possible by investigating such electrical signals. The sensitive electrical signals may be observed on different contacts of the circuit, notably connecting different memory or processing registers or modules.
A digital key may thus be discovered as a result of accumulating electrical or magnetic signal measurements and of a statistical analysis of these measurements. More generally, any electronic circuit has an electrical consumption related to the operations which it carries out. It is possible to discover hidden information in the circuit by measuring this consumption. This problem is posed in any secured component, and notably in components for chip cards.
Discovery of protected data by observation of the current generally requires a reproducibility of the current measurement to carry out statistical processing. Thus, when an electronic circuit executes an algorithm containing identical or similar and recurrent operations, such as transfer of confidential data between registers, and where fine observation of the operations one by one may disclose confidential information, a statistical analysis based on the measurement of the aforementioned electrical currents may be detrimental to the security of the electronic circuit.