1. Field of the Invention
The present invention generally relates to electronic circuits and, more specifically, to the protection of data contained in an integrated circuit against an extraction thereof after fault injections in the circuit operation. The present invention more specifically relates to the protection against a possible attempt to disturb a calculation handling data that should not be communicated outside the circuit.
2. Discussion of the Related Art
FIG. 1 is a schematic block diagram illustrating an example of a simplified architecture of an integrated circuit 1, for example a smart card, of the type to which the present invention applies. Circuit 1 comprises a central processing unit 11 (CPU) associated with one or several memories 12 (MEM) among which generally at least one element for storing in non-volatile fashion a digital amount (for example, a confidential code) and an input/output circuit (I/O) enabling data exchange with the outside of circuit 13. The different elements communicate via several internal data, address, and control buses 14.
Among possible attacks performed by persons attempting to fraudulently obtain confidential data from chip 1, the present invention applies to so-called fault-injection attacks which consist of disturbing the operation of component 1, for example, by means of radiation (laser, infrared, X-rays, etc.) or by other means (for example, by acting on the component supply).
The data provided (output) by the component on its input/output ports 13 are exploited by the person attempting fraud to discover secret elements of the chip (algorithm, secret key, etc.) or to elude a security mechanism (authentication, identification, ciphering, etc.).
Some integrated circuits comprise tools for detecting fraud attempts by checking that a program has properly executed. For example, the same instructions of a calculation are executed twice and it is checked that they lead to the same result, or a signature calculation is performed on data extracted from memory 12. In case a fraud attempt is detected, the component is generally off, that is, it does not provide the required result on its input/output ports 13.
FIG. 2 schematically shows an example of sequencing of a calculation with an integrity check of the type to which the present invention applies. This sequencing may correspond to a portion of a program executed by a smart card and only the portion subject to an integrity check, that is, a checking of the absence of errors on the calculation having involved the critical digital quantity, will be discussed.
It is generally desired to check the calculation (be it by double execution or by a signature calculation) before outputting the result from circuit 1. This means that an execution (block 21, COMPUT) of the calculation, the integrity of which is desired to be checked, is followed in time with a checking (block 22, CHECK) before allowing the carrying on of the program flow (block 23, FLOW) and especially the provision of a result to the outside of the circuit.
The object of checking 22 is to detect a possible disturbance by fault injection on execution of calculation 21.
A problem is that if a person attempting fraud knows how to disturb (derail) a calculation, he also knows a priori how to disturb checking 22 of this calculation. In particular, if this disturbance consists of forcing a jump of the program in the flow thereof, there is a risk for the integrity check not to be brought to its end, without this preventing the program from carrying on, and thus the output of a result.
A conventional solution to attempt solving this problem is illustrated in FIG. 2. It consists of spacing calculation 21 in time from its integrity check 22 by interposing, between the two (block 24, WAIT), either false operations, or a wait loop, that is, a wait sequence between the execution of the calculation and its checking.
A disadvantage of such a solution is that the introduction of such a wait sequence 24 adversely affects the general speed of execution of the programs in the integrated circuit.
Another disadvantage is that, to be effective, wait sequence 24 must be relatively long to guarantee that a second attack intended to disturb checking 22 actually falls in wait sequence 24.
Another disadvantage is that wait sequence 24 may itself be disturbed by a fault injection, which then risks enabling the program to start back off in its normal flow (block 23).