In many data-processing devices with integrated circuits, for example, cryptographic operations serve to protect the operation of these devices or to protect the data stored in the device. The computing operations required for this purpose are performed by standard processing units (CPU) and by dedicated crypto-processing units (co-processors). Typical examples are chip cards and IC cards such as, for example, smart cards. The data or intermediate results used in this respect is usually security-relevant information such as, for example, cryptographic keys or operands.
In the processing operations performed by the integrated circuit, for example, for computing cryptographic algorithms, logic combinations between operands and intermediate results are performed. Dependent on the technology used, these operations, particularly loading empty or previously erased memory areas or registers with data, lead to a higher current consumption of the data-processing devices. In complementary logics such as, for example, in CMOS techniques, a higher current consumption occurs when the value of a bit memory cell is changed, i.e. when its value changes from “0” to “1”. The increased consumption depends on the number of bit positions changed in the memory or the register. In other words, loading of a previously erased register increases the current consumption proportionally with the Hamming weight of the operands (=the number of bits of the value “1”) written into the empty register. By corresponding analysis of this current variation, it might be possible to extract information about the computed operations so that a successful crypto-analysis of secret operands such as, for example, cryptographic keys is possible. By performing a plurality of current measurements in the data-processing device, a sufficient extraction of the information could be made possible, for example, at very small signal changes. On the other hand, a plurality of current measurements could render a possibly required subtraction possible. This kind of crypto-analysis is also referred to as “Differential Power Analysis” by means of which an outsider can successfully perform an unauthorized crypto analysis of the cryptographic operations, operands and data only by observing changes in the current consumption of the data-processing device. The “Differential Power Analysis” thus provides the possibility of additionally gaining internal information of an integrated circuit beyond its sheer functionality.
A typical field in which the above-mentioned smart cards are used is, for example, in applications in which the smart card is used as a secure information memory. Cryptographic operations secure access to these applications in that the smart card independently performs encryption operations for the purpose of authentication. This is only possible by using a special smart card controller (microcontroller) which is controlled by suitable software. The communication channel between the smart card controller and the smart card terminal is directly secured by means of cryptographic methods whose security level essentially depends on the cryptographic algorithm used.
To be able to forge the authentication process for a smart card, it must be possible to emulate the authentication protocol by means of a copy. In secure protocols, this is only possible by analyzing the secret cryptographic key stored on the smart card.
Since smart card controllers are reproducibly operating machines, internal processors in the smart card controller can be determined and finally the secret key can be found by means of the analysis of indirect radiations of a smart card during operation, for example by measuring the time variation of the current consumption by means of the above-mentioned Differential Power Analysis. The reproducible, deterministic current profile for equal program sequences of a smart card control circuit is then analyzed.
An integrated circuit for storing and processing secret data is known from U.S. Pat. No. 4,813,024, in which a memory comprises a simulation memory cell having an identical current consumption as a memory cell which was not hitherto programmed. Fluctuations in the current and voltage are thereby only eliminated for the memory cell but not for processing the data.