The objective of cryptography is notably to protect:                either the secret of the information by means of the encryption and its dual operation: namely decryption;        or only its integrity, by the signature and signature verification operations.        
Cryptography uses reliable mathematical methods in the sense that, in the current state of public knowledge, there are no attack methods that are more rapid than exhaustive attack corresponding to testing all possible keys.
In general, the encryption methods involve complex calculations necessary for system security. This complexity does not pose particular problems for computers, but it does constitute a drawback in the case of devices used by the general public not having a high computing power, in general devices controlled by low-cost microprocessors. The consequences may therefore be of several orders, thus for example a bank card would take several minutes to sign a transaction or a digital pay television decoder would be unable to follow the data rate involved.
To alleviate this type of problem without increasing the cost of systems, it is usual to add an aid to the central processing unit controlling the device, in general in the form of a cryptography-dedicated coprocessor.
However, whether it is implemented by the central processing unit or by a specialized coprocessor, the cryptography algorithm is in all cases implemented by a physical electronic device. However, electronic devices have inevitable imperfections due to the inherent properties of the laws of electricity.
Thus, cryptographic systems reliable from a mathematical standpoint may be attacked by exploiting the imperfections of the physical systems implementing the algorithm:                the duration of the calculations may depend on the values of the data, in particular on time-optimized software systems, which may give rise to timing attacks enabling, in certain cases, all of the secret keys to be discovered on the basis of simple execution time measurements;        the instantaneous power consumption may also depend on the data and may give rise to series of attacks such as:                    SPA (simple power analysis) that attempts to differentiate the operations executed by a central processing unit on the basis of a measurement of its power consumption, measured during a cryptographic operation;            DPA (differential power analysis) that uses statistical operations on many power consumption measurements, carried out during cryptography operations on random messages and with a constant key to validate or invalidate a hypothesis made on a limited portion of the key;            template attacks which:                            in a first phase, use a device identical to the attacked device, except that this identical device contains no secret, to construct power models indexed by the value of a limited portion of the key; and                in a second phase, use a few measurements of the power consumed by the attacked device to determine the model to which the measured power levels are closest and thus determine the value of this sub-key;                                                any electric current flowing in a conductor generates an electromagnetic field, the measurement of which may give rise to attacks identical in their principle to attacks based on power consumption, notably by DPA; and        finally, attacks disturb the operation of the systems so as to exploit the false results in order to discover the secrets of the system.        
Any imperfection of a physical device implementing a cryptography algorithm and capable of leaking information relating to the secrets stored in the memory of the device is referred to as a “cached channel”.
Reconfigurable circuits of the FPGA (Field Programmable Gate Array) type are very widely used in applications requiring cryptography. There are at least two reasons why. Firstly, cryptography standards change rapidly, certain algorithms with vulnerabilities are replaced with others that correct the deficiencies. In addition, cryptography parameters, such as key size, are also variable. Flexibility is therefore necessary, but without compromising performance. Indeed, cryptography algorithms protect because their calculations are complex. FPGAs meet this requirement for flexibility and power perfectly. Secondly, certain cryptography applications are broadcast in small volumes. This is notably the case, for example, of systems on board satellites. The FPGA solution is thus more efficient than, for example, dedicated implementation of the ASIC type. However, like all cryptography circuits, FPGAs equipped with cryptography functions are vulnerable to attack, notably by cached channels.
A known countermeasure solution for countering attacks, notably by power consumption measurement, uses differential logic, more particularly duplication of logic networks. Thus, each logic gate is duplicated, as dual physical gates operating in complementary logic in such a way that at any moment a dual port is consuming, making the power consumption independent of the data and therefore unusable, notably for a DPA. To ensure a constant number of transitions at each calculation, and therefore a constant power consumption, the differential logic requires two working phases:                a precharge phase to put the variables in a known state; and        an evaluation phase in which the calculation is carried out with a constant number of transitions.        
The complexity of a cryptography circuit is thus more than doubled owing to the use of differential logic and dual-rail connections necessary for its implementation.
Although certain FPGAs integrate counter-pirating protection means into their configuration, none has been designed to withstand attacks on their implementation. The protection means therefore involve solutions at the RTL (Register Transfer Level), notably such as the WDDL logic proposed in the document by K. Tiri and I. Verbauwhede “A logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation” in Proceedings of DATE'04, pages 246-251, February 2004 or else the MDPL logic proposed in the document by T. Popp and S. Mangard “Masked Dual Rail Pre-Charge Logic: DPA Resistance without routing Constraints” in LNCS, published in Proceedings of CHES'05, volume 3659 of LNCS, pages 172-186, Springer, September 2005. These solutions are insufficient as they present logic and technological biases that can be exploited by an attacker.
In all the types of differential logic proposed, despite an apparent power consumption balance, second-order phenomena reveal imbalances and thus information leaks. The most important phenomena are notably the anticipated evaluation and the technological differences in differential networks.