1. Field of the Invention
The present invention generally relates to electronic circuits and, more specifically, to the masking of data manipulated by an electronic circuit in a calculation.
An example of application of the present invention relates to ciphering algorithms executed by integrated circuits and manipulating controlled-access digital quantities (for example, ciphering keys).
2. Discussion of the Related Art
Many methods are known to attempt to discover digital quantities manipulated by an electronic circuit, be they secret quantities (ciphering keys) or controlled-access data.
In particular, so-called covert channel attacks exploit information detectable from the outside of the circuit during the calculations without intervening on the circuit inputs/outputs. Among such attacks, the present invention, for example, aims at attacks by differential power analysis (DPA) or attacks by simple power analysis (SPA) of the electronic circuit when it executes a calculation manipulating secret quantities.
It is usual to use a random quantity to mask an operation manipulating a key. For example, a text to be ciphered is combined with a random quantity before being combined with the ciphering key, then again combined with the same random quantity to provide the ciphered text. This enables masking the correlation between the text to be ciphered (which is known) and the key (which is secret). On the deciphering side (for example, on the side of the receiver of the ciphered data), a similar method may be used. The ciphered text is combined with a random quantity before applying the ciphering key (identical or not to the ciphering key). Then, the intermediary result is combined with the same random quantity, which provides the deciphered text. Such a technique protects against DPA-type analyses.
However, if the random quantity used by a masking-unmasking operation can be detected, a correlation can be established, based on this random quantity and on the result, by examining the state transitions of a register containing a variable used for the calculation.
Document US-A-2004/0162991 describes a method according to which two registers are used to store intermediary results of the calculation, a single one of the registers containing the right result. This makes the detecting of the register content by measurement of the circuit power consumption in state switchings (on execution of the operations) more difficult. However, this is expensive in terms of integrated circuit surface area and requires the source and destination registers to be different.