1. Field of the Invention
The present invention relates to the protection of logic circuits against attacks by error injection.
2. Description of the Related Art
The logic circuits present in secured integrated circuits such as integrated circuits for smart cards, are the subject of various attacks by fraudors who try to discover their structure and/or the secrets they contain. They are for example cryptography circuits of DES, AES, RSA or other types, microprocessors programmed to execute cryptography algorithms, register banks containing secret keys, etc.
Such attacks may occur during so-called sensitive calculation phases, such as during the phases of calculating an identification code or during the reading of a cryptography key in a memory for example.
Out of the various attacks known, the attack by fault injection, or error injection, is often used by fraudors. There are localized attacks, concerning one or more bits, and “all on 1”- or “all on 0”-type attacks which aim to force a set of bits at a determined point of the circuit to a same logic value. These attacks can be performed by introducing glitches into the supply voltage of the circuit, by applying a laser beam or an X-ray beam at determined points of the circuit, etc. Some attacks are performed on the back of the silicon microchip of the integrated circuit, by applying determined electric potentials. Such attacks thus enable the behavior of the circuit to be observed, such as the modification of an output code according to the attack for example, and its structure to be deduced therefrom.
To counter such attacks, methods of securization by software redundancy and methods of securization by hardware redundancy and majority vote are known. Software redundancy involves a software re-calculation of the result supplied by the logic circuit, the redundant calculation being performed by microprocessor. However, this method is not entirely satisfactory since the microprocessor is not itself protected from a fault injection, particularly in its data paths and register banks. Furthermore, it is often impossible to perform certain data processing operations by software. Moreover, hardware redundancy with majority election involves reproducing in several copies certain sensitive parts of the logic circuit, and selecting, out of all of the results supplied by the redundant circuits, the majority result. The disadvantage of this method is that it requires occupying a substantial surface area of silicon and requires providing means for identifying and selecting the majority result.