1. Field of the Invention
The present invention generally relates to integrated circuits and, more specifically, to the protection of algorithms and/or digital data handled by an integrated circuit against possible attacks by analysis of the circuit power consumption.
An example of application of the present invention is the field of smart cards and other electronic tags with or without contacts.
2. Discussion of the Related Art
The power consumption of an electronic circuit, especially of a digital data processing circuit, varies according to the activity of this circuit and more specifically to the executed calculations. When a circuit executes an algorithm that must remain secret or manipulates secret quantities or data, it is generally desired to avoid a hacking by analysis of the circuit power consumption. Such a hacking uses so-called SPA (Simple Power Analysis) or DPA (Differential Power Analysis) attacks which examine the current signature of the circuit to discover its operation or the secret data.
FIG. 1 very schematically shows a card 1 with a chip 2 with contacts of the type to which the present invention applies. Card 1 is formed of a wafer generally made of plastic matter on which is placed an integrated circuit chip 2 accessible from the outside by electric contacts 3 among which at least two contacts 31 and 32 of application of a supply voltage when the card is introduced into the reader.
FIG. 2 shows a second example of a smart card 1′ to which the present invention applies. It is a contactless card generally called an electromagnetic transponder. Card 1′ comprises an integrated circuit chip 2′ having two input terminals 31′ and 32′ connected to the two respective ends of a conductive track 33, supported by card 1′ and forming an antenna. Antenna 33 belongs to a resonant circuit of transponder 1′ to collect not only information but also a remote-supply power when the card is close to a terminal generating an electromagnetic field.
The two systems with and without contacts may be present on the same card, and even on the same chip.
Be it in a card with or without contacts, the chip integrates an element for regulating the supply voltage of its internal circuits, among which the calculation circuit(s) (generally, a microcontroller). The chip is considered as a secure area from the point of view of the preservation of the data (algorithms and data) that it contains, such data being only accessible from the means of chip communication with the outside (contacts 3, 31 and 32 in the case of a card with contacts and radio-frequency signal or terminals 31′ and 32′ in the case of a contactless card).
FIG. 3 very schematically shows in the form of blocks a conventional example of a linear regulator 4 providing, from a voltage Vps present between terminals 31 and 32, a regulated D.C. supply voltage Vdd of a load 29 (L) formed by the circuits internal to the chip apart from regulator 4.
In the case of a card (1, FIG. 1) with contacts, terminals 31 and 32 are directly connected to the terminals of application of the supply voltage of regulator 4, as shown in full lines in FIG. 3.
In the case, shown in dotted lines in FIG. 3, of a contactless card (1′, FIG. 2), external access terminals 31′ and 32′ of the chip to which is connected antenna 33 (symbolized by an inductance of the oscillating circuit in FIG. 3) are connected to the A.C. input terminals of a rectifying bridge 24. A capacitor 23 taking part in the oscillating circuit connects terminals 31′ and 32′, and the rectified output terminals of bridge 24 are generally connected by a capacitor 25. Terminals 31 and 32 of application of voltage Vps to the input of regulator 4 are connected to the rectified output terminals of bridge 24. Signals (not shown) are sampled upstream of the regulator (at the input or at the output of bridge 24), among others, to recover a clock signal of the downstream microcontroller.
Regulator 4 uses a switch 40 (typically, a P-channel MOS transistor) having its source directly connected to a terminal 41 of application of the positive voltage (terminal 31) of supply voltage Vps and having its source directly connected to an output terminal 48 of regulator 4 providing the positive potential of voltage Vdd. The gate of transistor 40 is connected to the output of a transconductance amplifier 43 to regulate voltage Vdd according to a reference value. This reference value is provided by a circuit 44 (BG) for generating a reference voltage (generally designated as a bandgap voltage) on a reference input (for example, non-inverting) of amplifier 43. The measurement input (for example, inverting) of amplifier 43 is connected to the midpoint of a dividing bridge formed of two resistors 45 and 46 in series between terminal 48 and a terminal 42 of application of the reference voltage (ground) of input voltage Vps. Amplifier 43 and circuit 44 are supplied between terminals 41 and 42 (voltage Vps).
In operation, input current Ips on supply pad 31 is directly proportional to input current Idd on internal supply node 21 of load 29. Accordingly, an analysis of current Ips enables deducing the current signature of the load.
On the side of reference terminal 32, current Iss coming out of the integrated circuit through pad 32 directly depends on the current coming out from the load through its reference pad 22. Although current Iss generally contains less information than current Ips due to the integration performed by the ground plane capacitances, an analysis of the current signature of the integrated circuit by examination of current Iss is possible.
To thwart hacking attempts by analysis of the power consumption of an integrated circuit, a first known so-called software technique consists of masking the execution of the critical operations from the viewpoint of the data or algorithm security with random quantities input at different steps of the processing.
A second known so-called hardware technique consists of duplicating the digital processing cells to perform several calculations in parallel and thus mask the critical calculations.
Whatever the used technique, the electric signal representative of the current signature of the algorithm remains present, even masked, in currents Ips and Iss.
The present invention will be described hereafter in relation with an example of application to a chip (for example, of a smart card) integrating all the circuits, but it more generally applies to any circuit or electronic system integrating, in a secure area, a circuit likely to undergo hacking attempts by analysis of its consumption.