The invention relates to a process for the secure comparison of two storage registers, and a security module implementing this process.
The term xe2x80x9csecurity modulexe2x80x9d should be understood either in its conventional sense, in which it designates a device whose purpose in a communication or information network is to be held by an authority supervising the network and to store, in protected fashion, secret and fundamental parameters of the network such as cryptographic keys, or more simply, as designating a device allocated to various users of the network that allows each of them to have access to the latter, this latter device also being capable of holding secret parameters. The security module could take the form of a portable object of the chip card type.
It is known that a hacker is capable of deducing certain information on the operations performed in a security module by carefully studying the electric current consumption of the security module. In particular, when it comes to the operation for comparing two storage registers, the hacker can try to study the evolution of this electric current and attempt to deduce from it the positive or negative result of this comparison.
In the known art, the operation for comparing two storage registers, which is done by comparing two by two various words composing the registers, includes an operation for writing the result of each comparison performed between words: this write operation consists in a setting to 0 or to 1 of a bit in an auxiliary register, as a function of the result of the comparison. This direct translation of the result into a setting to 0 or to 1 of a bit is susceptible to being discovered by a hacker.
The object of the invention is to offer a process for comparing two storage registers that does not involve a direct writing of the result of the comparison into an auxiliary register. To this end, the invention relates to a process for comparing two main storage registers, these registers comprising the same number of words, each having a value defined by several logical elements, characterized in that it comprises the steps consisting of:
defining at least one auxiliary storage register comprising several words each having a value defined by several logical elements;
setting the logical elements of the auxiliary storage register to random values;
calculating a first sum of the values of the words of the auxiliary storage register;
comparing two by two the respective words of the main storage registers, and for each comparison of two respective words, randomly selecting one of the words of the auxiliary storage register, and modifying the value of this word by a first predetermined value if said words of the main storage registers are identical, and modifying the value of this word by a second predetermined value if said words of the main storage registers are different;
calculating a second sum of the values of the words of the auxiliary storage register, and modifying it by a value equal to said first value multiplied by the number of words of the main storage registers; and
comparing said first and second sums, and in the event of equality, declaring that said main storage registers are identical, while in the event of inequality, declaring that said main storage registers are different.