Technical Field
The present disclosure generally relates to electronic circuits and, more particularly, to circuits executing encryption algorithms known as Rijndael algorithms, which implement a same transformation on different portions of data to be encrypted. The present disclosure more specifically relates to the protection of a calculation executed by such an algorithm against attacks by differential power analysis (DPA).
Discussion of the Related Art
In many applications, electronic circuits implement algorithms of encryption, verification, signature, and more generally algorithms manipulating data, called secret data, that is, the access to which is desired to be reserved to certain users or circuits. Among Rijndael algorithms, the AES algorithm, often called AES (Advanced Encryption Standard, FIPS PUB 197), processes data blocks having a size set to 128 bits and is a particularly common encryption algorithm. The AES applies to a word or message divided into blocks a same transformation a plurality of times in a row based on different sub-keys originating from a same key.
There exist many methods, called attacks, to attempt discovering or to pirate secret data. Among such attacks, so-called side channel attacks comprise analyzing the influence of the calculation executed by the electronic circuit on parameters such as its power consumption, its electromagnetic radiation, etc. A particularly common side channel attack is the attack known as DPA (Differential Power Analysis). Such an attack comprises correlating the power consumption of the integrated circuit executing the algorithm with calculation results involving the secret keys used during the encryption or the decryption. In practice, based on a message to be encrypted and on assumptions relative to the secret key, a curve of statistic correlation over time between the circuit power consumption for the encryption of the message and an intermediate value calculated by the circuit is plotted. Such power analysis attacks are widely described in literature (see for example the article “Differential Power Analysis” by Paul Kocher, Joshua Jaffe, and Benjamin Jun, published in 1999, CRYPTO 99 Conference, pages 388 to 397, published by Springer-Verlag LNCS 1666).