Cryptographic devices are used for the protection of information against unauthorized access to or modification of this information, whether in storage, processing or transit, and against the denial of service to authorized users. Examples of cryptographic devices are smart cards, secure identity tokens, mobile phone security systems, electronic purses, television de-scrambling devices, to name a few. Differential power analysis (DPA) is an established technique for retrieving information from cryptographic systems. The principle of differential power analysis is that the power consumption of a cryptographic device is measured, and this information is correlated with the behavior of logical gates and software running on the cryptographic device. In order to derive information on the power consumption profiles, signals generated by the cryptographic device have to be monitored using some form of a probe. By using suitable statistical techniques on a large set of power consumption profiles, secret parameters can be derived, such as the user's private key. Simple Power Analysis (SPA) is a simpler form of the attack that does not require statistical analysis. Besides the power consumption of a cryptographic device, also its electromagnetic radiation can be measured in order to derive secret parameters. Examples of the use of such secret parameters are encrypting or decrypting arbitary data, authenticating commands or requests, to name a few.
The level of protection of cryptographic devices against techniques such as power analysis attacks can be increased by randomizing or minimizing the power consumption of the device. For example, in “Energy-Aware Design Techniques for Differential Power Analysis Protection”, Proceedings Design Automation Conference, 2003, page 36-41, 2-6 Jun., 2003, Benini et al. describe a cryptographic device having a first execution unit that implements all required functionality, and a second execution unit that only implements a part of the functionality of the first execution unit. Input data are either processed by the first execution unit or by the second execution unit. Due to the reduced functionality of the second execution unit, its power consumption is lower than that of the first execution unit, for a given input value. A selector determines which execution unit to activate in a given cycle, based on the observation of the input value, in order to alter the power consumption of the cryptographic device over time.
Irwin, J. et al., in “Instruction Stream Mutation for Non-Deterministic Processors”, Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures, and Processors, 2002, page 286-295 describe a non-deterministic processor having a so-called mutation unit that is located directly before the execution unit in the pipeline of the processor. The unit may therefore examine and operate on each instruction before dispatching it to the execution unit, using information on the liveness status of values in physical registers, stored in a dedicated table. Using this information, the mutation unit can verify which registers contain useful values and which registers contain values that may be overwritten. One operation performed by the mutation unit is to alter the instructions such that their meaning is the same while their register usage and mapping is different, using the concept of identity instructions. In this concept an instruction is added to an original instruction, such that the sequence of instructions has the same meaning as the original instruction, but resulting in a different power consumption profile. As long as an identity for a given instruction is available, the processor may decide at random to forward either the identity sequence or the original instruction to the execution unit.
It is a disadvantage of the prior art electronic devices that they only will make it harder to derive secret information from an electronic device for cryptographic processing. By increasing the number of measurements of power consumption profiles, which can easily be done by automating the process, it may still be possible to derive secret information from the electronic device.