1. Field of the Invention
The present invention generally relates to electronic circuits and, more specifically, to microcontrollers of execution of instruction sequences, for example, integrated in devices of smart card type.
FIG. 1 very schematically shows in the form of blocks an example of an integrated circuit 1 of the type to which the present invention applies.
Such a circuit comprises at least a central processing unit 2 (CPU), one or several memories 3 (MEM) among which generally at least a non-volatile memory (for example, a ROM) for storing programs and a RAM for containing the data during execution thereof, and an input/output element 4 (I/O) for communicating with or without contact with the outside of circuit 1. The different elements contained in circuit 1 communicate over one or several internal data, address, and control buses 5, and other circuits (for example, sensors) may be integrated to circuit 1.
The present invention more specifically relates to the protection of the execution of programs handling digital values supposed to remain within integrated circuit 1 against possible hacking attempts by fault injection in the program flow.
2. Discussion of the Related Art
Integrated circuits containing digital values supposed to remain unknown from the outside (for example, keys used by cryptography mechanisms) are likely to be hacked by persons attempting to fraudulently implement methods for creating traps in the correct execution of programs. Such methods comprise the disturbing of the circuit operation during the execution of a program (for example, by a disturbance introduced on its clock) to cause an incidental jump from the program to another instruction than that normally expected. Such a jump may enable exiting a control loop, an endless loop following an authentication error, etc. and more generally may enable interpreting the consequences of this jump to discover, even partially, the secret quantities.
There exist different mechanisms to control the flow of programs executed by electronic circuits.
A known solution comprises the performing of a so-called signature calculation during the execution of a program to be sure that all instructions have been executed.
Another known solution comprises the execution of the same program several times in parallel and the checking of the coherence of the results obtained by these multiple executions.
A disadvantage of known solutions is that the very existence of a mechanism for protecting the program execution is not transparent for the user.
Another disadvantage is that these are mechanisms of detection of a trap attempt on a program which require, in case of a detection, for specific measures to be taken, and thus another program to manage possible fraud detections.