1. Field of the Invention
The invention concerns a method for cryptographic data processing and a related device and related software.
2. Description of the Related Art
In such methods, data is frequently masked in order to combat attacks, for example of the current analysis type (particularly attacks of the differential power analysis (DPA) type or the electromagnetic radiation analysis type).
Masking techniques combine the data item (i.e. in practice the number) to be used (in practice which is to be subjected to an operation) with a number that an external attacker cannot predict (generally a random or pseudo-random number); thus the values involved are different each time even using a constant input data item, which makes it impossible for the attacker to deduce the internal data of the process (and particularly the cryptographic keys that it uses) on the basis of external measurements.
Part of cryptographic security is achieved by the use of non-linear functions. For example, it is routine to model a block cipher by combining affine functions and non-linear functions. The production of such non-linear functions is particularly difficult to protect by masking because of the non-linearity vis à vis the masking operation.
One example of a cryptographic processing method is described in international patent application WO 2007/116140 and applies to this masked data a non-linear function of the S-box (substitution box) type.
Such S-boxes are in practice implemented by means of a substitution table (often referred to as an S-table or look-up table (LUT)) stored in the cryptographic device.
The solution proposed in the above document may nevertheless be unsuitable if it is required to avoid the use of a large number of summations.