1. Field of the Invention
This invention concerns an unpredictable microprocessor or microcomputer.
2. Description of Related Art
It is a known fact that microprocessors or microcomputers execute excessive instructions of a program recorded in memory sequentially in step with one or several timing signals referenced with respect to one of the clock signals supplied to the microprocessor or microcomputer, either internally or externally.
It has proved to be possible to become familiarized with the various phases of this method of program execution as a function of time, because the execution of the instructions is in sequence, to a process predetermined by this program, generally synchronized with the clock signals that regularly time the processor. Indeed, every program generates a sequence of instructions that must be executed successively in an order known in advance, and the moments at which each instruction begins and ends are known accurately, because they are executed to a predetermined process in the course of time. Therefore, in principle, it is possible to know which instruction is performed at a given moment in the processing unit of the processor, because the program that is run comprises a predetermined sequence of instructions.
For instance, it is possible to determine the number of instructions executed as of the startup of the program or of the processing unit, or the time that has elapsed from an event, an external or internal reference signal or, yet again, from the reset of the processor.
This possibility of being able to observe the run-through of a program in a microprocessor or microcomputer is a major drawback when this microprocessor or microcomputer is used in high-security applications. A malevolent person could thus find out the successive states of the processor and use this information to obtain a number of sensitive results regarding internal processing.
For instance, it can be imagined that a given action may occur at different moments depending on the result of a determined security operation such as the testing of internal confidential information or the deciphering of a message or, yet again, the integrity testing of some information. Depending on the moment in question, it might be possible, for example, to act on the processor or to obtain the value of certain registers by physical investigation, and thus obtain information about the result or confidential content of the information and even, in the case of cryptographic calculations, about the secret ciphering key used.
There are devices offering an initial improvement to security microcomputers by equipping them with circuits generating random clock pulses. In this way, the observation of events makes it particularly difficult to carry out investigations because synchronization soon becomes impracticable.
However, this type of solution involves many drawbacks.
First, the design of such circuits is particularly tricky and fastidious because there is no way of simulating random operation throughout as complex a circuit as a microcomputer. It is even more difficult to test the circuits at the end of production in terms of the scrambled behavior thereof. A random sequence of clock pulses is indeed very difficult to simulate for the definition of the circuits, but it is even more difficult to master all the behavior of all the processor logic circuits, in particular during periods of signal switching on the internal busses and in the registers.
That is why an initial improvement, the subject of application Ser. No. 08/945,845 filed by the applicant, filed on Nov. 7, 1997 and entitled “Improved Integrated Circuit And Process For Using An Integrated Circuit”, was made to permit the normal operation of the processor during definition and test periods with a customary periodic clock; the processor is capable of itself switching between protected mode or normal mode. To ensure security, it is easy to imagine that the mode could only be activated by the processor on entry of a password or an ad hoc ciphered message.
In addition to these difficulties, there is that of diagnosing failures during sequences under the control of a random clock, i.e., in a totally disordered manner. Indeed, in such disorder, how could a problem be attributed to a faulty part, and how can the exact conditions under which it appears be determined?
It can be seen that the use of a random clock, although it does offer a theoretically interesting improvement, is not a totally satisfactory solution and, above all, is not easy to implement in practice.