Typically, electronic transactions carried out using a smart card are secured by an authentication procedure of the card using an encryption algorithm. During this authentication procedure, the terminal used for the transaction sends a random code to the card. The smart card must answer the terminal by producing an authentication code, which is a transform of the random code, using the encryption algorithm. The terminal calculates the transform of the random code and compares the result obtained with the one sent back by the card. If the authentication code sent back by the card is valid, the transaction is enabled.
In the integrated circuit of a smart card, the encryption algorithm is generally executed by a hard-wired logic circuit, or encryption coprocessor, to which a secret key or encryption key is allocated and stored in a protected area of the integrated circuit's memory. It is essential to insure absolute protection of this secret key because the encryption algorithms used in the authentication procedures are known, and only the secret key can guarantee the inviolability of the authentication procedure.
In recent years, pirating techniques concerning secured integrated circuits have developed significantly and today sophisticated analysis methods are implemented by so-called current monitoring, i.e., based on the observation of the current consumed by the components of an integrated circuit during execution of confidential operations. To counter these pirating methods, different countermeasures have been provided, for example, by providing a random clock signal, using dummy codes, masking current consumption variations, etc. In particular, an anti-pirating method is disclosed in European Patent Application No. 500,461 which discloses resistors arranged parallel to the active elements of an integrated circuit and fed by a current generator. The current generator and the resistors insure a constant current consumption at the integrated circuit terminals, which masks the individual consumption of the active elements.
Conventional anti-pirating methods prove efficient to counter SPA-type analysis methods (Single Power Analysis). They are, however, insufficient to counter a recently discovered analysis method, called DPA analysis (Differential Power Analysis), which enables the secret key of an encryption circuit to be discovered by solely observing variations in the current consumed by the encryption circuit, without it being necessary to read the data circulating on the internal bus of the integrated circuit and to identify the memories being read.
In a more simplified manner, this method is based on a correlation of samples of the current consumed in connection with a mathematical model of the encryption circuit and hypotheses concerning the value of the secret key. The correlation allows the continuous part of the current consumed to be suppressed and consumption peaks to be updated, which reveals the operations carried out by the encryption circuit and the value of confidential data.