EP2248009A2

EP2248009A2 - Countermeasure method and devices for asymmetric cryptography

Info

Publication number: EP2248009A2
Application number: EP09719837A
Authority: EP
Inventors: Bruno Benteo; Benoît FEIX; Sébastien NEROT
Original assignee: Inside Contactless SA
Current assignee: Inside Secure SA
Priority date: 2008-01-23
Filing date: 2009-01-23
Publication date: 2010-11-10
Also published as: JP2011510578A; FR2926651A1; CA2712178A1; WO2009112686A2; CN101925875A; US20110274271A1; FR2926651B1; WO2009112686A3; KR20100113130A

Abstract

The invention relates to a countermeasure method in an electronic component that uses a private-key asymmetric cryptography algorithm, and comprises generating (100) a protection parameter and calculating (104), using a primitive, an intermediate data from said protection parameter. The method further comprises the steps of splitting (110) the binary representation of the private key into a plurality of binary units, converting (112) each binary unit using the protection parameter and, for each converted binary unit, carrying out (114) an intermediate calculation using the primitive, and calculating (106-122) an output datum by combining (116) the intermediate data with the intermediate calculations (114).

Description

COUNTERMEASURE METHOD AND DEVICES FOR ASYMMETRIC CRYPTOGRAPHY

The present invention relates to a countermeasure method in an electronic component implementing an asymmetric cryptography algorithm with a private key, resistant to attacks aimed at discovering the private key. It also relates to a microcircuit device and a portable device, in particular a smart card, implementing such a method.

As illustrated in FIG. 1, an asymmetric cryptographic algorithm application 10 involving the use of a private key d is generally implemented by a microcircuit 12 to authenticate the transmission of a message M by a signature of this message. message or to protect the reception of an encrypted message M by a decryption of this message, using the private key. The private key d is for example stored in the microcircuit 12 which includes a memory 14 including itself a secure memory space 16 provided for this purpose and a microprocessor 18 for executing the asymmetric cryptographic algorithm 10.

Microcircuit devices implementing cryptographic algorithms are sometimes attacked to determine the secret data they manipulate such as the key (s) used and possibly, in some cases, information on the messages. themselves. In particular, asymmetric cryptography algorithms are under attack to discover the private key, when it is used. Auxiliary channel attacks are an important family of cryptanalysis techniques that exploit certain properties of software or hardware implementations of cryptographic algorithms. Among the known auxiliary channel attacks, the attacks of the SPA (Simple Power Analysis) or DPA (Differential Power Analysis) type consist in measuring the incoming and outgoing currents and voltages in the microcircuit. during the execution of the asymmetric cryptographic algorithm in order to deduce the private key. The feasibility of this family of attacks has been demonstrated in the article by P. Kocher, J. Jaffe and B. Jun entitled "Differential Power Analysis" published in Advances in Cryptology in particular - Crypto 99 Proceedings, Lecture Notes In Computer Science Vol . 1666, M. Wiener, eds., Springer-Verlag, 1999. Time attacks analyze the time taken to perform certain operations. Such attacks on asymmetric cryptography algorithms are described in the article by P. Kocher, N. Koblitz entitled "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other Systems" published in Advances in Cryptology - Crypto 96, 16th annual international cryptology conference, Aug. 18-22, 1996 Proceedings.

Fault injection (s) attacks are also known, among which are the DFA (Differential Fault Analysis) attacks, which consist in intentionally generating faults during the execution of the algorithm. cryptography, for example by disrupting the microcircuit on which it runs. Such a disturbance may include one or more short illumination (s) of the microcircuit or the generation of one or more peak (s) of voltage on one of its contacts. It thus makes it possible, under certain conditions, to exploit the calculation and behavior errors generated in order to obtain part or all of the private key sought.

In particular, when performing the asymmetric cryptographic algorithm known as RSA (named after its authors Rivest, Shamir and Adleman), a primitive consisting of a modular exponentiation is executed. An efficient implementation of this primitive uses a binary representation of the private key d by iterating on each bit of this binary representation. In each iteration, the calculation performed and in fact the energy consumption during the calculation depends on the value of the bit concerned. Therefore, the execution of such a primitive makes the private key particularly vulnerable to the aforementioned attacks. Similarly, when performing an adaptation of this asymmetric cryptographic algorithm using an elliptic curve, a primitive consisting of a scalar multiplication is executed. An efficient implementation of this primitive uses a binary representation of the private key d by iterating on each bit of this binary representation. Similarly, in each iteration, the energy consumption during the calculation depends on the value of the bit concerned. Therefore, the execution of such a primitive also makes the value of the scalar, which can be assimilated for security reasons to a private key, particularly vulnerable to attack. In order to combat these attacks which are varied by nature, many solutions very different from each other have been made. The invention more particularly relates to those which implement a method of countermeasure in an electronic component implementing a private key asymmetric cryptography algorithm, comprising the steps of:

- generate a protection parameter,

calculating, using a cryptographic algorithm primitive, intermediate data from an input data item and the protection parameter.

These algorithms generally provide for transforming the private key using the protection parameter generated, applying the primitive to the transformed private key and combining the result obtained with the intermediate data. Generally, the protection parameter a is conventionally generated using a pseudo-random data generator 20, so that the execution of the primitive by the cryptographic algorithm 10 is itself made random and decorrelated of the private key used, for example by a technique commonly referred to as masking, which can also be renamed a method of transformation or deformation of the data since their manipulation is deformed as opposed to their raw use, carried out by a countermeasure section 22 of the microprocessor 18, using the protection parameter a. Thus, the intermediate data of the cryptographic algorithm and, consequently, the measurable currents are modified by the random protection parameter and their observation does not make it possible to find the true value of the private key. On the other hand, the masking does not disturb the algorithm itself, which therefore provides the same result with or without masking.

A process of this type is described, for example, in US Pat. No. 6,381,699.

In this document, an embodiment in the field of RSA-type asymmetric cryptography is described with reference to FIG. 3. In the RSA public-key e and private-key algorithm d, to perform a signature or a decryption, executing the primitive consists in calculating an output data S from an input data M and the private key d as follows: S = M ^d mod N, where N is the RSA module, product of two integer first secrets, and where e and d satisfy the relation ed = φ (N), the function <p (.) Representing the indicator function of Euler .

Noting [d _n .. ,, ..., d _o ] ₂ the binary representation of the private key d, this calculation can be performed as follows: S = 1

For i varying from n-1 to 0: S + - S ² mod N if d, = 1, S + - S x M mod N The embodiment of an attack-resistant RSA algorithm described in US 6,381, 699, comprises a first step 300 during which a protection parameter d1 is generated in the following manner: a random number k is randomly chosen such that 0 <k <2 ¹²⁸ , then z = k.φ (n), then we choose randomly d1 such that 0 <d1 <z and gcd (d1, z) = 1 (gcd is the function "highest common denominator"). The private key is then transformed as follows: d2 = d ^χ (d., ^{~ 1} mod z) mod z.

Following reception of the input data M, new transformations are performed on d1 and d2 before proceeding to the two following calculations (steps 345 and 350):

S ₀ = M ^{d 1} mod N (calculation using the intermediate data primitive S ₀ from the input data M and the protection parameter d 1),

- S = S ₀ ^d2 mod N (calculation of the output data by combining the intermediate data S ₀ with the application of the primitive to the private key transformed d2).

Another embodiment of an attack-resistant RSA algorithm, simpler but also described in US 6,381,699, comprises a first step in which the protection parameter d1 is chosen randomly such that 0 <d1 <d.

The private key is then transformed as follows: d2 = d - d1. Following receipt of the input data M, new transformations are performed on d1 and d2 before proceeding to the following two calculations: S ₁ = M ^{d 1} mod N (computation using the primitive of a datum intermediate S ₁ from the input data M and the protection parameter d1), S ₂ = M ^{d 2} mod N, S = S ₁ -S ₂ mod N (calculation of the output data S by combining the intermediate data S ₁ with the application S ₂ of the primitive to the transformed private key d 2) .

In each of the two aforementioned cases of the state of the art, the private key d is decomposed into at least two exponents d1 and d2 of sizes comparable to that of d, so that the RSA algorithm is complicated by imposing on the at least two executions of the modular exponentiation instead of one. Although we have designed an asymmetric cryptography algorithm resistant to certain attacks by auxiliary channels, it is at the cost of significantly increased complexity of the implementation since the complexity is actually doubled.

It may thus be desired to provide an attack-resistant asymmetric cryptographic method of the aforementioned type that is simple to implement. One embodiment of the invention relates to a countermeasure method in an electronic component implementing a private key asymmetric cryptography algorithm, comprising the steps of:

- generate a protection parameter,

calculating, using a primitive of the cryptography algorithm, an intermediate data item from an input data item and the protection parameter, characterized in that it further comprises the steps of:

dividing the binary representation of the private key into several binary blocks, transforming each binary block using the protection parameter and, for each transformed binary block, performing an intermediate calculation using the primitive, and

calculating an output data by combining the intermediate data with the intermediate calculations. Thus the protection parameter is used to transform the binary blocks rather than the complete binary representation of the private key. Consequently, the size of the binary representation of the protection parameter can be much smaller than that of the binary representation of the private key, that is to say of the order of that of the binary blocks. We simplify the calculation because, even if we increase the number of executions of the primitive, they operate on binary data of smaller sizes. At the end of the day, we can protect the execution of the algorithm asymmetric cryptography by significantly reducing its complexity compared to conventional countermeasure methods.

According to one embodiment, the countermeasure method comprises the step of dividing the binary representation of the private key such that the size of each binary block is greater than or equal to that of the binary representation of the protection parameter. .

According to one embodiment, the countermeasure method comprises the step of dividing the binary representation of the private key into a plurality of bit blocks such that the sum of the sizes of the binary blocks is equal to the size of the binary representation. of the private key.

According to one embodiment, the countermeasure method comprises the step of randomly determining iteratively the size of each bit block so that the value of each bit block is greater than the value of the protection parameter. According to one embodiment, the countermeasure method comprises the steps of:

choosing the size k of the binary representation of the protection parameter such that there exists an integer u≥2 such that n = ku, where n is the size of the binary representation of the private key, and divide the binary representation of the private key into u binary blocks of k bits each.

According to one embodiment, the primitive is a modular exponentiation of the input data by the private key for the realization of an RSA or RSA CRT type cryptographic algorithm. According to one embodiment, the countermeasure method comprises a preliminary step of masking the RSA module and the input data.

According to one embodiment, the primitive is a scalar multiplication of the input data by the private key, for the realization of a cryptography algorithm based on an elliptic curve in which the input data is a predetermined point of the elliptic curve.

According to one embodiment, the countermeasure method comprises a preliminary step of masking the predetermined point of the elliptical curve. According to one embodiment, the countermeasure method further comprises the steps of: initially generating, in a reproducible manner, at least one verification parameter before any execution of the primitive,

- regenerate this verification parameter during execution or after execution of the primitive and compare the regenerated verification parameter with the verification parameter initially generated.

According to one embodiment, the regeneration and comparison step is performed at each iteration of the primitive when it is applied to a transformed binary block.

According to one embodiment, the countermeasure method comprises the step of triggering an alert and scrambling at least the private key, if the regeneration and comparison step indicates a difference between the verification parameter initially generated and the regenerated verification parameter.

According to one embodiment, the generation of the protection parameter and / or the verification parameter comprises the steps of:

defining a generating function, by successive applications to at least one predetermined secret parameter stored in memory, of a sequence of values that can be determined solely from this secret parameter and from this function,

- Generate the protection parameter and / or the verification parameter reproducibly from at least one value of this sequence.

According to one embodiment, the countermeasure method comprises the steps of: defining a plurality of functions, each function being generator, by successive applications to at least one predetermined secret parameter and stored in memory, of a sequence of corresponding values determinable only from the corresponding secret parameter and the corresponding function, - combining the plurality of sequences of values generated using a predefined relation to generate a new sequence of values,

- Generate the protection parameter and / or the verification parameter reproducibly from at least one value of this new sequence. According to one embodiment, the countermeasure method comprises the steps of: define a generating function, by successive applications to at least one predetermined secret parameter stored in memory, of a sequence of values that can be determined solely from the secret parameter and from the function; combining the sequence of generated values with public parameters the cryptographic algorithm to generate a new sequence of values,

- Generate the protection parameter and / or the verification parameter reproducibly from at least one value of this new sequence.

Another embodiment of the invention consists in providing a microcircuit device, comprising a microprocessor for implementing a countermeasure method of a private key asymmetric cryptography algorithm, at least one secure memory for storage of the private key, and a data generator for generating a protection parameter, characterized in that it is configured to:

calculating, using a primitive of the cryptography algorithm, an intermediate data item from an input data item and the protection parameter, dividing the binary representation of the private key into several binary blocks,

transforming each binary block using the protection parameter and, for each transformed binary block, performing an intermediate calculation using the primitive; computing an output datum by combining the intermediate data with the intermediate calculations.

According to one embodiment, the microprocessor is configured to iteratively randomly determine the size of each bit block such that the value of each bit block is greater than the value of the protection parameter.

According to one embodiment, the data generator is configured to choose the size k of the binary representation of the protection parameter such that there exists an integer u≥2 such that n = ku, where n is the size of the representation binary of the private key, and the microprocessor is configured to divide the binary representation of the private key into u binary blocks of k bits each. According to one embodiment, the primitive is a modular exponentiation of the input data by the private key for the realization of an RSA or RSA CRT type cryptographic algorithm.

According to one embodiment, the microcircuit device is configured to further initially reproducibly generate at least one verification parameter before any execution of the primitive, to regenerate this verification parameter during execution or after execution of the primitive and compare the regenerated verification parameter with the verification parameter initially generated.

According to one embodiment, the data generator is configured to generate the protection parameter and / or the verification parameter in:

defining a generating function, by successive applications to at least one predetermined secret parameter and stored in memory, of a sequence of values that can be determined solely from this secret parameter and this function, and

generating the protection parameter and / or the verification parameter reproducibly from at least one value of this sequence.

According to one embodiment, the data generator is configured to:

defining a plurality of functions, each function being generating, by successive applications to at least one predetermined secret parameter and stored in memory, a corresponding sequence of values that can be determined solely from the corresponding secret parameter and the corresponding function,

combining the plurality of sequences of values generated using a predefined relationship to generate a new sequence of values,

According to one embodiment, the data generator is configured to: define a generating function, by successive applications to at least one predetermined secret parameter stored in memory, of a sequence of values that can be determined solely from the secret parameter and from the function; combining the sequence of generated values with public parameters the cryptographic algorithm to generate a new sequence of values,

Another embodiment of the invention consists in providing a portable device, in particular a smart card, comprising a microcircuit device as described above.

These and other objects, features, and advantages of the present invention will be set forth in greater detail in the following non-limiting description in connection with the accompanying figures in which:

FIG. 1 previously described schematically represents the structure of a microcircuit device, of conventional type, FIG. 2 schematically represents the structure of a microcircuit device, according to a first embodiment of the invention. ,

FIG. 3 schematically represents a smart card comprising the device of FIG. 2,

FIG. 4 illustrates the successive steps of a first countermeasure method implemented by the device of FIG. 2,

FIG. 5 illustrates the successive steps of a second countermeasure method implemented by the device of FIG. 2,

FIG. 6 illustrates the successive steps of a third countermeasure method implemented by the device of FIG. 2; FIG. 7 illustrates the successive steps of a fourth countermeasure method implemented by the device of Figure 2,

FIG. 8 illustrates the successive steps of a fifth countermeasure method implemented by the device of FIG. 2,

FIG. 9 schematically represents the structure of a microcircuit device, according to a second embodiment of the invention, and FIG. 10 illustrates the successive steps of a countermeasure method implemented by the device of FIG. 9.

First embodiment of the invention.

The microcircuit device 12 'represented in FIG. 2 comprises, like that represented in FIG. 1, an algorithmic application of asymmetric cryptography 10, a memory 14 including a secure memory space 16 for storing, in particular, a private key d for use by the application 10, a microprocessor 18 and a pseudo random data generator 20 for providing a protection parameter a. It also has a countermeasure section 22 ', but this provides an improvement to the existing countermeasures, in particular to the countermeasure section 22 previously described.

Furthermore, the device 12 'is for example integrated in a portable device, in particular in the form of a secure smart card chip 30, as shown in FIG.

Note that although the algorithmic application of cryptography

10 and the countermeasure section 22 'have been shown as distinct, they can in fact be intimately imbricated in the same implementation, software or hardware, of an asymmetric cryptographic algorithm including a countermeasure.

Unlike the device 12, in this device 12 'the countermeasure section 22' comprises:

a section 22'a for dividing the binary representation of the private key d into several binary blocks D ₁₁ , D ₀ , whose sum of sizes is for example equal to the size of the binary representation of the private key; the binary representation of the private key d can therefore be written d _bin = [D ^ ₁ , ..., D ₀ I ₂ , and

a section 22'b for transforming each binary block D _| using the protection parameter a and, for each transformed binary block D'i, perform an intermediate calculation using the primitive.

More precisely, the generator 20 may be designed to generate a protection parameter a whose size of the binary representation is at most equal to half the size of the binary representation of the private key d. Similarly, the section 22'a can be designed to divide the binary representation of the private key so that the size of each binary block is greater than or equal to that of the binary representation of the parameter of protection. The algorithmic application of asymmetric cryptography 10 then executes the primitive using data whose size does not exceed half that of d _bιn . The gain in calculation time is very sensitive.

Various countermeasure methods according to the invention can be implemented by the device of FIG. 2.

A first method of this type, performing an N-type RSA type cryptography on a message M, is illustrated in FIG. 4. In a conventional manner, the RSA algorithm requires the use of a private key d whose size n of the binary representation is for example equal to n = 1024 bits. If we write d, the bits of this binary representation, it comes from d _bin = [d ^ d _o ] ₂ .

We denote S = Exp (M, D, N, S), the following primitive: For i varying from j-1 to 0: S * - S ² mod N If D ₁ = 1, S <- SM mod N Return the value S where M and S are respectively the input and output data of the primitive, N is the RSA module and D is a binary exponent of size j such that D = [D _j .. ,, ..., D ₀ ] ₂ , where D ₁ are the binary values of D.

In a first step 100, the pseudo-random data generator 20 generates a protection parameter a whose size k of the binary representation is much smaller than n, for example k = 32 bits.

In an optional second step 102, a verification parameter r1 is generated. This verification parameter r1 is for example determined by the application of a predetermined COMB function, combining in particular a value v generated by the generator 20 and stored in memory, the protection parameter a and other parameters of the RSA algorithm. .

During this same optional step 102, the message M and the module RSA N can also be transformed using functions g and h:

N <- h (N), then M <- g (M) mod N, where g and h are for example functions defined by g (x) = x + r2.N and h (x) = r3.x, or g (x) = r2.x and h (x) = x, wherein r2 and r3 may be random generated by the generator 20 and stored in memory.

Then, during an exponentiation step 104, a datum V is initialized to 1, then the following calculation is performed: V = Exp (M, a, N, V), where V represents an intermediate data calculated using the Exp primitive from the input data M and the protection parameter a.

During an initialization step 106, the output data S is initialized to 1 and a counter i to n-1. Then, during a test step 108, the value of the counter i is tested.

If this value is strictly positive, it goes to a step 110, if not to an optional step 120 followed by a final step 122 or directly to the final step 122.

During step 110, an integer j is determined, for example randomly, which verifies the following conditions:

(a) k ≤ j <i, and

(b) d _i .2 ^j + d _M .2 ^j - ¹ + ... + d _H .2 °> a.

Moreover, if j is such that ij <k, then we assign to j the value of counter i. Then, during a step 112, the value D = d _j .2 ^J + d _M .2 ^H + is calculated

... + d _μj .2 ° - a. This value D represents a binary block of the private key d transformed by a. Then during a step 114, the following intermediate calculation is carried out, using the binary block D: S = Exp (M, D, N, S). Then, during a step 116, the intermediate value V is combined with the value of S obtained in step 114, as follows: S <- SV mod N.

Then the counter i is assigned the value ij during a step 118. It then returns to the test step 108. The step 120, which is optional, follows step 108 when the value of the counter i is null and as long as the optional step 102 has been performed. In this step 120, the parameter r1 is calculated again, using the COMB function and the public and / or stored values used by this function. If the value of r1 has changed between step 102 and step 120, it can be concluded that a fault injection attack (s) has occurred between these two steps. An alert is then transmitted by the cryptographic application 10. During the step 120, the output data S ₁ is also unmasked as a function of the functions g and h that have been used to mask the input data M. Next alert transmitted by the application of cryptography 10, the reverse transformation (unmasking) performed with a fault makes it possible to counter an attack by fault injection (s). Finally, in a last step 122, the cryptographic application 10 returns the value S.

Note that the first method described above implies n + k exponentiation iterations: k iterations in step 104 and n iterations in the loop of steps 108 to 118. When k is much smaller than n (for example when k = 32 while n = 1024), the extra cost of the countermeasure on the RSA algorithm is very small. In any case, it is much weaker than that of prior art solutions involving at least 2 n iteration exponentiation. A second countermeasure method according to the invention that can be implemented by the device of FIG. 2, and also performing an RSA type cryptography of module N on a message M, is illustrated in FIG. is a variant of the first method in which, the size k of the protection parameter a being chosen so that there exists an integer u such that n = ku, we set the value of j (step 110) to k and we do not impose condition (b). The countermeasure process is simplified.

Steps 200, 202 (optional) and 204 of this second method remain identical to steps 100, 102 (optional) and 104 previously described.

Then, during an initialization step 206, the output data S is initialized to 1 and a counter i to u-1. During this same step, the binary representation of the private key d is divided into u successive D ₁ blocks, each of size k, such that d _bιn = [D ₁ , ..., D ₀ ] ₂ . It comes, for all i, 0 <i <u: D, = [d _{k (l + 1H} , ..., DJ _2. In addition, we calculate and then store in memory a vector C of binary retentions C = [C ^ ₁ C ₀ ] ₂ , recursively calculated as follows:

- C ₀ = O,

- C ₁ = (D, - a - C ₁ ) / ^. Then, during a test step 208, the value of the counter i is tested.

If this value is strictly positive, proceed to a step 210, otherwise to an optional step 218 followed by a final step 220 or directly to the final step 220.

In step 210, the value D ', = D, - a - C ₁ is calculated. For the good functioning of the algorithm, if i = u-1 and if C ^ ₁ = I, then it means that D ', is lower than a and in this case we keep D', = D ₁ . This value D ', represents the ith binary block of the private key d transformed by a. We note that one of the interests of this second method is to require only the storage of the vector of binary retentions C, and not that of the transformed blocks D ',.

Then, during a step 212, the following intermediate calculation is carried out, using the binary block D ':

S = Exp (M, D ', N, S).

Then, during a step 214, the intermediate value V is combined with the value of S obtained in step 212, as follows:

S <- S.V mod N. Then the counter i is assigned the value i-1 during a step 216. It then returns to the test step 208.

Steps 218 and 220 are identical to steps 120 and 122 previously described.

Note also that the second method described above implies n + k exponentiation iterations.

A third method of countermeasure according to the invention can be implemented by the device of FIG. 2, performing RSA CRT type cryptography (ie RSA algorithm using the Chinese Remainder Theorem) of module N = pq on a message M is illustrated in FIG. 6. Conventionally, the RSA CRT algorithm is an alternative to the RSA algorithm for performing a signature or decryption: it is four times faster. It defines the following parameters:

- dp = d mod (p-1),

- dq = d mod (q-1), - A = p ^"1 mod q.

It then consists of replacing the exponentiation calculation S = M ^d mod N by two exponentiation calculations that are much simpler to execute because of the size of p and q with respect to that of N: S _p = M ^dp mod p and S _q = M ^dq mod q. Finally we find S by the following calculation: S = [((S _q - S _P ) .A mod q) .p + S _p ] mod N.

The steps 300 and 302 (optional) of this third method remain identical to the steps 100, 200 and 102, 202 (optional) previously described.

Then, during an exponentiation step 304, a datum Vp is initialized to 1, then the following calculation is performed:

Vp = Exp (M, a, p, Vp), where Vp represents an intermediate data computed using the Exp primitive from the input data M and the protection parameter a.

Following step 304, during a step 306 including a series of steps in a loop and corresponding to the steps already described 106 to 118 or 206 to 216 by replacing the exponent d by dp and the module N by p , we carry out the calculation S _p = M ^dp mod p.

During an exponentiation step 308, a datum Vq is initialized to 1, then the following calculation is performed:

Vq = Exp (M, a, q, Vq), where Vq is an intermediate data calculated using the Exp primitive from input data M and protection parameter a.

Following step 308, during a step 310 including a series of steps in a loop and corresponding to the steps already described 106 to 118 or 206 to 216 by replacing the exponent d by dq and the module N by q , the calculation S _q = M ^dq mod q is performed.

The order in which steps 304 to 310 are executed is not fixed. Indeed, it is important only that they be executed after step 302, that step 304 is executed before step 306 and that step 308 is executed before step 310. At the output of loops, that is, at the end of steps 306 and 310, an optional step 312 is followed by a final step 314 or directly at the final step 314.

The optional step 312 is identical to the step 120 and is performed only if the optional step 302 has been executed.

In the final step 314, the cryptographic application 10 calculates the value of S from S _p and S _q as previously indicated and returns this value.

A fourth countermeasure method according to the invention that can be implemented by the device of FIG. 2, performing an Elliptic Curve type cryptography on a message M, will now be presented with reference to FIG. In the conventional case, an elliptic curve asymmetric cryptography algorithm, otherwise known as the Elliptic Curve Cryptosystem (ECC) algorithm, requires the use of a private key d whose size n is significantly smaller than that which is necessary for the RSA algorithm with equivalent security level. In general, the binary representation of the private key must be at least n = 160 bits. In a private-key ECC algorithm d, to perform a signature or decryption, "execute the primitive" consists of calculating an output data Q from an input data P and the private key d as follows : Q = dP, where P and Q are points of a predetermined elliptic curve on a finite field GF (p) in which p is a prime number strictly greater than 3 (for example the elliptic curve y ² = x ³ + 1Ox + 5 in the body GF (13)), and the operation ". Is a scalar multiplication, here of the point P by the scalar d. Noting [d ^, ..., d _o ] ₂ the binary representation of the private key d, this calculation can be done as follows: Q = O For i varying from n-1 to 0:

Q <- 2Q if d1 = 1, Q + - Q + P where "2Q" and "Q + P" are respectively point doubling and point addition operations whose formulas are determined in a conventional manner, and not here, by the chosen elliptic curve and the order p of the body GF (p). For the rest of the description, we denote S = ScalarMult (P, D, Q), the following primitive:

For i varying from j-1 to 0: Q <- 2Q if D ₁ = I ₁ Q ^ Q + P Return the Q value where P and Q are respectively the input and output data of the primitive and D is an exponent binary of size j such that D = [D _H , ..., D ₀ ] ₂ , where the D _; are the binary values of D.

In a first step 400, the pseudorandom data generator 20 generates a protection parameter a whose size k of the binary representation is much smaller than n, for example k = 32 bits.

During an optional second step 402, a verification parameter r is generated. This verification parameter r is for example determined by the application of a predetermined COMB function, combining in particular a value v generated by the generator 20 and stored in memory, the protection parameter a and other parameters of the ECC algorithm. . During this same optional step 402, it is also possible to transform the coordinates Px and Py of the point P by means of a function g which applies to these coordinates: P <- g (Px, Py) mod N.

Then, during a step 404, a data V is initialized to 0, then the following calculation is performed:

V = ScalarMult (P, a, V), where V represents an intermediate data computed using the ScalarMult primitive from the input data P and the protection parameter a.

During an initialization step 406, the output data Q is initialized to 0 and a counter i to n-1.

Then, during a test step 408, the value of the counter i is tested. If this value is strictly positive, proceed to a step 410, if not to an optional step 420 followed by a final step 422 or directly to the final step 422. In step 410, an integer j is determined by example randomly, which verifies the following conditions:

(a) k <j <i, and

(b) d, .2 ^J + d _l . ₁ .2 ^J - ¹ + ... + d ,. _J .2 °> a.

Moreover, if j is such that i-j <k, then we assign to j the value of the counter i.

Then, during a step 412, the value D = d, .2 ^J + d,..., 2 ^{J ~ 1} + ... + d, is calculated. _r 2 ° - a. This value D represents a binary block of the private key d transformed by a. Then, during a step 414, the following intermediate calculation is carried out, using the binary block D: Q = ScalarMult (P, D, Q).

Then, during a step 416, the intermediate value V is combined with the value of Q obtained in step 414, as follows: Q + - Q + V.

Then the counter i is assigned the value i-j during a step 418. It then returns to the test step 408.

Step 420, which is optional, follows step 408 when the value of counter i is zero and provided that optional step 402 has been performed. During this step 420, the parameter r is calculated again, using the function COMB and the public values and / or stored in memory used by this function. If the value of ra changed between step 402 and step 420, it can be concluded that a fault injection attack (s) occurred between these two steps. An alert is then sent by the application of cryptography 10. During step 420, the output data Q is also unmasked, as a function of the function g which has been used to mask the input data P. According to the alert transmitted by the application cryptography 10, the inverse transformation (unmasking) performed with a fault makes it possible to counter an attack by fault injection (s).

Finally, in a last step 422, the cryptographic application 10 returns the value Q.

Note that the fourth method described above involves n + k scalar multiplication iterations: k iterations during step 404 and n iterations in the loop of steps 408 to 418. When k is much smaller than n (for example when k = 32 while n = 160 or more), the extra cost of the countermeasure on the ECC algorithm is very small. In any case, it is much weaker than that of prior art solutions involving at least 2 n scalar multiplication iterations.

As a variant, during step 404, the data V is initialized to 0, then the following calculation is performed: V = ScalarMult (-P, a, V). In this case, during step 412 the value D = d | .2 ^j + d _M .2 ^H + ... + d _H .2 ° + a is calculated. This is another possible transformation of the private key d by a. A fifth countermeasure method according to the invention that can be implemented by the device of FIG. 2, and also performing Elliptic Curve cryptography, is illustrated in FIG. 8. It is a variant of FIG. fourth method wherein, the size k of the protection parameter a being chosen such that there exists an integer u such that n = ku, the value of j (step 410) is set to k and the condition is not imposed (b). The countermeasure process is simplified.

Steps 500, 502 (optional) and 504 of this fifth method remain identical to steps 400, 402 (optional) and 404 previously described. Then, during an initialization step 506, the output data Q is initialized to 0 and a counter i to u-1. During this same step, the binary representation of the private key d is divided into u blocks D; successive, each of size k, such that d _bin = [D ₁₁ ,, ..., D ₀ ] ₂ . It comes, for all i, 0 <i <u: D ₁ = [d ^^, ..., D ₁ J ₂ - Moreover, one calculates, then one keeps in memory a vector C of binary retentions C = [ C _0-1 , ..., C ₀ ] ₂ , recursively calculated as follows:

- C ₀ = O, - C ₁ = (D ₁ - a - C ^ ".

Then, during a test step 508, the value of the counter i is tested. If this value is strictly positive, proceed to a step 510, if not to an optional step 518 followed by a final step 520 or directly to the final step 520.

In step 510, the value of i = dd - a - c, is calculated. For the good functioning of the algorithm, if i = u-1 and if C ^ ₁ = I, then it means that D '; is less than a and in this case we keep D ^ = D ,. This value D ^ represents the i-th binary block of the private key d transformed by a. It should be noted that one of the advantages of this second method is to require only the storage of the vector of binary holds C, and not that of the transformed blocks DV

Then, in a step 512, the following intermediate calculation is performed, using the binary block D: Q = ScalarMult (P, D ', Q).

Then, during a step 514, the intermediate value V is combined with the value of Q obtained in step 512, as follows:

Q <- Q + V.

Then the counter i is assigned the value i-1 in a step 516. It then returns to the test step 508.

Steps 518 and 520 are identical to steps 420 and 422 previously described.

Note also that the second method described above involves n + k scalar multiplication iterations. As for the fourth method, alternatively, during the step

504, one initializes the data V to 0, then one carries out the computation following: V = ScalarMult (-P, a, V). In this case, during step 506, the calculation of the vector of binary retentions is modified as follows:

- C ₀ = O, - C ₁ = (D ₁ + a + C _M ) / 2 ^k .

In this case also, during step 510 the value D ', = D | + a + C ₁ . This is another possible transformation of the private key d by a.

Second embodiment of the invention The microcircuit device 12 "represented in FIG. 9 comprises, like that represented in FIG. 2, an algorithmic application of cryptography 10, a memory 14 including a secure memory space 16, a microprocessor 18 and a countermeasure section 22 '. It is for example integrated in a portable device, in particular in the form of a chip of a secure smart card 30 as shown in FIG. 3. It will be noted, however, that although the algorithmic application of cryptography 10 and the section of against Measurements 22 'have been represented as distinct, these can in fact be intimately nested in the same implementation of a cryptography algorithm including a countermeasure.

The countermeasure section 22 'of the device 12 "comprises, like that of the device 12':

a section 22'a for dividing the binary representation of the private key d into several binary blocks D ₁₁ .. ,, ..., D ₀ , whose sum of sizes is for example equal to the size of the binary representation of the private key, and

a section 22'b for transforming each binary block D ₁ by means of a protection parameter a and, for each converted binary block D ',, to perform an intermediate calculation using the primitive.

Unlike the device 12 ', in this device 12 "the pseudo-random data generator 20 of the conventional type is replaced by a data generator 20" which comprises: a section 20 "a of application of a function F predefined to at minus a predetermined secret parameter S for the generation of a determinable sequence of values only from this secret parameter and this function F, and

a section 20 "b for providing at least one protection parameter reproducibly has a value of this sequence.

Section 20 "is actually a software or hardware implementation of the F function.

The secret parameter S is stored in the secure memory 16 and supplied at the input of the section 20 "of the generator 20", while the protection parameter a is provided, at the output of the section 20 "b, at the counter section. -measure 22 '.

In this second embodiment, the parameter a is not therefore a hazard in the conventional sense mentioned in the documents of the state of the art. This is a deterministic result derived from the calculation of the function F executed by the generator 20 "over at least one secret parameter S which may be specific to the smart card 30 on which the microcircuit 12 'is arranged. This secret parameter is for example derived from a public datum of the device 30.

Repeated application of the function F to S generates a sequence (A _n ) whose elements are at the origin of the protection parameter (s) provided by the generator. In a general manner, the generator can supply as many parameters a from values of the sequence (A _n ) as necessary according to the application of the countermeasure implemented in the card 30. This sequence (A _n ) can not be reproduced only with the knowledge of the generating function F and the initial deterministic elements that it uses (the parameter S).

Each protection parameter may be directly derived from an element A _n of the sequence (A _n ): in other words, a = A _n . Alternatively, the element A _n can be processed before providing the parameter a. For example, a may be the result of a computation a = A _n XOR k _n , where k _n is a secret constant of transformation.

Of course, if the sequence (A _n ) is cyclic and / or operates in a finite set of elements, the space of the values A _n generated will have to be large enough to resist the attacks. In fact, the greater the space considered, the better the robustness of the countermeasure. We will first present several nonlimiting examples of sequences of values (A _n ) that can be provided by a generator 20 "according to the second embodiment of the invention .Then a second step, we will expose several possible uses of such sequences of values for the provision of protection parameters in particular to the five countermeasure applications in asymmetric cryptography previously described with reference to FIGS. 4 to 8.

Examples of value sequence generating functions for providing protection parameters

1) Functions based on arithmetic-geometrical sequences If one defines the sequence of values (A _n ) by means of the integral integer function F by the following relation:

A _{n + 1} = F (A _n ) = qA _n + r, where q and r are secret parameters constituting, with the initial element A ₀ of the sequence, the secret parameters S mentioned above, it is possible to provide protection parameters from an arithmetic-geometric sequence. The protection parameters are for example the elements of the sequence (A _n ). If r = 0, it is a geometric sequence whose term A _j , used at a precise stage of cryptography, can be found using the secret parameters q and A ₀ in the following way: A; = q'.Ao.

If q = 1, it is an arithmetic sequence which we can find a term A ₁ using the secret parameters r and A ₀ as follows: A; = ri

+ A ₀ -

If r is non-zero and q is different from 1, it is an arithmetic-geometric sequence whose term A ₁ can be found using the secret parameters q, r and A ₀ as follows: Λ = q'Λ ⁺ r. (q'-iy (q-1).

We can also reduce the space of the elements of the sequence (A _n ) by an integer m by means of the following relation: A _{n + 1} = F (A _n ) modulo m = (qA _n + r) modulo m.

Note that if m is a prime number, this sequence takes the form of the group of inverse affine transformations on the finite field

GF (m) = {0, 1 m-1}.

We can also choose m as a power of 2, to generate sequences of elements with a constant number of bits. For example, if one wants to generate sequences of parameters A _; at k bits, we choose m = 2 ^k . Preferably, m is one of the secret parameters to be kept in the secure memory of the device.

2) Functions defining a cyclic multiplicative group Let a cyclic group GC with m elements with a value a as generating element and the multiplication as law of internal composition: GC = {a, a ² a ^m }. The sequence of values (A _n ) can be defined as follows:

the initial element A ₀ is chosen as being the generating element a to which the law of internal composition of the group GC is applied k times,

- We go from the element A ₁ to the element A _{1 + 1} by applying k 'times the law of internal composition of the group GC.

The secret parameters S used by the generating function of the sequence (A _n ) are then, for example, the generating element a and the values k, k 'and m. In addition, as above, the protection parameters generated are for example the elements of the sequence (A _n ). 3) Functions Defining a Frobenius Group

Let GF (q) be a finite field, where the order q is a prime number of k bits. The group of invertible affine transformations on this finite field is a Frobenius group. An interesting property of Frobenius groups is that no non-trivial element fixes more than one point.

In this context, the affine transformations that can be used take the form of functions y = f (x) = bx + c, where b ≠ 0 and where the operations take place in the field GF (q). It is therefore possible to define a generating function of the sequence (A _n ) applying to predetermined secret parameters q, b, c and A ₀ . By choosing for example q = 2 ¹⁶ + 1 and, in hexadecimal notation, b = 0x4cd3, c = 0x76bb, A ₀ = 0xef34, a sequence beginning with the terms A ₁ = Oxcθcf, A ₂ = Oxδbaf, A ₃ = 0x620d, A ₄ = 0x0605, A ₅ = 0xe70c, A ₆ = 0x3049, A ₇ = 0xe069, A ₈ = 0x55ee, etc.

4) Functions from a shift register with linear feedback (LFSR type register)

It is for this type of function to choose a secret parameter A ₀ , for example 16 bits, and a shift register LFSR, for example with a corresponding output of 16 bits. If the size of the register LFSR is m, then a term A _{t + m} of the sequence (A _n ) is determined by the m terms which precede it with the aid of a linear equation of the type:

At _{t + m} = α _m .A, + + ... + Cx ₁ .A _{t + 0V} i, where the α, take the value 0 or 1.

5) Functions Defining a Calculation of Cyclic Redundancy Check (CRC)

For this type of function, it is a matter of choosing a secret parameter A ₀ , for example 16 bits, and a corresponding CRC polynomial among those conventionally used in CRC calculations, for example the CRC-16 polynomial (X ¹⁶ + X ¹⁵ + X ² + 1) or the CRC CCITT V41 polynomial (X ¹⁶ + X ¹² + X ⁵ + 1). A term A _{n + 1} of the sequence (A _n ) is determined as a function of the previous term A _n by the relation A _{n + 1} = F (A _n ), where F performs a calculation of CRC on the basis of the chosen polynomial. 6) Combinations of value sequences

It is indeed also possible to calculate several sequences of values, each for example according to one of the methods described above, and to combine them with the aid of a predefined function to generate a new sequence of values to be used as protection settings. The sequence (A _n ) is thus generated from two other sequences (A ' _n ) and (A " _n ), calculating for each index n, A _n = T (A' _n , A" _n ). The function T in question can be a secret matrix of values, the values A ' _n and A " _n respectively denoting respectively a row and a column of this matrix.

7) Combinations involving a sequence of values and public data

The sequence (A _n ) can be generated from a first sequence (A ' _n ), also according to public data, such as for example data used during the execution of the cryptography application with countermeasure and not secret. Among these data, depending on the applications, mention may be made of the message M (in clear or encrypted), a public key e, etc. The values of the sequence used as protection parameters are then calculated using any COMB function combining all these data:

A _n = COMB (A ^' _n , M, e, ...). One advantage of this combination is that the sequence of values (A _n ) can be used not only to supply the countermeasure application of the cryptography algorithm with protection parameters, but also to detect fault injection attacks. (especially on public data). Indeed by regeneration of the sequence (A ' _n ) using the secret parameter (s), at the end of the execution of the cryptography algorithm for example, but before doing the opposite operation of the initial transformation using a regenerated protection parameter, then by using this regenerated sequence (A ' _n ) and public data as it appears at the end of execution, it is possible to check whether the application of the COMB function produces the same sequence of values (A _n ) or not and therefore if public data has been assigned or not running.

Examples of use of a sequence of values generated according to one of the preceding methods in a method of countermeasure in asymmetric cryptography, according to the second embodiment of the invention

1) General Principle of the Second Embodiment In general, whenever an algorithmic countermeasure is used, the generation of hazards introduced by the countermeasure is recommended, as was described in the first embodiment. embodiment using a pseudo random data generator 20. As mentioned with reference to FIG. 9, this generation of random events can be replaced by the non-random generation of parameters originating from one or more several sequence (s) of values obtained using at least one secret parameter.

FIG. 10 illustrates an example of steps performed by a method according to the second embodiment of FIG. 9, applied to the execution of an asymmetric cryptographic algorithm with countermeasure, using T protection parameters a ,,. .. a _τ by execution, all the protection parameters can be extracted from the same sequence of values (A _n ) generated by the section 20'a.

During a first step INIT carried out by the generator 20 ", a counter i is initialized to 0. This counter i is intended to keep in memory the number of times that the asymmetric cryptographic algorithm has been executed since this step of initialization INIT, as long as another initialization is not performed.

During this step, the secret parameter S (or the parameters S when there are several), from which the sequence of values must be generated, is defined. It can be kept from a previous initialization, but can also be generated on the basis of a new value on the occasion of this initialization. It is for example generated from unique identification data, such as a public data device 30. It can also be generated from parameters or physical phenomena related to the microcircuit at a given instant, which can be random. In all cases, it is stored in memory in a secure manner, to allow the microcircuit to regenerate at any time the same sequence of values (A _n ) using the function implemented by section 20 "a. initialization INIT can be unique in the life cycle of the microcircuit, made during the design by the manufacturer, or reproduced several times, for example regularly or whenever the counter i reaches an imax value.

During a first execution EXE1 of the asymmetrical cryptographic algorithm with countermeasure, the generator 20 ", more particularly the section 20" a, is solicited one or more times to apply the secret parameter S to the predefined function F, to generate, in one or more times, a number T of elements of the sequence of values (A _n ): A ₁ , ... A _τ . From these first T elements, the protection parameters _λ , ... a _τ are generated.

For example, for any k such that 1 <k≤T, a _k = A _k . As a variant, if there are additional secret values T C ₁ ,... SeC ₇ among the secret parameters S kept in secure memory, the following additional calculation can be performed: for any k such that 1 <k≤T, a _k = Sec _k XOR A _k , where a _k = Sec _k ADD A _k , or also _k = Sec _k SUB A _k , so as to transform (or deform or mask) the parameters used.

Subsequently, during an i-th EXEi execution of the cryptography algorithm with countermeasure, the generator 20 ", more particularly the section 20" a, is again requested one or more times to apply the secret parameter S to the predefined function F, so as to generate, in one or more times, a number T of additional elements of the sequence of values (A _n ): A _{T (M) +1} , ... A ₇₁ . From these additional elements T, the protection parameters λ,..., _Τ are generated, as before. For example, for every k such that 1 ≤k≤T, a _k = A _{T (M) + k} .

As a variant, if the additional secret values SeC ₁ , ... SeC _{7 are available} , the following additional calculation can be performed: for any k such that 1 <k≤T, a _k = Sec _k XOR AT _{( M) + k>} or a _k = Sec _k ADD AT _(i . _{1) + k} , or also _k = Sec _k SUB AT _{(M) + k} , so as to transform (or deform or mask) the parameters used.

Whatever the method used to generate the value sequence (s) at the origin of the protection parameters, the knowledge of the method and the secret values used by the method, including the initial parameter A ₀ previously loaded in memory or during a stage of the life cycle of the microcircuit device in EEPROM memory, allows to find at any time the protection parameters generated and used in the life of the device. It is clear that this feature allows simple and efficient debugging as well as improved resistance to fault injection attacks. The choice of the method used to generate the sequence of values and the protection parameter (s) is dictated by the intended application.

2) Application of the general principle of the second embodiment to the five methods described with reference to FIGS. 4 to 8

The method used by the first, second and third methods of FIGS. 4, 5 and 6 to generate the protection parameter a during the steps

100, 200, 300 and the parameters v, r2, r3 during the steps 102, 202, 302 may be one of those recommended in the second embodiment. In in addition, the parameters a, v, r2, r3 can have the same binary size and come from the same sequence of values (T = 4). Moreover, it is not useful to keep these parameters in memory since they can be retrieved at any moment from the sequence of values which is itself determined by the secret parameter (s) and the function F. Thus the parameters v then r1, r2 and r3 can be found in steps 120, 218, 312 without necessarily being kept in memory during the execution of the exponentiation. At these steps 120, 218, 312, the protection parameter a can also be found to verify that its integrity has been preserved during the exponentiation.

Similarly, the method used by the fourth and fifth methods of FIGS. 7 and 8 to generate the protection parameter a during steps 400, 500 and the parameter v during steps 402, 502 may be one of those recommended in FIG. second embodiment. In addition, the parameters a and v can have the same binary size and come from the same sequence of values (T = 2). Moreover, it is not useful to keep these parameters in memory since they can be retrieved at any moment from the sequence of values which is itself determined by the secret parameter (s) and the function F. This process of regenerating these parameters is even a useful step in the protection of the implementation against the attacks by injection of fault (s). Thus the parameter v then r can be found in steps 420, 518 without necessarily being stored in memory during the execution of the scalar multiplication. At these steps 420, 518, the protection parameter a can also be found to verify that its integrity, and that of the parameters used to generate it, has been retained during the scalar multiplication.

Additional protection may be added when executing the computation loop of the primitive, in each of the five aforementioned methods. We first generate a verification parameter s according to one of the methods recommended above, this parameter being added to the parameters a and v, M or a, v, M, r2 and r3. At each iteration in this computation loop, for example at step 118 of the first method, at step 216 of the second method, at steps 306 and 310 of the third method, at step 418 of the fourth method, and at the step 516 of the fifth method, we find s and deterministically extracted using the parameter s portions of at least a portion of the binary representations or representations according to another base b of the message M, the module N (in the case of RSA or RSA CRT), the private key d, etc. These portions are then noted Ms, Ns, ds, etc. and optionally combined to form a verification datum. The principle of this protection is to verify that at each iteration, the value of the verification data is unchanged. If this verification data changes, the data M, N, d, etc. can be scrambled for not being discovered and an alert can be triggered. Other data than M, N and d can be used, from the moment these data are used during the execution of the primitive. It is clear that the methods of countermeasure described above allow to design asymmetric cryptographic applications protecting the private key used against attacks by auxiliary channels, while limiting the extra cost in computing time to a very reasonable level. Note furthermore that the invention is not limited to the embodiments described and that, although many variants have been presented, others are also conceivable providing in particular other types of private key transformations than those which have been detailed, or other asymmetric cryptographic applications than those discussed.

Claims

1. Countermeasure method in an electronic component implementing a private key asymmetric cryptographic algorithm

(d), comprising the steps of:

generating (100; 200; 300; 400; 500) a protection parameter (a);

calculating (104; 204; 304; 308; 404; 504), using a cryptographic algorithm primitive, intermediate data from an input data item and the protection parameter (a ), characterized in that it further comprises the steps of:

dividing (110; 206; 306; 310; 410; 506) the binary representation of the private key (d) into several binary blocks;

transforming (112; 210; 306,310; 412; 510) each bit block with the protection parameter (a) and, for each transformed bit block, performing (114; 212; 306,310; 414; 512; ) an intermediate calculation using the primitive, and

computing (106-122; 206-220; 306; 310; 312; 314; 406-422; 506-520) output data by combining (116; 214; 306,310; 416; 514) the intermediate data. with intermediate calculations (114; 212; 306; 310; 414; 512).

A method of countermeasure in an electronic component according to claim 1, comprising the step of dividing (110; 206; 306,310; 410; 506) the binary representation of the private key so that the size of the each binary block (d) is greater than or equal to that of the binary representation of the protection parameter (a).

A countermeasure method in an electronic component according to claim 1 or 2, comprising the step of dividing (110; 206;

306, 310; 410; 506) the binary representation of the private key (d) into several binary blocks so that the sum of the sizes of the binary blocks is equal to the size of the binary representation of the private key.

A countermeasure method in an electronic component according to any one of claims 1 to 3, comprising the step of randomly determining (110; 410) iteratively the size of each binary block such that the value of each binary block is greater than the value of the protection parameter (d).

A method of countermeasure in an electronic component according to any one of claims 1 to 3, comprising the steps of:

choosing the size k of the binary representation of the protection parameter (a) so that there exists an integer u> 2 such that n = ku, n being the size of the binary representation of the private key (d), and - dividing (206; 506) the binary representation of the private key into u binary blocks of k bits each.

6. Method of countermeasure in an electronic component according to any one of claims 1 to 5, wherein the primitive is a modular exponentiation of the input data by the private key (d) for the realization of an algorithm cryptography type RSA or RSA CRT.

A method of countermeasure in an electronic component according to claim 6, comprising a prior step (102; 202; 302) of masking the RSA module and the input data.

8. Countermeasure method in an electronic component according to any one of claims 1 to 5, wherein the primitive is a scalar multiplication of the input data by the private key (d), for the realization of a cryptographic algorithm based on an elliptic curve in which the input data is a predetermined point of the elliptic curve.

A countermeasure method in an electronic component according to claim 8, comprising a prior step (402; 502) of masking the predetermined point of the elliptical curve.

The method of countermeasure in an electronic component according to any one of claims 1 to 9, further comprising the steps of: initially generating (102; 202; 302; 402; 502), reproducibly, at least one verification parameter prior to any execution of the primitive;

regenerating (120, 118, 218, 216, 312, 306, 310, 420, 418, 518, 516) this verification parameter in execution or after execution of the primitive and comparing the regenerated verification parameter with the parameter of verification generated initially.

A method of countermeasure in an electronic component according to claim 10, wherein the regeneration and comparison step (118; 216; 306,310; 418; 516) is performed at each iteration of the primitive when is applied to a transformed binary block.

A method of countermeasure in an electronic component according to claim 10 or 11, comprising the step of triggering an alert and scrambling at least the private key (d), if the regeneration and comparison step indicates a difference between the initially generated verification parameter and the regenerated verification parameter.

A method of countermeasure in an electronic component according to any one of claims 1 to 12, wherein the generation (100, 102, 200, 202, 300, 302, 400, 402, 500, 502) of the protection and / or verification parameter comprises the steps of:

defining a function (20 "a) generating, by successive applications to at least one secret parameter (S) predetermined and stored in memory (16), a sequence of values ((A _n )) determinable only from this secret parameter (S) and this function (20 "a),

- generating the protection parameter (a) and / or the verification parameter reproducibly from at least one value of this sequence.

A method of countermeasure in an electronic component according to claim 13, comprising the steps of:

defining a plurality of functions, each function being generator, by successive applications to at least one corresponding secret parameter (S) predetermined and stored in memory (16), a sequence of corresponding values ((A ' _n ), (A " _n )) determinable only from the corresponding secret parameter (S) and the corresponding function,

- combining the plurality of sequences of values ((A ¹ J, (A " _n )) generated using a predefined relation to generate a new sequence of values ((A _n )),

- Generate the protection parameter (a) and / or the verification parameter reproducibly from at least one value of this new sequence ((A _n )).

The method of countermeasure in an electronic component according to claim 13, comprising the steps of:

- defining a generating function, by successive applications to at least one secret parameter (S) predetermined and stored in memory (16), a sequence of values ((A ' _n )) determinable only from the secret parameter (S) and the function,

- combining the sequence of values ((A ¹ J) generated with public parameters of the cryptographic algorithm to generate a new sequence of values ((A _n )),

16. A microcircuit device (12 ', 12 "), comprising a microprocessor (18) for implementing a countermeasure method of a private key asymmetric cryptography algorithm (d), at least one memory secure (16) for storing the private key (d), and a data generator (20, 20 ") for generating a protection parameter (a), characterized in that it is configured to:

calculating (104; 204; 304; 308; 404; 504), using a cryptographic algorithm primitive, intermediate data from an input data item and the protection parameter (a )

transforming (112; 210; 306,310; 412; 510) each bit block with the protection parameter (a) and, for each transformed bit block, performing (114; 212; 306,310; 414; 512; ) an intermediate calculation using the primitive, computing (106-122; 206-220; 306; 310; 312; 314; 406-422; 506-520) output data by combining (116; 214; 306,310; 416; 514) the intermediate data. with intermediate calculations (114; 212; 306; 310; 414; 512).

The microcircuit device (12 ', 12 ") according to claim 16, wherein the microprocessor (18) is configured to randomly determine (110; 410) iteratively the size of each bit block so that the value of each binary block is greater than the value of the protection parameter (d).

The microcircuit device (12 ', 12 ") according to claim 16, wherein the data generator (20, 20") is configured to select the size k of the binary representation of the protection parameter (a) in such a way that that there exists an integer u> 2 such that n = ku, where n is the size of the binary representation of the private key (d), and wherein the microprocessor (18) is configured to divide (206; 506) the representation binary of the private key into u binary blocks of k bits each.

19. A microcircuit device (12 ', 12 ") according to any one of claims 16 to 18, wherein the primitive is a modular exponentiation of the input data by the private key (d) for the realization of a RSA or RSA CRT type cryptographic algorithm.

20. A microcircuit device (12 ', 12 ") according to any one of claims 16 to 18, wherein the primitive is a scalar multiplication of the input data by the private key (d), for the realization of a cryptographic algorithm based on an elliptic curve in which the input data is a predetermined point of the elliptic curve.

21. A microcircuit device (12 ', 12 ") according to any one of claims 16 to 20, configured to further initially generate (102; 202; 302; 402; 502), reproducibly, at least one parameter of checking before any execution of the primitive, regenerating (120, 118; 218, 216; 312, 306, 310; 420, 418; 518, 516) this checking parameter running or after execution of the primitive and comparing the check parameter regenerated at the check parameter initially generated.

22. Apparatus microcircuit (12 ', 12 ") according to any one of claims 16 to 21, wherein the data generator (20") is configured to generate (100, 102; 200, 202; _300, 302 400, 402, 500, 502) the protection parameter and / or the verification parameter in:

defining a function (20 "a) generating, by successive applications to at least one secret parameter (S) predetermined and stored in memory (16), a sequence of values ((A _n )) determinable only from this secret parameter (S) and this function (20 "a), and

The microcircuit device (12 ', 12 ") according to claim 22, wherein the data generator (20") is configured to:

defining a plurality of functions, each function being generator, by successive applications to at least one secret parameter (S) predetermined and stored in memory (16), of a sequence of values ((A ' _n ), (A " J) determinable only from the corresponding secret parameter (S) and the corresponding function,

combining the plurality of sequences of values ((A ' _n ), (A " _n )) generated using a predefined relation to generate a new sequence of values ((A _n )),

- defining a generating function, by successive applications to at least one secret parameter (S) predetermined and stored in memory (16), a sequence of values ((A ¹ J) determinable only from the secret parameter (S) and of the function, - combining the sequence of values ((A ' _n )) generated with public parameters of the cryptographic algorithm to generate a new sequence of values ((A _n )),

25. A portable device, in particular a smart card (30), comprising a microcircuit device (12 ', 12 ") according to any one of claims 16 to 24.