WO2009074727A1

WO2009074727A1 - Method for accessing a sub-word in a binary word, and related device and software

Info

Publication number: WO2009074727A1
Application number: PCT/FR2007/002062
Authority: WO
Inventors: Matthieu Rivain; Emmanuel Prouff
Original assignee: Oberthur Technologies
Priority date: 2007-12-13
Filing date: 2007-12-13
Publication date: 2009-06-18

Abstract

The invention relates to a method and an associated system for accessing a sub-word having an index j in a binary word (U, U') including 2w sub-words (U(O),..., U(2w-1)), from a binary index (j') masked by a corresponding binary mask (rj), wherein the method comprises: i) the step of splitting said word (U, U') into two halves (Ho(U), H1(U), UH, UL), respectively, of the most significant bits and of the less significant bits; ii) the step of selecting one of said halves of said word (U, U') based on the values of bits having the same index in, respectively, the masked index (j') and the corresponding mask (rj, rj1, rj2).

Description

METHOD FOR ACCESSING A SUBWORD IN A BINARY WORD- APPARATUS AND PROGRAM THEREOF

The invention relates to a method for accessing a subword in a binary word, as well as an associated device and program.

By way of illustration, in cryptographic processing methods, data masking is frequently used in order to fight against attacks, for example of the current analysis type (in particular the DPA type attacks thus named after the English "Differential Power Analysis ") or electromagnetic radiation analysis type.

Masking techniques consist in combining the data (that is to say in practice the number) that one wishes to use (in practice, to which one wishes to undergo an operation) with an unpredictable number for an external attacker (in general a random or pseudo-random number); thus, the values involved are different each time even using a constant data input, which makes it impossible for the attacker to deduce the internal data of the method (and in particular the cryptographic keys that it uses) from measurements made of outside. Part of the cryptographic security is obtained through the use of non-linear functions. For example, it is common to model a block cipheή by the combination of affine functions and nonlinear functions.The realizations of such nonlinear functions are particularly difficult to protect by masking, because of the non-linear function. linearity with respect to the masking operation.

An example of a cryptographic processing method is described by the international patent application WO 2007/116140 which implements a non-linear function of the S-box type (S-Box according to the Anglo-Saxon specialized terminology of the domain considered) applied to these hidden data.

Such boxes-S or "S-Boxes" are made in practice by means of a correspondence table (frequently referred to as table-S or look-up table [LUT] in this same domain) stored in the cryptographic device.

In practice, we seek to optimize the storage of this table despite the technical specificities of electronic devices implementing these cryptographic methods. One distinguishes particular constraints of material architecture which imposes the use of words of data

(called machine words) on 8, 16 or 32 bits.

A practical embodiment of the S-tables then consists in storing several output values of the table in the same machine word, for example four output values each representing 4 bits can be stored in a machine word. This reduces the number of machine words used for storage of the table-S.

Different conventions can be used to match the different bits of an input parameter of the S-table to the identification of the corresponding machine word and to the identification of the output value within said machine word (so-called also subword of the word machine).

The access to the word machine is realized with mechanisms secured in a conventional manner, or with those described in the rest of the application with reference to FIGS. 4 to 7.

In a secure environment, however, it is necessary to provide secure access to a subword of a word machine. In particular, the aim will be to provide the same degree of security as the other operations performed in the same environment, for example a protection with one or two degrees of masking to resist the leakage of order 2 detected by current analysis.

In particular, in the case of S-tables, the input value is usually masked so that the subword word identification bits within the machine word are also masked. There is thus a difficulty in accessing the corresponding subword effectively and safely. Although the above presentation fits in a cryptographic environment, it is clear that the problematic is independent of this environment and can be applied in a general way to access to a subword of a binary word from an index (identification of the sub word inside the word) hidden.

In order to respond to these difficulties, and in particular to provide access to a sub-word of a binary word in complete safety, the invention provides a method for accessing a subword of index j in a binary word. formed of 2 ^W subwords from a binary index masked by a corresponding binary mask, comprising i) a step of separating said word into two halves respectively the most significant bits and the least significant bits, ii) a step selecting one of said halves of said word according to the values of the bits of the same index in the masked index and the corresponding mask, respectively.

Indeed, we notice that according to the value of the most significant bit of j, the subword that we want to access is either in the left part (that is to say of high weight), or in the right part ( i.e., low-weight) of the binary word.

Thus, by combining the use of the respective bits of the masked index and its mask (i.e., bits contributing to obtain the corresponding bit of the unmasked index j), the portion of the masked index is effectively selected. word of interest, without manipulating the index j not masked. It is also noted that the invention is secured in that the index j is not manipulated directly.

Note that the invention can also be applied to binary words formed by a number of subwords other than a power of two, in which case said binary word is completed with the aid of subwords (possibly of same length as the subwords when they are of the same size) stuffing so as to form a binary word of 2 ^W subwords. The indexation of the subwords in the binary word must be adapted accordingly.

In a practical embodiment, the separation step i) comprises storing said word in two registers. Registers are thus used which, by their nature, are easier to access than memories. The invention makes it possible to successively isolate the different parts and sub-parts of the initial word to arrive at the desired subword. To do this, it is provided that the method comprises a plurality of iterations of steps i) and ii), and wherein each iteration comprises, after step ii), a step iii) of substituting said binary word by said selected binary half in step ii).

In particular, the method comprises w iterations for successively all the w bit indexes of said masked index and corresponding mask. Thus, by dichotomy, one accesses the desired subword (of index j) without additional operation. It is then expected to return said substituted binary word, corresponding to the desired subword, at the end of all the iterations.

In one embodiment, said binary word is masked by a corresponding mask, said method comprising j) a step of separating said mask corresponding to the word (U ') into two halves respectively the most significant bits and the least significant bits, jj) at least one step of selecting one of said halves of said mask corresponding to the word as a function of the values of the bits of the same index in respectively the masked index and the corresponding mask, said indexes of the steps ii) and jj) being identical.

This ensures that the desired half of the masked binary word and the corresponding half of the mask are kept at all times, which will allow effective unmasking to find the unmasked subword.

The binary masks associated with a Boolean addition function have the advantage of constituting a simple involutional masking function, making it possible to recover the input data value when it is masked twice by the same mask.

When a simple mask is used to hide a data

(masking order 1), the leakage of information on the masked data may be targeted in conjunction with the leakage of information on the mask to find information on the data in clear. This type of attacks commonly called second-order attacks can be avoided by using a second mask

(masking order 2).

The invention thus applies to any masking order, that is to say whatever the number of random masks applied to the data. In particular, the steps j) and jj) are performed at each iteration, and each iteration comprises after step jj), a step jjj) of substituting said mask corresponding to the word (U ') by said half selected at the step not a word).

We thus parallelize the dichotomy on the masked binary word and on the corresponding mask or masks. We then return the substituted mask corresponding to the word at the end of all the iterations. This provides all the elements to determine the unmasked subword.

According to a particular characteristic, the separation step j) comprises storing said mask corresponding to the word in two registers. According to another characteristic allowing different degrees of masking, said masks are composed of at least two sub-masks.

For this purpose, it is expected that said selection of step ii) is also a function of the bits of the same index in respectively the two sub-masks corresponding to the masked index. We take into account the influence of all the masks masking the index j. It is consequently without error to identify the subword of index j from the masked index j '.

Symmetrically on the determination of the subwords associated with the masks, said selection of the step jj) is also a function of the bits of the same index in respectively the two sub-masks corresponding to the masked index. In particular, steps j) and jj are performed for each of the two sub-masks corresponding to the word.

In another embodiment, said step of selecting steps ii) and, when it exists, jj) comprises a step of permutation of said two corresponding halves according to said bit of the masked index and a step of permutation of said two halves corresponding to said bit of the mask corresponding to the masked index. As we will see later, this combination "permutation" and "bit indices and masks" makes it possible to implement simple and effective embodiments of subword isolation.

In particular, for k iterations ranging from 0 to w-1, successively: said binary word is assigned to two registers in which a first register stores the high-order half of said binary word,

said registers are conditionally switched to the value of the k-th bit of said masked index,

-reverting said registers conditionally to the value of the k-th bit of said mask corresponding to the masked index, -on substitutes said binary word by said first register, and at the end of the iterations, returning said substituted binary word.

This simple realization is based on the use of a pair of registers that are switched.

According to a particular characteristic, said binary word is masked by a corresponding mask and for each iteration k,

said mask corresponding to the word with two registers is assigned where a first register stores the most significant half of said corresponding mask (r _u ) to the binary word,

-reverting said registers conditionally to the value of the k-th bit of said mask corresponding to the masked index,

substituting said mask corresponding to the word by said first register and at the end of the iterations, returning said corresponding substituted mask.

Due to the masking of the initial binary word, it is necessary to carry out in parallel the isolation of the subword of the corresponding mask.

Also, in the case of double masking of the index j ', it is expected that the permutations conditionally at the value of the k-th bit of said mask corresponding to the masked index comprise:

a permutation of the registers conditionally to the value of the k-th bit of a first sub-mask corresponding to the masked index a permutation of the registers conditionally to the value of the k-th bit of the second sub-mask corresponding to the masked index.

Thus, we take into account all the bits linking the masked index available and the unmasked index that we do not want to manipulate for security reasons.

According to a realization of the permutations that are simple to implement, the conditional permutation steps implement a function of permutation between the first and second registers, the said permutation function comprising the instructions of copying the second register in a buffer register, to copying said first register into one of two registers according to said condition and copying said buffer register to the other register not verified by the condition.

According to one variant, the conditional permutation steps implement a rotation function: Rotate ((R ₀ , Ri), l + b 1) where (R ₀ , Ri) are the two registers formed in the same double size register, I is the length of the first and second registers and b is a Boolean function of said condition, the Rotate function (R, x) rotating R on x bits to the right or left. In a particular embodiment of the invention, the selection step ii) comprises the determination of one of the said halves as a function of the bit of the masked index and its storage in a bit-dependent register of the corresponding mask, the another half being stored in a complementary register. By this embodiment and as illustrated below, no manipulated intermediate data is directly related to the index j. This ensures a great protection of the process to possible external attacks.

In particular, said bit of the corresponding mask is combined with a random bit to determine the storage register of said halves, and a function register of said random bit is returned. Also, it can be provided that said halves are masked during storage in said registers. Optionally, the selection step jj) may comprise the determination of one of the said halves of the mask corresponding to the word as a function of the bit of the masked index and its storage in a bit-dependent register of the corresponding mask, the other half being stored in a complementary register.

In particular, when said binary word is masked by a second mask, steps j) and jj) are performed for said second mask, and the selection step jj) for the second mask corresponding to the word comprises determining one of said halves of the second mask corresponding to the word according to the bit of the masked index and its storage in a bit-dependent register of said corresponding mask, the other half being stored in a complementary register.

According to a practical characteristic, said registers are internal registers and therefore better protected, in particular of a secure microcontroller, for example that implementing said method. This limits the transfer of data through a less secure data bus.

According to a particularly advantageous embodiment, said masks may be additive masks, for example Boolean masks. Thus, Boolean addition can be easily implemented using EXCLUSIVE OR (XOR) functions.

The method is for example implemented by a sequence of instructions stored in the electronic entity and executed by a microprocessor of the electronic entity.

The electronic entity may be in practice a microcircuit card, particularly suitable for this type of secure operations.

The invention also relates to a method for calculating an output data of a conversion table from an input data masked by at least one mask, said conversion table storing a plurality of words each composed of 2 ^W output data, the method comprises: - determining a word according to a part of said input data, - access to an output data component said determined word, the access being a function of other part of said input data and a mask part corresponding and the access being according to any one of the embodiments mentioned above.

The method is, for example, in a method of encryption or decryption of digital data, generally representing a message, but also potentially a cryptographic key, an intermediate data, or only part of such elements.

The invention also relates to an electronic device for accessing a subword of index j in a binary word formed of 2 ^W subwords from a binary index masked by a corresponding binary mask, the device comprising i) means for separating said word in two halves respectively the most significant bits and the least significant bits, ii) means for selecting one of said halves of said word as a function of the values of the bits of the same index in respectively the masked index and the corresponding mask.

This device may also include characteristics corresponding to the embodiments envisaged above for the method.

The invention finally proposes a computer program product comprising a sequence of instructions able, when executed by a microprocessor, to implement the method mentioned above.

Since the advantages, aims and special features of the calculation method, of this electronic device and of this computer program product are similar to those of the method that is the subject of the present invention, as briefly described above, they are not repeated here. . Other advantages, aims and particular features of the present invention will emerge from the description which follows, made for an explanatory and non-limiting purpose with reference to the accompanying drawings, in which:

- Figure 1 shows schematically the main elements of a possible embodiment for a microcircuit card; FIG. 2 represents the general physical appearance of the microcircuit card of FIG. 1; FIG. 3 represents, in the form of a logic diagram, the essential steps of an encryption according to the AES algorithm with masking;

FIG. 4 represents, in the form of a logic diagram, a first embodiment of the invention implemented in the method of FIG. 3; FIG. 5 represents, in the form of a logic diagram, a second embodiment of the invention implemented in the method of FIG. 3;

FIG. 6 represents, in the form of a logic diagram, a third embodiment of the invention implemented in the method of FIG. 3;

FIG. 7 illustrates, in the form of a logic diagram, one embodiment of the comparator function used in the various embodiments of FIGS. 4 to 6;

FIGS. 8a and 8b illustrate an example of implementation of the S-tables used in the embodiments of FIGS. 4 to 7;

FIG. 9 represents, in the form of a logic diagram, a first embodiment for accessing a subword of a binary word, for example stored in the S-table of FIG. 8b;

FIG. 10 represents, in the form of a logic diagram, a second embodiment for accessing a subword of a binary word, for example stored in the S-table of FIG. 8b; and FIG. 11 represents, in the form of a logic diagram, a third embodiment for accessing a subword of a binary word, for example stored in the S-table of FIG. 8b.

It will be noted that the embodiments relating to FIGS. 1 to 7 and the embodiments of FIGS. 8 to 11 constitute independent advances that may each be subject to specific protection.

An example of an electronic entity is a microcircuit card 10, the main electronic elements of which are represented in FIG. 1 and which comprises a microprocessor 2 connected on the one hand to a Random Access Memory (RAM) 4 and on the other hand to a non-volatile rewritable semiconductor memory 6, for example an erasable and electrically programmable read-only memory (or EEPROM of the English Electrically Erasable Programable Read OnIy Memory). Alternatively, the non-volatile rewritable semiconductor memory 6 could be a flash memory.

The memories 4, 6 are connected to the microprocessor 2 by a bus each in Figure 1; alternatively, it could be a common bus. The microcircuit card 10 also comprises an interface 8 for communication with a user terminal made here in the form of contacts, one of which, for example, provides a bidirectional link with the microprocessor 2. The interface 8 thus enables the establishment of bidirectional communication between the microprocessor 2 and the user terminal in which the microcircuit card 10 will be inserted.

Thus, during the insertion of the microcircuit card 10 into a user terminal, the microprocessor 2 will implement a method of operation of the microcircuit card 10, according to a set of instructions, stored for example in a read-only memory. (or Read-OnIy Memory ROM) - not shown - or in the rewritable memory 6, which defines a computer program. This method generally includes the exchange of data with the user terminal via the interface 8 and the data processing within the microcircuit card 10, and precisely within the microprocessor 2 with possible use of data stored in the rewritable memory 6 and data temporarily stored in the RAM 4. Examples of methods that implement the invention are given below.

FIG. 2 represents the general physical appearance of the microcircuit card 10 made with the general shape of a rectangular parallelepiped of very small thickness.

The communication interface 8 provided with the contacts already mentioned appears clearly on the face of the microcircuit card 10 visible in FIG. 2, in the form of a rectangle inscribed in the upper face of the microcircuit card 10. embodiments of the invention with reference to an AES type cryptographic algorithm ("Advanced Encryption Standard "according to the English terminology) represented synthetically in FIG.

It is nevertheless understood that the invention may for example be applied in the case of other algorithms involving a non-linear function, such as the DES algorithm, with for example the use of encryption blocks

(also known as "block ciphei"). The mask or masks applied to the input data of the non-linear function are not necessarily the X masks or masks applied at the beginning of the algorithm, but are generally deduced easily according to the mechanisms of the algorithm, for example as mentioned in WO 2007/116140 referred to above.

FIG. 3 represents the essential steps of the AES encryption method of a word M within the electronic entity.

The word M is generally a part of a message to be encrypted having for example a length of 128 bits. Other lengths are naturally conceivable, such as the lengths of 192 bits and 256 bits frequently used.

The example described here uses as electronic entity the microcircuit card described above with reference to Figures 1 and 2, but other types of electronic entity can naturally be used, such as for example a personal computer.

To do this, the electronic entity stores, for example within the non-volatile memory 6, a cryptographic key K from which subkeys Ko,... K _n are derived by means of a procedure of key expansion. Obtaining the subkeys K ₀ , ... K _n can be performed according to known techniques and therefore will not be described in detail here. For example, reference may be made to patent application FR 2 838 262.

It will be noted however that the invention described hereinafter for the calculation at the level of the S-boxes (or "S-box") involved with each iteration (or ROUND) of the AES algorithm, could be implemented during the application of the non-linear function used in the derivation algorithm of subkeys K ₀ , ...

K _n . The encryption process starts at step E100 by receiving, for example through the interface 8 of the microcircuit card, the word (generally a message part) M to be encrypted.

One then proceeds within the electronic entity to draw a random number X used as a mask of the word M during a step E102. Although the term "random number" is used, it is for example in practice a pseudo-random number determined inside the microprocessor 2. In general, the number X and any data referenced hereinbelow after as random must be a non-predictable number from outside the electronic entity. Then, during a step E104, the masking of the word M is performed in order to obtain a masked word M 'by combining the word M and the random number X by means of an EXCLUSIVE OR operation (frequently referred to as "XOR"). : M '= M Θ X.

When a simple mask is used to mask data (masking of order 1), the leakage of information on the masked data can be targeted together with the leakage of information on the mask in order to retrieve information on the data in clear. This type of attacks commonly called second-order attacks can be avoided by using a second mask (2nd-order masking). Thus, alternatively, it can be two masks X ₁ and X ₂ that are generated to doubly hide the message M: M '= M Θ Xi® X ₂ . This configuration provides protection for the message M at the second leakage order. In particular, an embodiment of the invention involving this double masking will be described below. In the sequel, the premium symbol will be assigned to masked values (here for example M ') while the quantities which do not bear the prime symbol represent the corresponding quantities without masking, that is to say as they would have been obtained. during the AES algorithm performed without masking; these quantities without masking are introduced here for explanatory purposes, but will not be manipulated by the method described here which uses their masked version, except of course for the quantities M and M _n used respectively in input and output. The different steps of the AES algorithm will now be carried out using the masked data M 'according to the steps described below which correspond to the conventional steps of the AES algorithm adapted to take account of the masking. This is done first of all the initial transformation by means of the subkey KB during a step E106 by applying the key Ko to the data by means of an operator EXCLUSIVE OR: M ' _o = M ¹ Θ K ₀ .

If we denominate M ₀ the result of the initial transformation without masking (Mo = M θ K ₀ ), we can notice that the result MO of the step E106 can be written M ' _o = Mo θ X. We thus notice that the result of step E106 corresponds to the result of the initial transformation without masking, masked by the value of the mask X.

Proceeding after the initial transformation to a step E108 of initialization to 1 of an index i subsequently identifying the iteration (or ROUND) concerned.

In the step E110, the masked word MVi obtained in the preceding step (step E106 after the initial transformation or preceding iteration) is subjected to a r iteration (ROUND) of the steps E110 and E112, in order to obtain a new masked word MV. Each iteration is designed so that the result obtained after the iteration M'j is equal to the result Mj after the iteration i in an algorithm without masking, masked with a mask X identical to that introduced in step E104: after each iteration , M'j = Mj θ X.

Alternatively, it can be provided that the masking is modified at each iteration, for example by unmasking M'j and re-masking with a new mask Y. As an example, this operation can be performed in step E210 mentioned in the aforementioned application WO 2007/116140.

Once the iteration or ROUND i is carried out, the value of the index i is incremented during a step E114, and then, during a step E116, the equality i = n is tested, where n is the number of i iterations plus one used in the algorithm concerned (usually 10 iterations for a 128-bit word). If the last iteration has not been reached (that is, the equality i = n is not satisfied), we return to step E110 for the implementation of the next iteration. On this occasion, and as indicated above, we can generate a new mask and use it to hide the result MV If on the other hand the last iteration is reached (that is to say when we check i = n ), the final transformation is carried out during a step E118, during which we obtain a word IW _n from the word M ' _n- i previously obtained, and this with use of the subkey K _n ( step E118).

The result of the final transformation M ' _n thus corresponds to the encrypted word obtained by means of the AES algorithm from the initial word M, masked with the previously defined mask X (or the last intermediate mask Y generated if it is desired to modify the masking during iterations).

Step E120 is then carried out to unmask the word obtained in step E118 in order to obtain the ciphered word M _n : M _n = M ' _n θ X (or with the mask Y). The encrypted word M _n can then be sent outside the electronic entity by means of the interface 8 during a step E122 which ends the encryption process by the electronic entity of the word M.

The present invention relates more specifically to the use of SBox during the iteration of steps E110 and E112. In the field of cryptography, the transformation M'M -> M'j can be modeled by the composition of three operations: an additive function of the derived key Kj, a nonlinear function and a linear function.

Step E110 illustrates the application of the non-linear function by the use of an S-box and described in more detail with reference to the embodiments below.

The step E112 then corresponds to the application of the two other functions, an example of which is proposed in the aforementioned application WO 2007/116140 in connection with FIG. 4, in particular sub-block bit shift steps (also known as step Shift Row), multiplication by a matrix (step called Mix Column) and addition of the key Kj (Add Round Key step). For the realization of the step E110, the table-S is stored in the nonvolatile memory 6, table also called conversion table (look-up table or LUT). The table receives input data of dimension m and provides output data of dimension n, in particular m can be equal to n. The invention also applies in the case where these two dimensions are different.

There are also two registers Ro and Ri whose use is described below. These registers are in particular binary registers capable of storing digital data output from the S-table (that is to say they have a suitable dimension at least equal to n allowing this storage). In particular, these registers are provided in the microcontroller of the card 10 or even in the microprocessor 2.

A first embodiment of step E110 is shown in FIG. 4. In step E200, the masked data MVi and the mask are available.

X, both represented in binary form of dimension m.

In step E202, a binary masking variable A is initialized to 0, which serves to define successive iterations of access to the table S. This value A takes values between 0 and 2 ^m -1 and is therefore the same dimension that M'M and X.

In step E204, the masking bit variable A of the current iteration, in this case the value 0 for the first iteration, is compared with the input mask X. To do this, we use a Boolean comparison function defined by:

compαre (x, y)

Thus, whatever the iteration considered, if A = X then the comparison gives the value cmp = 0, otherwise the value 1 is returned.

In this case if X is different from the mask 0, then the comparison function returns 1. In step E206, the table S is used to calculate the masked output datum B 'of SBox associated with M'μi® A, in particular masked by an output binary mask Z of dimension n: B' = S (MViθ A ) θ Z.

This binary value B ¹ is stored in the index register cmp calculated previously in step E204.

It will be noted that the value B ¹ is stored in the register R ₀ only if A = X, and in the register R ₁ if A ≠ X.

The value A of a bit unit is incremented in step E208.

In step E210, the masking value A is compared with 2 ^m , representing the number of entries of the table S.

In the case of a negative comparison, it is proceeded to a new iteration of the steps E204 to E210 which make it possible to access a new entry of the table S.

In the case of a positive comparison in step E210, all the entries of the table S have been traversed and the process of calculating the SBox is ended by returning (step E212) the value stored in the register R ₀ , possibly accompanied by the exit mask Z.

Note that the register R ₀ contains the value S (M ¹ M θ A) θ Z when A = X, namely S (M'μΦ X) θ Z = S (M _M Θ Xθ X) Z Z = S ( MM) θ Z. Thus, without directly manipulating the unmasked value MM, obtained its transform (masked in the first order) by the nonlinear function of the

SBox.

Note also that this implementation implements dummy or dummy operations in the sense that they are not taken into account in the calculation of the final value contained in R ₀ , c ' is the case of all the calculations stored in Ri.

In order to avoid the presence of such fictitious operations possibly detectable by a malicious attacker to determine the only non-factitious operation, it may be proposed to modify the above method by the following elements, illustrated by FIG.

We start from the same elements (step E300). Table S represents a so-called balanced nonlinear F function ("balanced!") In the sense that it verifies: cardinal [F ^"1 (y)] = 2 ^{m" π} for any binary element of length n.

Such balanced functions are still used in cryptographic applications requiring a high level of security.

During the initialization of step E302, the registers R ₀ and R ₁ are initialized, besides A to 0, each with the value Z of the output mask. In the presence of several masks, it will be necessary to store the combination of the output masks, for example ZiθZ ₂ .

In step E304, A and X are compared in a manner similar to step E204 above. In step E306, the register R _cm p of the output SBox value calculated for the mask A is increased: R _cmp <- R _cmp θ S (M ¹ _M θ A).

This is done for each of the masking values A of 0 to 2 ^m -1 (steps E308, E310 similar to steps E208 and E210).

At the end of the iterations, in step E312, the two registers are compared: cmp <- compare (R ₀ , Ri). This step returns 0 if the two registers are equal and 1 if they are different.

In step E314, the masked output data of the SBox is returned as R _o θ (cmp x Ri).

At the end of the algorithm, the register Ri comprises the value

Zω _e ^ A ^ F "S (MV SA _1). Because of the properties of the function F of SBox

A ≠ X

(balanced function), this value is equal, in a normal execution, to

S (M'MΘ X) Θ Z, that is to say identical to Ro-

Therefore, the comparison of the step E312 must return 0 in a normal execution and the algorithm then returns R ₀ = S (MViθ X) θ Z. The result E314 is then dependent on all the steps executed, bringing a gain of security.

Referring to Figure 6, there is shown another embodiment of the invention based on the assignment (pseudo) random registers and a protection against second-order leaks. It is understood that the assignment of the registers can also be applied to the embodiment corresponding to FIG. 4. In a symmetrical way, the implementation described with reference to Figure 5 can also be achieved by the use of double masking (or more) and the allocation of registers.

At step E400, we have the double masked data M'u and the mask Xi and X ₂ (MVi = (MM Θ XI) θ X ₂ ), all represented in binary form of dimension m.

In step E402, a boolean b is generated (pseudo) randomly, which therefore takes either the value 0 or the value 1. This same boolean is used for all the execution of the calculation on the SBox.

In step E404, the bit masking variable A to 0 is initialized, in a manner similar to that indicated above, which serves to define successive iterations of access to the table S.

In step E406, the combined value Xi® A of the masks Xi and A is compared with the input mask X ₂ . To do this, we use the function comparβ _b which derives from the function compare, identified previously, as follows: fb if x = y compαre _b (x, y) = \ -

\ b ij x ≠ y

One embodiment of this function (also applicable to the simple compare function) is described below with reference to FIG.

We note here that we combine Xi with A in order not to directly manipulate X-ιθ X2, which would correspond to a protection of order one (Xiθ X2 can be seen as a single input mask).

In step E408, the table S is used, similarly to step E206 above, to calculate the masked output datum B 'of SBox associated with MV ₁ Θ A, in particular masked by two output bit masks. Z ₁ and Z ₂ of dimension n: B '= S (MViθ A) θ Ziθ Z ₂ .

This binary value B 'is stored in the cmp index register calculated previously in step E406.

It will be noted that the value B 'is stored in the register R _b only if A = XiΘX ₂ , and in the other register if A ≠ XiΘX ₂ . It will also be noted that, because of the random determination of the value b at the beginning of a calculation by SBox, it is not always in the same register that one stores the output data corresponding to the combination of the input masks

(A = OCeX ₂ ).

The value A of a bit unit is incremented in step E410.

In step E412, the masking value A is compared with 2 ^m , representing the number of entries in the table S.

In the case of a negative comparison, it is proceeded to a new iteration of the steps E406 to E412 which make it possible to access a new entry of the table S.

In the case of a positive comparison in step E412, all the entries of the table S have been traversed and the process of calculating the SBox is ended by returning the value stored in the register R _b , possibly accompanied by the masks of Zi and Z ₂ output.

Note that the register R _b contains the value S (MViθ A) ΘZ-ι®Z ₂ when

namely S (M ¹ _M eXIeX ₂ ) SZiSZ ₂ = S (M _{1 -1} eX ₁ ex ₂ eXiex ₂ ) ez ₁ e ₂ = S (MM) ΘZI ₂ .

Thus, without directly manipulating the unmasked MM value obtained its transform (masked to the first order) by the nonlinear function of the SBox.

It is noted that the comparisons involving the masking value A and carried out above, can be implemented not a bit-by-bit comparison of the two parameters of the compare functions.

Nevertheless, FIG. 7 proposes an alternative embodiment of the compare function _b , also applicable to the compare function, using a table T of Boolean values of 2 ^m entries (same input number as the S-table and that the possible values of AT). The comparison function is thus implemented by a simple read access to the table T.

To do this, during an initialization step, for example during step E402, the random generation of an index r3 is performed: r?> <- rαndini)

(step 500). In step 502, the table T is initialized with the value b (where b is the complement of b) to each of the entries from the boolean generated in step E402: T <- $; b; b; . b}. In step 504, the value of the boolean b is assigned to the input corresponding to the generated index r3: τ [r3] <- b.

So, at the end of the initialization process, we have a table T configured as follows: if x = r3

^LJ U ssiiinon

When using the comparison function (steps E204,

E304, E406), two values α and β are compared (step E506) generally corresponding to the masking data (possibly combined with a mask) and to an input mask. The comparison then consists of the step E508 to return the entry of the index table (α Θ r3) θ β. Indeed, if α = β, then the process returns

T [r3] = b.

Thus, the embodiments as described above make it possible to secure the calculation of a masked SBox output from a masked input for the traditionally used masking orders, namely for first-order masking as well. second-order masking.

Whatever the embodiment envisaged above, the hardware architecture of the electronic equipment, such as the microcircuit

10, sometimes imposes the use of machine words on a certain number of bits, for example 8 bits _; 16 bits or 32 bits. Thus, when the output data are words of a smaller number of bits, for example 4 bits, several output words S (M) are stored in a single word machine. Figures 8a and 8b illustrate this practical embodiment. On the face

8a, we observe the table S used above having 2 ^m output words of length n. In FIG. 8b, the practical embodiment stores the output words of length n, here 2 bits, on machine words of length 2 ^w n, here 16 bits (w is then equal to 3). The storage of the set of output words S (M) then only requires the use of 2 ^{m "w} machine words, each respectively storing 2 ^W output words S (M) (also hereinafter referred to as" sub-words "). In this way, an efficient storage is obtained The table thus formed comprises 2 ^{m "w} words of length 2 ^w n.

The output words are stored so that the word is accessed

S (M) by selecting a Smachine machine word (M _H ) from the most significant mw bits of M (noted for the sequence M _H ) and by recovering the subword of the selected word from the least significant w bits of M (hereinafter noted

M _L ). In particular S _maC hine (M _H ) = {S (M _H , O), S (MH, 1) S (M _H , 2 ^w -1)}.

Another convention which breaks down the word M can also be envisaged, for example selecting the word machine from the central bits of M and selecting the subword from extreme bits of M (for example the two most significant bits and the least significant bit).

In view of the foregoing, the machine word Sm _ach in _e (M _H ) can be calculated in a secure manner by applying the algorithms mentioned above in connection with FIGS. 4 to 7 to the most significant parts of M '. and his mask X.

Thus recovered _my S c _h ine (MH) optionally masked, depending on MVI H, AH OR NMR (optionally XI, H and X _2, H at the double masking) (index M representing the most bits mw significant). Without output masking, S _maC hine (MH) is recovered.

With a simple exit masking using the mask Z, we recover S _mach in _e (M _H ) ΘZ (Z of length mw).

With a double output masking using the Zi and Z ₂ masks, recovering S _mach ine (MH) © ZiθZ2 (Zi and Z ₂ length mw). Higher masking orders can also be envisaged without complicating the mechanisms described below.

On the other side, we have M'ML, XL (possibly XI, L and X ₂ , L during the double masking) which correspond to the bits of identification of the output word inside the machine word S _maCh j _n e (M _H ), possibly masked. Referring now to FIGS. 9 to 11, various mechanisms are described for extracting the subword (and thus the output word) efficiently and possibly safely with respect to the degrees of masking. of index MM, L of the machine word Sma _ch ine (M _H ) possibly masked at the output, from the masked index M'ML and masks A _L or XL and possibly X ₁ , _L and X _2lL .

To simplify the notation, we now write U (or U ¹ if masked) the machine word, the masked index, η (η1 and η2) the masks of the index, r _u (r _u 1 and r _u 2 ) the output masks possibly masking the machine word U '. We now try to extract the subword U (j) from j 'and the masks of j ¹ (or extract U' (j) and the corresponding output masks noted s _u (s _u 1 and s _u 2) ), that is, without manipulating j for security reasons. These different mechanisms generally concern the access to a subword of index j in a binary word (U, U ') formed of 2 ^W subwords (U (O), ..., U (2 ^W -1 )} from the binary index j 'masked by a corresponding binary mask r _j , comprising i) a step of separating said word (U, U') into two halves (H ₀ (U), Hh (U), U _H , UL) respectively of the most significant bits and the least significant bits, ii) at least one step of selecting one half of said word (U, U ') as a function of the values of the bits of the same index in respectively the index j 'and the mask T _j . Indeed, we notice that according to the value of the most significant bit of j, the subword that we want to access is either in the left part (that is to say of high weight), or in the right part ( that is, low weight) of U. Thus, by combining the use of the respective bits of the masked index and its mask (i.e. bits contributing to obtain the corresponding bit of the index j not masked), we effectively select the part of the word of interest, without manipulating the index j unmasked.

In particular, we will choose subwords of the same length. A first embodiment of these mechanisms is illustrated using the word U = 1010011101101101 composed of 8 subwords of index ranging from 000 (heavy-weight sub-word - left) to 111 (sub-word of low weight - right), based on Figure 9. More specifically, we want to access the subword whose masked index j 'is 101 and its mask η 111 (we remind I≈jθη). Note that j = 101θ111 = 010, so we want to access the subword 01 composed of the 5th and 6th bits of U from the left.

This realization implements the following algorithmic steps: for k = 0 to w- 1 (Ro, Ri) <- U swapj. _[k] (Ro, Ri) swaprj _t k] (Ro, Ri) U ^ R ₀ return R ₀ where R ₀ and Ri are two registers of length at least equal to the half-length of U, in this case at least 8 bits , and swapb (Ro, Ri) is a function that reverses the contents of both registers when b = 0:

, v f NOP if b = 0 ^^ '^ {swapiRM if b = l -

Such a swap function _b can be implemented by the following steps: tmp <- Ri Rb <- Ro R _Έ <- tmp

Alternatively, swap _b can be implemented using the Rotate function (Rx) which rotates R on x bits to the right or to the left, by swapb (Ro, Ri) = Rotate ((R ₀ , Ri), l + bl) where I is the length of the registers. Here, we will use a single register R composed of two equal parts Ro and Ri, so that the bit shift potentially shifts the bits from one part of the register R to the other.

As an alternative to using two registers, it is possible to use a double register (length 2I ₁ here at least 16 bits) consisting of two parts. In step E600, a counter k is initialized to 0. In step E602, the two registers R ₀ and R ₁ , U _H (10100111) and U _L (01101101) are assigned.

In step E604, the swap function _b is applied as a function of the most significant bit of the index j '= {j' [O], j '[1], ..., j' [w-1] }: JTk = O] = I Here, we then interchange the two registers: Ro = 01101101 and Ri = 10100111.

In step E606, the swap function _{b is} again applied as a function of the bit of the same index k, and therefore the most significant of the mask η: rj [k = 0] = 1. Here, we then interchange the two registers: Ro = 10100111 and Ri =

01101101.

In step E608, the value of U is replaced by the contents of the register

R ₀ .

In step E610, the iteration value k: k = 1 is incremented. In step E612, compare k with w (here w = 3). As k <3, return to step E602 by distributing the new value of U in the two registers: R ₀ = 1010 and Ri = 0111.

Since j '[k = 1] = 0 and η [k = 1] = 1, a single permutation of the two registers is performed during step E606: R ₀ = 0111 and R ₁ = 1010. step E608, U = 0111.

At step E612, k = 2, so return to step E602. The iteration k = 2 leads to Ro = 01 and Ri = 11 because two permutations were carried out at steps E604 and E606.

At step E612, k = 3 = w, so we go to step E614 by which we return U = 01. We obtain the subword expected.

Note that at each iteration, the size of U decreases by half and thus converges by dichotomy to the desired subword.

The security of this mechanism is ensured by the application of the permutation functions (inversion of the two registers) to all the iterations (with different parameters) even if no permutation results from it.

In general terms, the swap operation as envisaged above, when used conditionally, gives a high degree of security when it comes to identifying (for example, selection or isolation) one of two. As such, it may be envisaged protection of this approach independent of the other teachings described in this application. It can be noted that by using an indexation of j ¹ (and its masks) not from left to right but from right to left, it is necessary to proceed to an additional swap within each of iterations k. In order to provide first order data masking protection, the embodiment described above can be extended to the masked data U ¹ by means of a random mask r _u . In this case, it is desired to determine not only the subword of U ¹ (as described above) which is suitable but also the sub-word corresponding r _u . The access to the sub word r _u (j) from the machine word r _u is similar to the mechanism above.

In each of the iterations k, steps E602 ', E604', E606 ¹ and E608 'applied to the mask r _u , similar to those of the corresponding number E602, E604, E606 and E608, are carried out just after step E608. The algorithm proposed above then becomes: for k = 0 to w-1 (R ₀ , Ri) "- U 'swapj. _[k] (Ro, Ri) swap _rj [k] (Ro, Ri) U '* - R ₀

(Ro, Ri) <- r _u swapj. _[k] (R ₀ , Ri) swap _{rj [k]} (Ro, Ri) IU <- Ro return (U ', r _u )

At the end of the algorithm (step E614), the values U 'and r _u corresponding to the desired subwords are obtained, such that U' = U θ r _u , where U is the output value (of the box S) which is not masked. .

With reference to FIG. 10, a more secure embodiment implementing a double masking of the values, both for the index j '(masks η1 and η2) and for the word U' (masks r _u 1 and r, is described with reference to FIG. _u 2), by example resulting from step E414 above applied to the determination of Smac _h in _e (M _H ). These double masks can of course be applied independently.

This embodiment differs from that of FIG. 9 in substance by the application of the swap function three times as a function of corresponding bits in the index j 'and in each of the two masks η1 and η-2 (it can be seen that so that the invention can be extended without difficulty to higher masking orders by performing a number of permutations equal to 1 + number of masks of j) and by the determination of the subwords in the word U ¹ and in each of the masks r _u 1 and r _u 2 of U. For a homogeneity of safety, it is advisable to choose the same degree of masking of the index j and the binary word

U.

Steps E700 to E704 do not differ from steps E600 to E604.

Since two masks of index η1 and η2 are used, two conditional permutations are carried out in steps E706 and E708 respectively indexed on the two corresponding bits of the two masks T _j 1 [k] and η2 [k].

Step E710 is the same as Step E608 above.

In the same iteration, the two mask portions r _u 1 and r _u 2 corresponding to steps E702 'to E710' and E702 "to E710" are similarly calculated.

In step E712, k is incremented to form w iterations (comparison at step E714).

In step E716, U 'is returned, r _u 1 and r _u 2 representing the desired subwords (hence output values of the table S) of the initial words. These three values satisfy: U '= U ® r _u 1 Θ r _u 2.

In order to further increase security, in particular by avoiding the use of intermediate variables U 'and U' (j), which are a potential weakness due to index dependence j, the following mechanism is proposed with reference to Figure 11. Although described using double masking, the mechanism applies to simple masking or even the absence of masking of the word U.

We first define the two functions Ho (y) and H-ι (y) which respectively return half of the most significant bits of y and half of the least significant bits of y. These two functions are easily achievable using the swap function _b evoked above, for example as follows:

H _b (y): (Ro, Ri) <- y swap _b (Ro, Ri) return Ro

The mechanism for accessing the subword of index j can be implemented using the following instructions: for k = 0 to w-1

(U ', r _u 1, r _u 2) <- Select (2 ^{w "1} - ^k n, (U', r _u 1, r _u 2), (j '[wk], ηifw-k], η2 [wk])) return (U ', r _u 1, r _u 2) where the function Select receives in parameter a long dimension (2 ^{w "1" k} n representing the size of a word half U', r _u 1 and r _u 2 which one wishes to recover at the end of the iteration considered), a first 3-tuple of a masked word and the two associated masks, and a second 3-tuple of a masked bit (here the bit index wk of the index j) and the two associated masks, and returns a 3-tuplet (U ¹ , r _u 1, r _u 2) satisfying U ¹ Θ r _u 1 θ r _u 2 = H _{j [w} _k] (U).

It is thus seen that, by iterating this function for each of the bits composing the index j, the halves of the word corresponding to the different bits of the index j are successively isolated to arrive at the subword of U 'of index j accompanied by subword of the corresponding masks.

We also note that the application of this mechanism to simple masking involves 2-tuple and not 3-tuple (also expandable q masks and q-tuples).

In step E800, an iteration value k is initialized to 0. The steps E802 to E820 illustrate an embodiment of the Select function. In step E802, two random masks of length / 0A7 £ F2 ^w - ¹ - ^k n are generated.

In step E804, a random boolean b is generated.

In step E806, a masked bit is calculated from the boolean b and the index bits k (starting from the most significant bit to the least significant bit as iterations occur) in respectively the two masks of the index j ': b'<- (r _j 1 [wk] θ b) θ r _j 2 [wk]

In this step, care is taken to perform the XOR operations in the order of the parentheses, namely first η1 [wk] θ b, then the addition of the result with the boolean η2 [wk]. Indeed, by respecting this order, one guarantees a protection against the attacks of order 2 since one does not handle directly the value η1 [wk] ® r _j 2 [wk] which could be seen like a simple mask not protecting the bit j [wk] only by a masking of order 1.

For the following steps E808 to E818 (which can be interchanged with each other as independent), three pairs of addressable registers, hereinafter referred to as A ₀ , Ai (assigned to the word U), Bo, Bi (assigned to the first mask of U), C ₀ and Ci (assigned to the second mask of U).

We successively assign:

at the register A indexed by b ¹ calculated in step E806, the portion Hj ' _[wk ] (U') masked by one (ti) of the random masks generated in step E802:

A _{b '} <- Hj. _tw . _k] (U ') θ ti

at the other register A, the other part of U ¹ masked by the same mask.

The same is true for the two masks r _u 1 and r _u 2, which use respectively the other mask t ₂ and the combination of the two masks t | and t.2, and are stored in pairs in B ₀ , B ₁ , C ₀ and C _{1 respectively} .

At this stage, we could prove that for the index 'w-Zc ¹ above, whatever the values of the two masks η1 [wk] and η2 [wk], we have:

(A _b , B _b , Cb) = (Hj [ _WK ] (U ') θ ti, H _{j [w.k} _] (r _u 1) φ t ₂ , H _{j [wk]} (r _u 2) Φ tiΦ t ₂ )

( ^v Ar b3 ' _ïï b,' C _ïï b) '= (

^v H-j [wk] ( ^v U ')' and the values stored in the registers verify:

A _b Φ B _b θ C _b = H _{j [wk]} (U). Due to the independence of these values from those of x {\ and η2, independence is obtained with respect to the index j, and thus increased security.

Thus, in step E820, substitute (A _b , B _b , C _b ) for the preceding values (U ', r _u 1, r _u 2). Then, k is incremented at step E822.

Compare k and w to determine if the iterations are terminated in step E824 (similar to steps E612 and E714 above, with return to step E802 for a new iteration).

At the end of the iterations (step E826), we return (U ', r _u 1, r _u 2) which respectively correspond to the hidden subword searched and to the two subwords of masks which make it possible to unmask the subword U obtained: U 'θ r _u 1 θ r _u 2 = U.

The use of the random parameters ti, t ₂ and b is not essential. It nevertheless provides a guarantee of security of the algorithm because, on the one hand, it protects the values manipulated by a double mask (t | and t ₂ , which can be reduced to a simple mask if necessary) and on the other hand, to assign the desired result arbitrarily in one or other of the two registers indexed on b. In the absence of b, return to step E826

A ₀ , B ₀ and C ₀ . In the absence of ti and t. ₂ , the long parameter is not necessary in the Select function shown above.

In the above mechanisms in connection with FIGS. 9 to 11, the values j '[k], rj [k], η1 [k] and η2 [k] play symmetrical roles so that it is possible to envisage to invert their positions in these mechanisms, for example the value b 'at the step E806 can use j' instead of the mask η1 and the functions H of the steps E808 and E814 are then indexed by the mask η1.

Thanks to these mechanisms, we securely access a subword of a particular word masked, consisting of a plurality of subwords, using an index also masked.

The foregoing examples are only embodiments of the invention which is not limited thereto.

Claims

1. Method for accessing a subword of index j in a binary word (U,

U ') formed of 2 ^W subwords (U (O), ..., U (2 ^W -1)} from a masked binary index (j ¹ ) by a corresponding binary mask (η), comprising i) a step of separating said word (U, U ¹ ) into two halves (H ₀ (U), H ₁ (U), UH, U _L ) respectively of the most significant bits and least significant bits, ii) a step of selecting one of said halves of said word (U, U ') as a function of the values of the bits of the same index in respectively the masked index (j ¹ ) and the corresponding mask (η, η1, x {λ ).

The method according to claim 1, wherein the step of separating i) comprises storing said word (U, U ') in two registers (R ₀ ,

Ri ₁ Ao ₁ A ₁ ).

3. Method according to one of the preceding claims, comprising a plurality of iterations of steps i) and ii), and wherein each iteration comprises after step ii), a step iii) of substituting said binary word (U, U ') by said binary half selected in step ii).

4. Method according to the preceding claim, comprising w iterations for successively the set of w bit indexes of said masked index (j ¹ ) and corresponding mask (rj, ηl, η2).

5. Method according to one of claims 3 and 4, wherein said substituted binary word (U, U ') is returned at the end of all the iterations.

6. Method according to one of the preceding claims, wherein said binary word (U ') is masked by a corresponding mask (r _u , r _u 1, r _u 2), said method comprising j) a step of separating said mask (r _u , r _u 1, r _u 2) corresponding to the word (U ') in two halves (H ₀ (r _u ), H ₁ (^)) respectively the most significant bits and the least significant bits, dd) at least one step of selecting one of said halves of said mask _(Ul r r _u 1, _u 2 r) corresponding to the word (U ¹⁾ according to the bit values of the same index in respectively the hidden index (j ¹ ) and the corresponding mask (η, η1, η2), said indexes of steps ii) and jj) being identical.

7. Method according to the preceding claim in dependence on one of claims 3 to 5, wherein the steps j) and jj) are performed at each iteration, and each iteration comprises after step jj), a step jjj) substitution said mask (r _u , r _u 1, r _u 2) corresponding to the word (U ') by said half selected in step jj).

8. Method according to the preceding claim, wherein we return the substituted mask (r _u , r _u 1, r _u 2) corresponding to the word (U ') at the end of all the iterations.

9. Method according to one of claims 6 to 8, wherein the separation step j) comprises storing said mask (r _u , r _u 1, r _u 2) corresponding to the word (U ') in two registers ( R ₀ , R ₁ , B ₀ , Bi ₁ C ₀ , Ci).

10. Method according to one of the preceding claims, wherein said masks (η, r _u ) are composed of at least two sub-masks (ηi, r _u i,

11. Method according to the preceding claim wherein said selection of step ii) is also a function of the bits of the same index in respectively the two sub-masks (η1, η2) corresponding to the masked index (j ¹ ).

12. The method of claim 10 or 11 in dependence on claim 6, wherein said selection of step jj) is also a function of the bits of the same index in respectively the two sub-masks (η1, η2) corresponding to the masked index (] ') •

13. Method according to one of claims 10 to 12, in accordance with claim 6, wherein the steps j) and jj) for each of the two sub-masks (r _u 1, r _u 2) corresponding to the word are carried out. (U ').

14. Method according to one of claims 1 to 13, wherein said step of selecting steps ii) and, when it exists, jj) comprises a step permutation (E604, E604 ¹ ) of said two corresponding halves according to said masked index bit G ') and a permutation step (E606, E606') of said two corresponding halves as a function of said mask bit (η, η1, η2) corresponding to the masked index (j ¹ ) -

15. Method according to the preceding claim, wherein for k iterations ranging from 0 to w-1, successively:

said binary word (U, U ') is assigned to two registers (R ₀ , Ri) in which a first register stores the high-order half of said binary word,

these perms are switched conditionally to the value of the k-th bit of said masked index (j '[k]),

-reverting said registers conditionally to the value of the k-th bit of said mask corresponding to the masked index (η [k]),

substituting said binary word (U, U ') for said first register, and at the end of the iterations, returning said substituted binary word.

16. Method according to the preceding claim, wherein said binary word (U ') is masked by a corresponding mask (r _u , r _u 1, r _u 2), and for each iteration k,

said corresponding mask (r _u , r _u 1, r _u 2) is assigned to the two-register word (Ro, Ri) in which a first register stores the high-order half of said corresponding mask (r _u ) with the binary word,

these perms are permuted conditionally to the value of the k-th bit of said masked index (j '[k]) _>

-reverting said registers conditionally to the value of the k-th bit of said mask corresponding to the masked index (η [k]) -on substitutes said corresponding mask (r _u , r _u 1, r _u 2) to the word by said first register and at the end of the iterations, returning said corresponding mask (r _u , r _u 1, r _u 2) substituted.

17. Method according to the preceding claim in dependence on claim 10, wherein the permutations conditionally to the value of the k-th bit of said mask corresponding to the masked index comprise: a permutation of the registers conditionally to the value of the k-th bit of a first sub-mask (η1, η2) corresponding to the masked index

a permutation of the registers conditionally to the value of the k-th bit of the second sub-mask (rj1, η2) corresponding to the masked index.

The method according to one of claims 15 to 17, wherein the conditional permutation steps implement a permutation function between the first and second registers, said permutation function comprising the instructions of copying the second register into a buffer register, copying said first register into one of two registers according to said condition and copying said buffer register to the other register not verified by the condition.

19. Method according to one of claims 15 to 17, wherein the conditional permutation steps implement a rotation function: Rotate ((R ₀ , Ri), l + bl) where (Ro, Ri) are both registers formed in the same double size register, I is the length of the first and second registers and b is a boolean function of said condition, the Rotate function (R, x) rotating R on x bits to the right or to the left .

The method according to one of claims 1 to 13, wherein the step of selecting ii) comprises determining one of said halves as a function of the bit of the masked index (j ¹ ) and its storage in a register ( A ₀ , AO depending on the bit of said corresponding mask (r _j , rj1, η2), the other half being stored in a complementary register.

21. Method according to the preceding claim, wherein said bit of the corresponding mask (η, rji, η2) is combined with a random bit (b) to determine the storage register of said halves, and returns (E820) a function register of said random bit (b).

22. Method according to one of claims 20 and 21, wherein said halves are masked during storage in said registers.

23. The method according to one of claims 20 to 22 in dependence on claim 6, wherein the selection step jj) comprises the determining one of said halves of the mask (r _u , r _u 1, r _u 2) corresponding to the word as a function of the bit of the masked index (j ¹ ) and storing it in a dependent register (B ₀ , B ₁ ) bit of said corresponding mask (η, η1, η2), the other half being stored in a complementary register.

24. Method according to the preceding claim, wherein said binary word (U ¹ ) is masked by a second mask and steps j) and jj) are performed for said second mask (r _U2 ), and the selection step jj). for the second mask corresponding to the word comprises the determination of one of said halves of the second mask (r _U2 ) corresponding to the word as a function of the bit of the masked index (j ¹ ) and its storage in a register (C ₀ , Ci) depending on the bit of said corresponding mask (η), the other half being stored in a complementary register.

25. Method according to one of claims 15 to 24, wherein said registers (R ₀ , Ri, A ₀ , Ai, B ₀ , Bi, C ₀ , Ci) are registers of a secure microcontroller (2).

26. A method according to any one of the preceding claims, wherein the masks are additive masks.

27. Method according to the preceding claim, wherein the masks are Boolean masks.

28. Method according to one of the preceding claims, implemented by a sequence of instructions stored in an electronic entity (10) and executed by a microprocessor (2) of the electronic entity.

29. The method according to the preceding claim, wherein the electronic entity (10) is a microcircuit card.

30. A method of calculating an output data (S (M)) of a conversion table (S-table) from an input data (M ') masked by at least one mask (X, Xi, X ₂ ), said conversion table storing a plurality of compound words (S _m a _ch in _e (M _H )) each of 2 ^W output data, the method comprises: - determining a word as a function of a part (MΗ, MH) of said input data, access to an output datum constituting said determined word, the access being a function of the other part (M ' _L ) of said input datum and of a corresponding mask part (XL, XI, L, X 2, L) ^and being according to any one of the preceding claims.

31. Electronic device for accessing a subword of index j in a binary word (U, U ') formed of 2 ^W subwords {U (0), ..., U (2 ^W -1) } from a masked bit index (j ¹ ) by a corresponding bit mask (r _j ), the device comprising: i) means for separating said word (U, U ') into two halves (H ₀ (U)) , Hi (U), UH, U _L ) respectively the most significant bits and the least significant bits, ii) means for selecting one of said halves of said word (U, U ¹ ) as a function of the values of the bits of d a same index in the masked index (j ¹ ) and the corresponding mask (r ,, η1, r _j 2) respectively.

32. Device according to claim 31, wherein the separating means comprise two registers (R ₀ , Ri, A ₀ , Ai).

33. Device according to one of claims 31 and 32, wherein said mask (η, η1, η2) is composed of at least two sub-masks (rji, rp-) and the selection means are able to select said half according to the bits of the same index in respectively the two sub-masks (η1, η2) corresponding to the masked index (j ¹ ).

34. Apparatus according to one of claims 31 to 33, wherein said selection means comprises first means for permutation of said two corresponding halves as a function of said bit of the masked index (j ¹ ) and second means of permutation of said two corresponding halves according to said mask bit (r _j , η1, r _j 2) corresponding to the masked index (j ¹ ).

35. Apparatus according to the preceding claim, wherein - said first permutation means are capable of permuting two registers (R ₀ , Ri) conditionally with the value of the k-th bit of said masked index (j ' _. said second permutation means are capable of permuting said registers conditionally with the value of the k-th bit of said mask corresponding to the masked index (η [k]), the device further comprising: means for assigning said binary word (U, U ¹ ) with two registers (Ro,

Ri) where a first register stores the high-order half of said binary word,

means for substituting said binary word (U, U ¹ ) with said first register,

means for returning the value of said substituted bit word.

36. Device according to one of claims 34 and 35, wherein the conditional permutation means comprise a permutation function between a first and a second register, said permutation function comprising instructions to copy the second register in a buffer register copying said first register into one of two registers according to said condition and copying said buffer register to the other register not verified by the condition.

37. Device according to one of claims 34 and 35, wherein the conditional permutation means comprise a rotation function: Rotate ((R ₀ , Ri), l + bl) where (Ro, Ri) are two registers formed in the same double size register, I is the length of the first and second registers and b is a boolean function of said condition, the Rotate function (R, x) rotating R on x bits to the right or left.

38. Device according to one of claims 31 to 33, wherein the selection means comprises means for determining one of said halves according to the bit of the masked index (j ¹ ) and storage means of said half determined in a register (Ao, Ai) depending on the bit of said corresponding mask (η, η1, η2), and the other half in a complementary register.

39. Device according to the preceding claim, comprising combinatorial means of the bit of the corresponding mask (rj, η1, r _j 2) with a bit random (b) so as to determine the storage register of said halves, and means adapted to return a function register said random bit (b).

40. Device according to one of claims 38 and 39, comprising means for masking said halves determined during their storage in said registers.

41. Device according to one of claims 32 and 35 to 40, wherein said registers (R ₀ , Ri, Ao, A ₁ , B ₀ , Bi, Co, Ci) are registers of a secure microcontroller (2) .

42. A computer program product comprising a sequence of instructions adapted, when executed by a microprocessor, to implement a method according to one of claims 1 to 30.