EP1558982A2 - Power supply for an asynchronous data treatment circuit - Google Patents

Power supply for an asynchronous data treatment circuit

Info

Publication number
EP1558982A2
EP1558982A2 EP03780268A EP03780268A EP1558982A2 EP 1558982 A2 EP1558982 A2 EP 1558982A2 EP 03780268 A EP03780268 A EP 03780268A EP 03780268 A EP03780268 A EP 03780268A EP 1558982 A2 EP1558982 A2 EP 1558982A2
Authority
EP
European Patent Office
Prior art keywords
asynchronous
circuit
data
energy
supply
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP03780268A
Other languages
German (de)
French (fr)
Inventor
Vincent Deveaud
Pierre-Yvan Liardet
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics SA
Original Assignee
STMicroelectronics SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics SA filed Critical STMicroelectronics SA
Publication of EP1558982A2 publication Critical patent/EP1558982A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/81Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer by operating on the power supply, e.g. enabling or disabling power-on, sleep or resume operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory

Definitions

  • the present invention relates to integrated circuits or integrated circuit elements performing asynchronous processing of digital data.
  • the invention relates more particularly to circuits handling data which it is desired to protect, for example, confidential data or authentication keys.
  • a common type of data attack on an integrated circuit executing secure algorithms is to analyze the consumption of the integrated circuit or the part of it executing the algorithm handling secret data.
  • Such attacks by consumption analysis are known by the abbreviations SPA (Single Power Analysis) or DPA (Differential Power Analysis) and consist in analyzing the consumption of an integrated circuit as a function of the data which it processes in order to discover supposed data. be secret.
  • the circuit In an asynchronously operating circuit, the circuit provides the output data along with information that this data is available, once it has completed processing.
  • An attack by analyzing the consumption of an asynchronous circuit consists in observing the energy peaks which in fact correspond to data (at the times when this data is processed). It is then possible, for a hacker, to discover the algorithm or the secret data manipulated.
  • a known solution consists in adding additional processing circuits, useless for the secure process proper, but which consume energy when they handle the data.
  • the data handled by the asynchronous process to be protected are then in a way masked by the energy taken up by the additional processing circuits.
  • the effectiveness of such a solution is in a way proportional to the number of additional processing circuits provided, therefore to the additional space requirement in the integrated circuit, it only increases the number of possible data combinations. that the hacker should assess.
  • the present invention aims to propose another solution for protecting the execution of an asynchronous algorithmic process against attacks by analysis of the consumption of the integrated circuit or of the part of the circuit executing this process.
  • the present invention aims in particular to propose a solution whose effectiveness is not linked to the additional bulk in the integrated circuit.
  • the invention also aims to propose a solution which does not simply result in an increase in the possible combinations to be examined by the pirate.
  • the present invention provides a method of supplying an asynchronous calculation element of an integrated circuit, consisting in making randomly vary the instantaneous supply energy of the calculation element.
  • the instantaneous energy supplied to the calculation element is distributed randomly, in a predetermined pole window, the total energy in the window being predetermined.
  • the total energy supplied to the calculation element in the time window is determined as a function of the maximum possible consumption of the calculation element.
  • the present invention also provides a power supply circuit for at least one asynchronous processing element of an integrated circuit, comprising a variable power element controlled randomly or pseudo-randomly. According to an embodiment of the present invention, said variable supply element varies the supply voltage of the asynchronous processing element.
  • variable supply element is controlled by a pseudo-random generator.
  • FIG. 1 shows, very schematically and in the form of blocks, an embodiment of a supply circuit for an asynchronous computing element according to the present invention
  • FIG. 2 illustrates, by a timing diagram, an embodiment of the feeding method according to the invention.
  • a feature of the present invention is to randomly vary the energy supplied to the asynchronous processing element of the data to be protected.
  • the present invention takes advantage of the fact that, in an asynchronous processing element, an energy defect with respect to the energy necessary for handling a data item does not result in an operating error but simply in a delay in data processing. In fact, an asynchronous processing element somehow waits for the energy necessary for processing to continue its calculation.
  • the energy source is sufficient to supply the processing element with all the energy it requires at all times.
  • the energy supplied to the processing element is imposed.
  • the only counterpart of the implementation of the invention is an extension of the execution time.
  • This execution time can however be maintained in a predetermined window thanks to a pseudo-random generation.
  • FIG. 1 represents, in a very schematic way and in the form of blocks, an embodiment of a supply circuit for an element 1 of asynchronous execution of a data processing algorithm (ASYNC-ALGO).
  • ASYNC-ALGO asynchronous execution of a data processing algorithm
  • the asynchronous computational element can be diagrammed as a circuit receiving input data E, supplying output data S and exchanging control signals (CTRL) with the rest of the integrated circuit (for example, with a microprocessor not shown).
  • CTRL control signals
  • the control signals is in particular the signal by which the element 1 indicates to the rest of the integrated circuit that the output data S are available.
  • circuit 1 is supplied by means of circuit 2 (VAR).
  • Circuit 2 supplies variable energy to circuit 1 and is supplied by a voltage Valim, for example, the supply voltage of the integrated circuit.
  • Valim for example, the supply voltage of the integrated circuit.
  • the energy variation can be carried out in voltage or in current, respecting if necessary the minimum supply constraints (for example, in voltage level) so as not to lose the data during processing by the asynchronous circuit 1.
  • the circuit 2 for varying the supply is controlled by a pseudo-random generator 3 (PRG) in order to distribute the energy randomly while respecting a predetermined time window T corresponding to the desired duration for the execution of the calculation.
  • PRG pseudo-random generator 3
  • the generator 3 receives the setpoint T, for example, from the central unit of the integrated circuit fixing the time window. In the case where the same integrated circuit contains several distinct asynchronous processing elements, these can be supplied separately from each other or in common by means of the same variable generator 2.
  • Figure 2 illustrates the operation of the circuit of Figure 1 by a flow diagram representing the energy (PW) supplied to circuit 1 in a time window T for executing the calculation.
  • An advantage of the present invention is that it makes it possible to mask the data handled by an asynchronous element in a particularly efficient manner and, in particular, without this resulting in an increase in the combinations to be examined by the possible hacker. In fact, no additional processing (calculation) of the data is provided for by the invention. Consequently, the efficiency of the system is not linked to the increase in the size of the processing circuits.
  • Another advantage of the invention is that it does not require any modification of the asynchronous processing element proper. We just intervene on its diet. This advantage leads in particular to the fact that the invention can be implemented in any existing asynchronous processing process without causing modifications to the calculation part of the existing integrated circuit.
  • Another advantage of the present invention is that it does not generate additional energy consumption for the execution of the calculation itself, unlike solutions requiring additional processing circuits.
  • the present invention is susceptible to various variants and modifications which will appear to those skilled in the art.
  • determining the possible minimum energy level that must be supplied to an asynchronous processing element to preserve the data which it is processing depends on the application and the person skilled in the art will be able to set the appropriate thresholds. For example, it is possible to fix a minimum supply voltage threshold and to randomly vary the supply voltage of the processing circuit within a predetermined range.
  • the production of a generator of a random or pseudo-random setpoint uses conventional means which are within the reach of those skilled in the art.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Semiconductor Integrated Circuits (AREA)
  • Logic Circuits (AREA)

Abstract

The invention relates to a method and feed circuit for an asynchronous calculation element (1) of an integrated circuit, wherein the instantaneous power supply of the calculation element is randomly varied .

Description

ALIMENTATION D'UN CIRCUIT DE TRAITEMENT ASYNCHRONE DE DONNEES SUPPLY OF AN ASYNCHRONOUS DATA PROCESSING CIRCUIT
La présente invention concerne les circuits intégrés ou éléments de circuit intégré exécutant de façon asynchrone des traitements de données numériques. L'invention concerne plus particulièrement les circuits manipulant des données que l'on souhaite protéger, par exemple, des données confidentielles ou des clés d'authentification.The present invention relates to integrated circuits or integrated circuit elements performing asynchronous processing of digital data. The invention relates more particularly to circuits handling data which it is desired to protect, for example, confidential data or authentication keys.
Un type répandu d' attaque de données d 'un circuit intégré exécutant des algorithmes sécurisés consiste à analyser la consommation du circuit intégré ou de la partie de celui-ci exécutant l'algorithme manipulant des données secrètes. De telles attaques par analyse de consommation sont connues sous des abréviations SPA (Single Power Analysis) ou DPA ( Differential Power Analysis) et consistent à analyser la consommation d'un circuit intégré en fonction des données qu'il traite afin de découvrir des données censées être secrètes.A common type of data attack on an integrated circuit executing secure algorithms is to analyze the consumption of the integrated circuit or the part of it executing the algorithm handling secret data. Such attacks by consumption analysis are known by the abbreviations SPA (Single Power Analysis) or DPA (Differential Power Analysis) and consist in analyzing the consumption of an integrated circuit as a function of the data which it processes in order to discover supposed data. be secret.
Dans un circuit fonctionnant de façon asynchrone, le circuit fournit les données de sortie en même temps qu'une information comme quoi ces données sont disponibles, une fois qu'il a terminé le traitement. Une attaque par analyse de la consommation d'un circuit asynchrone consiste à observer les pics d'énergie qui correspondent en fait à des données (aux instants où ces données sont traitées) . Il est alors possible, pour un pirate, de découvrir l'algorithme ou les données secrètes manipulées.In an asynchronously operating circuit, the circuit provides the output data along with information that this data is available, once it has completed processing. An attack by analyzing the consumption of an asynchronous circuit consists in observing the energy peaks which in fact correspond to data (at the times when this data is processed). It is then possible, for a hacker, to discover the algorithm or the secret data manipulated.
Pour essayer de masquer les traitements de données, une solution connue consiste à ajouter des circuits de traitement supplémentaires, inutiles pour le processus sécurisé proprement dit, mais qui consomment de l'énergie lorsqu'ils manipulent les données. Les données manipulées par le processus asynchrone à protéger sont alors en quelque sorte masquées par l'énergie prélevée par les circuits de traitement additionnels. Outre le fait que l'efficacité d'une telle solution est en quelque sorte proportionnelle au nombre de circuits de traitement supplémentaires prévus, donc à l'encombrement supplémentaire dans le circuit intégré, elle ne fait qu'augmenter le nombre de combinaisons de données possibles que le pirate doit évaluer.To try to mask the data processing, a known solution consists in adding additional processing circuits, useless for the secure process proper, but which consume energy when they handle the data. The data handled by the asynchronous process to be protected are then in a way masked by the energy taken up by the additional processing circuits. Besides the fact that the effectiveness of such a solution is in a way proportional to the number of additional processing circuits provided, therefore to the additional space requirement in the integrated circuit, it only increases the number of possible data combinations. that the hacker should assess.
En fait, si la consommation additionnelle dépend des données traitées, ces données restent vulnérables. Si la consommation additionnelle est indépendante des données traitées, elle représente en quelque sorte un bruit qui peut être éliminé par des méthodes statistiques.In fact, if the additional consumption depends on the data processed, these data remain vulnerable. If the additional consumption is independent of the data processed, it somehow represents noise which can be eliminated by statistical methods.
En outre, ajouter des traitements augmente la consommation.In addition, adding treatments increases consumption.
La présente invention vise à proposer une autre solution pour protéger l'exécution d'un processus algorithmique asynchrone contre des attaques par analyse de la consommation du circuit intégré ou de la partie de circuit exécutant ce processus.The present invention aims to propose another solution for protecting the execution of an asynchronous algorithmic process against attacks by analysis of the consumption of the integrated circuit or of the part of the circuit executing this process.
La présente invention vise notamment à proposer une solution dont l'efficacité ne soit pas liée à l'encombrement supplémentaire dans le circuit intégré. L'invention vise également à proposer une solution qui ne se traduise pas simplement par une augmentation des combinaisons possibles devant être examinées par le pirate.The present invention aims in particular to propose a solution whose effectiveness is not linked to the additional bulk in the integrated circuit. The invention also aims to propose a solution which does not simply result in an increase in the possible combinations to be examined by the pirate.
Pour atteindre ces objets et d'autres, la présente invention prévoit un procédé d'alimentation d'un élément de calcul asynchrone d'un circuit intégré, consistant à faire varier aléatoirement l'énergie instantanée d'alimentation de l'élément de calcul.To achieve these and other objects, the present invention provides a method of supplying an asynchronous calculation element of an integrated circuit, consisting in making randomly vary the instantaneous supply energy of the calculation element.
Selon un mode de mise en oeuvre de la présente invention, on répartit aléatoirement, dans une fenêtre te po- relie prédéterminée, l'énergie instantanée fournie à l'élément de calcul, l'énergie totale dans la fenêtre étant prédéterminée.According to an embodiment of the present invention, the instantaneous energy supplied to the calculation element is distributed randomly, in a predetermined pole window, the total energy in the window being predetermined.
Selon un mode de mise en oeuvre de la présente invention, l'énergie totale fournie à l'élément de calcul dans la fenêtre temporelle est déterminée en fonction de la consom- mation maximale possible de l'élément de calcul.According to an embodiment of the present invention, the total energy supplied to the calculation element in the time window is determined as a function of the maximum possible consumption of the calculation element.
La présente invention prévoit également un circuit d'alimentation d'au moins un élément de traitement asynchrone d'un circuit intégré, comportant un élément d'alimentation variable commandé de façon aléatoire ou pseudo-aléatoire. Selon un mode de réalisation de la présente invention, ledit élément d'alimentation variable fait varier la tension d'alimentation de l'élément de traitement asynchrone.The present invention also provides a power supply circuit for at least one asynchronous processing element of an integrated circuit, comprising a variable power element controlled randomly or pseudo-randomly. According to an embodiment of the present invention, said variable supply element varies the supply voltage of the asynchronous processing element.
Selon un mode de réalisation de la présente invention, l'élément d'alimentation variable est commandé par un générateur pseudo-aléatoire.According to an embodiment of the present invention, the variable supply element is controlled by a pseudo-random generator.
Ces objets, caractéristiques et avantages, ainsi que d' autres de la présente invention seront exposés en détail dans la description suivante de modes de mise en oeuvre et de réalisation particuliers faite à titre non limitatif en relation avec les figures jointes parmi lesquelles : la figure 1 représente, de façon très schématique et sous forme de blocs, un mode de réalisation d'un circuit d'alimentation d'un élément de calcul asynchrone selon la présente invention ; et la figure 2 illustre, par un chronogramme, un mode de mise en oeuvre du procédé d'alimentation selon l'invention.These objects, characteristics and advantages, as well as others of the present invention will be explained in detail in the following description of particular embodiments and embodiments given without limitation in relation to the attached figures, among which: the figure 1 shows, very schematically and in the form of blocks, an embodiment of a supply circuit for an asynchronous computing element according to the present invention; and FIG. 2 illustrates, by a timing diagram, an embodiment of the feeding method according to the invention.
Pour des raisons de clarté, seuls les étapes de procédé et éléments de circuit qui sont nécessaires à la compréhension de l'invention ont été représentés aux figures et seront décrits par la suite. En particulier, l'algorithme mis en oeuvre par l'élément de calcul à protéger n'a pas été détaillé et ne fait pas l'objet de l'invention, celle-ci s 'appliquant quel que soit le processus asynchrone mis en oeuvre. De plus, l'élément de calcul asynchrone est bien sûr le plus souvent associé à d'autres éléments de circuit avec lequel il est intégré. On ne fera référence ci-après qu'à l'élément de calcul asynchrone et à son alimentation, l'invention n'agissant pas sur le reste du circuit qui dépend de l'application.For reasons of clarity, only the process steps and circuit elements which are necessary for understanding the invention have been shown in the figures and will be described below. In particular, the algorithm implemented by the calculation element to be protected has not been detailed and is not the subject of the invention, the latter applying regardless of the asynchronous process used. In addition, the asynchronous calculation element is of course most often associated with other circuit elements with which it is integrated. Reference will only be made below to the asynchronous calculation element and to its power supply, the invention not acting on the rest of the circuit which depends on the application.
Une caractéristique de la présente invention est de faire varier aléatoirement l'énergie fournie à l'élément de traitement asynchrone des données à protéger.A feature of the present invention is to randomly vary the energy supplied to the asynchronous processing element of the data to be protected.
La présente invention tire profit du fait que, dans un élément de traitement asynchrone, un défaut d'énergie par rapport à l'énergie nécessaire à la manipulation d'une donnée ne se traduit pas par une erreur de fonctionnement mais simplement par un retard dans le traitement des données. En effet, un élément de traitement asynchrone attend en quelque sorte d'avoir l'énergie nécessaire au traitement pour poursuivre son calcul.The present invention takes advantage of the fact that, in an asynchronous processing element, an energy defect with respect to the energy necessary for handling a data item does not result in an operating error but simply in a delay in data processing. In fact, an asynchronous processing element somehow waits for the energy necessary for processing to continue its calculation.
Dans les circuits classiques, la source d'énergie est suffisante pour fournir à l'élément de traitement toute l'énergie qu'il requiert à chaque instant. Selon l'invention, on impose l'énergie fournie à l'élément de traitement.In conventional circuits, the energy source is sufficient to supply the processing element with all the energy it requires at all times. According to the invention, the energy supplied to the processing element is imposed.
Par exemple, on utilise un générateur pseudo-aléatoire tenant compte de la durée souhaitée pour le calcul afin de répartir la quantité d'énergie nécessaire à ce calcul dans une fenêtre temporelle.For example, we use a pseudo-random generator taking into account the desired duration for the calculation in order to distribute the amount of energy necessary for this calculation in a time window.
En effet, la seule contre-partie de la mise en oeuvre de l'invention est un allongement de la durée d'exécution. Cette durée d'exécution peut cependant être maintenue dans une fenêtre prédéterminée grâce à une génération pseudo-aléatoire.Indeed, the only counterpart of the implementation of the invention is an extension of the execution time. This execution time can however be maintained in a predetermined window thanks to a pseudo-random generation.
Si l'application le permet, notamment si elle n'impose pas de contraintes temporelles, on peut utiliser un générateur aléatoire qui présente l'avantage de dissocier non seulement 1 ' alimentation mais également la durée par rapport aux données traitées. La durée de traitement est ainsi rendue aléatoire. La figure 1 représente, de façon partielle très schématique et sous forme de blocs, un mode de réalisation d'un circuit d'alimentation d'un élément 1 d'exécution asynchrone d'un algorithme de traitement de données (ASYNC-ALGO) . De façon classique, l'élément de calcul asynchrone peut être schématisé comme un circuit recevant des données d'entrée E, fournissant des données de sortie S et échangeant des signaux de commande (CTRL) avec le reste du circuit intégré (par exemple, avec un microprocesseur non représenté) . Parmi les signaux de commande figure notamment le signal par lequel l'élément 1 indique au reste du circuit intégré que les données de sortie S sont disponibles .If the application allows it, in particular if it does not impose time constraints, a random generator can be used which has the advantage of dissociating not only the supply but also the duration with respect to the data processed. The duration of treatment is thus made random. FIG. 1 represents, in a very schematic way and in the form of blocks, an embodiment of a supply circuit for an element 1 of asynchronous execution of a data processing algorithm (ASYNC-ALGO). Conventionally, the asynchronous computational element can be diagrammed as a circuit receiving input data E, supplying output data S and exchanging control signals (CTRL) with the rest of the integrated circuit (for example, with a microprocessor not shown). Among the control signals is in particular the signal by which the element 1 indicates to the rest of the integrated circuit that the output data S are available.
Selon l'invention, le circuit 1 est alimenté au moyen d'un circuit 2 (VAR) . Le circuit 2 fournit une énergie variable au circuit 1 et est alimenté par une tension Valim, par exemple, la tension d'alimentation du circuit intégré. Au sens de l'invention, la variation d'énergie peut être effectuée en tension ou en courant, en respectant si besoin les contraintes d'alimentation minimales (par exemple, en niveau de tension) afin de ne pas perdre les données en cours de traitement par le circuit asynchrone 1.According to the invention, circuit 1 is supplied by means of circuit 2 (VAR). Circuit 2 supplies variable energy to circuit 1 and is supplied by a voltage Valim, for example, the supply voltage of the integrated circuit. Within the meaning of the invention, the energy variation can be carried out in voltage or in current, respecting if necessary the minimum supply constraints (for example, in voltage level) so as not to lose the data during processing by the asynchronous circuit 1.
Selon le mode de réalisation représenté en figure 1, le circuit 2 de variation de l'alimentation est commandé par un générateur 3 pseudo-aléatoire (PRG) afin de distribuer l'énergie de façon aléatoire tout en respectant une fenêtre temporelle T prédéterminée correspondant à la durée souhaitée pour l'exécution du calcul. Le générateur 3 reçoit la consigne T, par exemple, de l'unité centrale du circuit intégré fixant la fenêtre temporelle . Dans le cas où un même circuit intégré contient plusieurs éléments de traitement asynchrone distincts, ceux-ci peuvent être alimentés séparément les uns des autres ou de façon commune au moyen d'un même générateur variable 2.According to the embodiment represented in FIG. 1, the circuit 2 for varying the supply is controlled by a pseudo-random generator 3 (PRG) in order to distribute the energy randomly while respecting a predetermined time window T corresponding to the desired duration for the execution of the calculation. The generator 3 receives the setpoint T, for example, from the central unit of the integrated circuit fixing the time window. In the case where the same integrated circuit contains several distinct asynchronous processing elements, these can be supplied separately from each other or in common by means of the same variable generator 2.
La figure 2 illustre le fonctionnement du circuit de la figure 1 par un organigramme représentant l'énergie (PW) fournie au circuit 1 dans une fenêtre temporelle T d'exécution du calcul.Figure 2 illustrates the operation of the circuit of Figure 1 by a flow diagram representing the energy (PW) supplied to circuit 1 in a time window T for executing the calculation.
En figure 2, on a représenté par un pointillé p, ce que pourrait être l'énergie absorbée par le circuit 1 dans un cas classique, si celui-ci était directement alimenté par la tension Valim sans recours au générateur variable 2 propre à l'invention. Dans ce cas, l'élément 1 prélève autant d'énergie qu'il en a besoin instantanément. C'est ce qui permet à un pirate éventuel d'analyser les pics de consommation et de relier ces pics aux données (bits 0 ou 1) traitées. Selon l'invention, la même quantité d'énergie nécessaire à l'exécution de l'ensemble du calcul est répartie temporellement dans la fenêtre T de façon aléatoire.In Figure 2, there is shown by a dotted line p, what could be the energy absorbed by the circuit 1 in a conventional case, if it was directly supplied by the Valim voltage without recourse to the variable generator 2 specific to the invention. In this case, element 1 takes as much energy as it needs instantly. This is what allows a possible hacker to analyze consumption peaks and to link these peaks to the data (bits 0 or 1) processed. According to the invention, the same quantity of energy necessary for the execution of the whole of the calculation is distributed in time in the window T in a random manner.
Comme cela a été indiqué ci-dessus, la seule conséquence est un allongement de la durée du calcul par rapport au cas classique. Toutefois, cet allongement peut être si besoin limité à une fenêtre temporelle prédéterminée du générateur pseudo-aléatoire .As indicated above, the only consequence is an extension of the duration of the calculation compared to the classic case. However, this extension can be limited if necessary to a predetermined time window of the pseudo-random generator.
Un avantage de la présente invention est qu'elle permet de masquer les données manipulées par un élément asynchrone de façon particulièrement efficace et, notamment , sans que cela se traduise par une augmentation des combinaisons à examiner par le pirate éventuel. En effet, aucun traitement (calcul) supplémentaire des données n'est prévu par l'invention. Par conséquent, l'efficacité du système n'est pas liée à l'accroissement de l'encombrement des circuits de traitement.An advantage of the present invention is that it makes it possible to mask the data handled by an asynchronous element in a particularly efficient manner and, in particular, without this resulting in an increase in the combinations to be examined by the possible hacker. In fact, no additional processing (calculation) of the data is provided for by the invention. Consequently, the efficiency of the system is not linked to the increase in the size of the processing circuits.
Un autre avantage de l'invention est qu'elle ne nécessite aucune modification de l'élément de traitement asynchrone proprement dit. On se contente d'intervenir sur son alimen- tation. Cet avantage conduit notamment à ce que l'invention puisse être mise en oeuvre dans n'importe quel processus de traitement asynchrone existant sans engendrer de modifications de la partie calcul du circuit intégré existant.Another advantage of the invention is that it does not require any modification of the asynchronous processing element proper. We just intervene on its diet. This advantage leads in particular to the fact that the invention can be implemented in any existing asynchronous processing process without causing modifications to the calculation part of the existing integrated circuit.
Un autre avantage de la présente invention est qu'elle n'engendre pas de consommation énergétique supplémentaire pour l'exécution du calcul lui-même, contrairement aux solutions requérant des circuits de traitement additionnels.Another advantage of the present invention is that it does not generate additional energy consumption for the execution of the calculation itself, unlike solutions requiring additional processing circuits.
La mise en oeuvre pratique de l'invention à partir des indications fonctionnelles données ci-dessus est à la portée de l'homme du métier. En particulier, la réalisation d'un générateur variable alimentant un élément de calcul asynchrone ne nécessite que des composants classiques et est à la portée de l'homme du métier.The practical implementation of the invention from the functional indications given above is within the reach of those skilled in the art. In particular, the production of a variable generator supplying an asynchronous calculation element requires only conventional components and is within the reach of those skilled in the art.
Bien entendu, la présente invention est susceptible de diverses variantes et modifications qui apparaîtront à l'homme de l'art. En particulier, la détermination du niveau d'énergie minimal éventuel qu'il faut fournir à un élément de traitement asynchrone pour préserver les données qu'il est en train de traiter dépend de l'application et l'homme du métier sera à même de fixer les seuils adaptés. Par exemple, on pourra fixer un seuil minimal de tension d'alimentation et faire varier aléatoirement la tension d'alimentation du circuit de traitement dans une plage prédéterminée. Enfin, la réalisation d'un générateur d'une consigne aléatoire ou pseudo-aléatoire fait appel à des moyens classiques qui sont à la portée du l'homme du métier. Of course, the present invention is susceptible to various variants and modifications which will appear to those skilled in the art. In particular, determining the possible minimum energy level that must be supplied to an asynchronous processing element to preserve the data which it is processing depends on the application and the person skilled in the art will be able to set the appropriate thresholds. For example, it is possible to fix a minimum supply voltage threshold and to randomly vary the supply voltage of the processing circuit within a predetermined range. Finally, the production of a generator of a random or pseudo-random setpoint uses conventional means which are within the reach of those skilled in the art.

Claims

REVENDICATIONS
1. Procédé d'alimentation d'un élément de calcul asynchrone (1) d'un circuit intégré, caractérisé en ce qu'il consiste à répartir aléatoirement, dans une fenêtre temporelle prédéterminée (P) , l'énergie instantanée d'alimentation de l'élément de calcul, l'énergie totale dans la fenêtre étant prédéterminée.1. Method for supplying an asynchronous calculation element (1) of an integrated circuit, characterized in that it consists in randomly distributing, in a predetermined time window (P), the instantaneous supply energy of the calculation element, the total energy in the window being predetermined.
2. Procédé selon la revendication 1, caractérisé en ce que l'énergie totale fournie à l'élément de calcul dans la fenêtre temporelle est déterminée en fonction de la consommation maximale possible de l'élément de calcul. 2. Method according to claim 1, characterized in that the total energy supplied to the calculation element in the time window is determined as a function of the maximum possible consumption of the calculation element.
3. Circuit d'alimentation d'au moins un élément de traitement asynchrone (1) d'un circuit intégré, caractérisé en ce qu'il comporte un élément d'alimentation variable (2) de l'élément de traitement asynchrone, ledit élément d'alimentation répar- tissant de façon aléatoire et dans une fenêtre temporelle prédé- terminée, l'énergie instantanée fournie à l'élément de calcul, l'énergie totale dans la fenêtre étant prédéterminée.3. Supply circuit for at least one asynchronous processing element (1) of an integrated circuit, characterized in that it comprises a variable supply element (2) for the asynchronous processing element, said element supply power randomly and in a predetermined time window, the instantaneous energy supplied to the calculation element, the total energy in the window being predetermined.
4. Circuit selon la revendication 3, caractérisé en ce que l'élément d'alimentation variable (2) est commandé par un générateur pseudo-aléatoire (3) . 4. Circuit according to claim 3, characterized in that the variable supply element (2) is controlled by a pseudo-random generator (3).
EP03780268A 2002-09-19 2003-09-19 Power supply for an asynchronous data treatment circuit Withdrawn EP1558982A2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0211657 2002-09-19
FR0211657A FR2844896A1 (en) 2002-09-19 2002-09-19 Power supply method for an asynchronous calculation or processing element, e.g. for use in authorization circuits, to prevent attacks based on power analysis, whereby the power supply to the calculation element is randomly varied
PCT/FR2003/050055 WO2004027688A2 (en) 2002-09-19 2003-09-19 Power supply for an asynchronous data treatment circuit

Publications (1)

Publication Number Publication Date
EP1558982A2 true EP1558982A2 (en) 2005-08-03

Family

ID=31970845

Family Applications (1)

Application Number Title Priority Date Filing Date
EP03780268A Withdrawn EP1558982A2 (en) 2002-09-19 2003-09-19 Power supply for an asynchronous data treatment circuit

Country Status (5)

Country Link
US (1) US20060156039A1 (en)
EP (1) EP1558982A2 (en)
JP (1) JP2005539447A (en)
FR (1) FR2844896A1 (en)
WO (1) WO2004027688A2 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2369622B1 (en) 2010-03-24 2015-10-14 STMicroelectronics Rousset SAS Method and device of coutermeasure against a fault-injection error attack within an electronic microcircuit
FR2958098B1 (en) * 2010-03-24 2012-11-16 St Microelectronics Rousset METHOD AND CONTESSING DEVICE FOR PROTECTING DATA CIRCULATING IN AN ELECTRONIC MICROCIRCUIT
JP5776927B2 (en) * 2011-03-28 2015-09-09 ソニー株式会社 Information processing apparatus and method, and program
FR3042066B1 (en) * 2015-10-01 2017-10-27 Stmicroelectronics Rousset METHOD FOR SMOOTHING A CURRENT CONSUMED BY AN INTEGRATED CIRCUIT AND CORRESPONDING DEVICE
CN105844179A (en) * 2016-03-18 2016-08-10 广东欧珀移动通信有限公司 Terminal protection method and device
CN105912956B (en) * 2016-04-05 2018-09-04 山东超越数控电子有限公司 A kind of control circuit and shutdown control method
FR3065556B1 (en) 2017-04-19 2020-11-06 Tiempo ELECTRONIC CIRCUIT SECURE BY DISRUPTION OF ITS POWER SUPPLY.
FR3104751B1 (en) 2019-12-12 2021-11-26 St Microelectronics Rousset Method of smoothing a current consumed by an integrated circuit and corresponding device
FR3113777A1 (en) 2020-08-25 2022-03-04 Stmicroelectronics (Rousset) Sas Electronic circuit power supply
FR3113776A1 (en) 2020-08-25 2022-03-04 Stmicroelectronics (Rousset) Sas Electronic circuit power supply

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2638869B1 (en) * 1988-11-10 1990-12-21 Sgs Thomson Microelectronics SECURITY DEVICE AGAINST UNAUTHORIZED DETECTION OF PROTECTED DATA
FR2745924B1 (en) * 1996-03-07 1998-12-11 Bull Cp8 IMPROVED INTEGRATED CIRCUIT AND METHOD FOR USING SUCH AN INTEGRATED CIRCUIT
FR2776410B1 (en) * 1998-03-20 2002-11-15 Gemplus Card Int DEVICES FOR MASKING THE OPERATIONS CARRIED OUT IN A MICROPROCESSOR CARD
ATE385089T1 (en) * 1998-06-03 2008-02-15 Cryptography Res Inc USE OF UNPREDICTABLE INFORMATION TO MINIMIZE LEAKS OF CHIPCARDS AND OTHER CRYPTO SYSTEMS
US6827278B1 (en) * 1998-09-30 2004-12-07 Koninklijke Philips Electronics N.V. Data carrier
DE19911673A1 (en) * 1999-03-09 2000-09-14 Deutsche Telekom Ag Method and arrangement for protecting data on a smart card
US6298135B1 (en) * 1999-04-29 2001-10-02 Motorola, Inc. Method of preventing power analysis attacks on microelectronic assemblies
US6419159B1 (en) * 1999-06-14 2002-07-16 Microsoft Corporation Integrated circuit device with power analysis protection circuitry
ATE364272T1 (en) * 1999-11-03 2007-06-15 Infineon Technologies Ag CODING DEVICE
US6507913B1 (en) * 1999-12-30 2003-01-14 Yeda Research And Development Co. Ltd. Protecting smart cards from power analysis with detachable power supplies
TW536672B (en) * 2000-01-12 2003-06-11 Hitachi Ltd IC card and microcomputer
JP3926532B2 (en) * 2000-03-16 2007-06-06 株式会社日立製作所 Information processing apparatus, information processing method, and card member
FR2811790A1 (en) * 2000-07-11 2002-01-18 Schlumberger Systems & Service Smart card microcontroller secured against current attacks, uses module between processor and external supply which chaotically encrypts supply current fluctuations
US6625737B1 (en) * 2000-09-20 2003-09-23 Mips Technologies Inc. System for prediction and control of power consumption in digital system
FR2819070B1 (en) * 2000-12-28 2003-03-21 St Microelectronics Sa PROTECTION METHOD AND DEVICE AGAINST HACKING INTEGRATED CIRCUITS
DE10128573A1 (en) * 2001-06-13 2003-01-02 Infineon Technologies Ag Prevent unwanted external detection of operations in integrated digital circuits
JP4596686B2 (en) * 2001-06-13 2010-12-08 富士通株式会社 Secure encryption against DPA
JP2003018143A (en) * 2001-06-28 2003-01-17 Mitsubishi Electric Corp Information processor
DE10162309A1 (en) * 2001-12-19 2003-07-03 Philips Intellectual Property Method and arrangement for increasing the security of circuits against unauthorized access

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2004027688A2 *

Also Published As

Publication number Publication date
WO2004027688A3 (en) 2004-05-13
FR2844896A1 (en) 2004-03-26
WO2004027688A2 (en) 2004-04-01
US20060156039A1 (en) 2006-07-13
JP2005539447A (en) 2005-12-22

Similar Documents

Publication Publication Date Title
EP1558982A2 (en) Power supply for an asynchronous data treatment circuit
EP1688870B1 (en) Scrambling the current signature of an integrated circuit
FR2689264A1 (en) Authentication method performed between an integrated circuit card and a terminal unit and system provided for this purpose.
FR2948793A1 (en) SECURE METHOD OF RECONSTRUCTING A REFERENCE MEASUREMENT OF CONFIDENTIAL DATA FROM A BRUTE MEASUREMENT OF THIS DATA, IN PARTICULAR FOR THE GENERATION OF CRYPTOGRAPHIC KEYS
WO2005088895A1 (en) Secure data processing method based particularly on a cryptographic algorithm
EP2803161A1 (en) Method of encryption protected against side channel attacks
FR2728981A1 (en) METHOD FOR IMPLEMENTING A PRIVATE KEY COMMUNICATION PROTOCOL BETWEEN TWO PROCESSING DEVICES
EP1745366A1 (en) Method for protecting a cryptographic assembly by a homographic masking
EP3633495A1 (en) Method for managing a dvfs power supply and corresponding system
EP1688869A1 (en) Integrated circuit having a secured power supply
EP1122909A1 (en) Method for performing a cryptographic protocol between two electronic units
EP1374160B1 (en) Smart card method for protecting a smart card
EP2102780A1 (en) Method making it possible to vary the number of executions of countermeasures in an executed code
EP1121629A1 (en) Electronic component for masking execution of instructions or data manipulation
FR2811790A1 (en) Smart card microcontroller secured against current attacks, uses module between processor and external supply which chaotically encrypts supply current fluctuations
EP1279141B1 (en) Countermeasure method in a microcircuit, microcircuit therefor and smart card comprising said microcircuit
WO2008007009A1 (en) Protection of a program interpreted by a virtual machine
FR2817361A1 (en) RANDOM SIGNAL GENERATOR
EP1436792B1 (en) Authentication protocol with memory integrity verification
FR2724483A1 (en) ADDRESS DECODING METHOD IN INTEGRATED CIRCUIT MEMORY AND MEMORY CIRCUIT USING THE METHOD
EP1742162B1 (en) Program execution protection
FR3012234A1 (en) PROTECTION OF THE EXECUTION OF AN ALGORITHM AGAINST HIDDEN CHANNEL ATTACKS
WO2002088934A1 (en) Method for encrypting a calculation using a modular function
FR2890482A1 (en) SEMICONDUCTOR DEVICE USING A DEAD MEMORY SLIPPING / UNLOCKING METHOD, AND METHOD FOR OPERATING THE SAME
FR3059447A1 (en) INTERFERING THE OPERATION OF AN INTEGRATED CIRCUIT

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20050401

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR

RBV Designated contracting states (corrected)

Designated state(s): DE FR GB IT

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20090401