| 摘要 |
<p>The invention relates to a method for randomizing components S1 (0)' ...' SD+1 (0), belonging to a group G, of a reference mask for a secret key k, characterized in that it comprises at least the following steps: 1 - using the components of a reference mask for the given key k, S1 (0)' ...' SD+1 (0) G a group provided with an internal operation O with k = S1 (0) O ...O SD+1(0)' executing a loop on i=0 to ?-1 including the following steps 2 and 3: 2 - generating a new reference or working mask for said key k using a randomizer (7) producing the first D components of the mask of iteration i+1 where D and ? are security parameters (s1 ( i +1),...,SD( i +1)?rand(GD); 3- then determining the last component SD+1 (i+1) of the working or reference mask of iteration i+1 by combining the components S1 ( i )' ...' SD+1 ( i ) of the mask of iteration i with the components S1 ( i +1)' ..., SD ( i +1) of the mask of iteration i+1 generated in step 2, while observing an alternation of a component of iteration i and a component of iteration i+1; 4 - after ? iterations of steps 2 and 3 carried out in order to obtain said mask of components (S1 (?)' ...'SD+1 (?), using said mask either to update the reference mask, or to execute a cryptographic process.</p> |
