| 摘要 |
A cryptography circuit protected against observation attacks comprises at least one register R providing a variable x masked by the mask m, the masked variable being encrypted by a first substitution box S -in a cyclic manner. The circuit also comprises a mask register M delivering at each cycle a mask mt, the transformation of m, the mask m being extracted from mt before being encrypted by a second substitution box S', the new mask m' obtained on output from this box S' is transformed into a mask m't before being stored in the mask register M. The transformation consists of a bijection or a composition law making it possible to reduce or indeed to cancel any high-order attack in accordance with a model of activity of the registers R and M. Cryptography circuits are protected against high-order observation attacks on installations based on masking. |
