摘要 |
The invention relates to a method for securing the execution of a cryptographic algorithm A against fault attacks. Given a cryptographic key K0 and a message M, the cryptographic algorithm A is set to compute a value A(KO,M). Given a relationship R between A(KO,M) and A(f(K0),g(M)), where f and g are two bijections, and where f is different from the identity function, the method comprises: a. computing the expected result A(KO,M) of the cryptographic algorithm b. computing a modified result A(f(K0),g(M)), by applying the cryptographic algorithm A on a modified key f(K0) and on a message g(M), c. checking whether the relationship R between the values A(KO,M) and A(f(K0),g(M)) computed in the two preceding steps is verified d. detecting an attack if the relationship R is not verified. The invention also relates to a cryptographic device embodying the above method.
|