| 摘要 |
<p>The invention relates to a method for securing the execution of a cryptographic algorithm A against fault attacks. Given a cryptographic key K0 and a message M, the cryptographic algorithm A is set to compute a value A(K0,M). Given a relationship R between A(K0,M) and A(f(K0),g(M)), where f and g are two bijections, and where f is different from the identity function, the method comprises:
a. computing the expected result A(K0,M) of the cryptographic algorithm
b. computing a modified result A(f(K0),g(M)), by applying the cryptographic algorithm A on a modified key f(K0) and on a message g(M),
c. checking whether the relationship R between the values A(K0,M) and A(f(K0),g(M)) computed in the two preceding steps is verified
d. detecting an attack if the relationship R is not verified. The invention also relates to a cryptographic device embodying the above method.</p> |
