Abstract: Challenge-response authentication process of a secure element (SE) in a micro controller unit (MCU) devoid of a random number generator. The process includes the following steps conducted by the micro controller unit (MCU): receipt of at least one random datum (T, IDX) generated randomly by the secure element (SE), generation of a challenge datum (Z) specific to the micro controller unit (MCU) from the received random datum (T, IDX), sending of the generated challenge datum (Z) to the secure element (SE), receipt of a response datum (R) generated by the secure element (SE) as a function of the challenge datum (Z), and determination of an authentication result as a function of the received response datum.

Abstract: The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key kr dependent on the secret key, selecting each of a first mask (?br) and a second mask (?br+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key kr? from the first round key kr and the first mask (?br) as follows: kr?=kr?(?br) wherein ? is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key kr? so as to produce two second data, after producing the first masked key kr?, generating a second round key kr+1 dependent on the secret key, calculating a second masked key kr+1? from the second round key kr+1 and the second mask (?br+1) as follows: kr+1?=kr+1?(?br+1), calculating two third data Lrbr+1, Rrbr+1 as follows: Rrbr+1=Rrbr?(?br?1)?(?br) Lrbr+1=Lrbr?(?br?1)?(?br) and executing a secon

Abstract: The present invention relates to a method for symmetrical encryption or decryption of a data block from a secret key (K), the method comprising steps of: permutation (100) of at least one portion of the secret key (K) by means of a first permutation table (PC1?) so as to produce initial data, execution of several iterations, an iteration comprising steps of: rotation (102) of data dependent on the initial data so as to produce shifted data, permutation (104) of the shifted data by means of a second permutation table (PC2?) so as to produce a round key, execution of a plurality of encryption rounds (200) from the data block, an encryption round (200) using one of the round keys, generation of at least one of the permutation tables (PC1?, PC2?), the generation comprising determination of at least one function (F, G) variable from one encryption or decryption to another, composition of said function (F, G) with a predetermined permutation table (PC1, PC2), application of the inverse of said function (F,

Abstract: The invention relates to a method for obtaining a program intended to be executed by an electronic device (1), such as a smart card, comprising a non-volatile memory, the process comprising the insertion (E12, E14), in a source code, of a first function at the start of a source code instruction block, and a second function at the end of the source code instruction block, then generation (E16) of the executable program from the source code, wherein the first function is configured to disable a wear-reduction mechanism of the non-volatile memory, when the program is executed by the electronic device, and the second function is configured to enable the wear-reduction mechanism of the non-volatile memory, when the program is executed by the electronic device.

Abstract: A method for protecting an electronic device executing a program against fault injection and type confusion attacks likely to affect a variable (Z) intended to be used by the program. The method includes calculating integrity check data (X, Y) of variable (Z), dependent on a type (T) of the variable (Z), and a value (V) of the variable (Z) stored in an execution stack (P1) and/or of a first addressing datum (A) stored in a first index register (ind1). The first addressing datum (A) adapted to locate the value (V) stored in the execution stack (storing the integrity check data (X, Y) on the variable (Z) in at least one control stack (P2, P3) different to the execution stack (P1). Storing in a second index register (ind2), a unique second addressing datum (A2) adapted to locate the integrity check data (X, Y) in the or each control stack (P2, P3).

Abstract: The invention relates to a method for obtaining a program intended to be executed by an electronic device (1), such as a smart card, comprising a non-volatile memory, the process comprising the insertion (E12, E14), in a source code, of a first function at the start of a source code instruction block, and a second function at the end of the source code instruction block, then generation (E16) of the executable program from the source code, wherein the first function is configured to disable a wear-reduction mechanism of the non-volatile memory, when the program is executed by the electronic device, and the second function is configured to enable the wear-reduction mechanism of the non-volatile memory, when the program is executed by the electronic device.

Abstract: The present invention relates to a method for protection of an electronic device (1) against attacks by fault injection, the method comprising steps of detection of anomalies likely to inject a fault in the electronic device (1) or be caused by a fault injection in the electronic device (1), incrementation (206) by an anomaly counter (cpt_velo, cpt_tearing) as a function of the detected anomalies, comparison (208) between the anomaly counter (cpt_velo, cpt_tearing) and a first threshold (seuil_cpt_velo, seuil_cpt_tearing), performing a protective measure (210) of the electronic device (1) when the number of counted anomalies reaches the predetermined threshold, the method being characterized in that the anomaly counter (cpt_velo, cpt_tearing) is incremented (206) only in case of detection of: a number of anomalies greater or equal to a second threshold (seuil_cpt_hist) strictly less than the first threshold (seuil_cpt_velo, seuil_cpt_tearing) over a period during which a predetermined number (N) of

Abstract: The invention especially relates to a challenge-response authentication process (106) of a secure element (SE) in a micro controller unit (MCU) devoid of a random number generator, the process comprising the following steps conducted by the micro controller unit (MCU): receipt of at least one random datum (T, IDX) generated randomly by the secure element (SE), generation (206, 208, 210) of a challenge datum (Z) specific to the micro controller unit (MCU) from the received random datum (T, IDX), sending (212) of the generated challenge datum (Z) to the secure element (SE), receipt of a response datum (R) generated by the secure element (SE) as a function of the challenge datum (Z), determination (220) of an authentication result as a function of the received response datum.

Abstract: The present invention relates to a method for protecting an electronic device (1) executing a program against fault injection and type confusion attacks likely to affect a variable (Z) intended to be used by the program, the method being characterized in that it comprises steps of: calculating integrity check data (X, Y) of variable (Z), the integrity check data dependent on: a type (T) of the variable (Z), and a value (V) of the variable (Z) stored in an execution stack (P1) and/or of a first addressing datum (A) stored in a first index register (ind1), the first addressing datum (A) being adapted to locate the value (V) stored in the execution stack (P1), storing the integrity check data (X, Y) on the variable (Z) in at least one control stack (P2, P3) different to the execution stack (P1), storage, in a second index register (ind2), of a unique second addressing datum (A2) adapted to locate the integrity check data (X, Y) in the or each control stack (P2, P3).

Abstract: The present invention relates to a method for symmetrical encryption or decryption of a data block from a secret key (K), the method comprising steps of: permutation (100) of at least one portion of the secret key (K) by means of a first permutation table (PC1?) so as to produce initial data, execution of several iterations, an iteration comprising steps of: rotation (102) of data dependent on the initial data so as to produce shifted data, permutation (104) of the shifted data by means of a second permutation table (PC2?) so as to produce a round key, execution of a plurality of encryption rounds (200) from the data block, an encryption round (200) using one of the round keys, generation of at least one of the permutation tables (PC1?, PC2?), the generation comprising determination of at least one function (F, G) variable from one encryption or decryption to another, composition of said function (F, G) with a predetermined permutation table (PC1, PC2), application of the inverse of said function (F,

Abstract: The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key kr dependent on the secret key, selecting each of a first mask (?br) and a second mask (?br+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key kr? from the first round key kr and the first mask (?br) as follows: k?=kr?(?br) wherein ? is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key kr? so as to produce two second data, after producing the first masked key kr?, generating a second round key kr+i dependent on the secret key, calculating a second masked key kr+1? from the second round key kr+i and the second mask (?br+1) as follows: kr+1? =kr+1 ED (?br+1), calculating two third data Lrbr+1, Rrbr+1 as follows: Rrbr+1=Rrbr?(?br?1)?(?br) Lrbr+1=Lrbr?(?br?1)?(?br) and executing