Abstract: A device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation includes the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders, each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: A production method for producing a circuit optimized to be protected against radiation includes a preliminary characterization stage performed on a reference circuit. The preliminary characterization stage includes the steps of: irradiating the reference circuit a plurality of times; after each irradiation, if one or more reference elements of the reference circuit have failed, locating said reference element(s); and mapping the impact of the irradiations on the reference surface of the reference circuit. The production method further includes an optimization stage comprising the step of adapting the position of at least one optimized radiation-sensitive element on at least one optimized surface of the optimized circuit as a function of the mapping performed on the reference circuit.

Abstract: A protection method for protecting an FPGA against natural radiation, the method comprising the steps of: defining at least one category of constraining signals defined so that a predetermined placement and routing tool cannot route more than a determined maximum number of different constraining signals to any one zone of the surface of the FPGA; replicating an initial logic module in order to obtain a plurality of replicated logic modules forming a replicated logic cell; and associating constraining signals with the replicated logic modules in such a manner that the number of constraining signals associated with the replicated logic cell is greater than a determined maximum number in order to force the placement and routing tool to place the replicated logic modules of the replicated logic cell in distinct zones of the surface of the FPGA.

Abstract: A production method for producing a circuit optimized to be protected against radiation includes a preliminary characterization stage performed on a reference circuit. The preliminary characterization stage includes the steps of: irradiating the reference circuit a plurality of times; after each irradiation, if one or more reference elements of the reference circuit have failed, locating said reference element(s); and mapping the impact of the irradiations on the reference surface of the reference circuit. The production method further includes an optimization stage comprising the step of adapting the position of at least one optimized radiation-sensitive element on at least one optimized surface of the optimized circuit as a function of the mapping performed on the reference circuit.

Abstract: A protection method for protecting an FPGA against natural radiation, the method comprising the steps of: defining at least one category of constraining signals defined so that a predetermined placement and routing tool cannot route more than a determined maximum number of different constraining signals to any one zone of the surface of the FPGA; replicating an initial logic module in order to obtain a plurality of replicated logic modules forming a replicated logic cell; and associating constraining signals with the replicated logic modules in such a manner that the number of constraining signals associated with the replicated logic cell is greater than a determined maximum number in order to force the placement and routing tool to place the replicated logic modules of the replicated logic cell in distinct zones of the surface of the FPGA.

Abstract: A device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation includes the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders, each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder.

Abstract: There is disclosed a system for monitoring the security of a target system (110) with a circuit (120), the target system (110) comprising at least one processor (111) and wherein: the circuit (120) comprises a finite-state machine (122) configured to receive data from one or more sensors (130) distributed in the target system (110), at least one sensor (1303) being located on the processor (111) of the target system (110); the finite-state machine (122) is configured to determine a state output in response to data received from sensors (130); the system monitoring the security based on said state output. Developments describe the use of a self-alarm mechanism comprising an encoder to encode states with redundancy, the application of an error correction code, comparisons with predefined valid encoded states, the triggering of an alarm to the processor, the determination of actions and/or retroactions on sensors and/or diagnostics and countermeasures.

Abstract: There is provided a calibration device for calibrating a digital sensor (3), said digital sensor being configured to protest a target digital circuit (30) fed by a clock signal having a clock period by triggering an alarm depending on a condition between said clock signal and an optimal alarm threshold, said optimal alarm threshold being determined by minimizing a quantity depending on the probability of occurrence of false positives and on the probability of occurrence of false negatives.

Abstract: According to the invention, there is provided a computer implemented method for controlling dynamically the execution of a code by a processing system, said execution being described by a control flow graph comprising a plurality of basic blocks composed of at least an input node and an output node, a transition in the control flow graph corresponding to a link between an output node of origin belonging to a first basic block and an input node of a second basic block, a plurality of initialization vectors being associated to the output nodes at the time of generating the code, an a priori control word being associated to each input node which is linked to the same output node of origin according the control flow graph, said a priori control word being precomputed at the time of generating the code by applying a predefined deterministic function F to the initialization vector associated to its output node of origin, the following steps being applied once the execution of the output node belonging to a first ba

Abstract: Embodiments of the invention provide a system for protecting an integrated circuit (IC) device from attacks, the IC device (100) comprising a substrate (102) having a front surface (20) and a back surface (21), the IC device further comprising a front side part (101) arranged on the front surface of the substrate (102) and stacked layers, at least one of said layers comprising a data layer comprising wire carrying data, the front side part having a front surface (13). The system comprises an internal shield (12) arranged in a layer located below said data layer and a verification circuit configured to check the integrity of at least one portion of the internal shield.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: There is disclosed a system for monitoring the security of a target system (110) with a circuit (120), the target system (110) comprising at least one processor (111) and wherein: the circuit (120) comprises a finite-state machine (122) configured to receive data from one or more sensors (130) distributed in the target system (110), at least one sensor (1303) being located on the processor (111) of the target system (110); the finite-state machine (122) is configured to determine a state output in response to data received from sensors (130); the system monitoring the security based on said state output. Developments describe the use of a self-alarm mechanism comprising an encoder to encode states with redundancy, the application of an error correction code, comparisons with predefined valid encoded states, the triggering of an alarm to the processor, the determination of actions and/or retroactions on sensors and/or diagnostics and countermeasures.

Abstract: Embodiments of the invention provide a system for protecting an integrated circuit (IC) device from attacks, the IC device (100) comprising a substrate (102) having a front surface (20) and a back surface (21), the IC device further comprising a front side part (101) arranged on the front surface of the substrate (102) and stacked layers, at least one of said layers comprising a data layer comprising wire carrying data, the front side part having a front surface (13). The system comprises an internal shield (12) arranged in a layer located below said data layer and a verification circuit configured to check the integrity of at least one portion of the internal shield.

Abstract: There is provided a calibration device for calibrating a digital sensor (3), said digital sensor being configured to protest a target digital circuit (30) fed by a clock signal having a clock period by triggering an alarm depending on a condition between said clock signal and an optimal alarm threshold, said optimal alarm threshold being determined by minimizing a quantity depending on the probability of occurrence of false positives and on the probability of occurrence of false negatives.

Abstract: According to the invention, there is provided a computer implemented method for controlling dynamically the execution of a code by a processing system, said execution being described by a control flow graph comprising a plurality of basic blocks composed of at least an input node and an output node, a transition in the control flow graph corresponding to a link between an output node of origin belonging to a first basic block and an input node of a second basic block, a plurality of initialization vectors being associated to the output nodes at the time of generating the code, an a priori control word being associated to each input node which is linked to the same output node of origin according the control flow graph, said a priori control word being precomputed at the time of generating the code by applying a predefined deterministic function F to the initialization vector associated to its output node of origin, the following steps being applied once the execution of the output node belonging to a first ba