Abstract: A method for digital signing of a document using a predetermined secret key. An initial internal state is determined by application to a condensate of the document of a first white box implementation of generation of a main nonce; then a modular sum of the main nonce and of a predetermined constant. The method also determines a first internal state by application to the initial internal state of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant. The method then determines a second internal state by application to said condensate of a second white box implementation of generation of the main nonce; and a second modular arithmetic operation function of the first internal state, of the main signature nonce and of the secret key. It then generates a digital signature of the document from the first internal state and the second internal state.

Abstract: A method for encrypting or decrypting a n-tuple of data ({ai}i?[[0,n-1]]) with a n-tuple of secret keys ({ki}i?[[0,n-1]]). The method uses a data-processor to perform the steps of: (a) for each element (ai), determining m>n first internal states ({yij}j?[[0,m-1]]) by application of m first operations, each: represented by a table (Tij), and defined as the combination of a single bijective internal encoding (Gij), of a non-linear sharing function (Di, Ei, Fi . . . ), and of a given non-linear permutation function (ƒ) parameterized with the secret key (ki), and (b) for each n-tuple of first internal states ({yij}i?[[0,n-1]]), determining a second internal state (zj) by application of a second operation: represented by a table (TLj), and defined as the combination of a second single bijective internal encoding (GLj), a linear multiplexing function (L), and the inverses of the first bijective internal encodings (Gij).

Abstract: The invention relates to a cryptographic processing method comprising multiplication of a point P of an elliptic curve on a Galois field by a scalar k, the multiplication comprising steps of: storing, in a first register, a zero point of the Galois field, executing a loop comprising at least one iteration comprising steps of: selecting a window of w bits in the non-signed binary representation of the scalar k, w being a predetermined integer independent of the scalar k and strictly greater than 1, calculating multiple points of P being each associated with a bit of the window and of the form ±2iP, adding or not in the first register of multiple points stored, depending of the value of the bit of the window with which the multiple points are associated, wherein the loop ends once each bit of the non-signed binary representation of the scalar k has been selected, returning a value stored in the first register.

Abstract: The invention relates to a secured comparative processing method of the type in which a processor of an electronic component compares a set of proof data received by the processor as an input with main secret data stored in said electronic component, characterised in that the processor executes, in parallel with the comparison with the secret data, a series of complementary operations on the set of proof data which generate on the electronic component a variation in behaviour which is a function of the proof data which the component receives as an input and which is added to the variation in behaviour linked to the comparison with the main secret data, the series of complementary operations including a series of base operations repeated K times, and the execution of said series being preceded by an adjustment of execution parameters of said series, the parameters including: the identifier of the series of base operations to be executed, the series of base operations being comprised within a set of predefined

Abstract: Provided is a method for optimising memory writing in a device implementing a cryptography module and a client module calling functions implemented by the cryptography module. The device includes a random access memory including a first memory zone that is secured and dedicated to the cryptography module and a second memory zone dedicated to the client module. When the client module calls a series of functions implemented by the cryptography module including a first function and at least one second function, with each second function executed following the first function or from a further second function and providing a runtime result added to a runtime result of the preceding series function, each runtime result is added to a value contained in a buffer memory allocated in the first memory. The buffer memory value is copied to the second memory zone following the execution of the last function of the series.

Abstract: The invention relates to a method for securing an electronic device (SC) against attacks via covert channels when the electronic device (SC) implements a Montgomery ladder for calculating the element A?A?. . . ?A where A appears k times. A designates an element of an Abelian group with a law ?, and k is a natural number. The method comprises a modified implementation of the Montgomery ladder. The invention also relates to a device (SC), a computer program and a storage medium arranged so as to implement such a method.

Abstract: The present invention relates to a method for digital signing of a document using a predetermined secret key (x), comprising steps of: (a) determination of an initial internal state (s0) by application to a condensate of the document of a first white box implementation (WB0) of: generation of a main nonce (k); then a modular sum of the main nonce (k) and of a predetermined constant (K); (b) determination of a first internal state (s1) by application to the initial internal state (s0) of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant (K); (c) determination of a second internal state (s2) by application to said condensate of a second white box implementation (WBs2) of: generation of the main nonce (k); and a second modular arithmetic operation function of the first internal state (s1), of the main signature nonce (k) and of the secret key (x); (d) generation of a digital signature of the document from the first internal state (s1) and t

Abstract: The present invention relates to a method for encrypting or decrypting a n-tuple of data with a n-tuple of secret keys , the method being characterized in that it comprises data-processing means (11a) of equipment (10a) implementing steps of: (a) For each element (ai), determination of m>n first internal states by application of m first operations, each being: represented by a stored table (Tij), and defined as the combination of a single bijective internal encoding (Gij), of a non-linear splitting function (Di, Ei, Fi . . . ), and of a given non-linear permutation function (ƒ) parameterized with the secret key (ki) corresponding; (b) For each n-tuple of first internal states , determination of a second internal state (zj) by application of a second operation being: represented by a table (TLj) stored, and defined as the combination of a second single bijective internal encoding (GLj), a linear multiplexing function (L), and the inverses of said first bijective internal encodings (Gij).

Abstract: The invention relates to a cryptographic processing method comprising multiplication of a point P of an elliptic curve on a Galois field by a scalar k, the multiplication comprising steps of: storing, in a first register, a zero point of the Galois field, executing a loop comprising at least one iteration comprising steps of: selecting a window of w bits in the non-signed binary representation of the scalar k, w being a predetermined integer independent of the scalar k and strictly greater than 1, calculating multiple points of P being each associated with a bit of the window and of the form ±2iP, adding or not in the first register of multiple points stored, depending of the value of the bit of the window with which the multiple points are associated, wherein the loop ends once each bit of the non-signed binary representation of the scalar k has been selected, returning a value stored in the first register.

Abstract: The invention relates to a data-processing method that includes encoding a plurality of data of n bits into code words having a predefined constant Hamming weight, characterized in that said method also includes using (4000) encryption operations or arithmetic operations on the resulting code word(s) and also in that encoding each datum includes: decomposing (100) the datum into a plurality of m bit sequences to be encoded, m strictly being less than n; encoding (300) each bit sequence into a partial code word, each having a predefined Hamming weight, such that the sum of the Hamming weights of the partial code words are equal to the Hamming weights of the code word; and concatenating (300) the partial code words such as to produce the code word corresponding to the datum. The invention also relates to a data transmission method and to an electronic circuit configured to implement said methods.

Abstract: Provided is a method for optimising memory writing in a device implementing a cryptography module and a client module calling functions implemented by the cryptography module. The device includes a random access memory including a first memory zone that is secured and dedicated to the cryptography module and a second memory zone dedicated to the client module. When the client module calls a series of functions implemented by the cryptography module including a first function and at least one second function, with each second function executed following the first function or from a further second function and providing a runtime result added to a runtime result of the preceding series function, each runtime result is added to a value contained in a buffer memory allocated in the first memory. The buffer memory value is copied to the second memory zone following the execution of the last function of the series.

Abstract: The invention relates to a secured comparative processing method of the type in which a processor of an electronic component compares a set of proof data received by the processor as an input with main secret data stored in said electronic component, characterised in that the processor executes, in parallel with the comparison with the secret data, a series of complementary operations on the set of proof data which generate on the electronic component a variation in behaviour which is a function of the proof data which the component receives as an input and which is added to the variation in behaviour linked to the comparison with the main secret data, the series of complementary operations including a series of base operations repeated K times, and the execution of said series being preceded by an adjustment of execution parameters of said series, the parameters including: the identifier of the series of base operations to be executed, the series of base operations being comprised within a set of predefined

Abstract: The invention relates to a method for securing an electronic device (SC) against attacks via covert channels when the electronic device (SC) implements a Montgomery ladder for calculating the element A?A?. . . ?A where A appears k times. A designates an element of an Abelian group with a law ?, and k is a natural number. The method comprises a modified implementation of the Montgomery ladder. The invention also relates to a device (SC), a computer program and a storage medium arranged so as to implement such a method.

Abstract: The description pertains in particular to a method of protecting an electronic device (SCARD), when the electronic device implements a cryptographic algorithm (AES), against side channel attacks. The cryptographic algorithm (AES) operating on an array of states which forms the subject of a secure processing. The description relates also to an electronic device (SCARD), a computer program and a storage medium for the implementation of such a method.

Abstract: The invention relates to a data-processing method that includes encoding a plurality of data of n bits into code words having a predefined constant Hamming weight, characterized in that said method also includes using (4000) encryption operations or arithmetic operations on the resulting code word(s) and also in that encoding each datum includes: decomposing (100) the datum into a plurality of m bit sequences to be encoded, m strictly being less than n; encoding (300) each bit sequence into a partial code word, each having a predefined Hamming weight, such that the sum of the Hamming weights of the partial code words are equal to the Hamming weights of the code word; and concatenating (300) the partial code words such as to produce the code word corresponding to the datum. The invention also relates to a data transmission method and to an electronic circuit configured to implement said methods.

Abstract: The description pertains in particular to a method of protecting an electronic device (SCARD), when the electronic device implements a cryptographic algorithm (AES), against side channel attacks. The cryptographic algorithm (AES) operating on an array of states which forms the subject of a secure processing. The description relates also to an electronic device (SCARD), a computer program and a storage medium for the implementation of such a method.