Device and method for protecting execution of a cryptographic operation

Abstract

There is provided a device for protecting the execution of a cryptographic operation from attacks, the cryptographic operation being implemented by a cryptographic algorithm, the cryptographic operation comprising at least one modular operation between a main base (m) representing a data block and at least one scalar (d) in at least one finite starting group. The device is configured to determine at least one intermediary group (E') different from the at least one starting group (E), the number of intermediary groups being equal to the number of starting groups E. The device is further configured to determine at least one final group (E″) from the at least one starting group E and the at least one intermediary group E′. The base m being mapped to an auxiliary element (x) in the at least one intermediary group and to an auxiliary base (m″) in the at least one final group E″. The device performs a first elementary operation in each final group (E″i), the first elementary operation consisting in executing the modular operation between the auxiliary base (m″) and an auxiliary scalar (d) in each final group E″, which provides at least one result, the auxiliary scalar (d) being determined from the auxiliary element (x) and from the main scalar (d). The device further performs a second elementary operation in each starting group E, the second elementary operation consisting in executing the modular operation between an additional auxiliary base and an additional auxiliary scalar d′in each starting group, at least one of the additional auxiliary base and of the additional scalar being derived from the result of the first elementary operation.