Minimizing information leakage during modular exponentiation using random masks is disclosed Minimizing information leakage during elliptic curve point multiplication is disclosed with windowing by using point randomization is disclosed. Elliptic curve point multiplication with windowing calculates and stores multiple points based on the point being multiplied and then processes multiple bits of the multiplier at a time is also disclosed.

The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key k.sub.r dependent on the secret key, selecting each of a first mask (b.sub.r) and a second mask (b.sub.r+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key k.sub.r from the first round key k.sub.r and the first mask (b.sub.r) as follows:

k=k.sub.r(b.sub.r)

wherein is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key k.sub.r so as to produce two second data, after producing the first masked key k.sub.r, generating a second round key k.sub.r+i dependent on the secret key, calculating a second masked key k.sub.r+1 from the second round key k.sub.r+i and the second mask (b.sub.r+1) as follows: k.sub.r+1 =k.sub.r+1 ED (b.sub.r+1), calculating two third data L.sub.r.sup.b.sup.r+1, R.sub.r.sup.b.sup.r+1 as follows:

R.sub.r.sup.b.sup.r+1=R.sub.r.sup.b.sup.r(b.sub.r1)(b.sub.r)

L.sub.r.sup.b.sup.r+1=L.sub.r.sup.b.sup.r(b.sub.r1)(b.sub.r)

and executing a second encryption round following the first encryption round, wherein the second encryption round is applied to the two third data L.sub.r.sup.b.sup.r+1, R.sub.r.sup.b.sup.r+1 by means of the second masked round key k.sub.r+1.

A method of protecting a modular calculation on a first number and a second number, executed by an electronic circuit, including the steps of: combining the second number with a third number to obtain a fourth number; executing the modular calculation on the first and fourth numbers, the result being contained in a first register or memory location; initializing a second register or memory location to the value of the first register or to one; and successively, for each bit at state 1 of the third number: if the corresponding bit of the fourth number is at state 1, multiplying the content of the second register or memory location by the inverse of the first number and placing the result in the first register or memory location, if the corresponding bit of the fourth number is at state 0, multiplying the content of the second register or memory location by the first number and placing the result in the first register or memory location.