Encryption/description method protected against side-channel attacks

The invention claimed is: 1. A computer-implemented method for encrypting or decrypting an input data block from a secret key, wherein the method comprises steps of: generating a first round key k r dependent on the secret key, selecting each of a first mask (−b r ) and a second mask (−b r+1 ) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key k r ′ from the first round key k r and the first mask (−b r ) as follows: k r ′=k r ⊕(− b r ) wherein ⊕ is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the input data block, by means of the first masked round key k r ′ so as to produce two second data L r b r , R r b r , after producing the first masked key k r ′, generating a second round key k r+1 dependent on the secret key, calculating a second masked key k r+1 ′ from the second round key k r+1 and the second mask (−b r+1 ) as follows: k r+1 ′=k r+1 ⊕(− b r+1 ) calculating two third data L r b r+1 , R r b r+1 as follows R r b r+1 =R r b r ⊕(− b r−1 )⊕(− b r ) L r b r+1 =L r b r ⊕(− b r−1 )⊕(− b r ) executing a second encryption round following the first encryption round, wherein the second encryption round is applied to the two third data L r b r+1 , R r b r+1 by means of the second masked round key k r+1 ′, so as to produce two fourth data, generating an output data block dependent on the two fourth data, and storing the output data block in a memory. 2. The method according to claim 1 , comprising generating a plurality of round keys, and comprising a plurality of successive encryption rounds, wherein a round key is generated before each encryption round, and wherein: for each generated round key, a mask associated with the round key is selected, and an exclusive disjunction of the round key and of the associated mask is calculated so as to produce a masked key, calculating two third data by means of the masked key is performed between each pair of successive encryption rounds. 3. The method according to claim 2 , wherein selecting each mask is performed before the plurality of encryption rounds and/or before the generation of the plurality of round keys. 4. The method according to claim 1 , wherein the first mask (−b r ) and the second mask (−b r+1 ) are selected randomly. 5. The method according to claim 1 , wherein the mask of bits all at one and the mask of all zero bits are equiprobable. 6. The method according to claim 1 , comprising generating a number having a plurality of bits, each round key being associated with one of the bits, and wherein the mask selected to mask a round key is: the mask of bits all at one if the bit associated with the round key has a first value, the mask of all zero bits if the bit associated with the round key has a second value different to the first value. 7. The method according to claim 1 , wherein the encryption round applied to the two first data comprises: applying an encryption function to one of the two first data by means of the first masked round key so as to produce an intermediate datum, wherein the first datum also forms one of the two second data, calculating an exclusive disjunction of the intermediate datum and of the other first datum so as to produce the other second datum. 8. A non-transitory computer-readable medium comprising code instructions for causing a computer to perform a method for encrypting or decrypting a data block from a secret key, wherein the method comprises steps of: generating a first round key k r dependent on the secret key, selecting each of a first mask (−b r ) and a second mask (−b r+1 ) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key k r ′ from the first round key k r and the first mask (−b r ) as follows: k r ′=k r ⊕(− b r ) wherein ⊕ is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key k r ′ so as to produce two second data L r b r , R r b r , after producing the first masked key k r ′, generating a second round key k r+1 dependent on the secret key, calculating a second masked key k r+1 ′ from the second round key k r+1 and the second mask (−b r+1 ) as follows: k r+1 ′=k r+1 ⊕(− b r+1 ) calculating two third data L r b r+1 , R r b r+1 as follows R r b r+1 =R r b r ⊕(− b r−1 )⊕(− b r ) L r b r+1 =L r b r ⊕(− b r−1 )⊕(− b r ) executing a second encryption round following the first encryption round, wherein the second encryption round is applied to the two third data L r b r+1 , R r b r+1 by means of the second masked round key k r+1 ′. 9. A device for encryption or decryption of an input data block from a secret key, the device comprising at least one processor configured to: generate a first round key k r dependent on the secret key, select each of a first mask (−b r ) and a second mask (−b r+1 ) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculate a first masked key k r ′ from the first round key k r and the first mask (−b r ) as follows: k r ′=k r ⊕(− b r ) wherein ⊕ is a XOR operator, execute an encryption round applied to two first data dependent on the input data block, by means of the first masked round key k r ′ so as to produce two second data L r b r , R r b r , after producing the first masked key k r ′, generate a second round key k r+1 dependent on the secret key, calculate a second masked key k r+1 ′ from the second round key k r+1 and the second mask (−b r+1 ) as follows: k′ r+1 =k r+1 ⊕(− b r+1 ) calculate two third data L r b r+1 , R r b r+1 as follows R r b r+1 =R r b r ⊕(− b r−1 )⊕(− b r ) L r b r+1 =L r b r ⊕(− b r−1 )⊕(− b r ) execute a following encryption round applied to the two third data L r b r+1 , R r b r+1 by means of the second masked round key (k r+1 ′) so as to produce two fourth data, generate an output data block dependent on the two fourth data, and store the output data block in a memory. 10. A smart card comprising an encryption or decryption device according to claim 9 .