METHOD FOR SECURING AN OPERATION USING A PRIVATE KEY AGAINST SIDE-CHANNEL ATTACKS FIELD OF THE INVENTION The present invention relates to the field of public key cryptography, and more particularly to a method for securing against side-channel attacks any operation using a private key. BACKGROUND OF THE INVENTION Cryptographic algorithms are commonly used for ensuring the privacy of communications by encryption, for authentication or for generating a verifiable signature. Examples of such algorithms are AES, DES or DSA. Such cryptographic algorithms are sensitive to side-channel attacks (SCA), based on an analysis of the power consumption or electromagnetic signature of the device performing the encryption. Indeed SCA may be used to retrieve at least of a part of a secret private key d when used in a cryptographic operations as exponent of a modular exponentiation, or when used in the frame of an Elliptic curve cryptography (ECC) protocol, such as ECDSA, for deriving a new point of an elliptic curve by performing a scalar multiplication. Efficient implementations of modular exponentiation or scalar multiplication have been proposed which process the secret key d bit by bit, such as double and add implementing ECC scalar multiplication, or square and multiply implementing modular exponentiation. Nevertheless, such implementations are sensitive to SCA because of their imbalance : processing a bit of the secret key d equal to zero does not induce performing the same operations than when the processed bit of the secret key is equal to one. Therefore, balanced methods have been proposed in which the same operations are performed when processing a bit of the secret key, whatever its value, such as Montgommery ladder. Such methods are less sensitive to SCA because of their balanced nature but the operations they perform remain the same when the same secret key is processed multiple times. Therefore, an attacker may gain knowledge about the secret key by monitoring repeated executions of such methods using each time the same secret key. In order to overcome this drawback, blinding methods have been proposed, in which the secret key d is protected by masking it with a random value Rand, in a way enabling to perform a scalar multiplication or a modular exponentiation using the masked secret key instead of the secret key itself, and then to remove the masking from the result, in order to retrieve the correct result of the operation as if the secret key d itself had been used. For example, one blinding method developed for ECC protocols is addition by order in which the secret key d is masked into d’ such that d’ = d + Rand * N, with N the order which is a value essentially but not strictly equal to zero. Nevertheless, existing blinding methods have several drawbacks. A first one is the high performance penalty incurred to cryptographic operations using blinding secret keys. In addition, methods based an order such as addition by order provide a blinding of bad quality because order value is usually sparse (it comprise long sequences of either only zeros or only ones). Order value being sparse induces that some parts of the secret key d to be blinded are in fact never blinded whatever the random value Rand used to perform the blinding. As a result, there is a need for a method for protecting against side channel attacks secret keys used in modular exponentiation or scalar multiplication, with a lower impact on performances than existing blinding methods. Such a method shall be balanced without directly manipulating the secret key d and shall not be sensitive to the order value being sparse. SUMMARY OF THE INVENTION For this purpose and according to a first aspect, this invention therefore relates to a method for securing against side channel attacks an execution of a cryptographic process comprising an elliptic curve scalar multiplication operation of a secret key d with a point G of an elliptic curve, d being a n-bit scalar, with n an integer, n>= 1, said method being performed by a cryptographic device comprising at least a first accumulator and a second accumulator, and comprising: -generating a masking value comprising n bits, -additively masking said secret key d with said generated masking value Rand by adding said generated masking value Rand to said secret key d to obtain a masked key d’, - computing a result of said elliptic curve scalar multiplication operation by: o storing the value 0 in a first accumulator, o storing the point of the elliptic curve G in a second accumulator, o for i an integer from 0 to n-1, wherein the 0 ^th bits of the masked key d’ and of the masking value Rand are their most significant bits, and wherein j is the lowest integer bigger than i such that a pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is neither equal to (0,0) nor equal to (1,1), storing intermediate values in said first accumulator and in said second accumulator at round i by: o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,0) or (1,1), storing in the second accumulator a result of the addition of the content of the second accumulator and the content of the first accumulator and storing in the first accumulator a result of doubling the content of the first accumulator, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,1) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (0,1), storing in the first accumulator a result of the addition of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator a result of doubling the content of the second accumulator, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (1,0) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (1,0), storing in the first accumulator a result of the addition of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator a result of doubling the content of the second accumulator, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (1,0) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (0,1), storing in the first accumulator a result of the addition of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator the result of doubling the value stored in the first accumulator at round i-1, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,1) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is equal to (1,0), storing in the first accumulator a result of the addition of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator a result of doubling the value stored in the first accumulator at round i-1, o when a pair of the (n-1) ^th bits of the masked key d’ and of the masking value Rand (dn-1’,Randn-1) is equal to (0,1) or (1,0), storing in the first accumulator a result of the addition of the content of the first accumulator and the content of the second accumulator, -retrieving the content of the first accumulator as the elliptic curve scalar multiplication operation result, -performing said cryptographic algorithm using said elliptic curve scalar multiplication operation result. For this purpose and according to a second aspect, this invention therefore relates to a method for securing against side channel attacks an execution of a cryptographic process comprising a modular exponentiation operation of a base g with a secret key d modulo a value P, d being a n-bit scalar, with n an integer, n>= 1, P being a positive integer number and g being a positive integer number less than P, said method being performed by a cryptographic device comprising at least a first accumulator and a second accumulator, and comprising: -generating a masking value comprising n bits, -additively masking said secret key d with said generated masking value Rand by adding said generated masking value Rand to said secret key d to obtain a masked key d’, - computing a result of said modular exponentiation operation by: o storing the value g in a first accumulator, o storing the value g² in a second accumulator, o for i an integer from 0 to n-1, wherein the 0 ^th bits of the masked key d’ and of the masking value Rand are their most significant bits, and wherein j is the lowest integer bigger than i such that a pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is neither equal to (0,0) nor equal to (1,1), storing intermediate values in said first accumulator and in said second accumulator at round i by: o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (0,0) or (1,1), storing in the second accumulator a result of the multiplication modulo P of the content of the second accumulator and the content of the first accumulator and storing in the first accumulator a result of squaring modulo P the content of the first accumulator modulo P, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (0,1) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (0,1), storing in the first accumulator a result of the multiplication modulo P of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator a result of squaring modulo P the content of the second accumulator, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (1,0) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is equal to (1,0), storing in the first accumulator a result of the multiplication modulo P of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator a result of squaring modulo P the content of the second accumulator, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (1,0) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is equal to (0,1), storing in the first accumulator a result of the multiplication modulo P of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator the result of squaring modulo P the value stored in the first accumulator at round i-1, o when a pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (0,1) and a pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (1,0), storing in the first accumulator a result of the multiplication modulo P of the content of the first accumulator and the content of the second accumulator and storing in the second accumulator a result of squaring modulo P the value stored in the first accumulator at round i-1, o when a pair of the (n-1) ^th bits of the masked key d’ and of the masking value Rand (d _n-1 ’,Rand _n-1 ) is equal to (0,1) or (1,0), storing in the first accumulator a result of the multiplication modulo P of the content of the first accumulator and the content of the second accumulator, -retrieving the content of the first accumulator as the modular exponentiation operation result, -performing said cryptographic algorithm using said elliptic curve scalar multiplication operation result. Such methods enable to perform an execution which is secured against side channel attacks of a cryptographic process comprising either a modular exponentiation or a scalar multiplication, without any direct manipulation of the secret key, and without the performance penalty and order issues associated to blinding by order, despite actually blinding the secret key The size of the masking value may be 256 bits, 512 bits, 1024 bits or 2048 bits depending on the secret key size. According to a third aspect, this invention therefore relates also to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of the methods according to the first aspect and the second aspect when said product is run on the computer. According to a fourth aspect, this invention therefore relates also to a non- transitory computer readable medium storing executable computer code that when executed by a cryptographic device comprising a processing system having at least one hardware processor performs the steps of the methods according to the first aspect and the second aspect. According to a fifth aspect, this invention therefore relates also to a cryptographic device comprising : - at least one first accumulator and a second accumulator, - a processor configured to execute the steps of the method according to the first aspect and the second aspect. To the accomplishment of the foregoing and related ends, one or more embodiments comprise the features hereinafter fully described and particularly pointed out in the claims. BRIEF DESCRIPTION OF THE DRAWINGS The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the embodiments may be employed. Other advantages and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed embodiments are intended to include all such aspects and their equivalents. • Figure 1 is a schematic illustration of a cryptographic device according to an embodiment of the present invention; • Figure 2 illustrates schematically methods according to an embodiment of the present invention. DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION The invention aims at securing against side channel attacks an execution of a cryptographic process comprising an operation using a private key such as a modular exponentiation or a scalar multiplication in an elliptic curve cryptographic process. Such a process may be performed by a cryptographic device 100 a schematic illustration of which is given on Figure 1. The cryptographic device 100 may include a processor 101 connected via a bus 102 to a random access memory (RAM) 103, a read-only memory (ROM) 104, and/or a non-volatile memory (NVM) 105. The cryptographic device 100 may further include a communication interface 106 by which the cryptographic device 100 may be connected to a network. Such an interface may be a wireless interface connected to an antenna and may be used to connect the cryptographic device 100 to various forms of wireless networks, e.g., wide-area networks, WiFi networks, or mobile telephony networks. Alternatively, such an interface may be a wired interface such as an Ethernet internet. The cryptographic device 100 may also include input/output means 107 providing interfaces to the user of the cryptographic device 100, such as one or more screens, loudspeakers, a mouse, tactile surfaces, a keyboard etc… The cryptographic device 100 also comprises at least a first accumulator R0 and a second accumulator R1 to be used by the cryptographic device to store calculation intermediate results. Such a cryptographic device may for example be a smartcard, a mobile telephone, a tablet, or a personal computer. It may also be a smartchip embedded in an identity document such as a passport, or a Hardware Security Module (HSM). The cryptographic process performed by the cryptographic device may for example be an elliptic curve cryptography (ECC) process such as ECDSA protocol, or another cryptographic process such as RSA encryption or Diffie-Hellman key exchange. All these cryptographic processes comprise a step of using a secret value d, hereafter called secret key, for computing a result r of a modular exponentiation which raises a base b to the power d modulo some value m: r= b ^d |m, or in the case of an ECC process, for deriving a new point Q of an elliptic curve by performing an elliptic curve scalar multiplication operation of the secret key d with a point G of the elliptic curve: Q = ^^^^ ∗ ^^^^. In the rest of the description, the secret key d is supposed to be a n- bit scalar, with n an integer, n>= 1. For example, n=32, 64, 256, 512, 1024 or 2048 bits. In order to protect the execution of the modular exponentiation or the scalar multiplication of such a process against side-channel analysis, the secret key d is masked using a random masking value Rand, of the same size than the secret key. In order to avoid the drawbacks of blinding methods such as addition by order, a first idea of the invention is to directly mask the secret key by adding to it the random masking value, without using any order value: d’ = d + Rand with d’ the masked secret key. In order to have an efficient implementation of the modular exponentiation or the scalar multiplication and to further protect it against side-channel analysis, it is interesting, as presented above, to use a balanced version of an algorithm processing the secret key bit by bit, such as Montgomery ladder. Such a balanced algorithm, when processing a given bit of the secret key, updates the first and second accumulators depending on the value of the processed bit, such that the same operations are performed at each bit processing either on the first or second accumulator and such that after the last bit of the secret key has been processed, the sought result is stored in one of the accumulators. As an example, when computing a scalar multiplication Q = ^^^^ ∗ ^^^^ between the secret key d and a point G of an elliptic curve, in the unbalanced Double and Add algorithm, only one accumulator is used. When the bit di of the secret key being processed is zero, the content of the accumulator is only doubled. When d _i is equal to one, the content of the accumulator is doubled and one G is added to it. In Montgomery Ladder algorithm, two accumulators R0 and R1 are needed. When di is zero, the content of R0 is added to the content of R1 (R1=R1+R0), and the content of R0 is doubled. When d _i is equal to one, it is the opposite: the content of R1 is added to the content of R0 (R0=R1+R0), and the content of R1 is doubled. In order to use a masked secret key with a balanced modular exponentiation or scalar multiplication, one could compute a masked modular exponentiation or scalar multiplication result by applying such a balanced algorithm using the masked secret key d’, for example computing : r’= b ^d’ |m (with | the concatenation operator) or Q’ = ^^^^′ ∗ ^^^^, and then unmask the result in order to get the sought modular exponentiation or scalar multiplication result which would have been obtained by applying such a balanced algorithm using the secret key d. In order to avoid the large cost increase of such an approach, a second main idea of the invention is, when processing a given bit of the masked secret key d’, to look at the corresponding bit of the random value rand and to deduce the operations to be applied to the first and second accumulators in order to directly get in one of the accumulators, after the last bit of the secret key has been processed, the result which would have been obtained by applying such a balanced algorithm using the secret key d. The following paragraphs describe with more details the steps of methods according to the invention securely computing a modular exponentiation or an ECC scalar multiplication as depicted on Figure 2. In a first step S1, the cryptographic device generates a masking value Rand, to be used for performing the next modular exponentiation or scalar multiplication, and comprising n bits, like the secret key d. Such a value may be randomly generated, for example by a Pseudo-Random Number Generator PRNG 108 included in the cryptographic device. In a second step S2, the cryptographic device performs an additive masking of the secret key d with the generated masking value Rand by adding the generated masking value Rand to the secret key d to obtain a masked key d’ : d’ = d + Rand. In the following steps, the bits of the masked key d’ and the masking value Rand are indexed from 0 to n-1 from left to right. Said differently, their bits with index 0 (0 ^th bits) are their most significant bits. Since the masking value Rand has to same size as the secret key d, the size of the masked key is at most n+1. It induces a much lower performance penalty than existing blinding methods such as addition by order in which the masked key is much longer. In a third step S3, the cryptographic device computes the result of the modular exponentiation or scalar multiplication to be computed. In the following paragraphs, the third step S3 is first described in the case of computing a scalar exponentiation Q = ^^^^ ∗ ^^^^ between the secret key d and a point G of an elliptic curve, using a modified version of Double and Add algorithm. The third step S3 is then described in the case of computing a modular exponentiation by replacing any point addition by a modular multiplication and any point doubling by a modular square operation. The cryptographic device first initializes the first accumulator R0 and the second accumulator R1. Then, for i an integer from 0 to n-1, the 0 ^th bits of the masked key d’ and of the masking value Rand being their most significant bits, and j being the lowest integer bigger than i such that a pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is neither equal to (0,0) nor equal to (1,1), the cryptographic device stores intermediate values in the first accumulator R0 and in the second accumulator R1 at round i, these intermediate values being obtained by performing operations on the content of the second accumulator R1 and/or the content of the first accumulator R0. These operations are selected among addition, multiplication, squaring and doubling, depending on the values of the pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) and on the pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj). In the case of computing a scalar exponentiation, at the beginning of the third step, the cryptographic device initializes its accumulators by setting the first accumulator R0 to zero (R0 _-1 =0), and by storing the elliptic curve point G in the second accumulator R1 (R1 _-1 =G). As in balanced scalar multiplication algorithms such as Montgommery Ladder, the cryptographic device will then process each bit of the masked key d’ one by one and at each round, corresponding to one bit of the secret key, it will update both accumulators such that one doubling and one addition are performed, and such that the first accumulator R0 stores, at the end of the last round, the result Q = ^^^^ ∗ ^^^^. In the following paragraphs, R0 _i and R1 _i are the contents of the first and second accumulators at the end of round i. The third step S3 then comprises the following operations to be performed at each round i corresponding to the processing of a bit d _i of the masked key d’, for i an integer from 0 to n-1. In these operations, since d’ = d + Rand which can be rewritten as d = d’ - Rand, an equivalent value of di can be inferred from the values of di’ and Randi. When the pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (0,0) or (1,1), it is equivalent to reading di = 0. Therefore, the cryptographic device stores in the first accumulator R0 the result of doubling the content of the first accumulator R0 : R0 _i = 2*R0 _i-1 . As will be shown above, depending on the operation performed at the previous round, the content of the second accumulator R1i-1 may be equal to R0 _i -1+G or R0 _i -1-G. In order to keep it that way, the cryptographic device, before doubling the second accumulator R0, stores in the second accumulator R1 the result of the addition of the content of the second accumulator R1 and the content of the first accumulator R0: R1i = R0i-1 + R1i-1. = 2 R0i-1 +/- G = R0i +/- G. When the pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (1,0), it is equivalent to reading di = 1. In such a case, the content of the first accumulator should be doubled and +1G shall be added to it. This can be achieved by setting the second accumulator R1 to R0+G before adding it to the first accumulator: R0i = R0 _i-1 + R1 _i-1 . On the other hand, when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,1), it is equivalent to reading d _i = -1. In such a case, the content of the first accumulator should be doubled and -1G shall be added to it. This can be achieved by setting the second accumulator R1 to R0-G before adding it to the first accumulator: R0 _i = R0 _i-1 + R1 _i-1 . Since the operations performed when (di’,Randi) is equal to (0,0) or (1,1) do not change the relationship between R0i-1 and R1i-1, the method according to the invention sets R1 to R0+G or R0-G for the beginning of a given round at the previous round where the pair of bits of the masked key d’ and of the masking value Rand is equal to either (0,1) or (1,0). The relationship to be set between R1 and R0 is selected by looking at the next pair of bits of the masked key d’ and of the masking value Rand that is equal to either (0,1) or (1,0). At round i, for i=0 to n-2, such a next pair is called the pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) with j is the lowest integer bigger than i such that this pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is neither equal to (0,0) nor equal to (1,1). When (dj’,Randj) = (di’,Randi), both being either equal to (1,0) or (0,1), it means that the relation between R0i-1 and R1i-1 (either R1i-1=R0i-1+G or R1i-1=R0i-1-G) used to compute R0 _i (R0 _i = R0 _i-1 + R1 _i-1 ) shall be kept intact between R0 _i and R1 _i for correctly setting R0 _j at round j. Therefore, in such a case, at round i, for i=0 to n-2, the content of the second accumulator is just doubled: R1i = 2*R1i-1. Indeed, by doing so, when R1 _i-1 =R0 _i-1 +G, R1 _i =2*(R0 _i-1 +G)= R0 _i +G since R0 _i = R0 _i-1 + R1 _i-1 = 2 R0 _i-1 +G. Similarly, when R1 _i-1 =R0 _i-1 -G, R1 _i =2*(R0 _i-1 -G)= R0 _i -G since R0 _i = R0 _i-1 + R1 _i-1 = 2 R0 _i-1 -G. On the contrary, when (dj’,Randj) = (0,1) and (di’,Randi)=(1,0) ; or when (d _j ’,Rand _j ) = (1,0) and (d _i ’,Rand _i )=(0,1), it means that the relation between R0 _i-1 and R1i-1 (either R1i-1=R0i-1+G or R1i-1=R0i-1-G) used to compute R0i (R0i = R0i-1 + R1i-1) shall be reversed between R0i and R1i for correctly setting R0j at round j. Therefore, in such a case, at round i, for i=0 to n-2, the cryptographic device stores in the second accumulator R1 the result of doubling the value stored in the first accumulator R0 at round i-1: R1i = 2*R0i-1. indeed, by doing so, when R1i-1=R0i-1+G, R1i= R0i-G since R0i = R0 _i-1 + R1 _i-1 = 2 R0 _i-1 +G. Similarly, when R1 _i-1 =R0 _i-1 -G, R1 _i =R0 _i +G since R0 _i = R0 _i-1 + R1 _i-1 = 2 R0 _i-1 -G. In the case of the last round, when i=n-1, there is no need to take into account what the relationship between R0 and R1 should be for a next round. At that last round, only the updating of the first accumulator R0 should be performed has described above for the other rounds in order to get the result of the operation in the first accumulator. Updating of the second accumulator R1 is not needed since its content is not used anymore for the remaining steps of the process. To summarize: o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (0,1) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is equal to (0,1), the cryptographic device stores in the first accumulator R0 the result of the addition of the content of the first accumulator R0 and the content of the second accumulator R1 and it stores in the second accumulator R1 the result of doubling the content of the second accumulator R1, o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (1,0) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (1,0), the cryptographic device stores in the first accumulator R0 the result of the addition of the content of the first accumulator R0 and the content of the second accumulator R1 and it stores in the second accumulator R1 the result of doubling the content of the second accumulator R1, o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (1,0) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (0,1), the cryptographic device stores in the first accumulator R0 the result of the addition of the content of the first accumulator R0 and the content of the second accumulator R1 and it stores in the second accumulator R1 the result of doubling the value stored in the first accumulator R0 at round i-1, o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,1) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (1,0), the cryptographic device stores in the first accumulator R0 the result of the addition of the content of the first accumulator R0 and the content of the second accumulator R1 and it stores in the second accumulator R1 the result of doubling the value stored in the first accumulator R0 at round i-1, o when a pair of the (n-1) ^th bits of the masked key d’ and of the masking value Rand (d _n-1 ’,Rand _n-1 ) is equal to (0,1) or (1,0), storing in the first accumulator a result of the addition of the content of the first accumulator and the content of the second accumulator. In the case of a modular exponentiation operation of a base g with a secret key d modulo a value P, d being a n-bit scalar, with n an integer, n>= 1, P being a positive integer number and g being a positive integer number less than P, RAND should be selected such that the first pair of the masked key d’ and of the masking value Rand (d ₀ ’,Rand ₀ ) should be equal to (1,0) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) should be equal to (1,0). Then, the cryptographic device initializes its accumulators by setting the first accumulator R0 to the base g (R0- ₁ =g), and by storing the square of the base g in the second accumulator R1 (R1 _-1 =g²). Then for the other pairs of the bits of the masked key d’ and of the masking value Rand (di’,Randi): o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,0) or (1,1), the cryptographic devices stores in the second accumulator (R1) a result of the multiplication modulo P of the content of the second accumulator (R1) and the content of the first accumulator (R0) and the cryptographic device stores in the first accumulator (R0) a result of squaring modulo P the content of the first accumulator (R0) modulo P, o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,1) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (0,1), the cryptographic device stores in the first accumulator (R0) a result of the multiplication modulo P of the content of the first accumulator (R0) and the content of the second accumulator (R1) and the cryptographic device stores in the second accumulator (R1) a result of squaring modulo P the content of the second accumulator (R1), o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (1,0) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (d _j ’,Rand _j ) is equal to (1,0), the cryptographic device stores in the first accumulator (R0) a result of the multiplication modulo P of the content of the first accumulator (R0) and the content of the second accumulator (R1) and the cryptographic device stores in the second accumulator (R1) a result of squaring modulo P the content of the second accumulator (R1), o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (di’,Randi) is equal to (1,0) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is equal to (0,1), the cryptographic device stores in the first accumulator (R0) a result of the multiplication modulo P of the content of the first accumulator (R0) and the content of the second accumulator (R1) and the cryptographic device stores in the second accumulator (R1) the result of squaring modulo P the value stored in the first accumulator (R0) at round i-1, o when the pair of the i ^th bits of the masked key d’ and of the masking value Rand (d _i ’,Rand _i ) is equal to (0,1) and the pair of the j ^th bits of the masked key d’ and of the masking value Rand (dj’,Randj) is equal to (1,0), the cryptographic device stores in the first accumulator (R0) a result of the multiplication modulo P of the content of the first accumulator (R0) and the content of the second accumulator (R1) and the cryptographic device stores in the second accumulator (R1) a result of squaring modulo P the value stored in the first accumulator (R0) at round i-1, o when the pair of the (n-1) ^th bits of the masked key d’ and of the masking value Rand (d _n-1 ’,Rand _n-1 ) is equal to (0,1) or (1,0), the cryptographic device stores in the first accumulator a result of the multiplication modulo P of the content of the first accumulator and the content of the second accumulator, In a fourth step S4, the cryptographic device retrieves the content of the first accumulator R0 as the elliptic curve scalar multiplication operation result or modular exponentiation result. Such a method requires that (d ₀ ’,Rand ₀ ) = (1,0) and that for round 0 (d _j ’,Rand _j )=(1,0). When this condition is not met at the end of the second step S2, the cryptographic device can execute again the first and second steps S1, S2 until the condition is satisfied. An example of elliptic curve scalar multiplication operation is given where d = 41 = 101001 (binary) RAND = 10 = 001010 (binary) Hence, d’ = 51 = 110011 (binary) (from regular addition d’ = d + RAND). At round 0 : (d ₀ ’,Rand ₀ ) = (1,0), and (d _j ’,Rand _j ) = (1,0), Then, R0 ₀ = R0 _-1 + R1 _-1 = G R10 = 2* R1-1 =2G At round 1 : (d ₁ ’,Rand ₁ )= (1,0), (d _j ’,Rand _j ) = (0,1), Then R01 = R00 + R10 = 3G R11 = 2* R00=2G At round 2 : (d2’,Rand2)= (0,1), (dj’,Randj) = (1,0), Then R02 = R01 + R11 = 5G R1 ₂ = 2* R0 ₁ =6G At round 3 : (d3’,Rand3)= (0,0), Then R0 ₃ = 2R0 ₂ =10G R1 ₃ = R0 ₂ + R1 ₂ = 11G At round 4 : (d4’,Rand4) = (1,1), Then R0 ₄ = 2R0 ₃ =20G R14 = R03 + R13 = 21G At the last round, round 5, (d ₅ ’,Rand ₅ ) = (1,0), and only the update of the first accumulator matters: Then R05 = R04 + R14 = 41G, which is the result of the scalar multiplication Q=d x G. An example of modular exponentiation is given where : d = 137 = 10001001 (binary) RAND = 74 = 01001010 (binary) Hence, d’ = 211 = 11010011 (binary) (from regular addition d’ = d + RAND). At round 0 : (d ₀ ’,Rand ₀ ) = (1,0), and (d _j ’,Rand _j ) = (1,0), Initialization is performed : R00 = g R1 ₀ = g² At round 1 : (d1’,Rand1)= (1,1), (dj’,Randj) = (1,0), Then R0 ₁ = R0 ₀ ² = g² R1 ₁ = R0 ₀ * R1 ₀ =g ³ At round 2 : (d2’,Rand2)= (0,0), (dj’,Randj) = (1,0), Then R0 ₂ = R0 ₁ ² = g ⁴ R12 = R01 * R11 =g ⁵ At round 3 : (d ₃ ’,Rand ₃ )= (1,0), (d _j ’,Rand _j ) = (0,1), Then R0 ₃ = R0 ₂ * R1 ₂ =g ⁹ R13 = R02² = g ⁸ At round 4 : (d ₄ ’,Rand ₄ ) = (0,1), (d _j ’,Rand _j ) = (1,0), Then R04 = R03* R13 =g ¹⁷ R14 = R03² = g ¹⁸ At round 5 : (d5’,Rand5) = (0,0), (dj’,Randj) = (1,0), Then R05 = R04² = g ³⁴ R1 ₅ = R0 ₄ * R1 ₄ =g ³⁵ At round 6 : (d6’,Rand6) = (1,1), (dj’,Randj) = (1,0), Then R0 ₆ = R0 ₅ ² = g ⁶⁸ R1 ₆ = R0 ₅ * R1 ₅ =g ⁶⁹ At the last round, round 7, (d5’,Rand5) = (1,0), and only the update of the first accumulator matters: Then R07 = R06 * R16 = g ¹³⁷ , which is the result of the modular exponentiation. In a fifth step S5, the cryptographic device performs said cryptographic algorithm using said elliptic curve scalar multiplication operation result or modular exponentiation result. According to a second aspect, this invention therefore relates also to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of the methods described here above when said product is run on the computer. According to a third aspect, this invention therefore relates also to a non-transitory computer readable medium storing executable computer code that when executed by a cryptographic device comprising a processing system having at least one hardware processor performs the steps of the methods described here above. According to a fourth aspect, this invention therefore relates also to a cryptographic device described here above comprising : - at least one first accumulator R0 and a second accumulator R1, - at least one processor 101 configured to execute the steps of the methods described here above. As a result, the methods described above enable to perform an execution which is secured against side channel attacks of a cryptographic process comprising either a modular exponentiation or a scalar multiplication, without any direct manipulation of the secret key, and without the performance penalty and order issues associated to blinding by order, despite actually blinding the secret key.