公开(公告)号：US12177363B2

公开(公告)日：2024-12-24

申请号：US18045702

申请日：2022-10-11

Applicant: NXP B.V.

Inventor： Joost Roland Renes ,  Melissa Azouaoui ,  Joppe Willem Bos ,  Björn Fay ,  Tobias Schneider

IPC: H04L29/06 ,  G06F21/52 ,  H04L9/30 ,  H04L9/32

Abstract: Various embodiments relate to a fault detection system and method for a digital signature algorithm, including: producing a digital signature of a message using a digital signature algorithm; storing parameters from a last round of the digital signature algorithm; executing the last round of the digital signature algorithm using the stored parameters to produce a check signature; comparing the digital signature to the check signature; and outputting the digital signature when the digital signature is the same as the check signature.

公开(公告)号：US20240405986A1

公开(公告)日：2024-12-05

申请号：US18326635

申请日：2023-05-31

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Melissa Azouaoui ,  Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

Abstract: A system and method of carrying out a binary arithmetic operation in a cryptographic operation for lattice-based cryptography. The variables used in the binary arithmetic operation may have their bits randomly rotated to counter side channel attacks. An addition and multiplication operation on variables with rotated bits are disclosed.

公开(公告)号：US20240126511A1

公开(公告)日：2024-04-18

申请号：US17935550

申请日：2022-09-26

Applicant: NXP B.V.

Inventor： Melissa Azouaoui ,  Yulia Kuzovkova ,  Tobias Schneider ,  Markus Schoenauer ,  Christine van Vredendaal

IPC: G06F7/72 ,  G06F9/30

CPC classification number: G06F7/724 ,  G06F9/3001 ,  G06F9/30029 ,  G06F2207/7233

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked compressing of coefficients of a polynomial having ns arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting a first arithmetic share of the ns arithmetic shares by an input mask λ1; scaling the shifted first arithmetic share by a value based on a first compression factor δ and a masking scaling factor φ1; shifting the scaled first arithmetic share by a value based on the masking scaling factor φ1; scaling a second to ns shares of the ns arithmetic shares by a value based on the first compression factor δ and the masking scaling factor φ1; converting the ns scaled arithmetic shares to ns Boolean shares; right shifting the ns Boolean shares based upon the masking scaling factor φ1 and a second compression factor φ2; XORing an output mask λ2 with the shifted first Boolean share to produce ns compressed Boolean shares; and carrying out a cryptographic operation using the ns arithmetic shares when the ns compressed Boolean shares indicates that the coefficients of the polynomial are within boundary values.

公开(公告)号：US20230353361A1

公开(公告)日：2023-11-02

申请号：US17732164

申请日：2022-04-28

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Tobias Schneider ,  Joost Roland Renes ,  Melissa Azouaoui

IPC: H04L9/30 ,  G06F9/30

CPC classification number: H04L9/3093 ,  H04L9/3026 ,  G06F9/30018

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter β; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter β; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter β.

公开(公告)号：US20240430099A1

公开(公告)日：2024-12-26

申请号：US18337795

申请日：2023-06-20

Applicant: NXP B.V.

Inventor： Christine van Vredendaal ,  Tobias Schneider ,  Melissa Azouaoui

IPC: H04L9/32 ,  H04L9/08

Abstract: A secure processing system configured to produce a hash based digital signature of a message, including: random number generator (RNG); a monotonic counter device configured to produce a monotonically increasing counter value; a hash accelerator configured to produce a hash of the message based upon a random number from the RNG and the counter value; and a run time integrity check (RTIC) device configured to check the integrity of the operation of the hash accelerator based upon the counter value.

公开(公告)号：US20240388429A1

公开(公告)日：2024-11-21

申请号：US18319982

申请日：2023-05-18

Applicant: NXP B.V.

Inventor： Christine van Vredendaal ,  Melissa Azouaoui ,  Marcel Medwed ,  Tobias Schneider

IPC: H04L9/08 ,  H04L9/32

Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for generating keys in a hash based signature system in a processor, the instructions, including: generating, by a random number generator, a seed; repeatedly hashing the seed with a first hash function to produce n/k chained seeds, wherein n is a total number secret keys generated and k is a number of secret keys generated from each chained seed; and generating k secret keys from each of the n/k chained seeds using a second hash function, wherein at least one of the k secret keys is generated from another of the k secret keys in a sequential chain.

公开(公告)号：US20240235808A1

公开(公告)日：2024-07-11

申请号：US18534909

申请日：2023-12-11

Applicant: NXP B.V.

Inventor： Jack Connor ,  Nikita Veshchikov ,  Melissa Azouaoui

IPC: H04L9/00 ,  H04L9/06

CPC classification number: H04L9/003 ,  H04L9/0631

Abstract: In accordance with a first aspect of the present disclosure, a method of protecting a cryptographic device against side-channel attacks is conceived, the cryptographic device comprising a cryptographic unit and a processing unit, and the method comprising: performing, by the cryptographic unit, a cryptographic operation on input data, wherein said cryptographic operation generates at least one intermediate result; generating, by the processing unit, a set of possible values of the intermediate result; leaking, by the cryptographic device, said set of possible values of the intermediate result. In accordance with a second aspect of the present disclosure, a computer program is provided for carrying out said method. In accordance with a third aspect of the present disclosure, a corresponding cryptographic device is provided.

公开(公告)号：US20240202273A1

公开(公告)日：2024-06-20

申请号：US18066862

申请日：2022-12-15

Applicant: NXP B.V.

Inventor： Björn FAY ,  Tobias SCHNEIDER ,  Joost Roland Renes ,  Melissa Azouaoui ,  Joppe Willem Bos

IPC: G06F17/10 ,  G06F7/48

CPC classification number: G06F17/10 ,  G06F7/4812

Abstract: Various embodiments relate to a fault detection system and method for polynomial operations, including: selecting a plurality of evaluation points; evaluating a first polynomial at the plurality of evaluation points to produce first results; applying a first function to the first polynomial to produce a second polynomial; evaluating the second polynomial at the plurality of evaluation points second results; evaluating a second scalar function on the first results to produce third results; comparing the second results to the third results; and performing a polynomial operation using the second polynomial when the second results match the third results.

公开(公告)号：US20250094529A1

公开(公告)日：2025-03-20

申请号：US18470958

申请日：2023-09-20

Applicant: NXP B.V.

Inventor： Melissa Azouaoui ,  Tobias Schneider ,  Christine van Vredendaal

IPC: G06F17/14

Abstract: A method for checking a computation of a discrete Fourier transform (DFT), including: computing a first layer of the DFT using a plurality of butterfly operations on inputs to the first layer to produce first outputs; computing a second layer of the DFT using a plurality of butterfly operations on the first outputs to produce second outputs; performing an invariant check on the first outputs after the computation of the second layer based upon the inputs to the first layer; and indicating a fault in the computation of the DFT when the invariant check fails.

公开(公告)号：US20240146535A1

公开(公告)日：2024-05-02

申请号：US18045702

申请日：2022-10-11

Applicant: NXP B.V.

Inventor： Joost Roland Renes ,  Melissa Azouaoui ,  Joppe Willem Bos ,  Björn Fay ,  Tobias Schneider

IPC: H04L9/32 ,  G06F21/52 ,  H04L9/30

CPC classification number: H04L9/3247 ,  G06F21/52 ,  H04L9/3093 ,  H04L9/3271

Abstract: Various embodiments relate to a fault detection system and method for a digital signature algorithm, including: producing a digital signature of a message using a digital signature algorithm; storing parameters from a last round of the digital signature algorithm; executing the last round of the digital signature algorithm using the stored parameters to produce a check signature; comparing the digital signature to the check signature; and outputting the digital signature when the digital signature is the same as the check signature.