公开(公告)号：US20180026798A1

公开(公告)日：2018-01-25

申请号：US15441001

申请日：2017-02-23

Applicant: STMicroelectronics S.r.l.

Inventor： Ruggero SUSELLA ,  Sofia MONTRASIO

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/30

CPC classification number: H04L9/3252 ,  H04L9/3066

Abstract: A device includes digital signature generation circuitry. The digital signature generation circuitry, in operation, generates a digital signature of a digital message by computing a first public curve point as a scalar product of a first secret integer key and a base point of an elliptic curve and applying a transform to data of the received digital message. The applying the transform to the data of the received digital message includes generating a second secret curve point as a scalar product of a second secret integer key and the base point of the elliptic curve, generating a modified secret integer nonce as a modular multiplication of the second secret integer and a secret integer nonce, generating a third curve point as a scalar product of the secret integer nonce and the second secret curve point and generating a signature component as a function of at least the modified secret nonce, the third curve point, and a hash value generated by applying a hash function to at least the data of the received digital message. The digital signature is generated based on the signature component.

公开(公告)号：US20210226789A1

公开(公告)日：2021-07-22

申请号：US17149623

申请日：2021-01-14

Applicant: STMICROELECTRONICS S.r.l.

Inventor： Ruggero SUSELLA ,  Guido Marco BERTONI

IPC: H04L9/30 ,  H04L9/08 ,  G06F7/523

Abstract: A scalar multiplication operation includes an iterative procedure performing a set of operations at each iteration on a bit or on a group of consecutive bits of a secret key. The multiplication operation includes multiplying values of projective format coordinates by a random value. The random value is a product of a random number generated over a range having as end value a first value, with a second value, which is larger than said first value. The first value is a power of two of a word size multiplied by a multiplier value, minus one. The second value is equal to a power of two of a number of bits of the coordinates divided by the first value. The multiplier value is an integer greater than or equal to one and smaller than a ratio of said number of bits to the word size.

公开(公告)号：US20130114806A1

公开(公告)日：2013-05-09

申请号：US13669213

申请日：2012-11-05

Applicant: STMicroelectronics S.r.l.

Inventor： Guido Marco BERTONI ,  Ruggero SUSELLA

IPC: H04L9/28

CPC classification number: G06F7/728 ,  G06F2207/7238 ,  H04L9/3006 ,  H04L9/302

Abstract: An embodiment concerns a method for encrypting a message through a cryptographic algorithm including a computation of a mathematical function including the computation of one or more modular multiplications. Such a cryptographic algorithm has a respective module. The method, carried out with an electronic device, includes:providing a first parameter; generating a random number; calculating a Montgomery parameter based on said first parameter and on a integer multiple of said random number; generating a representation of the message to be encrypted in a Montgomery domain through a Montgomery conversion function applied to the message and to the Montgomery parameter; carrying out the calculation of the mathematical function on the message represented in the Montgomery domain.

Abstract translation: 实施例涉及通过密码算法加密消息的方法，包括计算包括一个或多个模乘法的计算的数学函数。 这样的密码算法具有相应的模块。 该方法用电子设备进行，包括：提供第一参数; 产生随机数; 基于所述第一参数和所述随机数的整数倍计算蒙哥马利参数; 通过应用于消息的蒙哥马利转换功能和蒙哥马利参数生成要在蒙哥马利域加密的消息的表示; 对Montgomery域中表示的消息进行数学函数的计算。

公开(公告)号：US20210194689A1

公开(公告)日：2021-06-24

申请号：US17129688

申请日：2020-12-21

Applicant: STMICROELECTRONICS S.r.l.

Inventor： Ruggero SUSELLA ,  Filippo MELZANI ,  Guido Marco BERTONI

IPC: H04L9/30 ,  H04L9/14 ,  H04L9/08

Abstract: A method performs cryptographic operations on data in a processing device. An iterative operation between a first operand formed by a given number of words and a second operand using a secret key is performed. The iterative operation includes, for each bit of the secret key, applying one of a first set operations and a second set of operations to the first operand and to the second operand depending on of the bit, and conditionally swapping words of the first and the second operand based on a control bit value obtained by applying a logic XOR function to a random bit.

公开(公告)号：US20240220777A1

公开(公告)日：2024-07-04

申请号：US18176315

申请日：2023-02-28

Applicant: STMICROELECTRONICS S.r.l. ,  STMicroelectronics International N.V.

Inventor： Francesca GIRARDI ,  Giuseppe DESOLI ,  Ruggero SUSELLA ,  Thomas BOESCH ,  Paolo Sergio ZAMBOTTI

IPC: G06N3/0464

CPC classification number: G06N3/0464

Abstract: A hardware accelerator includes functional circuits and streaming engines. An interface is coupled to the plurality of streaming engines. The interface, in operation, performs stream cipher operations on data words associated with data streaming requests. The performing of a stream cipher operation on a data word includes generating a mask based on an encryption ID associated with a streaming engine of the plurality of streaming engines and an address associated with the data word, and XORing the generated mask with the data word. The hardware accelerator may include configuration registers to store configuration information indicating a respective security state associated with functional circuits and streaming engine of the hardware accelerator, which may be used to control performance of operations by the hardware accelerator.

公开(公告)号：US20230017265A1

公开(公告)日：2023-01-19

申请号：US17857633

申请日：2022-07-05

Applicant: STMICROELECTRONICS S.r.l.

Inventor： Ruggero SUSELLA

IPC: H04L9/08

Abstract: One or more keys are derived from a master key by executing a plurality of encryption operations. A first encryption operation uses the master key to encrypt a plaintext input having a plurality of bytes. Multiple intermediate encryption operations are performed using a respective intermediate key generated by a previous encryption operation to encrypt respective plaintext inputs having a number of bytes. At least two bytes of a plaintext input have values based on a respective set of bits of a plurality of sets of bits of an initialization vector, wherein individual bits of the respective set of bits are introduced into respective individual bytes of the plaintext input and the respective set of bits has at least two bits and at most a number of bits equal to the number of bytes of the plaintext input.

公开(公告)号：US20220417012A1

公开(公告)日：2022-12-29

申请号：US17839109

申请日：2022-06-13

Applicant: STMICROELECTRONICS S.r.l.

Inventor： Ruggero SUSELLA

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/06

Abstract: Encryption of data using a cryptographic device is protected. The protecting includes generating a first output of a first branch by encrypting a constant using a key, and generating a first output of a second branch by encrypting a constant using a key. The first output of the first branch, the first output of the second branch, and a first portion of plaintext data are XORed, generating a first portion of cypher text. A second output of the first branch is generated by encrypting the first output of the first branch using a key, and a second output of the second branch is generated by encrypting the first output of the second branch using a key. The second output of the first branch, the second output of the second branch, and a second portion of plaintext data are XORed, generating a second portion of cypher text.