公开(公告)号：US11743028B2

公开(公告)日：2023-08-29

申请号：US17009361

申请日：2020-09-01

Applicant: Cryptography Research, Inc.

Inventor： Jean-Michel Cioranesco ,  Elena Trichina ,  Elke De Mulder ,  Matthew Pond Baker

IPC: H04L9/00 ,  H04L9/14 ,  H04L9/06

CPC classification number: H04L9/002 ,  H04L9/0618 ,  H04L9/14 ,  H04L2209/12 ,  H04L2209/16

Abstract: Systems and methods for protecting block cipher computation operations, from external monitoring attacks. An example apparatus for implementing a block cipher may comprise: a first register configured to store a first pre-computed mask value represented by a combination of a first random value and a second random value; a second register configured to store an output mask value, wherein the output mask value is an inverse permutation function of the first random value; a third register configured to store a second pre-computed mask value represented by a combination the first pre-computed mask value and a permutation function of the output mask value; a fourth register configured to store an input mask value, wherein the input mask value is a combination of an expansion function of the first random value and a key mask value; a non-linear transformation circuit configured to apply the expansion function to a masked round state, perform a non-linear transformation of a combination of a masked key with an output of the expansion function, and apply the permutation function to the output of the non-linear transformation, wherein the non-linear transformation is defined using the input mask value stored in the fourth register and the output mask value stored in the second register; and two round feedback circuits configured to swap the masked round state produced by the non-linear transformation and combine the masked round state with the first pre-computed mask value stored in the first register and the second pre-computed mask value stored in the third register.

公开(公告)号：US11303436B2

公开(公告)日：2022-04-12

申请号：US16311148

申请日：2017-06-23

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Elke De Mulder

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06 ,  G06F11/30

Abstract: Systems and methods for performing cryptographic data processing operations employing non-linear share encoding for protecting from external monitoring attacks. An example method includes: receiving a plurality of shares representing a secret value employed in a cryptographic operation, such that the plurality of shares includes a first share represented by an un-encoded form and a second share represented by an encoded form; producing a transformed form of the second share; and performing the cryptographic operation using the transformed form of the second share.

公开(公告)号：US20210058228A1

公开(公告)日：2021-02-25

申请号：US17009361

申请日：2020-09-01

Applicant: Cryptography Research, Inc.

Inventor： Jean-Michel Cioranesco ,  Elena Trichina ,  Elke De Mulder ,  Matthew Pond Baker

IPC: H04L9/00 ,  H04L9/14 ,  H04L9/06

Abstract: Systems and methods for protecting block cipher computation operations, from external monitoring attacks. An example apparatus for implementing a block cipher may comprise: a first register configured to store a first pre-computed mask value represented by a combination of a first random value and a second random value; a second register configured to store an output mask value, wherein the output mask value is an inverse permutation function of the first random value; a third register configured to store a second pre-computed mask value represented by a combination the first pre-computed mask value and a permutation function of the output mask value; a fourth register configured to store an input mask value, wherein the input mask value is a combination of an expansion function of the first random value and a key mask value; a non-linear transformation circuit configured to apply the expansion function to a masked round state, perform a non-linear transformation of a combination of a masked key with an output of the expansion function, and apply the permutation function to the output of the non-linear transformation, wherein the non-linear transformation is defined using the input mask value stored in the fourth register and the output mask value stored in the second register; and two round feedback circuits configured to swap the masked round state produced by the non-linear transformation and combine the masked round state with the first pre-computed mask value stored in the first register and the second pre-computed mask value stored in the third register.

公开(公告)号：US10915667B2

公开(公告)日：2021-02-09

申请号：US16471716

申请日：2017-12-13

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Guilherme Ozari de Almeida ,  Elena Trichina ,  Elke De Mulder

IPC: H04L9/00 ,  G06F21/71 ,  G06F21/72 ,  G06F7/72 ,  G06F21/60 ,  H04L9/06

Abstract: Systems and methods for protecting from external monitoring attacks cryptographic data processing operations involving universal polynomial hash functions computation. An example method may comprise: receiving an input data block and an iteration result value; performing a first field multiplication operation to produce a new iteration result value, by iteratively processing, starting from a first bit position, bits of a combination of the input data block and the iteration result value, wherein the first bit position is represented by one of: a least-significant bit and a most-significant bit; performing a second field multiplication operation to produce a new mask correction value, by iteratively processing operand bits starting from a second bit position, wherein the second bit position is represented by one of: a least-significant bit and a most-significant bit, and wherein the second bit position is different from the first bit position; applying the new mask correction value to the new iteration result value; and producing, based on the new iteration result value, a value of a cryptographic hash function to be utilized by at least one of: an authenticated encryption operation or an authenticated decryption operation.

公开(公告)号：US20180062828A1

公开(公告)日：2018-03-01

申请号：US15682881

申请日：2017-08-22

Applicant: Cryptography Research, Inc.

Inventor： Jean-Michel Cioranesco ,  Elena Trichina ,  Elke De Mulder ,  Matthew Pond Baker

IPC: H04L9/00 ,  H04L9/14 ,  H04L9/06

Abstract: Systems and methods for protecting block cipher computation operations, from external monitoring attacks. An example apparatus for implementing a block cipher may comprise: a first register configured to store a first pre-computed mask value represented by a combination of a first random value and a second random value; a second register configured to store an output mask value, wherein the output mask value is an inverse permutation function of the first random value; a third register configured to store a second pre-computed mask value represented by a combination the first pre-computed mask value and a permutation function of the output mask value; a fourth register configured to store an input mask value, wherein the input mask value is a combination of an expansion function of the first random value and a key mask value; a non-linear transformation circuit configured to apply the expansion function to a masked round state, perform a non-linear transformation of a combination of a masked key with an output of the expansion function, and apply the permutation function to the output of the non-linear transformation, wherein the non-linear transformation is defined using the input mask value stored in the fourth register and the output mask value stored in the second register; and two round feedback circuits configured to swap the masked round state produced by the non-linear transformation and combine the masked round state with the first pre-computed mask value stored in the first register and the second pre-computed mask value stored in the third register.

公开(公告)号：US20180034628A1

公开(公告)日：2018-02-01

申请号：US15646614

申请日：2017-07-11

Applicant: Cryptography Research, Inc.

Inventor： Elena Trichina ,  Guilherme Ozari de Almeida ,  Elke De Mulder

IPC: H04L9/06 ,  H04L9/32

CPC classification number: H04L9/0631 ,  G09C1/00 ,  H04L9/0637 ,  H04L9/0643 ,  H04L9/3236 ,  H04L2209/046 ,  H04L2209/12

Abstract: Systems and methods for protecting from external monitoring attacks cryptographic data processing operations involving computation of a universal polynomial hash function, such as GHASH function. An example method may comprise: receiving an input data block, an iteration result value, and a mask value; performing a non-linear operation to produce a masked result value, wherein a first operand of the non-linear operation is represented by a combination of the iteration result value and the input data block, and the second operand of the non-linear operation is represented by a secret hash value, and wherein one of the first operand or the second operand is masked using a mask value; determining, based on the mask value, a mask correction value; and producing a new iteration result value by applying the mask correction value to the masked result value.

公开(公告)号：US20170061121A1

公开(公告)日：2017-03-02

申请号：US15245507

申请日：2016-08-24

Applicant: Cryptography Research, Inc

Inventor： Roberto Rivoir ,  Elke De Mulder ,  Jean-Michel Cioranesco

IPC: G06F21/55

CPC classification number: G06F21/755 ,  G06F2221/034

Abstract: A side-channel attack resistant circuit topology for performing logic functions. This topology includes combinatorial logic to perform the at least one logic function. A logic input selector alternately supplies, in response to a first timing reference signal, an input to the combinatorial logic with noise generating input values and valid input values. A first latch input selector alternately supplies, in response to the first timing reference signal, a first memory element input with noise generating input values and valid logic output values. The valid logic output values are received from the combinatorial logic. A first memory element latches the valid logic output values in response to a second timing reference signal.

Abstract translation: 用于执行逻辑功能的侧信道攻击电路拓扑。 该拓扑包括用于执行至少一个逻辑功能的组合逻辑。 逻辑输入选择器响应于第一定时参考信号交替地提供具有噪声产生输入值和有效输入值的组合逻辑的输入。 第一锁存器输入选择器响应于第一定时参考信号交替地提供输入噪声产生输入值和有效逻辑输出值的第一存储器元件。 从组合逻辑接收有效的逻辑输出值。 响应于第二定时参考信号，第一存储器元件锁存有效的逻辑输出值。

公开(公告)号：US11507659B2

公开(公告)日：2022-11-22

申请号：US17033568

申请日：2020-09-25

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Sami Saab ,  Elke De Mulder ,  Pankaj Rohatgi ,  Craig E. Hampel ,  Jeremy Cooper ,  Winthrop Wu

IPC: G06F21/55 ,  G06F21/62

Abstract: Embodiments herein facilitate resisting side channel attacks through various implementations and combinations of implementations. In embodiments, this is accomplished by preventing sensitive data from consecutively following other data through potentially vulnerable resources which otherwise may cause data to leak. Where such vulnerabilities to attacks are known, suspected, or as a proactive precaution, a cleaner can be used to inhibit the sensitive data from passing through the vulnerable areas consecutively and thus inhibit the leakage. Embodiments also envision utilizing certain types of circuits to assist in preventing leakage. By using such circuits one can reduce or even potentially eliminate the requirement for cleaners as mentioned previously.

公开(公告)号：US11463236B2

公开(公告)日：2022-10-04

申请号：US16466983

申请日：2017-12-04

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Rodrigo Portella do Canto ,  Elke De Mulder ,  Pankaj Rohatgi ,  Matthew Pond Baker

IPC: H04L9/06

Abstract: An indication of a mode of operation to be performed with a block cipher may be received. Logic associated with the block cipher may be configured based on the indicated mode of operation to be performed with the block cipher. Furthermore, an input data and a mask data may be received. The input data may be combined with the mask data to generate a masked input data based on the configured logic. The masked input data may be provided to the block cipher based on the configured logic and an output data may be generated with the block cipher based on the provided masked input data.

公开(公告)号：US20220147251A1

公开(公告)日：2022-05-12

申请号：US17435360

申请日：2020-03-04

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Elke De Mulder ,  Michael Hutter ,  Samantha Gummalla

IPC: G06F3/06

Abstract: Aspects of the present disclosure calculate masked data shares dynamically inside the CPU boundary, and use a plurality of memory channels to write the masked data shares to an external memory location and/or to read the data shares from that external memory location. Each dynamically generated mask value is uniquely associated with a corresponding memory channel during writing data to the external memory. The modified masked data is unmasked or remasked during a subsequent read operation.