-
公开(公告)号:US20240137214A1
公开(公告)日:2024-04-25
申请号:US17938564
申请日:2022-10-06
Applicant: NXP B.V.
Inventor: Melissa Azouaoui , Joppe Willem Bos , Tobias Schneider , Joost Roland Renes , Björn Fay
CPC classification number: H04L9/0852 , G06F17/16 , H04L9/3093
Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including matrix multiplication for lattice-based cryptography in a processor, the instructions, including: applying a first function to the rows of a matrix of polynomials to generate first outputs, wherein the first function excludes the identity function; adding an additional row to the matrix of polynomials to produce a modified matrix, wherein each element in the additional row is generated by a second function applied to a column of outputs associated with each element in the additional row; multiplying the modified matrix with a vector of polynomials to produce an output vector of polynomials; applying a verification function to the output vector that produces an indication of whether a fault occurred in the multiplication of the modified matrix with the vector of polynomials; and carrying out a cryptographic operation using output vector when the verification function indicates that no fault occurred in the multiplication of the modified matrix with the vector of polynomials.
-
公开(公告)号:US11924346B2
公开(公告)日:2024-03-05
申请号:US17732164
申请日:2022-04-28
Applicant: NXP B.V.
Inventor: Markus Schoenauer , Tobias Schneider , Joost Roland Renes , Melissa Azouaoui
CPC classification number: H04L9/3093 , G06F9/30018 , H04L9/3026
Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter β; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter β; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter β.
-
Patent Agency Ranking
公开(公告)号:US20250097048A1
公开(公告)日:2025-03-20
申请号:US18366384
申请日:2023-08-07
Applicant: NXP B.V.
Inventor: Joost Roland Renes , Tobias Schneider , Melissa Azouaoui , Mohamed ElGhamrawy
Abstract: A method of performing a Dilithium signature operation on a message M using a secret key sk, including: calculating a value {tilde over (r)} based upon w0, c, and s2, where w0 and c are calculated as part of the Dilithium signature operation and s2 is part of the secret key sk; performing a bound check on {tilde over (r)} based upon γ2 and β, where γ2 and β are parameters of the Dilithium signature operation; calculating a hint h based on the value {tilde over (r)} and deleting the value {tilde over (r)} in a memory; regenerating a value y using an ExpandMask function; calculating z based upon y, c, and s1, where s1 is part of the secret key sk and replacing y with z in the memory; performing a bound check on z based on γ1 and β, where γ1 is a parameter of the Dilithium signature operation; and returning a digital signature of the message M where the digital signature includes z and h.
-
公开(公告)号:US20250080342A1
公开(公告)日:2025-03-06
申请号:US18461831
申请日:2023-09-06
Applicant: NXP B.V.
Inventor: Melissa Azouaoui , Mohamed ElGhamrawy , Joost Roland Renes , Tobias Schneider
Abstract: A method of performing a Dilithium signature operation on a message M using a secret key sk, including: generating a polynomial y using an ExpandMask function; calculating a polynomial z based upon y, c, and s1; performing a bound check on z based upon γ1 and β; performing a bound check on ct0 based upon γ2; calculating a polynomial {tilde over (r)} based upon A, z, c, t, α, and w1; performing a bound check on {tilde over (r)} based upon γ2 and β; calculating a hint polynomial h based on the {tilde over (r)}; and returning a digital signature of the message M where the digital signature includes z and h.
-
公开(公告)号:US20240275576A1
公开(公告)日:2024-08-15
申请号:US18169467
申请日:2023-02-15
Applicant: NXP B.V.
Inventor: Markus Schoenauer , Melissa Azouaoui , Olivier Bronchain , Tobias Schneider , Christine van Vredendaal
CPC classification number: H04L9/004 , H04L9/3093 , H04L9/3247
Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, including: computing vector z based on a secret nonce vector y, a first secret key vector s1, and a challenge polynomial c, wherein vectors z, y, and s1 include l polynomials having n coefficients, wherein polynomial c has n coefficients, and wherein l and n are integers; computing a difference value between all of the coefficients of the polynomials in the vector z; computing a number of how many of the computed difference values are outside a specified value range; computing a digital signature for an input message; and rejecting the digital signature when the computed number is greater than a threshold value.
-
公开(公告)号:US12021985B2
公开(公告)日:2024-06-25
申请号:US17832521
申请日:2022-06-03
Applicant: NXP B.V.
Inventor: Melissa Azouaoui , Tobias Schneider , Markus Schoenauer
CPC classification number: H04L9/3093 , G06F7/4873 , G06F7/727
Abstract: Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having ns arithmetic shares into a high part a1 and a low part a0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t(⋅)A; extracting Boolean shares a1(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t(⋅)A and performing an AND with ζ−1, where ζ=−α−1 is a power of 2; unmasking a1 by combining Boolean shares of a1(⋅)B; calculating arithmetic shares a0(⋅)A of the low part a0; and performing a cryptographic function using a1 and a0(⋅)A.
-
公开(公告)号:US20230396436A1
公开(公告)日:2023-12-07
申请号:US17832521
申请日:2022-06-03
Applicant: NXP B.V.
Inventor: Melissa Azouaoui , Tobias Schneider , Markus Schoenauer
CPC classification number: H04L9/3093 , H04L9/3033 , G06F7/4873 , G06F7/727
Abstract: Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having ns arithmetic shares into a high part a1 and a low part a0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t(⋅)A; extracting Boolean shares a1(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t(⋅)A and performing an AND with ζ−1, where ζ=−α−1 is a power of 2; unmasking a1 by combining Boolean shares of a1(⋅)B; calculating arithmetic shares a0(⋅)A of the low part a0; and performing a cryptographic function using a1 and a0(⋅)A.
-
-
-
-
-
-
Search Results
17
records
(took 0.016 seconds)
