-
公开(公告)号:US20240275576A1
公开(公告)日:2024-08-15
申请号:US18169467
申请日:2023-02-15
Applicant: NXP B.V.
Inventor: Markus Schoenauer , Melissa Azouaoui , Olivier Bronchain , Tobias Schneider , Christine van Vredendaal
CPC classification number: H04L9/004 , H04L9/3093 , H04L9/3247
Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, including: computing vector z based on a secret nonce vector y, a first secret key vector s1, and a challenge polynomial c, wherein vectors z, y, and s1 include l polynomials having n coefficients, wherein polynomial c has n coefficients, and wherein l and n are integers; computing a difference value between all of the coefficients of the polynomials in the vector z; computing a number of how many of the computed difference values are outside a specified value range; computing a digital signature for an input message; and rejecting the digital signature when the computed number is greater than a threshold value.
-
公开(公告)号:US12047491B2
公开(公告)日:2024-07-23
申请号:US17243058
申请日:2021-04-28
Applicant: NXP B.V.
Inventor: Joppe Willem Bos , Mario Lamberger , Joost Roland Renes , Tobias Schneider , Christine van Vredendaal
CPC classification number: H04L9/0643 , H04L9/3236 , H04L9/50
Abstract: Various embodiments relate to a hardware device configured to compute a plurality of chained hash functions in parallel, including: a processor implementing p hash functions configured to operate on a small input, where p is an integer; a data unit connected to the plurality of hash functions, configured to store the outputs of plurality of hash functions that are then used as the input to a next round of computing the hash function, wherein the processor receives a single instruction and p small data inputs, and wherein each of the p hash functions are used to perform a chained hash function operation on a respective small input of the p small inputs.
-
公开(公告)号:US12021985B2
公开(公告)日:2024-06-25
申请号:US17832521
申请日:2022-06-03
Applicant: NXP B.V.
Inventor: Melissa Azouaoui , Tobias Schneider , Markus Schoenauer
CPC classification number: H04L9/3093 , G06F7/4873 , G06F7/727
Abstract: Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having ns arithmetic shares into a high part a1 and a low part a0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t(⋅)A; extracting Boolean shares a1(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t(⋅)A and performing an AND with ζ−1, where ζ=−α−1 is a power of 2; unmasking a1 by combining Boolean shares of a1(⋅)B; calculating arithmetic shares a0(⋅)A of the low part a0; and performing a cryptographic function using a1 and a0(⋅)A.
-
公开(公告)号:US20240118380A1
公开(公告)日:2024-04-11
申请号:US17938430
申请日:2022-10-06
Applicant: NXP B.V.
Inventor: Tobias Schneider , Eduardo Pimentel de Alvarenga , Marcel Medwed , Erik Kraft , Stefan Lemsitzer , Robert Spreitzer
IPC: G01S7/02
CPC classification number: G01S7/023
Abstract: A method is provided for detecting interference in a radar system. The method includes transmitting, by a transmitter of the radar system, a sequence of radar pulses at a regular interval with a rest period following each radar pulse of the sequence of radar pulses. The transmitter is disabled during each rest period. A receiver is enabled to receive reflected radar pulses from a target during the rest period following each radar pulse of the sequence of radar pulses. Some of the radar pulses are selected to be omitted and not transmitted. The receiver is still enabled during the rest periods following the omitted transmission pulses. Any reflected pulses received during the rest periods following the omitted transmission pulses may be an indication of a targeted interference of the radar system. In another embodiment, a radar system is provided.
-
公开(公告)号:US20230396436A1
公开(公告)日:2023-12-07
申请号:US17832521
申请日:2022-06-03
Applicant: NXP B.V.
Inventor: Melissa Azouaoui , Tobias Schneider , Markus Schoenauer
CPC classification number: H04L9/3093 , H04L9/3033 , G06F7/4873 , G06F7/727
Abstract: Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having ns arithmetic shares into a high part a1 and a low part a0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t(⋅)A; extracting Boolean shares a1(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t(⋅)A and performing an AND with ζ−1, where ζ=−α−1 is a power of 2; unmasking a1 by combining Boolean shares of a1(⋅)B; calculating arithmetic shares a0(⋅)A of the low part a0; and performing a cryptographic function using a1 and a0(⋅)A.
-
Patent Agency Ranking
公开(公告)号:US11528124B2
公开(公告)日:2022-12-13
申请号:US17224359
申请日:2021-04-07
Applicant: NXP B.V.
Inventor: Marc Gourjon , Joppe Willem Bos , Joost Roland Renes , Tobias Schneider , Christine van Vredendaal
Abstract: Various embodiments relate to a method for securely comparing a first polynomial represented by a plurality of arithmetic shares and a second compressed polynomial represented by a bitstring where the bits in the bitstring correspond to coefficients of the second polynomial, including: performing a first masked shift of the shares of the coefficients of the first polynomial based upon the start of the interval corresponding to the compressed coefficient of the second polynomial and a modulus value; performing a second masked shift of the shares of the coefficients of the first polynomial based upon the end of the interval corresponding to the compressed coefficient of the second polynomial; bitslicing the most significant bit of the first masked shift of the shares coefficients of the first polynomial; bitslicing the most significant bit of the second masked shift of the shares coefficients of the first polynomial; and combining the first bitsliced bits and the second bitsliced bits using an AND function to produce an output including a plurality of shares indicating that the first polynomial would compress to a bitstream matching the bitstream representing the second compressed polynomial.
-
公开(公告)号:US20220337389A1
公开(公告)日:2022-10-20
申请号:US17224359
申请日:2021-04-07
Applicant: NXP B.V.
Inventor: Marc GOURJON , Joppe Willem Bos , Joost Roland Renes , Tobias Schneider , Christine van Vredendaal
Abstract: Various embodiments relate to a method for securely comparing a first polynomial represented by a plurality of arithmetic shares and a second compressed polynomial represented by a bitstring where the bits in the bitstring correspond to coefficients of the second polynomial, including: performing a first masked shift of the shares of the coefficients of the first polynomial based upon the start of the interval corresponding to the compressed coefficient of the second polynomial and a modulus value; performing a second masked shift of the shares of the coefficients of the first polynomial based upon the end of the interval corresponding to the compressed coefficient of the second polynomial; bitslicing the most significant bit of the first masked shift of the shares coefficients of the first polynomial; bitslicing the most significant bit of the second masked shift of the shares coefficients of the first polynomial; and combining the first bitsliced bits and the second bitsliced bits using an AND function to produce an output including a plurality of shares indicating that the first polynomial would compress to a bitstream matching the bitstream representing the second compressed polynomial.
-
公开(公告)号:US20220286286A1
公开(公告)日:2022-09-08
申请号:US17190986
申请日:2021-03-03
Applicant: NXP B.V.
Inventor: Joost Roland Renes , Joppe Willem Bos , Tobias Schneider , Christine van Vredendaal
Abstract: Various embodiments relate to a method for multiplying a first and a second polynomial in the ring [X]/(XN−1) to perform a cryptographic operation in a data processing system, the method for use in a processor of the data processing system, including: receiving the first polynomial and the second polynomial by the processor; mapping the first polynomial into a third polynomial in a first ring and a fourth polynomial in a second ring using a map; mapping the second polynomial into a fifth polynomial in the first ring and a sixth polynomial in the second ring using the map; multiplying the third polynomial in the first ring with the fifth polynomial in the first ring to produce a first multiplication result; multiplying the fourth polynomial in the second ring with the sixth polynomial in the second ring to produce a second multiplication result using Renes multiplication; and combining the first multiplication result and the second multiplication result using the map.
-
公开(公告)号:US20220231831A1
公开(公告)日:2022-07-21
申请号:US17154116
申请日:2021-01-21
Applicant: NXP B.V.
Inventor: Tobias Schneider , Joppe Willem Bos , Joost Roland Renes , Christine van Vredendaal
IPC: H04L9/00
Abstract: Various embodiments relate to a method and system for securely comparing a first and second polynomial, including: selecting a first subset of coefficients of the first polynomial and a second subset of corresponding coefficients of the second polynomial, wherein the coefficients of the first polynomial are split into shares and the first and second polynomials have coefficients; subtracting the second subset of coefficients from one of the shares of the first subset of coefficients; reducing the number of elements in the first subset of coefficients to elements by combining groups of / elements together; generating a random number for each of the elements of the reduced subset of coefficients; summing the product of each of the elements of the reduced subset of coefficients with their respective random numbers; summing the shares of the sum of the products; and generating an output indicating that the first polynomial does not equal the second polynomial when the sum does not equal zero.
-
公开(公告)号:US11206136B1
公开(公告)日:2021-12-21
申请号:US16884136
申请日:2020-05-27
Applicant: NXP B.V.
Inventor: Joost Roland Renes , Joppe Willem Bos , Tobias Schneider , Christine van Vredendaal
Abstract: A method is provided for multiplying two polynomials. In the method, first and second polynomials are evaluated at 2t inputs, where t is greater than or equal to one, and where each input is a fixed power of two 2l/(2t) multiplied with a different power of a primitive root of unity, thereby creating 2 times 2t integers, where l is an integer such that 2l is at least as large as the largest coefficient of the resulting product multiplying the first and second polynomials. The 2 times 2t integers are then multiplied pairwise, and a modular reduction is performed to get 2t integers. A linear combination of the 2t integers multiplied with primitive roots of unity is computed to get 2t integers whose limbs in the base 2l-bit representation correspond to coefficients of the product of the first and second polynomials. The method can be implemented on a processor designed for performing RSA and/or ECC type cryptographic operations.
-
-
-
-
-
-
-
-
-
Search Results
41
records
(took 0.047 seconds)
