公开(公告)号：US20150358160A1

公开(公告)日：2015-12-10

申请号：US14759417

申请日：2013-07-10

申请人： Michael KARA-IVANOV ,  Aviad KIPNIS ,  Tzachy REINMAN ,  Efraim MANGELL ,  Erez WAISBARD ,  Yaacov BELENKY ,  Cisco Technology, Inc.

发明人： Michael KARA-IVANOV ,  Aviad KIPNIS ,  Tzachy REINMAN ,  Efraim MANGELL ,  Erez WAISBARD ,  Yaacov BELENKY

IPC分类号： H04L9/08

CPC分类号： H04L9/0861 ,  H04L9/0869

摘要： A method, system and apparatus for deriving a secondary secret from a root secret are described, the method, system and apparatus including reserving a memory buffer included in an integrated circuit, the memory buffer being large enough to contain all of the bits which will include the secondary secret, receiving a plurality of bits from a root secret, the root secret being stored in a secure memory of the integrated circuit, inputting the plurality of bits from the root secret and at least one control bit into a permutation network, and thereby producing a multiplicity of output bits, the at least one control bit including one of one bit of a value g, and one bit an output of a function which receives g as an input, receiving the multiplicity of output bits from the permutation network, inputting the multiplicity of output bits from the permutation network into a plurality of logic gates, thereby combining the multiplicity of output bits, wherein a fixed number of bits is output from the logic gates, inputting the fixed number of bits output by the logic gates into an error correcting code module, the fixed number of bits output by the logic gates including a first group of intermediate output bits and a second group of intermediate output bits and receiving output bits from the error correcting code module, the output bits of the error correcting code module including the first group of intermediate output bits as changed by the error correcting code module, where the change depends on the second group of intermediate output bits, filling non-filled registers in the reserved memory buffer with the first group of intermediate output bits as changed by the error correcting code module, and repeating the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” until the entire secondary secret is derived, wherein the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” are performed in a single clock cycle of the integrated circuit. Related apparatus, methods and systems are also described.

公开(公告)号：US20160352710A1

公开(公告)日：2016-12-01

申请号：US14957627

申请日：2015-12-03

申请人： Cisco Technology, Inc.

发明人： Eliphaz HIBSHOOSH ,  Aviad KIPNIS

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/00

CPC分类号： H04L63/061 ,  H04L9/008 ,  H04L9/0841

摘要： In one embodiment, a method for secure computation, includes receiving in a server, over a communication channel from a device external to the server a request to perform a modular exponentiation operation in which an exponent of the operation comprises a secret value, wherein the secret value is not provided to the server, and at least two parameters that encode the secret value in accordance with a polynomial or matrix homomorphic encryption of the secret value computed by the device, and performing in the server, in response to the request, a homomorphic exponentiation using the at least two parameters received from the device without decrypting the secret value in the server, so as to generate an output that is indicative of a result of the modular exponentiation operation.

摘要翻译： 在一个实施例中，一种用于安全计算的方法包括在服务器中通过来自服务器外部的设备的通信信道接收执行模幂运算的请求，其中操作指数包括秘密值，其中秘密 值不提供给服务器，以及至少两个参数，其根据由设备计算的秘密值的多项式或矩阵同态加密来编码秘密值，并且响应于该请求在服务器中执行同态 使用从设备接收的至少两个参数的乘法运算而不解密服务器中的秘密值，以便产生指示模幂运算的结果的输出。

公开(公告)号：US20180219682A1

公开(公告)日：2018-08-02

申请号：US15688894

申请日：2017-08-29

申请人： Cisco Technology, Inc.

发明人： Eliphaz HIBSHOOSH ,  Aviad KIPNIS ,  Nir MOSHE ,  Alon SHALTIEL ,  Yair FODOR

IPC分类号： H04L9/32 ,  G06F21/64 ,  G06F21/53

CPC分类号： H04L9/3236 ,  G06F21/53 ,  G06F21/64 ,  G06F2221/2149 ,  H04L9/3247

摘要： In one embodiment, a method, system, and apparatus are described, the method, system, and apparatus including generating metadata to be associated with each block of a series of blocks, the generating including, except for an initial block, receiving: a first block, including a signed block, and a second block to be signed, retrieving a first value including a square of a random number, R′2, multiplying R′2 by a nonce, r, and setting r·R′2 to be a square of a first random number, denoted R2, for the second block, retrieving a second value from the first block, the second value including K-bit vector, E′, determining a bit string value of the second block, M, computing E=hash(R2∥M∥E′), and determining a signature, Sig, for the second block by calculating Sig=r Sig′ SE-E′. Related methods, systems, and apparatuses are also described.

公开(公告)号：US20160234010A1

公开(公告)日：2016-08-11

申请号：US15132271

申请日：2016-04-19

申请人： Cisco Technology, Inc.

发明人： Aviad KIPNIS ,  Eliphaz HIBSHOOSH

IPC分类号： H04L9/00 ,  H04L9/06

CPC分类号： H04L9/008 ,  G06F7/58 ,  G06F7/582 ,  H04L9/00 ,  H04L9/002 ,  H04L9/0631 ,  H04L9/0643 ,  H04L9/065 ,  H04L9/08 ,  H04L9/0869 ,  H04L9/302 ,  H04L9/3093 ,  H04L2209/08 ,  H04L2209/24

摘要： In one embodiment, a method for reducing information leakage in order to counter side channel attacks against a secure execution environment is described, the method including receiving at the secure execution environment a first input comprising a key comprising a sequence of k input elements in a commutative ring, CR, receiving at the secure execution environment a second input comprising a text comprising a sequence of p input elements in the commutative ring, CR, defining an input INP comprising a sequence of j input elements, wherein INP comprises either one or both of the first input or the second input, performing one of a matrix randomization operation or a polynomial randomization operation on the inputs, and producing a randomized output.

摘要翻译： 在一个实施例中，描述了一种用于减少针对安全执行环境的侧向信道攻击的信息泄漏的方法，所述方法包括在安全执行环境下接收第一输入，该第一输入包括一个包含k个输入元素序列在一个可交换 环，CR，在安全执行环境处接收第二输入，第二输入包括包括交换环中的p个输入元素序列的文本CR，其定义包括j个输入元素序列的输入INP，其中INP包括以下两个中的一个或两个： 第一输入或第二输入，对输入执行矩阵随机化操作或多项式随机化操作之一，并产生随机输出。

公开(公告)号：US20180102903A1

公开(公告)日：2018-04-12

申请号：US15595980

申请日：2017-05-16

申请人： Cisco Technology, Inc.

发明人： Aviad KIPNIS ,  Erez WAISBARD ,  Eliphaz HIBSHOOSH

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： H04L9/3247 ,  H04L9/0819 ,  H04L9/0861 ,  H04L9/3218 ,  H04L9/3236 ,  H04L2209/38

摘要： In one embodiment, a first signature template is received, the first signature template being one of a signature template of a first message or a null template, the first signature template comprising at least the following fields: an aggregation depth field, a message identifier, one of the first message or a result of applying a one way hash function to the first message, a bit vector, an aggregated square random integer mod N, a signature of the first message. A second signature template is created based on the first signature template, the second signature template created as follows: increment the aggregation depth of the first signature template, determine a unique message identifier for a second message, determine a second bit vector, determine an second aggregated square random integer mod N, and calculate a new signature for the second message. Related methods, apparatus, and systems are also disclosed.

公开(公告)号：US20170070340A1

公开(公告)日：2017-03-09

申请号：US15068591

申请日：2016-03-13

申请人： Cisco Technology, Inc.

发明人： Eliphaz HIBSHOOSH ,  Aviad KIPNIS ,  Andrew SINTON

IPC分类号： H04L9/00 ,  H04L9/30 ,  H04L9/08

CPC分类号： H04L9/008 ,  H04L9/0838 ,  H04L9/3026

摘要： One embodiment of the invention includes a method, including performing, a symmetric homomorphic encryption of a secret SA with a cryptographic key H as input yielding a homomorphic encryption result SA*, sending SA* for mathematical combination by at least one device with at least one secret SB yielding G*, the device A not having access to SB, the at least one device not having access to SA and not having access to H, receiving G*, performing a symmetric homomorphic decryption of data based on G* with H as input yielding a first decrypted output, determining a symmetric cryptographic key KA based on the first decrypted output for secure communication with a first device which is operationally connected to, or includes, a tamper resistant security system including SA and SB therein, securing data using KA yielding secured data, and sending the secured data to the first device.

摘要翻译： 本发明的一个实施例包括一种方法，包括以加密密钥H作为输入产生秘密SA的对称同态加密，产生同态加密结果SA *，由至少一个具有至少一个设备的装置发送用于数学组合的SA * 产生G *的设备A，无法访问SB的设备A，至少一个不具有访问SA并且不能访问H的设备，接收G *，以H为基础的G *执行数据的对称同态解密 输入产生第一解密输出，基于第一解密输出确定对称加密密钥KA，以与第一设备进行安全通信，该第一设备在操作上连接到或包括其中的SA和SB的防篡改安全系统，其中使用KA保护数据 产生安全数据，并将安全数据发送到第一设备。