公开(公告)号：US20180115419A1

公开(公告)日：2018-04-26

申请号：US15335177

申请日：2016-10-26

Applicant: NXP B.V.

Inventor： Joppe Willem Bos ,  Bjorn Fay ,  Bruce Murray

IPC: H04L9/08 ,  G06F7/58 ,  H04L9/06 ,  H04L9/30

Abstract: A method is provided for generating an elliptic curve cryptography key pair that uses two topologically identical pseudo-random number generators operating in parallel and in step with each other. One generator operates in the scalar number domain and the other generator operates in the elliptic curve point domain. Parallel sequences of pseudo-random elliptic curve points aG and corresponding scalars a are generated in this manner. A scalar a becomes a private key and an elliptic curve point aG is a public key of a key pair. Each generator is advanced by one iteration successively, and the isomorphic relationship ensures that the point domain generator always contains values which are multiples of the system base point according to values contained in the corresponding position in the number domain generator. In one embodiment, the pseudo-random number generators are each characterized as being lagged Fibonacci generators.

公开(公告)号：US11271732B2

公开(公告)日：2022-03-08

申请号：US16681443

申请日：2019-11-12

Applicant: NXP B.V.

Inventor： Bjorn Fay

IPC: G06F11/00 ,  H04L9/08 ,  H04L9/32 ,  H03M1/00

Abstract: Various embodiments relate to a method for generating a bit stream in a physical unclonable function (PUF) system, including: receiving a set of values from a plurality of physical devices in the PUF system in a first order; sorting the set of values into a second order; for each of the L highest values, setting a corresponding levelTag value to a first bit value and setting a corresponding usageTag value to a first usage value that indicates that the levelTag for the corresponding value is to be used to generate the bit stream, wherein L is a level setting; for each of the L lowest values, setting a corresponding levelTag value to a second bit value and setting a corresponding usageTag value to the first usage value, wherein the first bit value is different from the second bit value; setting the usageTag value for all other values that are not the highest L values or the lowest L values to a second usage value that indicates that the corresponding value is not to be used to generate the bit stream; generating the bitstream as the levelTag values that have an associated usageTag value of the first usage value, wherein the levelTag values are ordered according to the first order.

公开(公告)号：US10680810B2

公开(公告)日：2020-06-09

申请号：US15335177

申请日：2016-10-26

Applicant: NXP B.V.

Inventor： Joppe Willem Bos ,  Bjorn Fay ,  Bruce Murray

IPC: H04L9/08 ,  H04L9/30 ,  G06F7/58 ,  H04L9/06

Abstract: A method is provided for generating an elliptic curve cryptography key pair that uses two topologically identical pseudo-random number generators operating in parallel and in step with each other. One generator operates in the scalar number domain and the other generator operates in the elliptic curve point domain. Parallel sequences of pseudo-random elliptic curve points aG and corresponding scalars a are generated in this manner. A scalar a becomes a private key and an elliptic curve point aG is a public key of a key pair. Each generator is advanced by one iteration successively, and the isomorphic relationship ensures that the point domain generator always contains values which are multiples of the system base point according to values contained in the corresponding position in the number domain generator. In one embodiment, the pseudo-random number generators are each characterized as being lagged Fibonacci generators.

公开(公告)号：US11694761B2

公开(公告)日：2023-07-04

申请号：US17477871

申请日：2021-09-17

Applicant: NXP B.V.

Inventor： Soenke Ostertun ,  Bjorn Fay ,  Vitaly Ocheretny

IPC: G11C29/42 ,  G06F11/10

CPC classification number: G11C29/42 ,  G06F11/1056 ,  G06F11/1068 ,  G06F11/1096

Abstract: Various embodiments relate to a method for storing and reading data from a memory. Data words stored in the memory may be grouped, and word specific parity information and shared parity information is generated, and the shared parity information is distributed among the group of words. During reading of a word, if more errors are detected than can be corrected with word parity data, the shared parity data is retrieved and used to make the error corrections.

公开(公告)号：US20230089443A1

公开(公告)日：2023-03-23

申请号：US17477871

申请日：2021-09-17

Applicant: NXP B.V.

Inventor： Soenke Ostertun ,  Bjorn Fay ,  Vitaly Ocheretny

IPC: G11C29/42 ,  G06F11/10

Abstract: Various embodiments relate to a method for storing and reading data from a memory. Data words stored in the memory may be grouped, and word specific parity information and shared parity information is generated, and the shared parity information is distributed among the group of words. During reading of a word, if more errors are detected than can be corrected with word parity data, the shared parity data is retrieved and used to make the error corrections.

公开(公告)号：US11025421B2

公开(公告)日：2021-06-01

申请号：US16396357

申请日：2019-04-26

Applicant: NXP B.V.

Inventor： Bjorn Fay

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/00

Abstract: Various embodiments relate to a key protocol exchange that provide a simple but still secure key exchange protocol. Security of key exchange protocols has many aspects; providing and proving all these properties gets harder with more complex protocols. These security properties may include: perfect forward secrecy; forward deniability; key compromise impersonation resistance; security against unknown key share attack; explicit or implicit authentication; key confirmation; protocol is (session-)key independent; key separation (different keys for encryption and MACing); extendable, e.g., against DOS attacks; support of early messages; small communication footprint; and support of for public-key and/or password authentication.

公开(公告)号：US10721064B2

公开(公告)日：2020-07-21

申请号：US15993186

申请日：2018-05-30

Applicant: NXP B.V.

Inventor： Bjorn Fay

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/32

Abstract: Various embodiments relate to a key protocol exchange that provide a simple but still secure key exchange protocol. Security of key exchange protocols has many aspects; providing and proving all these properties gets harder with more complex protocols. These security properties may include: perfect forward secrecy; forward deniability; key compromise impersonation resistance; security against unknown key share attack; explicit or implicit authentication; key confirmation; protocol is (session-)key independent; key separation (different keys for encryption and MACing); extendable, e.g. against DOS attacks . . . (e.g. using cookies, . . . ); support of early messages; small communication footprint; and support of for public-key and/or password authentication.

公开(公告)号：US10680802B2

公开(公告)日：2020-06-09

申请号：US15994656

申请日：2018-05-31

Applicant: NXP B.V.

Inventor： Bjorn Fay

IPC: H04L9/06

Abstract: Various embodiments relate to a method of hashing a message M using a block cipher, including: producing N block cipher inputs by XORing message indices i, . . . i+N−1 respectively with state values S0, . . . SN−1, wherein N is an integer greater than 1; producing N block cipher keys by XORing N different blocks of message M and at least one of state values S0, . . . SN−1 for each of the N block cipher keys; encrypting the N block cipher inputs using the respective N block cipher keys to produce N block cipher outputs; combining the N block cipher outputs with N block cipher inputs to produce N block cipher combined outputs Tt, for t=0, . . . , N−1; calculating Y0=T0; calculating Yt=Yt−1⊕Tt, for t=1, . . . , N−1, calculating SN−1′=YN−1

公开(公告)号：US10341098B2

公开(公告)日：2019-07-02

申请号：US15414391

申请日：2017-01-24

Applicant: NXP B.V.

Inventor： Joppe Willem Bos ,  Bjorn Fay ,  Bruce Murray

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/30 ,  H04L9/32 ,  H04L9/14

Abstract: A method is provided for performing elliptic curve cryptography that reduces the number of required computations to produce, for example, a key pair. The number of computations is reduced by changing how a random nonce used in the computations is selected. In an embodiment, a look-up table is generated having pre-computed scalar values and elliptic curve points. Every time a new pseudo-random value is created for use in the ECDSA, a combination of the look-up table values is used to create multiple intermediate values. One of the multiple intermediate values is randomly chosen as a replacement value for one of the existing table entries. Each time the look-up table is used, multiple entries in the look-up table are updated to new look-up table values as described. In this manner, new randomness is provided in every step to generate the next pseudo-random nonce as a combination of multiple internally stored temporary look-up table values. Alternately, another mathematical group may be used.