-
公开(公告)号:US20230353383A1
公开(公告)日:2023-11-02
申请号:US17733780
申请日:2022-04-29
Applicant: NXP B.V.
Inventor: Christine van Vredendaal , Joppe Willem Bos , Babette Anne Margaretha Lips , Joost Roland Renes
CPC classification number: H04L9/3247 , H04L9/14 , H04L9/0897
Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for signing messages using a plurality of one-time signing (OTS) keys and a binary-hash-tree structure having a height h and a plurality of nodes configured to provide a public key having, including: generating and storing an authentication path A[d:h−1] for a first 2d signatures corresponding to the first 2d OTS keys of the plurality of OTS keys, where d is the height of a sub-tree associated with first 2d OTS keys; initiating a signature counter; signing a first message using the first OTS key of the plurality of OTS keys; incrementing the signature counter; determining if 2d messages have been signed; signing a second message and incrementing the signature counter when 2d messages have not been signed; and updating authentication path A[d:h−1] for a second 2d signatures corresponding to the second 2d OTS keys of the plurality of OTS keys when 2d messages have been signed.
-
公开(公告)号:US20230353361A1
公开(公告)日:2023-11-02
申请号:US17732164
申请日:2022-04-28
Applicant: NXP B.V.
Inventor: Markus Schoenauer , Tobias Schneider , Joost Roland Renes , Melissa Azouaoui
CPC classification number: H04L9/3093 , H04L9/3026 , G06F9/30018
Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter β; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter β; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter β.
-
公开(公告)号:US11272363B2
公开(公告)日:2022-03-08
申请号:US16829401
申请日:2020-03-25
Applicant: NXP B.V.
Inventor: Marcel Medwed , Pim Vullers , Joost Roland Renes , Stefan Lemsitzer
IPC: H04L29/06 , H04L9/32 , H04W12/06 , H04W12/037
Abstract: A method is provided for authenticating one device to another device. In the method, a first device proves to a second device that a first credential comprising multiple first attributes is valid. The second device proves to the first device that a second credential comprising multiple second attributes is valid. The first device reveals a first attribute of the multiple first attributes to the second device. The second device verifies the first attribute and decides whether to continue revealing attributes. If continuing, the second device reveals to the first device a first attribute of the multiple second attributes. The first device verifies the first attribute of the multiple second attributes. The first device decides whether to continue revealing attributes. Attributes can be revealed until one of the first or second devices end the method or until no attributes of the multiple first and second attributes remain to be revealed.
-
公开(公告)号:US20240348441A1
公开(公告)日:2024-10-17
申请号:US18132274
申请日:2023-04-07
Applicant: NXP B.V.
Inventor: Joost Roland Renes , Björn Fay
CPC classification number: H04L9/3093 , G06F17/14
Abstract: Electronic device and method for performing number theoretic transforms (NTTs) on polynomials for cryptography uses an arithmetic transformation on an input polynomial with n coefficients to divide the input polynomial into multiple polynomials each with less than n coefficients such that the coefficients of the multiple polynomials add up to n. An NTT transformation is executed on the multiple polynomials such that the coefficients of each of the multiple polynomials are processed in parallel butterfly operations. A cryptographic operation is performed based on the results of the NTT transformation.
-
公开(公告)号:US20240202273A1
公开(公告)日:2024-06-20
申请号:US18066862
申请日:2022-12-15
Applicant: NXP B.V.
Inventor: Björn FAY , Tobias SCHNEIDER , Joost Roland Renes , Melissa Azouaoui , Joppe Willem Bos
CPC classification number: G06F17/10 , G06F7/4812
Abstract: Various embodiments relate to a fault detection system and method for polynomial operations, including: selecting a plurality of evaluation points; evaluating a first polynomial at the plurality of evaluation points to produce first results; applying a first function to the first polynomial to produce a second polynomial; evaluating the second polynomial at the plurality of evaluation points second results; evaluating a second scalar function on the first results to produce third results; comparing the second results to the third results; and performing a polynomial operation using the second polynomial when the second results match the third results.
-
Patent Agency Ranking
公开(公告)号:US11502819B2
公开(公告)日:2022-11-15
申请号:US17154116
申请日:2021-01-21
Applicant: NXP B.V.
Inventor: Tobias Schneider , Joppe Willem Bos , Joost Roland Renes , Christine van Vredendaal
IPC: H04L9/00
Abstract: Various embodiments relate to a method and system for securely comparing a first and second polynomial, including: selecting a first subset of coefficients of the first polynomial and a second subset of corresponding coefficients of the second polynomial, wherein the coefficients of the first polynomial are split into shares and the first and second polynomials have coefficients; subtracting the second subset of coefficients from one of the shares of the first subset of coefficients; reducing the number of elements in the first subset of coefficients to elements by combining groups of / elements together; generating a random number for each of the elements of the reduced subset of coefficients; summing the product of each of the elements of the reduced subset of coefficients with their respective random numbers; summing the shares of the sum of the products; and generating an output indicating that the first polynomial does not equal the second polynomial when the sum does not equal zero.
-
公开(公告)号:US11444767B1
公开(公告)日:2022-09-13
申请号:US17190986
申请日:2021-03-03
Applicant: NXP B.V.
Inventor: Joost Roland Renes , Joppe Willem Bos , Tobias Schneider , Christine van Vredendaal
Abstract: Various embodiments relate to a method for multiplying a first and a second polynomial in the ring [X]/(XN−1) to perform a cryptographic operation in a data processing system, the method for use in a processor of the data processing system, including: receiving the first polynomial and the second polynomial by the processor; mapping the first polynomial into a third polynomial in a first ring and a fourth polynomial in a second ring using a map; mapping the second polynomial into a fifth polynomial in the first ring and a sixth polynomial in the second ring using the map; multiplying the third polynomial in the first ring with the fifth polynomial in the first ring to produce a first multiplication result; multiplying the fourth polynomial in the second ring with the sixth polynomial in the second ring to produce a second multiplication result using Renes multiplication; and combining the first multiplication result and the second multiplication result using the map.
-
公开(公告)号:US12177363B2
公开(公告)日:2024-12-24
申请号:US18045702
申请日:2022-10-11
Applicant: NXP B.V.
Inventor: Joost Roland Renes , Melissa Azouaoui , Joppe Willem Bos , Björn Fay , Tobias Schneider
Abstract: Various embodiments relate to a fault detection system and method for a digital signature algorithm, including: producing a digital signature of a message using a digital signature algorithm; storing parameters from a last round of the digital signature algorithm; executing the last round of the digital signature algorithm using the stored parameters to produce a check signature; comparing the digital signature to the check signature; and outputting the digital signature when the digital signature is the same as the check signature.
-
公开(公告)号:US20240388433A1
公开(公告)日:2024-11-21
申请号:US18320028
申请日:2023-05-18
Applicant: NXP B.V.
Inventor: Olivier Bronchain , Joost Roland Renes , Tobias Schneider
IPC: H04L9/30
Abstract: A data processing system and method for norm checking a cryptographic operation for lattice-based cryptography in a processor, the instructions, including: multiplying a first polynomial by a second polynomial to produce a first output, wherein the d arithmetic shares have a modulus q′; securely converting the first output to d Boolean shares; securely subtracting a third polynomial from the first output to produce a second output, wherein the third polynomial is randomly generated and then offset by a first constant parameter; securely adding a first constant based upon a bound check and the first constant parameter to the second output to shift the values of the second output to positive values to produce a third output; and securely adding a second constant based upon the bound check to the third output to produce a carry bit.
-
公开(公告)号:US20240356748A1
公开(公告)日:2024-10-24
申请号:US18135922
申请日:2023-04-18
Applicant: NXP B.V.
Inventor: Joost Roland Renes , Björn Fay
IPC: H04L9/30
CPC classification number: H04L9/3093
Abstract: System and method for masking secret polynomials for cryptography receives a secret polynomial function in a polynomial ring, which is masked with one or more masking polynomials in which at least some coefficients have a same value. An arithmetic operation is performed on coefficients of the masking polynomials with repeated coefficients to produce an output having integer values. A cryptographic operation is then performed with the output of the arithmetic operation.
-
-
-
-
-
-
-
-
-
Search Results
29
records
(took 0.014 seconds)
