公开(公告)号：US11586860B2

公开(公告)日：2023-02-21

申请号：US16168868

申请日：2018-10-24

Applicant: NXP B.V.

Inventor： Fariborz Assaderaghi ,  Marc Joye

IPC: G06N20/00 ,  G06K9/62 ,  G06N3/08 ,  G06N5/04

Abstract: A method and data processing system for detecting tampering of a machine learning model is provided. The method includes training a machine learning model. During a training operating period, a plurality of input values is provided to the machine learning model. In response to a predetermined invalid input value, the machine learning model is trained that a predetermined output value will be expected. The model is verified that it has not been tampered with by inputting the predetermined invalid input value during an inference operating period. If the expected output value is provided by the machine learning model in response to the predetermined input value, then the machine learning model has not been tampered with. If the expected output value is not provided, then the machine learning model has been tampered with. The method may be implemented using the data processing system.

公开(公告)号：US11100222B2

公开(公告)日：2021-08-24

申请号：US16180144

申请日：2018-11-05

Applicant: NXP B.V.

Inventor： Marc Joye ,  Ahmed Ullah Qureshi

IPC: G06F21/55 ,  G06N3/02 ,  G06F21/75 ,  G06N20/00

Abstract: A method is provided for protecting a trained machine learning model that provides prediction results with confidence levels. The confidence level is a measure of the likelihood that a prediction is correct. The method includes determining if a query input to the model is an attempted attack on the model. If the query is determined to be an attempted attack, a first prediction result having a highest confidence level is swapped with a second prediction result having a relatively lower confidence level so that the first and second prediction results and confidence levels are re-paired. Then, the second prediction result is output from the model with the highest confidence level. By swapping the confidence levels and outputting the prediction results with the swapped confidence levels, the machine learning model is more difficult for an attacker to extract.

公开(公告)号：US10764048B2

公开(公告)日：2020-09-01

申请号：US15849334

申请日：2017-12-20

Applicant: NXP B.V.

Inventor： Marc Joye ,  Fariborz Salehi

IPC: H04L9/14 ,  H04L9/00 ,  G06F17/10 ,  G06K9/62

Abstract: A method for performing a secure evaluation of a decision tree, including: receiving, by a processor of a server, an encrypted feature vector x=(x1, . . . , xn) from a client; choosing a random mask μ0; calculating m0 and sending m0 to the client, wherein m0=xi0(0)−t0(0)+μ0 and t0(0) is a threshold value in the first node in the first level of a decision tree ′; performing a comparison protocol on m0 and μ0, wherein the server produces a comparison bit b0 and the client produces a comparison bit b′0; choosing a random bit s0∈{0,1} and when s0=1 switching a left and right subtrees of ′; sending b0⊕s0 to the client; and for each level =1, 2, . . . , d−1 of the decision tree ′, where d is the number of levels in the decision tree ′, perform the following steps: receiving from the client yk where k=0, 1, . . . , −1; performing a comparison protocol on and , wherein is a random mask and is based upon, x, , yk, and and the server produces a comparison bit and the client produces a comparison bit ; choosing a random bit ∈{0,1} and when =1 switching all left and right subtrees at level of ′; and sending ⊕ to the client.

公开(公告)号：US10652011B2

公开(公告)日：2020-05-12

申请号：US15617940

申请日：2017-06-08

Applicant: NXP B.V.

Inventor： Joppe Willem Bos ,  Jan Hoogerbrugge ,  Marc Joye ,  Wilhelmus Petrus Adrianus Johannus Michiels

IPC: G06F21/00 ,  H04L9/06 ,  H04L9/30 ,  G09C1/00 ,  G06F21/60

Abstract: A method for producing a white-box implementation of a cryptographic function using garbled circuits, including: producing, by a first party, a logic circuit implementing the cryptographic function using a plurality of logic gates and a plurality of wires; garbling the produced logic circuit, by the first party, including garbling the plurality of logic gates and assigning two garbled values for each of the plurality of wires; and providing a second party the garbled logic circuit and a first garbled circuit input value.

公开(公告)号：US20190332814A1

公开(公告)日：2019-10-31

申请号：US15964536

申请日：2018-04-27

Applicant: NXP B.V.

Inventor： Joppe Willem BOS ,  Marc Joye

IPC: G06F21/71 ,  G06F15/18 ,  H04L9/00 ,  H04L9/32 ,  G06F21/64

Abstract: A device, including: a memory; a processor configured to implement an encrypted machine leaning model configured to: evaluate the encrypted learning model based upon received data to produce an encrypted machine learning model output; producing verification information; a tamper resistant hardware configured to: verify the encrypted machine learning model output based upon the verification information; and decrypt the encrypted machine learning model output when the encrypted machine learning model output is verified.

公开(公告)号：US10601579B2

公开(公告)日：2020-03-24

申请号：US15849420

申请日：2017-12-20

Applicant: NXP B.V.

Inventor： Marc Joye ,  Fariborz Salehi

IPC: H04L9/00 ,  H04L9/14 ,  G06F17/10

Abstract: A method for performing a secure comparison between a first secret data and a second secret data, including: receiving, by a processor of a first party, encrypted bits of the second secret data y from a second party, where is an integer; computing the Hamming weight h of first secret data x, wherein x has bits; computing the value of a first comparison bit δA such that δA=0 when h>└/2┘, δA=1 when h

公开(公告)号：US10601578B2

公开(公告)日：2020-03-24

申请号：US15795103

申请日：2017-10-26

Applicant: NXP B.V.

Inventor： Marc Joye

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/30 ,  H04L9/14

Abstract: A method for protecting against faults in a computation of a point multiplication Q=[k]P on an elliptic curve E defined over a prime field p, including: defining an integer r and a group ′={γ()|∈/r} represented with elements having a group law that coincides with a group law used in the representation for E(p) and isomorphic to an additive group (/r)+ through isomorphism γ; forming a combined group E(p)×′E(p)×(/r)+ which is isomorphic to a cross product of the groups E(p) and (/r)+; selecting an element in /r and defining an element P′=γ() in group ′; forming a combined element {circumflex over (P)}=CRT(P,P′) in the group E(p)×′; calculating {circumflex over (Q)}=[k]{circumflex over (P)} in the combined group E(p)×′; calculating k in /r; and checking whether {circumflex over (Q)}≡Q′(mod r) where Q′=γ(k).

公开(公告)号：US10411891B2

公开(公告)日：2019-09-10

申请号：US15636412

申请日：2017-06-28

Applicant: NXP B.V.

Inventor： Marc Joye ,  Yan Michalevsky

IPC: H04L9/30 ,  H04L29/06 ,  H04L29/08 ,  H04L9/06 ,  H04L9/32 ,  H04L9/08

Abstract: A method for computing the distance between two encrypted data vectors using elliptic curve cryptography.

公开(公告)号：US10680818B2

公开(公告)日：2020-06-09

申请号：US15951590

申请日：2018-04-12

Applicant: NXP B.V.

Inventor： Joppe Willem Bos ,  Marc Joye

IPC: H04L9/30

Abstract: Various embodiments relate to a method of encrypting a message m using a Paillier cryptosystem, including: computing a ciphertext c based upon the message m, N, and r, where N is the product of two distinct primes p and q, and r is randomly chosen such that r∈[1, N); computing a first verification value based upon u and N, where u is randomly chosen such that u∈[1, N); computing a second verification value s based upon u, r, the ciphertext c, the verification value, and a hash function H.