公开(公告)号：US11924346B2

公开(公告)日：2024-03-05

申请号：US17732164

申请日：2022-04-28

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Tobias Schneider ,  Joost Roland Renes ,  Melissa Azouaoui

IPC: H04L9/30 ,  G06F9/30

CPC classification number: H04L9/3093 ,  G06F9/30018 ,  H04L9/3026

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter β; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter β; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter β.

公开(公告)号：US20240405986A1

公开(公告)日：2024-12-05

申请号：US18326635

申请日：2023-05-31

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Melissa Azouaoui ,  Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

Abstract: A system and method of carrying out a binary arithmetic operation in a cryptographic operation for lattice-based cryptography. The variables used in the binary arithmetic operation may have their bits randomly rotated to counter side channel attacks. An addition and multiplication operation on variables with rotated bits are disclosed.

公开(公告)号：US20240126511A1

公开(公告)日：2024-04-18

申请号：US17935550

申请日：2022-09-26

Applicant: NXP B.V.

Inventor： Melissa Azouaoui ,  Yulia Kuzovkova ,  Tobias Schneider ,  Markus Schoenauer ,  Christine van Vredendaal

IPC: G06F7/72 ,  G06F9/30

CPC classification number: G06F7/724 ,  G06F9/3001 ,  G06F9/30029 ,  G06F2207/7233

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked compressing of coefficients of a polynomial having ns arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting a first arithmetic share of the ns arithmetic shares by an input mask λ1; scaling the shifted first arithmetic share by a value based on a first compression factor δ and a masking scaling factor φ1; shifting the scaled first arithmetic share by a value based on the masking scaling factor φ1; scaling a second to ns shares of the ns arithmetic shares by a value based on the first compression factor δ and the masking scaling factor φ1; converting the ns scaled arithmetic shares to ns Boolean shares; right shifting the ns Boolean shares based upon the masking scaling factor φ1 and a second compression factor φ2; XORing an output mask λ2 with the shifted first Boolean share to produce ns compressed Boolean shares; and carrying out a cryptographic operation using the ns arithmetic shares when the ns compressed Boolean shares indicates that the coefficients of the polynomial are within boundary values.

公开(公告)号：US20230353361A1

公开(公告)日：2023-11-02

申请号：US17732164

申请日：2022-04-28

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Tobias Schneider ,  Joost Roland Renes ,  Melissa Azouaoui

IPC: H04L9/30 ,  G06F9/30

CPC classification number: H04L9/3093 ,  H04L9/3026 ,  G06F9/30018

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter β; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter β; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter β.

公开(公告)号：US20240275576A1

公开(公告)日：2024-08-15

申请号：US18169467

申请日：2023-02-15

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Melissa Azouaoui ,  Olivier Bronchain ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/00 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/004 ,  H04L9/3093 ,  H04L9/3247

Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, including: computing vector z based on a secret nonce vector y, a first secret key vector s1, and a challenge polynomial c, wherein vectors z, y, and s1 include l polynomials having n coefficients, wherein polynomial c has n coefficients, and wherein l and n are integers; computing a difference value between all of the coefficients of the polynomials in the vector z; computing a number of how many of the computed difference values are outside a specified value range; computing a digital signature for an input message; and rejecting the digital signature when the computed number is greater than a threshold value.

公开(公告)号：US12021985B2

公开(公告)日：2024-06-25

申请号：US17832521

申请日：2022-06-03

Applicant: NXP B.V.

Inventor： Melissa Azouaoui ,  Tobias Schneider ,  Markus Schoenauer

IPC: H04L9/30 ,  G06F7/487 ,  G06F7/72

CPC classification number: H04L9/3093 ,  G06F7/4873 ,  G06F7/727

Abstract: Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having ns arithmetic shares into a high part a1 and a low part a0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t(⋅)A; extracting Boolean shares a1(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t(⋅)A and performing an AND with ζ−1, where ζ=−α−1 is a power of 2; unmasking a1 by combining Boolean shares of a1(⋅)B; calculating arithmetic shares a0(⋅)A of the low part a0; and performing a cryptographic function using a1 and a0(⋅)A.

公开(公告)号：US20230396436A1

公开(公告)日：2023-12-07

申请号：US17832521

申请日：2022-06-03

Applicant: NXP B.V.

Inventor： Melissa Azouaoui ,  Tobias Schneider ,  Markus Schoenauer

IPC: H04L9/30 ,  G06F7/487 ,  G06F7/72

CPC classification number: H04L9/3093 ,  H04L9/3033 ,  G06F7/4873 ,  G06F7/727

Abstract: Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having ns arithmetic shares into a high part a1 and a low part a0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t(⋅)A; extracting Boolean shares a1(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t(⋅)A and performing an AND with ζ−1, where ζ=−α−1 is a power of 2; unmasking a1 by combining Boolean shares of a1(⋅)B; calculating arithmetic shares a0(⋅)A of the low part a0; and performing a cryptographic function using a1 and a0(⋅)A.