公开(公告)号：US20240388433A1

公开(公告)日：2024-11-21

申请号：US18320028

申请日：2023-05-18

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Joost Roland Renes ,  Tobias Schneider

IPC: H04L9/30

Abstract: A data processing system and method for norm checking a cryptographic operation for lattice-based cryptography in a processor, the instructions, including: multiplying a first polynomial by a second polynomial to produce a first output, wherein the d arithmetic shares have a modulus q′; securely converting the first output to d Boolean shares; securely subtracting a third polynomial from the first output to produce a second output, wherein the third polynomial is randomly generated and then offset by a first constant parameter; securely adding a first constant based upon a bound check and the first constant parameter to the second output to shift the values of the second output to positive values to produce a third output; and securely adding a second constant based upon the bound check to the third output to produce a carry bit.

公开(公告)号：US20250007711A1

公开(公告)日：2025-01-02

申请号：US18345351

申请日：2023-06-30

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Joost Roland Renes ,  Tobias Schneider

IPC: H04L9/32

Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using polynomials for lattice-based cryptography in a processor, the instructions, including: applying a share-wise Kronecker substitution to arithmetic shares of a first polynomial; applying a Kronecker substitution to a second polynomial; multiplying share-wise the Kronecker substitution of the second polynomial and the arithmetic shares of the Kronecker substitution of the shares of the first polynomial to produce arithmetic shares of a first output; converting the shares of the first output to arithmetic shares of a polynomial representation; converting the arithmetic shares of the polynomial representation to Boolean shares of the polynomial representation; adding the Boolean shares of the polynomial representation to Boolean shares of a third polynomial to produce Boolean shares of a second output; and carrying out a cryptographic operation using the Boolean shares of the second output.

公开(公告)号：US20240275576A1

公开(公告)日：2024-08-15

申请号：US18169467

申请日：2023-02-15

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Melissa Azouaoui ,  Olivier Bronchain ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/00 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/004 ,  H04L9/3093 ,  H04L9/3247

Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, including: computing vector z based on a secret nonce vector y, a first secret key vector s1, and a challenge polynomial c, wherein vectors z, y, and s1 include l polynomials having n coefficients, wherein polynomial c has n coefficients, and wherein l and n are integers; computing a difference value between all of the coefficients of the polynomials in the vector z; computing a number of how many of the computed difference values are outside a specified value range; computing a digital signature for an input message; and rejecting the digital signature when the computed number is greater than a threshold value.

公开(公告)号：US12166879B2

公开(公告)日：2024-12-10

申请号：US17811669

申请日：2022-07-11

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound λ0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound λ0 and a second bound λ1 from the Boolean shares to obtain z′B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z′B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound λ0 and second bound λ1.

公开(公告)号：US20240405986A1

公开(公告)日：2024-12-05

申请号：US18326635

申请日：2023-05-31

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Melissa Azouaoui ,  Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

Abstract: A system and method of carrying out a binary arithmetic operation in a cryptographic operation for lattice-based cryptography. The variables used in the binary arithmetic operation may have their bits randomly rotated to counter side channel attacks. An addition and multiplication operation on variables with rotated bits are disclosed.

公开(公告)号：US20240338492A1

公开(公告)日：2024-10-10

申请号：US18298100

申请日：2023-04-10

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Tobias Schneider

IPC: G06F21/72 ,  G06F7/504 ,  H04L9/08

CPC classification number: G06F21/72 ,  G06F7/504 ,  H04L9/0852

Abstract: A hardware converter configured to convert d arithmetic shares of x to d Boolean shares of x. The hardware converter has a plurality of addition layers in a tree structure. Each layer has a plurality of secure bit adders.

公开(公告)号：US20240015012A1

公开(公告)日：2024-01-11

申请号：US17811669

申请日：2022-07-11

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

CPC classification number: H04L9/3093 ,  H04L2209/046

Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound λ0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound λ0 and a second bound λ1 from the Boolean shares to obtain z′B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z′B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound λ0 and second bound λ1.