MASKED INFINITY NORM CHECK FOR CRYSTALS-DILITHIUM SIGNATURE GENERATION

    公开(公告)号:US20240388433A1

    公开(公告)日:2024-11-21

    申请号:US18320028

    申请日:2023-05-18

    Applicant: NXP B.V.

    Abstract: A data processing system and method for norm checking a cryptographic operation for lattice-based cryptography in a processor, the instructions, including: multiplying a first polynomial by a second polynomial to produce a first output, wherein the d arithmetic shares have a modulus q′; securely converting the first output to d Boolean shares; securely subtracting a third polynomial from the first output to produce a second output, wherein the third polynomial is randomly generated and then offset by a first constant parameter; securely adding a first constant based upon a bound check and the first constant parameter to the second output to shift the values of the second output to positive values to produce a third output; and securely adding a second constant based upon the bound check to the third output to produce a carry bit.

    MASKED KRONECKER SUBSTITUTION FOR POLYNOMIAL MULTIPLICATION

    公开(公告)号:US20250007711A1

    公开(公告)日:2025-01-02

    申请号:US18345351

    申请日:2023-06-30

    Applicant: NXP B.V.

    Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using polynomials for lattice-based cryptography in a processor, the instructions, including: applying a share-wise Kronecker substitution to arithmetic shares of a first polynomial; applying a Kronecker substitution to a second polynomial; multiplying share-wise the Kronecker substitution of the second polynomial and the arithmetic shares of the Kronecker substitution of the shares of the first polynomial to produce arithmetic shares of a first output; converting the shares of the first output to arithmetic shares of a polynomial representation; converting the arithmetic shares of the polynomial representation to Boolean shares of the polynomial representation; adding the Boolean shares of the polynomial representation to Boolean shares of a third polynomial to produce Boolean shares of a second output; and carrying out a cryptographic operation using the Boolean shares of the second output.

    FAULT DETECTION OF DIFFERENTIAL FAULT ATTACK IN LATTICE BASED CRYPTOGRAPHY

    公开(公告)号:US20240275576A1

    公开(公告)日:2024-08-15

    申请号:US18169467

    申请日:2023-02-15

    Applicant: NXP B.V.

    CPC classification number: H04L9/004 H04L9/3093 H04L9/3247

    Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, including: computing vector z based on a secret nonce vector y, a first secret key vector s1, and a challenge polynomial c, wherein vectors z, y, and s1 include l polynomials having n coefficients, wherein polynomial c has n coefficients, and wherein l and n are integers; computing a difference value between all of the coefficients of the polynomials in the vector z; computing a number of how many of the computed difference values are outside a specified value range; computing a digital signature for an input message; and rejecting the digital signature when the computed number is greater than a threshold value.

    Rejection of masked polynomials
    4.
    发明授权

    公开(公告)号:US12166879B2

    公开(公告)日:2024-12-10

    申请号:US17811669

    申请日:2022-07-11

    Applicant: NXP B.V.

    Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound λ0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound λ0 and a second bound λ1 from the Boolean shares to obtain z′B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z′B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound λ0 and second bound λ1.

    REJECTION OF MASKED POLYNOMIALS
    7.
    发明公开

    公开(公告)号:US20240015012A1

    公开(公告)日:2024-01-11

    申请号:US17811669

    申请日:2022-07-11

    Applicant: NXP B.V.

    CPC classification number: H04L9/3093 H04L2209/046

    Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound λ0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound λ0 and a second bound λ1 from the Boolean shares to obtain z′B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z′B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound λ0 and second bound λ1.

Patent Agency Ranking