公开(公告)号：US20250053639A1

公开(公告)日：2025-02-13

申请号：US18366727

申请日：2023-08-08

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Erik Kraft ,  Jan Hoogerbrugge ,  Tobias Schneider

IPC: G06F21/52 ,  G06F21/60

Abstract: A method is provided to protect a stack of return addresses from manipulation. The return address indicates where to return in a computer program after a subroutine is called. In the method, an encryption key and an initial tweak value is selected. For a return address to be stored on the stack, a first chained address is generated by encrypting the return address with the encryption key and the initial tweak value. The first chained address is provided to the stack instead of the return address. For a subsequent return address that is subsequent to the return address, a second chained address is generated by encrypting the subsequent return address with the encryption key and the first chained address. The second chained address is provided to the stack instead of the subsequent return address. The method provides effective protection without requiring additional memory in a memory limited system.

公开(公告)号：US20240430099A1

公开(公告)日：2024-12-26

申请号：US18337795

申请日：2023-06-20

Applicant: NXP B.V.

Inventor： Christine van Vredendaal ,  Tobias Schneider ,  Melissa Azouaoui

IPC: H04L9/32 ,  H04L9/08

Abstract: A secure processing system configured to produce a hash based digital signature of a message, including: random number generator (RNG); a monotonic counter device configured to produce a monotonically increasing counter value; a hash accelerator configured to produce a hash of the message based upon a random number from the RNG and the counter value; and a run time integrity check (RTIC) device configured to check the integrity of the operation of the hash accelerator based upon the counter value.

公开(公告)号：US20240388429A1

公开(公告)日：2024-11-21

申请号：US18319982

申请日：2023-05-18

Applicant: NXP B.V.

Inventor： Christine van Vredendaal ,  Melissa Azouaoui ,  Marcel Medwed ,  Tobias Schneider

IPC: H04L9/08 ,  H04L9/32

Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for generating keys in a hash based signature system in a processor, the instructions, including: generating, by a random number generator, a seed; repeatedly hashing the seed with a first hash function to produce n/k chained seeds, wherein n is a total number secret keys generated and k is a number of secret keys generated from each chained seed; and generating k secret keys from each of the n/k chained seeds using a second hash function, wherein at least one of the k secret keys is generated from another of the k secret keys in a sequential chain.

公开(公告)号：US11502819B2

公开(公告)日：2022-11-15

申请号：US17154116

申请日：2021-01-21

Applicant: NXP B.V.

Inventor： Tobias Schneider ,  Joppe Willem Bos ,  Joost Roland Renes ,  Christine van Vredendaal

IPC: H04L9/00

Abstract: Various embodiments relate to a method and system for securely comparing a first and second polynomial, including: selecting a first subset of coefficients of the first polynomial and a second subset of corresponding coefficients of the second polynomial, wherein the coefficients of the first polynomial are split into shares and the first and second polynomials have coefficients; subtracting the second subset of coefficients from one of the shares of the first subset of coefficients; reducing the number of elements in the first subset of coefficients to elements by combining groups of / elements together; generating a random number for each of the elements of the reduced subset of coefficients; summing the product of each of the elements of the reduced subset of coefficients with their respective random numbers; summing the shares of the sum of the products; and generating an output indicating that the first polynomial does not equal the second polynomial when the sum does not equal zero.

公开(公告)号：US11444767B1

公开(公告)日：2022-09-13

申请号：US17190986

申请日：2021-03-03

Applicant: NXP B.V.

Inventor： Joost Roland Renes ,  Joppe Willem Bos ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/30 ,  G06F7/72

Abstract: Various embodiments relate to a method for multiplying a first and a second polynomial in the ring [X]/(XN−1) to perform a cryptographic operation in a data processing system, the method for use in a processor of the data processing system, including: receiving the first polynomial and the second polynomial by the processor; mapping the first polynomial into a third polynomial in a first ring and a fourth polynomial in a second ring using a map; mapping the second polynomial into a fifth polynomial in the first ring and a sixth polynomial in the second ring using the map; multiplying the third polynomial in the first ring with the fifth polynomial in the first ring to produce a first multiplication result; multiplying the fourth polynomial in the second ring with the sixth polynomial in the second ring to produce a second multiplication result using Renes multiplication; and combining the first multiplication result and the second multiplication result using the map.

公开(公告)号：US12166879B2

公开(公告)日：2024-12-10

申请号：US17811669

申请日：2022-07-11

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound λ0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound λ0 and a second bound λ1 from the Boolean shares to obtain z′B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z′B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound λ0 and second bound λ1.

公开(公告)号：US20240405986A1

公开(公告)日：2024-12-05

申请号：US18326635

申请日：2023-05-31

Applicant: NXP B.V.

Inventor： Markus Schoenauer ,  Melissa Azouaoui ,  Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

Abstract: A system and method of carrying out a binary arithmetic operation in a cryptographic operation for lattice-based cryptography. The variables used in the binary arithmetic operation may have their bits randomly rotated to counter side channel attacks. An addition and multiplication operation on variables with rotated bits are disclosed.

公开(公告)号：US20240338492A1

公开(公告)日：2024-10-10

申请号：US18298100

申请日：2023-04-10

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Tobias Schneider

IPC: G06F21/72 ,  G06F7/504 ,  H04L9/08

CPC classification number: G06F21/72 ,  G06F7/504 ,  H04L9/0852

Abstract: A hardware converter configured to convert d arithmetic shares of x to d Boolean shares of x. The hardware converter has a plurality of addition layers in a tree structure. Each layer has a plurality of secure bit adders.

公开(公告)号：US20240126511A1

公开(公告)日：2024-04-18

申请号：US17935550

申请日：2022-09-26

Applicant: NXP B.V.

Inventor： Melissa Azouaoui ,  Yulia Kuzovkova ,  Tobias Schneider ,  Markus Schoenauer ,  Christine van Vredendaal

IPC: G06F7/72 ,  G06F9/30

CPC classification number: G06F7/724 ,  G06F9/3001 ,  G06F9/30029 ,  G06F2207/7233

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked compressing of coefficients of a polynomial having ns arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting a first arithmetic share of the ns arithmetic shares by an input mask λ1; scaling the shifted first arithmetic share by a value based on a first compression factor δ and a masking scaling factor φ1; shifting the scaled first arithmetic share by a value based on the masking scaling factor φ1; scaling a second to ns shares of the ns arithmetic shares by a value based on the first compression factor δ and the masking scaling factor φ1; converting the ns scaled arithmetic shares to ns Boolean shares; right shifting the ns Boolean shares based upon the masking scaling factor φ1 and a second compression factor φ2; XORing an output mask λ2 with the shifted first Boolean share to produce ns compressed Boolean shares; and carrying out a cryptographic operation using the ns arithmetic shares when the ns compressed Boolean shares indicates that the coefficients of the polynomial are within boundary values.

公开(公告)号：US20240015012A1

公开(公告)日：2024-01-11

申请号：US17811669

申请日：2022-07-11

Applicant: NXP B.V.

Inventor： Olivier Bronchain ,  Tobias Schneider

IPC: H04L9/30

CPC classification number: H04L9/3093 ,  H04L2209/046

Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound λ0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound λ0 and a second bound λ1 from the Boolean shares to obtain z′B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z′B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound λ0 and second bound λ1.