A processing system configured to execute one or more processing operations, the execution of the one or more processing operations involving the evaluation of at least one Boolean function. The processing system includes an evaluation device configured to evaluate each Boolean function ƒ defined from 2n over 2, in a variable x of length n over 2n. The evaluation device includes: a differential calculation unit configured to calculate differentials Δƒ(y)=ƒ(y)⊕ƒ(y−1) for each integer intermediary variable y ranging from 1 to 2n−1; an accumulation unit configured to sum, using the XOR operator, the product of the differential Δƒ(y) and cn2n−y(x) for each value of y ranging from 1 to 2n−1, according to the following XOR accumulation term ⊕y=12n−1(Δƒ(y))cn2n−y(x), where cnz(x) is the function associating x to the outbound carry of arithmetic summation x+z; a XOR adder configured to add ƒ(0) to the result of the accumulation unit, wherein the output of the XOR adder provides the result of the evaluation of the Boolean function ƒ.
H03K 19/20 - Logic circuits, i.e. having at least two inputs acting on one outputInverting circuits characterised by logic function, e.g. AND, OR, NOR, NOT circuits
H03K 19/21 - EXCLUSIVE-OR circuits, i.e. giving output if input signal exists at only one inputCOINCIDENCE circuits, i.e. giving output only if all input signals are identical
2.
PROCESSING SYSTEM AND METHOD USING A TWEAKABLE CODE-BASED MASKING
A processing system executes a processing function in response to receipt of an input information word including information symbols, including a protection device to protect execution of the processing function using a tweakable code-based masking, and a processing unit to execute the processing function, by decomposing its execution into basis operations including elementary operations including at least a component-wise multiplication operation. The processing unit includes a multiplier. The protection device determines an encoding matrix A from an information code and a masking code, being linear codes and determined randomly, the processing device including an encoder to encode the input information word, and each operand of an elementary operation, prior to execution using encoding matrix A. The multiplication operation performed by multiplier is masked using the pseudo-inverse matrix A−1 of the encoding matrix A, and a pseudo-inverse transpose matrix A−T of the encoding matrix A, such that (AT)−1=(A−1)T.
An architecture configured for providing a compression function from within a hash function, including a message input, configured for receiving a message block from a set of message blocks; a hash output, configured for outputting a final state which represents the hash value of the set of message blocks; a compression block for processing blocks of data from the set of message blocks and gradually condensing them into a fixed-size hash value; wherein the architecture is further configured for temporary storing the compressed value between calls of the compression function.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
4.
ADAPTIVE CONTROL SYSTEM OF A CONFIGURABLE STRONG PUF SOURCE
An adaptive control system of a configurable strong PUF source configured to deliver a self-enrollment status, a key (K) and a key rebuilding status, including an adaptive PUF control unit configured to: receive information of entropy of at least one key, reliability of the at least one key and PUF index representative of one of the at least one key; challenge and configure the strong PUF source; and receive a quantized non-binary response in feedback of the strong PUF source; a PUF control logic finite state machine configured to drive the adaptive control unit, configured to: receive a PUF mode operation to execute, first self-enrollment, then key rebuilding; access to data representative of one-time programmable policy; write and read data of a data RAM; write and read a one-time programmable data.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Scientific apparatus and instruments; nautical apparatus and
instruments; surveying apparatus and instruments;
photographic apparatus and instruments; cinematographic
cameras; optical apparatus and instruments; weighing
apparatus and instruments; measuring apparatus and
instruments; signaling apparatus and instruments; checking
(monitoring) apparatus and instruments; teaching apparatus
and instruments; sound recording apparatus; apparatus for
sound transmission; apparatus for sound reproduction; image
recording equipment; image transmission apparatus; image
reproduction apparatus; compact discs (CDs); DVDs; digital
recording media; mechanisms for coin-operated apparatus;
cash registers; calculating machines; data processing
equipment; computers; tablet computers; smartphones;
electronic book readers; game software; software (recorded
programs); computer peripherals; detectors; electric wires;
electric relays; diving suits; divers' suits; diving gloves;
diving masks; clothing for protection against accidents,
irradiation and fire; protection devices for personal use
against accidents; fire extinguishers; spectacles (optics);
3D spectacles; eyewear; spectacle cases; integrated circuit
cards [smart cards]; bags adapted for laptops; smart
watches; electric batteries; diagnostic apparatus, not for
medical use. Technical evaluations concerning design (engineers'
services); scientific research; technical research; design
of computers for third parties; computer development;
software design; software development; research and
development of new products for third parties; technical
project study services; architecture; design of interior
decor; software development (design); software installation;
software maintenance; updating of software; software rental;
programming for computers; computer system analysis;
computer system design; consultancy in the design and
development of computers; digitization of documents;
Software as a Service (SaaS); cloud computing; advice
regarding information technology; server hosting; motor
vehicle roadworthiness testing; graphic arts design
services; styling (industrial design); authentication of
works of art; energy auditing; electronic data storage.
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Scientific apparatus and instruments; nautical apparatus and instruments; surveying apparatus and instruments; photographic apparatus and instruments; cinematographic cameras; optical apparatus and instruments; weighing apparatus and instruments; measuring apparatus and instruments; signaling apparatus and instruments; checking (monitoring) apparatus and instruments; teaching apparatus and instruments; sound recording apparatus; apparatus for sound transmission; apparatus for sound reproduction; image recording equipment; image transmission apparatus; image reproduction apparatus; compact discs (CDs); DVDs; digital recording media; mechanisms for coin-operated apparatus; cash registers; calculating machines; data processing equipment; computers; tablet computers; smartphones; electronic book readers; game software; software (recorded programs); computer peripherals; detectors; electric wires; electric relays; diving suits; divers' suits; diving gloves; diving masks; clothing for protection against accidents, irradiation and fire; protection devices for personal use against accidents; fire extinguishers; spectacles (optics); 3D spectacles; eyewear; spectacle cases; integrated circuit cards [smart cards]; bags adapted for laptops; smart watches; electric batteries; diagnostic apparatus, not for medical use. Technical evaluations concerning design (engineers' services); scientific research; technical research; design of computers for third parties; computer development; software design; software development; research and development of new products for third parties; technical project study services; architecture; design of interior decor; software development (design); software installation; software maintenance; updating of software; software rental; programming for computers; computer system analysis; computer system design; consultancy in the design and development of computers; digitization of documents; Software as a Service (SaaS); cloud computing; advice regarding information technology; server hosting; motor vehicle roadworthiness testing; graphic arts design services; styling (industrial design); authentication of works of art; energy auditing; electronic data storage.
7.
METHOD AND SYSTEM FOR PROTECTING CRYPTOGRAPHIC OPERATIONS AGAINST SIDE-CHANNEL ATTACKS
A cryptographic system for executing operations of a cryptographic scheme applied to encrypt a data block is provided. The cryptographic system comprises a first sharing processing unit configured to execute an arithmetic sharing function applied to the data block and providing as an output a first and a second arithmetic share component. The cryptographic system further comprises a second sharing processing unit and a computation processing unit. The second sharing processing unit is configured to determine a random component and to execute a Boolean sharing function applied to the first arithmetic share component and to the random component and providing as an output an intermediate Boolean share component. The computation processing unit is configured to execute a recursive carry computation function configured to compute a first, a second and a third Boolean share component from the second arithmetic share component, the random component and the intermediate Boolean share component.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 11/28 - Error detectionError correctionMonitoring by checking the correct order of processing
G06F 11/36 - Prevention of errors by analysis, debugging or testing of software
G06F 13/28 - Handling requests for interconnection or transfer for access to input/output bus using burst mode transfer, e.g. direct memory access, cycle steal
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Embodiments provide a memory device including a memory comprising at least one chip, each chip comprising one or more banks for storing a plurality of bits, each bank comprising a set of rows and columns, each row and column comprising a number of bits, the device further comprising a controller configured to generate access commands to the memory, an access command identifying an address corresponding to a given row of the memory and a command operation to be performed on the given row, wherein the device further comprises a protection device. The protection device is configured to transform an address, in response to the receipt of an access command identifying the address, into a transformed address. The protection device uses an address storage data structure, such as a histogram, to store the transformed address depending on a frequency of access associated with the address, the address storage data structure being reset in response to a memory protection operation (refresh for example) performed in the memory device. The protection device further comprises an access frequency manager configured to determine whether the access frequency associated with an address maintained in the address storage data structure is greater or equal to a threshold, and if so trigger a memory protection operation in the memory from within the memory.
Embodiments provide a device for testing a bit sequence generated by a Random Number Generator, wherein the device is configured to apply one or more statistical tests to the bit sequence, in response the detection of N bits generated by the Random number generator, each statistical test providing at least one sum value derived from the bits of the sequence, the testing device comprising: a comparator for comparing at least one test parameter related to each statistical test to one or more thresholds; a validation unit configured to determine if the bit sequence is valid depending on the comparison made by the comparator for each statistical test; wherein at least one of the test parameter and the at least one threshold is determined from N and from a target error probability.
A circuit for monitoring a circuit payload, includes a plurality of sensors distributed in the circuit, next to the predefined circuit payload; one or more memory units associated with the one or more sensors configured to store sensors' measures made by the one or more associated sensors, every p clock cycles; wherein the circuit is configured to read the sensors' measures stored in at least some of the memory units. Embodiments comprise the use of digital sensors, or analogical sensors coupled with digital converters; the use of FIFO type memory units, adjustments of the depths of the memory units; the use of Finite State Machines configured to cause the circuit to receive sensors' measures; the use of data obfuscation and/or reduction modules; the use of a signature circuit, the use of circuits configured to determine one or more attacks from the sensors' measures.
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
12.
Methods and devices for secured identity-based encryption systems with two trusted centers
A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the identity-based cryptosystem includes a transmitter trusted center connected to the transmitter device and a receiver trusted center connected to the receiver device. The transmitter device is configured to: receive, from the transmitter trusted center, two public authentication keys; check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; send the ciphertext set to the receiver device.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
13.
Devices and methods for the detection and localization of fault injection attacks
A device for detecting perturbation attacks performed on a digital circuit is provided. The device comprises: a first metallic layer and a second metallic layer arranged on the digital circuit, the first metal layer comprising a plurality of signal transmission lines routed horizontally, the second metal layer comprising a plurality of signal transmission lines routed vertically, the device comprising one or more transmitter buffers and one or more receiver buffers, a transmitter buffer and a receiver buffer being connected by each signal transmission line; a random number generator configured to generate random signal values; the device further comprising a transmitter manager connected to one or more transmitter buffers and a receiver manager connected to one or more receiver buffers, wherein: the transmitter manager is configured to transmit random signal values generated by the random number generator over the signal transmission lines of the first metallic layer and the second metallic layer, the receiver manager is configured to receive random signal values from the transmitter manager through the one or more receiver buffers connected to the receiver manager, measure a transmission time corresponding to a time of transmission of the received random signal values, and compare the transmission time to a predefined timing interval to detect perturbation attacks.
A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the transmitter device being associated with a transmitter identifier. The transmitter device is configured to receive a transmitter partial private key from a trusted center, the transmitter device being configured to: send a request for two public session keys to the receiver device; receive from the receiver device a first ciphertext set, the first ciphertext set being derived from an encryption and authentication of two public session keys; decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key; determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, the second ciphertext comprising an encrypted message; send the second ciphertext set to the receiver device.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
15.
Methods and devices for secure secret key generation
i), and a key generator configured to combine the at least one part of static data and the at least one part of dynamic data, and to determine the one or more cryptographic keys by applying a cryptographic function to the combined data.
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
16.
Devices and methods for protecting cryptographic programs
There is provided a device for protecting a cryptographic program implemented in a cryptographic computing device, the cryptographic computing device includes one or more processors, the cryptographic program comprising instructions and being associated with an initial execution order of the instructions. The device comprises a compiler to compile the cryptographic program, which provides an intermediate representation of the cryptographic program comprising instructions and variables used to execute the instructions. The device is configured to: determine a graph of dependencies comprising nodes and edges, each node of the graph representing an instruction of the intermediary representation, and each edge of the graph representing a variable of the intermediary representation; mask the graph of dependencies by replacing each variable of the graph of dependencies with a masked variable, the processing unit determining the masked variable by applying a masking scheme to the variable, which provides a masked graph of dependencies; determine at least a set of independent instructions using the masked graph of dependencies; determine an execution order for each set of independent instructions from the initial execution order, the execution order representing the order of execution of the set of independent instructions by at least one of the one or more processors.
Countermeasures against fault injection attacks of a cryptographic integrated circuit, and more specifically laser fault injection attacks are provided. The invention consists in generating sequences of bits belonging to a set of allowed sequences, and storing these sequences on a set of Flip-Flops. Then the sequences stored on the Flip-Flops are checked and, if they do not belong to the allowed sequence, this is the sign that a fault injection attack occurred and caused a bit flip in one of the flip-flops. An alarm signal is then generated.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G06F 11/10 - Adding special bits or symbols to the coded information, e.g. parity check, casting out nines or elevens
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/77 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
A System on Chip includes at least two hardware masters, a security circuit, and a communication infrastructure for communication between the hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol. Each hardware master is configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service. The security circuit may comprise a Secure Mailbox comprising a filter configured to filter the requests received from the hardware masters, the filter being configured to determine at least one indicator bit, in response to the receipt of a request from a hardware master, using at least a part of an identifier associated with the master, the indicator bit indicating whether the master is allowed access to the Security circuit, the identifier being an hardware identifier received with the request through the communication protocol, the filter filtering the requests based on the bit indicators determined for each request. The security circuit is further configured to execute the filtered requests.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: a combinatorial function unit associated with each plaintext block, the combinatorial function unit being configured to determine a tweak block value by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, a first masking unit in association with each plaintext block, the first masking unit being configured to determine a masked value by applying a data masking algorithm to the tweak block value determined by the combinatorial function unit associated with the plaintext block.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
20.
Connected synthetic physically unclonable function
There is disclosed a Connected Synthetic Physically Unclonable Function (acronym CSPUF) made of a circuit configured to receive signals of one or more sensors and/or actuators in/of a computer device; determine one or more statistical properties of the noise distribution of the selected one or more of the sensors and/or actuators; receive data IN from one or more external data sources; determine one or more digital signatures (responses) from the statistical properties and the selected external data. In one embodiment, along a response R when challenged by a challenge C, the circuit is configured to receive data IN and/or to communicate data OUT from one or more external data sources. Developments describe uses and advantages of data IN and data OUT channels, e.g. static or dynamic calibration, options to disable the circuit. Other embodiments consider variants of interconnections of two CSPUF circuits, providing “self-cycled”, “iterative”, “cascaded” and other “blockchain” arrangements.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H03K 19/003 - Modifications for increasing the reliability
21.
Methods and devices for hardware characterization of computing devices
A machine characterization device for determining one or more machine characterization parameters of a computing device depending on a machine signature determined from sets of timing measurements associated with at least one machine characterization instruction executed by one or more processors comprised in the computing device using at least two machine configurations. A machine configuration comprises a sequence of two or more machine configuration instructions defining an order of execution of one or more instructions by the one or more processors.
A device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation includes the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders, each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder. The device is configured to apply a mask to each operand component input of at least some of the elementary adders using a masking logical operation, the mask being a random number.
G06F 7/508 - AddingSubtracting in bit-parallel fashion, i.e. having a different digit-handling circuit for each denomination with simultaneous carry generation for, or propagation over, two or more stages using carry look-ahead circuits
There is provided a device of protecting an Integrated Circuit from perturbation attacks. The device includes a sensing unit configured to detect a perturbation attack, the sensing unit comprising a set of digital sensors comprising at least two sensors, the sensors being arranged in parallel. Each digital sensor provides a digitized bit output having a binary value, in response to input data, the sensing unit being configured to deliver at least one binary vector comprising a multi-bit value, the multi-bit value comprising at least two bit outputs provided by the set of digital sensors. The sensing device further comprising an analysis unit, the analysis unit being configured to receive at least one binary vector provided by the sensing unit, the analysis unit being configured to detect a perturbation attack from the at least one binary vector.
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
b in each starting group, at least one of the additional auxiliary base and of the additional scalar being derived from the result of the first elementary operation.
A circuit includes a cipher accessing a plurality of read-write memory units configured to handle data tables obtained from a modified mask; wherein the modified mask is being determined from an initial mask and a random value, the random value selecting one or more modifications of the initial mask amongst a plurality of predefined modifications including permutation operations. Developments of the invention describe the use of mathematically optimal or equivalent masks; the use of random values; a range of permutation operations comprising offset shifting and/or rotation and/or XOR operations and/or coprime construction; the use of round masks; the use of a Physically Unclonable Function; the refresh or update of modified masks and/or round masks; and verifications of the optimality and/or integrity of masks. System features (e.g. CPU, co-processor, local and/or remotely accessed external memory storing masks, volatile memory) and computer program products are described.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Embodiments of the invention provide a memory device (100) comprising a memory (1) comprising at least one chip (2), each chip (2) comprising one or more banks (10) for storing a plurality of bits, each bank (10) comprising a set of rows (13) and columns (14), each row and column comprising a number of bits, the device further comprising a controller (102) configured to generate access commands to the memory(1), an access command identifying an address corresponding to a given row of the memory (1) and a command operation to be performed on said given row, wherein the device further comprises a protection device. The protection device (3) is configured to transform an address, in response to the receipt of an access command identifying said address, into a transformed address. The protection device (3) uses an address storage data structure (30), such as a histogram, to store the transformed address depending on a frequency of access associated with the address, the address storage data structure being reset in response to a memory protection operation (refresh for example) performed in the memory device. The protection device (3) further comprises an access frequency manager (32) configured to determine whether the access frequency associated with an address maintained in the address storage data structure is greater or equal to a threshold, and if so trigger a memory protection operation in the memory (1) from within the memory.
Embodiments of the invention provide a device (100) for testing a bit sequence generated by a Random Number Generator (11), wherein the device is configured to apply one or more statistical tests (103) to the bit sequence, in response the detection of N bits generated by the Random number generator (11), each statistical test providing at least one sum value derived from the bits of the sequence, the testing device comprising: - a comparator for comparing at least one test parameter related to each statistical test to one or more thresholds; - a validation unit (105) configured to determine if the bit sequence is valid depending on the comparison made by the comparator for each statistical test; wherein at least one of the test parameter and the at least one threshold is determined from N and from a target error probability.
A device for detecting perturbation attacks performed on a digital circuit (1). The device comprises: - a first metallic layer (11) and a second metallic layer (13) arranged on the digital circuit (1), the first metal layer (11) comprising a plurality of signal transmission lines routed horizontally, the second metal layer (13) comprising a plurality of signal transmission lines routed vertically, the device comprising one or more transmitter buffers and one or more receiver buffers, a transmitter buffer and a receiver buffer being connected by each signal transmission line; - a random number generator (15) configured to generate random signal values; the device further comprising a transmitter manager (17) connected to one or more transmitter buffers and a receiver manager (19) connected to one or more receiver buffers, wherein: - the transmitter manager (17) is configured to transmit random signal values generated by the random number generator (15) over the signal transmission lines of the first metallic layer (11) and the second metallic layer (13), - the receiver manager (19) is configured to receive random signal values from the transmitter manager (17) through the one or more receiver buffers connected to the receiver manager (19), measure a transmission time corresponding to a time of transmission of the received random signal values, and compare the transmission time to a predefined timing interval to detect perturbation attacks.
A transmitter device (103) for sending an encrypted message to a receiver device (105) in an identity-based cryptosystem (100), the transmitter device (103) being associated with a transmitter identifier. The transmitter device (103) is configured to receive a transmitter partial private key from a trusted center (101), the transmitter device (103) being configured to: - send a request for two public session keys to the receiver device (105); - receive from the receiver device (105) a first ciphertext set, the first ciphertext set being derived from an encryption and authentication of two public session keys; - decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key; - determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, the second ciphertext comprising an encrypted message; - send the second ciphertext set to the receiver device (105).
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
30.
METHODS AND DEVICES FOR SECURED IDENTITY-BASED ENCRYPTION SYSTEMS WITH TWO TRUSTED CENTERS
A transmitter device (103) for sending an encrypted message to a receiver device (105) in an identity-based cryptosystem (100), the identity-based cryptosystem (100) comprising a transmitter trusted center (101) connected to the transmitter device (103) and a receiver trusted center (102) connected to the receiver device (105). The transmitter device (103) is configured to: - receive, from the transmitter trusted center (101), two public authentication keys; - check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; - determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; - send the ciphertext set to the receiver device (105).
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
31.
CIRCUIT CONFIGURED TO MONITOR A SENSITIVE PAYLOAD FOR ATTACK DETECTION
Embodiments provides a circuit for monitoring a circuit payload, comprising: a plurality of sensors distributed in said circuit, next to the predefined circuit payload; one or more memory units associated with said one or more sensors configured to store sensors' measures made by said one or more associated sensors, every p clock cycles; wherein said circuit is configured to read the sensors' measures stored in at least some of the memory units. Embodiments comprise the use of digital sensors, or analogical sensors coupled with digital converters; the use of FIFO type memory units, adjustments of the depths of the memory units; the use of Finite State Machines configured to cause the circuit to receive sensors' measures; the use of data obfuscation and/or reduction modules; the use of a signature circuit, the use of circuits configured to determine one or more attacks from said sensors' measures.
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
32.
METHODS AND DEVICES FOR SECURE SECRET KEY GENERATION
There is provided a cryptographic key determination device (13) for determining one or more cryptographic keys in a cryptographic device (1), the cryptographic device (1) being configured to execute one or more test programs, the cryptographic device (1) comprising one or more components (11-i), each component (11-i) being configured to generate static and dynamic data, the dynamic data being generated in response to the execution of the one or more test programs, wherein the cryptographic key determination device (13) comprises: - a data extraction unit (131) configured to extract at least one part of the static data and at least one part of the dynamic data generated by the one or more components (11-i), and - a key generator (132) configured to combine the at least one part of static data and the at least one part of dynamic data, and to determine the one or more cryptographic keys by applying a cryptographic function to the combined data.
There is provided a device (13) for protecting a cryptographic program implemented in a cryptographic computing device (11), the cryptographic computing device (11) comprising one or more processors (111), the cryptographic program comprising instructions and being associated with an initial execution order of the instructions. The device (13) comprises a compiler (131) to compile the cryptographic program, which provides an intermediate representation of the cryptographic program comprising instructions and variables used to execute the instructions. The device (13) is configured to: - determine a graph of dependencies comprising nodes and edges, each node of the graph representing an instruction of the intermediary representation, and each edge of the graph representing a variable of the intermediary representation; - mask the graph of dependencies by replacing each variable of the graph of dependencies with a masked variable, the processing unit (133) determining the masked variable by applying a masking scheme to the variable, which provides a masked graph of dependencies; - determine at least a set of independent instructions using the masked graph of dependencies; - determine an execution order for each set of independent instructions from the initial execution order, the execution order representing the order of execution of the set of independent instructions by at least one of the one or more processors.
A circuit for a Synthetic Physically Unclonable Function, acronym SPUF, in a computer device, wherein the circuit is configured to receive data from a plurality of hardware sensors and/or actuators accessible in the computer device; to determine deviations in the data; to determine a multivariate distribution of the deviations and to determine an identifier from the multivariate distribution. In described developments, deviations comprise random errors, statistical moments in data originating from sensors and/or actuators amongst accessible ones in the computer device can be selected, and entropy can be maximized. Computer program product embodiments are described.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
There is disclosed a Connected Synthetic Physically Unclonable Function (acronym CSPUF) made of a circuit configured to receive signals of one or more sensors and/or actuators in/of a computer device; determine one or more statistical properties of the noise distribution of said selected one or more of said sensors and/or actuators; receive data IN from one or more external data sources; determine one or more digital signatures (responses) from said statistical properties and said selected external data. In one embodiment, along a response R when challenged by a challenge C, the circuit is configured to receive data IN and/or to communicate data OUT from one or more external data sources. Developments describe uses and advantages of data IN and data OUT channels, e.g. static or dynamic calibration, options to disable the circuit. Other embodiments consider variants of interconnections of two CSPUF circuits, providing "self-cycled", "iterative", "cascaded" and other "blockchain" arrangements.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
36.
TWEAKABLE BLOCK CIPHERS FOR SECURE DATA ENCRYPTION
A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: - a combinatorial function unit (82-j) associated with each plaintext block (Pj), the combinatorial function unit (82-j) being configured to determine a tweak block value (7)) by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, - a first masking unit (83-j) in association with each plaintext block (Py), the first masking unit (83-j) being configured to determine a masked value by applying a data masking algorithm to the tweak block value (7)) determined by the combinatorial function unit (82-y) associated with the plaintext block.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
37.
IMPROVED DETECTION OF LASER FAULT INJECTION ATTACKS ON CRYPTOGRAPHIC DEVICES
The invention relates to countermeasures against fault injection attacks of a cryptographic integrated circuit, and more specifically laser fault injection attacks. The invention consists in generating sequences of bits belonging to a set of allowed sequences, and storing these sequences on a set of Flip-Flops. Then the sequences stored on the Flip-Flops are checked and, if they do not belong to the allowed sequence, this is the sign that a fault injection attack occurred and caused a bit flip in one of the flip-flops. An alarm signal is then generated.
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/77 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
38.
METHODS AND DEVICES FOR HARDWARE CHARACTERIZATION OF COMPUTING DEVICES
A machine characterization device (13) for determining one or more machine characterization parameters of a computing device (11) depending on a machine signature determined from sets of timing measurements associated with at least one machine characterization instruction executed by one or more processors (111) comprised in the computing device (11) using at least two machine configurations. A machine configuration comprises a sequence of two or more machine configuration instructions defining an order of execution of one or more instructions by the one or more processors (111).
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
There is provided a System on Chip comprising at least two hardware masters, a security circuit, and a communication infrastructure for communication between the hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol. Each hardware master is configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service. The security circuit may comprise a Secure Mailbox comprising a filter configured to filter the requests received from the hardware masters, the filter being configured to determine at least one indicator bit, in response to the receipt of a request from a hardware master, using at least a part of an identifier associated with the master, the indicator bit indicating whether the master is allowed access to the Security circuit, the identifier being an hardware identifier received with the request through the communication protocol, the filter filtering the requests based on the bit indicators determined for each request. The security circuit is further configured to execute the filtered requests.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
There is provided a device of protecting an Integrated Circuit from perturbation attacks. The device comprises a sensing unit (30) configured to detect a perturbation attack, the sensing unit comprising a set of digital sensors comprising at least two sensors, the sensors being arranged in parallel. Each digital sensor provides a digitized bit output having a binary value, in response to input data, the sensing unit being configured to deliver at least one binary vector comprising a multi-bit value, the multi-bit value comprising at least two bit outputs provided by the set of digital sensors. The sensing device (3) further comprising an analysis unit (31), the analysis unit being configured to receive at least one binary vector provided by the sensing unit (30), the analysis unit being configured to detect a perturbation attack from the at least one binary vector.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/55 - Detecting local intrusion or implementing counter-measures
H01L 23/00 - Details of semiconductor or other solid state devices
G01R 31/28 - Testing of electronic circuits, e.g. by signal tracer
There is provided a device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation comprising the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders (10), each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder. The device is configured to apply a mask to each operand component input of at least some of the elementary adders using a masking logical operation, the mask being a random number.
aaa) being determined from the auxiliary element (x) and from the main scalar (d). The device further performs a second elementary operation in each starting group (E), the second elementary operation consisting in executing said modular operation between an additional auxiliary base and an additional auxiliary scalar (d'b) in each starting group, at least one of the additional auxiliary base and of the additional scalar being derived from the result of the first elementary operation (612).
There is disclosed a circuit comprising a cipher accessing a plurality of read-write memory units configured to handle data tables obtained from a modified mask; wherein the modified mask is being determined from an initial mask and a random value, the random value selecting one or more modifications of the initial mask amongst a plurality of predefined modifications including permutation operations. Developments of the invention describe the use of mathematically optimal or equivalent masks; the use of random values; a range of permutation operations comprising offset shifting and/or rotation and/or XOR operations and/or coprime construction; the use of round masks; the use of a Physically Unclonable Function; the refresh or update of modified masks and/or round masks; and verifications of the optimality and/or integrity of masks. System features (e.g. CPU, co-processor, local and/or remotely accessed external memory storing masks, volatile memory) and computer program products are described.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
th statistical moment values of the two temporal distributions associated to the components obtained when challenging said subset under uniform conditions. Described developments comprise the use of imaging sensors, key or identifier generation, authentication mechanisms, determination of thresholds, use of helper data files, adjustments of light sources and/or beam shaping, handling of lossy compression and of videos.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04N 17/00 - Diagnosis, testing or measuring for television systems or their details
45.
Synthetic physically unclonable function derived from an imaging sensor
th order statistical moment of one sensor component being estimated on the temporal distribution associated to this sensor component. Developments describe in particular the use of imaging sensors, key generation, authentication, helper data files and the handling of videos.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04N 5/335 - Transforming light or analogous information into electric information using solid-state image sensors [SSIS]
H04N 5/361 - Noise processing, e.g. detecting, correcting, reducing or removing noise applied to dark current
Embodiments of the invention provide a computing device comprising one or more processors, each processor comprising one or more processing unit, said one or more processing units being configured to execute at least one program, each program comprising data and/or instructions, the computing device further comprising, for at least some of the processors, a processor cache associated with each processor,
the processor cache being configured to access data and/or instructions comprised in the programs executed by the processor, the computing device comprising:
a security verification unit configured to retrieve, from the auxiliary cache, at least a part of the metadata associated with data and/or instructions corresponding to a memory access request sent by a processor (11) to the processor cache (117).
G06F 12/14 - Protection against unauthorised use of memory
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 12/084 - Multiuser, multiprocessor or multiprocessing cache systems with a shared cache
G06F 21/79 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
47.
Device and method for detecting points of failures
determine if the derivative of the Boolean function associated with each sensitive functional block is equal to zero.
The detection device (100) is configured to detect that said n-tuple represents a Point Of Failure of order n in the integrated circuit (IC) device if the derivative of the Boolean function associated with said sensitive functional block is equal to zero.
There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 11/36 - Prevention of errors by analysis, debugging or testing of software
G06F 11/28 - Error detectionError correctionMonitoring by checking the correct order of processing
G06F 13/28 - Handling requests for interconnection or transfer for access to input/output bus using burst mode transfer, e.g. direct memory access, cycle steal
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
50.
System and method for generating secret information using a high reliability physically unclonable function
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
a secret information generator (3) configured to generate a secret key comprising at least one bit during a usage phase, each bit of the key being generated by applying a challenge among the set of challenges, the secret information generator (3) being configured to determine each bit of the key from the helper data bit corresponding to the applied challenge, and from the physical variable difference provided by the PUF in response to the applied challenge.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
There is disclosed a circuit for a Synthetic Physically Unclonable Function, acronym SPUF, in a computer device, wherein the circuit is configured to receive data from a plurality of hardware sensors and/or actuators accessible in said computer device; to determine deviations in said data; to determine a multivariate distribution of said deviations and to determine an identifier from said multivariate distribution. In described developments, deviations comprise random errors, statistical moments in data originating from sensors and/or actuators amongst accessible ones in the computer device can be selected, and entropy can be maximized. Computer program product embodiments are described.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
G01P 15/13 - Measuring accelerationMeasuring decelerationMeasuring shock, i.e. sudden change of acceleration by making use of inertia forces with conversion into electric or magnetic values by measuring the force required to restore a proofmass subjected to inertial forces to a null position
53.
Embedded test circuit for physically unclonable function
There is disclosed a silicon integrated circuit comprising a Physically Unclonable Function and an online or embedded test circuit, said online test circuit comprising one or more circuit parts being physically adjacent to said PUF and said one or more circuits embodying one or more tests which can be performed to determine one or more quality properties of said PUF or otherwise characterize it. Different tests with specific associated method steps are described.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
There is disclosed a system for monitoring the security of a target system (110) with a circuit (120), the target system (110) comprising at least one processor (111) and wherein: the circuit (120) comprises a finite-state machine (122) configured to receive data from one or more sensors (130) distributed in the target system (110), at least one sensor (1303) being located on the processor (111) of the target system (110); the finite-state machine (122) is configured to determine a state output in response to data received from sensors (130); the system monitoring the security based on said state output. Developments describe the use of a self-alarm mechanism comprising an encoder to encode states with redundancy, the application of an error correction code, comparisons with predefined valid encoded states, the triggering of an alarm to the processor, the determination of actions and/or retroactions on sensors and/or diagnostics and countermeasures.
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
G06F 11/10 - Adding special bits or symbols to the coded information, e.g. parity check, casting out nines or elevens
A method for executing an operation by a circuit, may include executing a first operation to process an input data, the circuit generating during the execution of the first operation a first signal, and executing in the circuit a second operation receiving the input data and configured to add to the first signal, between first and second instants during the execution of the first operation, a continuous second signal. A combination of the first and second signal forming a resultant signal in which the second signal may be indistinctly measurable with the first signal from outside of the circuit. The second signal and the resultant signal varying as a function of the input data.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
A method for executing, by a circuit, an operation combining first and second input data and providing an output data of the same size, may include generating from the first input data a first input set including all possible data in relation to a size of the first data, generating from the second input data a second input set including all possible data in relation to a size of the second data, and applying the operation to each pair of data including a data of the first input set and a data of the second input set, an output set of the operation including data resulting from the application of the operation to each of the pairs of data.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
57.
Method for protecting substitution operation against side-channel analysis
A method for executing an operation by a circuit, may include using a first mask set of mask parameters including a same number of occurrences of all possible values of a word of an input data in relation to a size thereof, using an input set including for each mask parameter in the first mask set a data obtained by applying XOR operations to the input data and to the mask parameter and providing an output set including all data resulting from the application of the operation to a data in the input set. The output data may be obtained by applying XOR operations to any of the data in the output set and to a respective second mask parameter in a second mask set including a same number of occurrences of all possible values of the second mask parameters in relation to a size of thereof.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
A method for executing by a circuit a substitution operation such that an output data may be selected in a substitution table using an input data as an index. The substitution operation may be performed using a new masked substitution table. The input data may be combined by XOR operations with a new value of a first mask parameter, and the output data may be combined by XOR operations with a new value of a second mask parameter. The new masked substitution table may be generated by computing the new value of the first mask parameter by applying XOR operations to a previous value of the first mask parameter and to a first input mask, computing the new value of the second mask parameter by applying XOR operations to a previous value of the second mask parameter and to a second input mask, and generating the new masked substitution table using a previous masked substitution table and the first and second input masks.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
A method for executing an operation whereby a first input data, may be combined with a second input data, may include: defining data pairs whereby each data of a first input set is associated with a respective data of a second input set, the data in the first and second input sets may be obtained by applying Exclusive OR (XOR) operations to the first and second input data and to all first and second mask parameters of first and second mask sets; and computing output data by applying the operation to each of the data pairs, to obtain an output set, the first and second mask sets being such that a combination by XOR operations of each pairs of corresponding first and second mask parameters may produce a third mask set, where each mask sets may include a word column having a same number of occurrences of all possible values of the words.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
60.
Methods and devices against a side-channel analysis
A method for executing by a circuit a bit permutation operation by which bits of an input data are mixed to obtain an output data including at least two words, may include: generating a mask set including mask parameters, the mask set having one word column per word of the input data; generating an input set by combining the input data with each mask parameter of the mask set by Exclusive OR (XOR) operations; and computing an output set including output data resulting from the application of the bit permutation operation to each data in the input set, where the mask set may be generated such that the output set includes columns of output words, and each word column of the mask set an the output set including a same number of occurrences of all possible values of one input data word and respectively one output word.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
61.
Device and method for testing a physically unclonable function
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
G06F 11/263 - Generation of test inputs, e.g. test vectors, patterns or sequences
62.
Method of protecting a circuit against a side-channel analysis
In a general aspect, a method for executing a target operation combining a first input data with a second input data, and providing an output data can include generating at least two pairs of input words each comprising a first input word and a second input word and applying to each pair of input words a same derived operation providing an output word including a part of the output data resulting from the application of the target operation to first and second input data parts present in the pair of input words, and a binary one's complement of the output data part.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
any operation of reading the variable x in the circuit is substituted with an operation of reading the value of the protected variable z and an operation of decoding said read value of the protected variable z using a decoding matrix J of size (n×k) determined from the binary code C and the supplementary code D of the binary code C.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G06F 11/22 - Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 11/263 - Generation of test inputs, e.g. test vectors, patterns or sequences
64.
Method and system for protecting a cryptographic operation
There is provided a device or a method for executing an operation of a cryptographic scheme, the operation being applied to a given state of a data block of original data, the operation being defined in a basis ring corresponding to the quotient of a starting ring by a basis ideal generated by at least one element of the starting ring. The operation is executed from a state derived from the current state of the data block, in at least one reference ring, which provides a reference value for each reference ring, each reference ring being the quotient of the starting ring by a reference ideal. The operation is executed from the state derived from the current state of the data block in at least one extended ring corresponding to one or more reference rings, which provides at least one extension value for each extended ring, each extended ring corresponding to one or more reference ring being the quotient of the starting ring by the product of the basis ideal and of the reference ideals of the one or more corresponding reference rings.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
65.
System and method for protecting an integrated circuit (IC) device
Embodiments of the invention provide a system for protecting an integrated circuit (IC) device from attacks, the IC device (100) comprising a substrate (102) having a front surface (20) and a back surface (21), the IC device further comprising a front side part (101) arranged on the front surface of the substrate (102) and stacked layers, at least one of said layers comprising a data layer comprising wire carrying data, the front side part having a front surface (13). The system comprises an internal shield (12) arranged in a layer located below said data layer and a verification circuit configured to check the integrity of at least one portion of the internal shield.
H01L 21/00 - Processes or apparatus specially adapted for the manufacture or treatment of semiconductor or solid-state devices, or of parts thereof
H01L 23/48 - Arrangements for conducting electric current to or from the solid state body in operation, e.g. leads or terminal arrangements
H01L 23/00 - Details of semiconductor or other solid state devices
H01L 23/522 - Arrangements for conducting electric current within the device in operation from one component to another including external interconnections consisting of a multilayer structure of conductive and insulating layers inseparably formed on the semiconductor body
H01L 27/32 - Devices consisting of a plurality of semiconductor or other solid-state components formed in or on a common substrate including components using organic materials as the active part, or using a combination of organic materials with other materials as the active part with components specially adapted for light emission, e.g. flat-panel displays using organic light-emitting diodes
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
a modular reduction unit configured to reduce a quantity derived from the multiplier output by the product of an extended modulus and an integer coefficient, the extended modulus being the product of the given modulus with an extension parameter, which provides a reduction output, the reduction output being a positive integer strictly smaller than the extended modulus, wherein the modular multiplication device further comprises a selection unit configured to select the extension parameter such that the time taken for the device to perform the multiplication is independent from the multiplicands.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 7/72 - Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radixComputing devices using combinations of denominational and non-denominational quantity representations using residue arithmetic
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
67.
Countermeasure method for an electronic component implementing an elliptic curve cryptography algorithm
different from one; a step (501) of initializing the coordinates of the at least one critical point to a predefined value; a step (502) implementing the scalar multiplication operation, the coordinates associated with at least one critical point being modified at each iteration by multiplying at least one of the coordinates of this point by the at least one power of the element c obtained in the providing step (500).
There is provided a calibration device for calibrating a digital sensor (3), said digital sensor being configured to protest a target digital circuit (30) fed by a clock signal having a clock period by triggering an alarm depending on a condition between said clock signal and an optimal alarm threshold, said optimal alarm threshold being determined by minimizing a quantity depending on the probability of occurrence of false positives and on the probability of occurrence of false negatives.
According to the invention, there is provided a computer implemented method for controlling dynamically the execution of a code by a processing system, said execution being described by a control flow graph comprising a plurality of basic blocks composed of at least an input node and an output node, a transition in the control flow graph corresponding to a link between an output node of origin belonging to a first basic block and an input node of a second basic block, a plurality of initialization vectors being associated to the output nodes at the time of generating the code, an a priori control word being associated to each input node which is linked to the same output node of origin according the control flow graph, said a priori control word being precomputed at the time of generating the code by applying a predefined deterministic function F to the initialization vector associated to its output node of origin, the following steps being applied once the execution of the output node belonging to a first basic block is terminated and at the time of executing the input node of a second basic block: providing (300) the a priori control word associated to the input node of the second basic block; providing (301) the initialization vector associated to the output node of the first basic block; determining (302) an a posteriori control word by applying to the provided initialization vector the same function F which has been used for generating the a priori control word; determining (303, 304) if the a priori control word matches with the a posteriori control word, a forbidden transition in respect to the control flow graph being otherwise detected (305).
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
There is disclosed a silicon integrated circuit comprising a Physically Unclonable Function and an online or embedded test circuit, said online test circuit comprising one or more circuit parts being physically adjacent to said PUF and said one or more circuits embodying one or more tests which can be performed to determine one or more quality properties of said PUF or otherwise characterize it. Different tests with specific associated method steps are described.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
The invention proposes a method of protection of a Boolean circuit associated with a structural description of the circuit comprising elementary Boolean variables, each represented by one bit, the method comprising the steps consisting in: - selecting a set of k elementary Boolean variables of the circuit as a function of predefined selection criteria, - constructing a variable x represented by k bits by concatenation of the k selected variables in accordance with a chosen order, - determining a binary code C comprising a set of code words and belonging to a given vector space and the supplementary code D of said binary code C as a function of a condition bearing on the dual distance of said supplementary code D, said binary code C having a length n and a size 2k, where k designates the number of bits representing said variable x; - substituting the variable x in the structural description of the Boolean circuit with a protected variable z represented by n bits so that: - any operation of writing on the variable x in the circuit is substituted with an operation of writing on the variable z, the variable z being generated by adding the variable x encoded by said code C to a random bit vector y encoded by the supplementary code D, and - any operation of reading the variable x in the circuit is substituted with an operation of reading the value of the protected variable z and an operation of decoding said read value of the protected variable z using a decoding matrix J of size (n x k) determined from the binary code C and the supplementary code D of the binary code C.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
72.
DEVICE AND METHOD FOR CALIBRATING A DIGITAL SENSOR
There is provided a calibration device for calibrating a digital sensor (3), said digital sensor being configured to protect a target digital circuit (30) fed by a clock signal having a clock period by triggering an alarm depending on a condition between said clock signal and an optimal alarm threshold, said optimal alarm threshold being determined by minimizing a quantity depending on the probability of occurrence of false positives and on the probability of occurrence of false negatives.
According to the invention, there is provided a computer implemented method for controlling dynamically the execution of a code by a processing system, said execution being described by a control flow graph comprising a plurality of basic blocks composed of at least an input node and an output node, a transition in the control flow graph corresponding to a link between an output node of origin belonging to a first basic block and an input node of a second basic block, a plurality of initialization vectors being associated to the output nodes at the time of generating the code, an a priori control word being associated to each input node which is linked to the same output node of origin according the control flow graph, said a priori control word being precomputed at the time of generating the code by applying a predefined deterministic function F to the initialization vector associated to its output node of origin, the following steps being applied once the execution of the output node belonging to a first basic block is terminated and at the time of executing the input node of a second basic block: providing (300) the a priori control word associated to the input node of the second basic block; providing (301) the initialization vector associated to the output node of the first basic block; determining (302) an a posteriori control word by applying to the provided initialization vector the same function F which has been used for generating the a priori control word; determining (303, 304) if the a priori control word matches with the a posteriori control word, a forbidden transition in respect to the control flow graph being otherwise detected (305).
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
74.
COUNTERMEASURE METHOD FOR AN ELECTRONIC COMPONENT IMPLEMENTING AN ELLIPTIC CURVE CRYPTOGRAPHY ALGORITHM
The subject of the invention is a countermeasure method for an electronic component implementing a public-key elliptic curve cryptography algorithm the elliptic curve E of which is defined over a body K, said method comprising an iterative scalar multiplication operation allowing a point [k]P to be obtained from a point P on the curve E and an integer k that must be kept secret, the electrical power consumption of the electronic component depending on the value taken by at least one point, which is said to be critical, used in said operation for iteratively determining the point [k]P. The method comprises: a step (500) of providing at least one power of an element c of K, which element is preset, constant, nonzero and different from one; a step of initialising (501) coordinates of at least one critical point to a preset value; and a step of implementing the operation of scalar multiplication (502), the coordinates associated with at least one critical point being modified in each iteration by multiplying at least one of the coordinates of this point by the at least one power of the element c obtained in the providing step (500).
A silicon integrated circuit includes a physically non-copyable function LPUF that generates a signature specific to the circuit. The function includes a ring oscillator composed of a loop traversed by a signal. The loop is formed of N topologically identical chains of lags connected in series and an inversion gate, a chain of lags being composed of M delay elements connected in series. The function also includes a control module generating N control words being used to configure the value of the delays introduced by the chains of lags on the signal traversing them. A measurement module measures the frequency of the signal at the output of the last chain of lags after updating the control words, and the control module can deduce from the frequency measurements the bits making up the signature of the circuit. A method and a system for testing such circuits are also provided.
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
t before being stored in the mask register M. The transformation consists of a bijection or a composition law making it possible to reduce or indeed to cancel any high-order attack in accordance with a model of activity of the registers R and M. Cryptography circuits are protected against high-order observation attacks on installations based on masking.
The present invention relates to a method for testing cryptography circuits. It also relates to a secure cryptography circuit capable of being tested. The cryptography circuit includes registers and logic gates, and a test thereof performs a differential power analysis on the registers of the circuit. A cryptography circuit being secure and including a first half-circuit associated with a second half-circuit operating in complementary logic, the electric power supply of the first half-circuit is separated from the electric power supply of the second half-circuit, the differential power analysis being carried out in parallel on each half-circuit, the two power supplies being combined into one and the same electric power supply after the test.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
78.
CRYPTOGRAPHY CIRCUIT PARTICULARLY PROTECTED AGAINST INFORMATION-LEAK OBSERVATION ATTACKS BY THE CIPHERING THEREOF
The present invention relates to a cryptography circuit, protected notably against information-leak observation attacks. The cryptography circuit (21) comprises a functional key k c for executing a cryptography algorithm. It comprises a second key k i unique and specific to the circuit making it possible to protect by masking the functional and confidential key k c or a confidential implementation of the algorithm.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
79.
INTEGRATED SILICON CIRCUIT COMPRISING A PHYSICALLY NON-REPRODUCIBLE FUNCTION, AND METHOD AND SYSTEM FOR TESTING SUCH A CIRCUIT
The subject of the invention is a silicon integrated circuit comprising a physically non-copyable function LPUF allowing the generation of a signature specific to said circuit. Said function comprises a ring oscillator composed of a loop (502) traversed by a signal e, said loop being formed of N topologically identical chains of lags (500, 501), connected to one another in series and of an inversion gate (503), a chain of lags (500, 501) being composed of M delay elements (506, 507) connected to one another in series. The function also comprises a control module (505) generating N control words (C1, C2), said words being used to configure the value of the delays introduced by the chains of lags on the signal e traversing them. A measurement module (504) measures the frequency of the signal at the output of the last chain of lags (501) after the updating of the control words, and means make it possible to deduce from the frequency measurements the bits making up the signature of the circuit. The subjects of the invention are also a method and a system for testing such circuits.
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
80.
METHOD FOR TESTING CRYPTOGRAPHIC CIRCUITS, SECURED CRYPTOGRAPHIC CIRCUIT CAPABLE OF BEING TESTED, AND METHOD FOR WIRING SUCH CIRCUIT
The present invention relates to a method for testing cryptography circuits. It also relates to a secure cryptography circuit capable of being tested. The cryptography circuit comprising registers and logic gates (211, 212, 213, 214), a test according to the invention performs a differential power analysis
(DPA) on the registers of the circuit. A cryptography circuit being secure and comprising a first half-circuit (211, 214) associated with a second half-circuit (212, 213) operating in complementary logic, the electric power supply (Vdd1, 23, 25) of the first half- circuit is separated from the electric power supply (Vdd2, 24) of the second half-circuit, the differential power analysis being carried out in parallel on
each half-circuit, the two power supplies being combined into one and the same electric power supply after the test.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
81.
METHOD FOR PROTECTING A PROGRAMMABLE CRYPTOGRAPHY CIRCUIT, AND CIRCUIT PROTECTED BY SAID METHOD
The present invention relates to a method for protecting a programmable cryptography circuit and to a protected circuit. The circuit is composed of memory-based cells defining the logic function of each cell, integrating a differential network capable of carrying out calculations on pairs of binary variables. A calculation step comprises at least one precharge phase, in which the variables are put into a known state at the output of the cells, followed by an evaluation phase in which a calculation is made by the cells. A phase of synchronizing the variables is inserted before the evaluation phase or the precharge phase in each cell capable of receiving several signals conveying input variables, the synchronization being carried out on the most delayed signal. The invention applies notably for protecting this type of circuit against differential power analysis attacks.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
82.
CRYPTOGRAPHY CIRCUIT PROTECTED AGAINST OBSERVATION ATTACKS, IN PARTICULAR OF A HIGH ORDER
The present invention relates to a cryptography circuit protected against observation attacks. The cryptography circuit comprises at least one register R (22) providing a variable x masked by the mask m, the masked variable being encrypted by a first substitution box S(1) in a cyclic manner. The circuit also comprises a
mask register M (23) delivering at each cycle a mask m 1, the transformation of m, the mask m being extracted from m1 before being encrypted by a second substitution box S' (21), the new mask m' obtained on output from this box S' (21) is transformed into a mask m'1 before being stored in the mask register M(23) The transformation consists of a bijection or a composition law making it possible to reduce or indeed to cancel any high-order attack in accordance with a model of activity of the registers R and M. The invention applies notably for the protection of cryptography circuits against high-order observation attacks on installations based on masking.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
