Abstract: Technologies for protecting a secure context in a hardware root of trust (ROT) are described. One hardware ROT includes key generation logic and a cryptographic circuit. The key generation logic generates a first key from a value, corresponding to a physical variation of the hardware ROT, and first helper data associated with the physical variation of the hardware ROT. The key generation logic generates a second key from the value and second helper data associated with the physical variation of the hardware ROT. The cryptographic circuit receives a first encrypted secure context from off-chip storage and decrypts the first encrypted secure context using the first key to obtain a secure context. The cryptographic circuit encrypts the secure context using the second key to obtain a second encrypted secure context and stores the second encrypted secure context in the off-chip storage.

Abstract: Systems and techniques for cryptographically protecting data in a computer memory are disclosed. The techniques include dividing the data into a first portion and a second portion, encrypting the first portion of the data to create a first stored form of the data, encrypting the second portion of the data, and storing, in the computer memory, the first stored form of the data and a second stored form of the data. The techniques include, to encrypt the second portion, calculating a hash based on the first stored form of the data, applying a first pseudorandom function to the hash to obtain a bit sequence, and combining the bit sequence with the second portion of the data to obtain the second stored form of the data.

Abstract: Aspects and implementations include systems and techniques for encryption and decryption of error-corrected codewords for combined protection against corruption of data and adversarial attacks, including obtaining a block of data that has a first plurality of symbols, generating, based on the first plurality of symbols, a second plurality of symbols, wherein the second plurality of symbols includes one or more error correction symbols for the first plurality of symbols, encrypting the second plurality of symbols using a set of symbol-level ciphers (SLCs) to obtain an encrypted plurality of symbols, and using the encrypted plurality of symbols in a computer operation.

Abstract: Technologies for generating an M-bit selection vector for a selector circuit that receives as input M binary values from a set of entropy-generation elements and outputs N binary values responsive to the M-bit selection vector are described. N bits in the M-bit selection vector are set to a first logic state, and M-N bits of the M-bit selection vector are set to a second logic state. A determination of which N bits in the M-bit selection vector are set to the first logic state is determined by a process. The process includes determining an accumulated Hamming weight value for M bit positions of the M-bit selection vector using K samples and identifying N bit positions in the M-bit selection vector using the accumulated Hamming weight values. The process sets the N bits corresponding to the N bit positions in the M-bit selection vector to the first logic state.

Abstract: A multi-domain masked AND gate includes inner-domain calculations, re-sharing, register stage, cross-domain calculations, and compression. The inner-domain multiplication and the re-sharing are calculated prior to storing the re-shared variables in the register stage. Thus, the inputs to the cross-domain multiplication and the compression are performed on variables that have been refreshed by additional randomness. This AND gate does not need statistically independent inputs, is secure in the probing model even in the presence of glitches, also known as the robust probing model. A two-domain input and two domain output AND gate can be implemented using six (6) registers, four (4) two input logical AND gates, and eight (8) exclusive-OR (XOR) gates. The AND gate may also be used to implement an AES S-box that has two (2) register stages and takes two (2) clock cycles per computation.

Abstract: Described are implementations directed to protecting secret data against adversarial attacks by obfuscating the secret data during storage and communication. Obfuscation techniques include, among other things, splitting secret data into a plurality of portions, performing rotation of secret data, splitting secret data into a plurality of shares, modifying shares of secret data in view of the values of the shares, and various other protection mechanisms.

Abstract: An identity token may be received and a service associated with the identity token may be identified. A request may be provided to the service based on the identity token. In response to providing the request, additional information from the service associated with the identity token may be received. The identity token may be modified with the additional information.

Abstract: Systems and methods for efficient computation of bivariate statistical moments. An example method comprises: determining exponents characterizing a bivariate mean value referenced by a definition of a statistical moment to be computed; receiving an input data set representing a plurality of observed values of one or more variables, the input data including a plurality of traces, each trace of the plurality of traces including a plurality of sample points; generating an initial matrix comprising combinations of pre-determined degrees of the sample points; producing an intermediate result matrix represented by a product of multiplying a transpose of the initial matrix by the initial matrix; retrieving an element of the intermediate result matrix, wherein indices of the element are defined based on the exponents; and using the retrieved element of the intermediate result matrix to compute the statistical moment.

Abstract: Disclosed systems and techniques involve low-latency multi-key encryption processing in which block keys are precomputed based on multiple cryptographic keys, stored, and then selected for encryption or decryption of data during run-time cryptographic operations. The block keys may be precomputed, for each cryptographic key, in such quantities that allow uninterrupted flow of encryption or decryption operations. Replacement block keys may be concurrently generated to replace the blocks being consumed and authentication values may be computed or updated. Various described techniques allow parallel processing for efficient low-latency block key generation and cryptographic operations.

Abstract: A request, from a tester device, to generate a secure data asset to be securely provisioned to a target device is received by an appliance cluster. The request includes an authorization token. Responsive to receiving the request, one or more verification operations to determine whether the tester device is authorized to request the generation of the secure data asset is performed based on the authorization token. Responsive to determining that the tester device is authorized to request the generation of the secure data asset, a generation of the secure data asset by a hardware security module (HSM) is caused. The generated secure data asset is sent to the tester device in response to the request to generate the secure data asset.

Abstract: Aspects of the present disclosure involve a method and a system to perform the method to obtain a cryptographic output of a plurality of rounds of a cipher, by performing a plurality of modified rounds of the cipher, each of the modified rounds computing an unmasking transform, an operation of a respective round of the cipher, and a masking transform, the unmasking transform being an inverse of the masking transform of a previous round of the cipher.

Abstract: A request to perform a memory operation addressed to a first address corresponding to a first logical unit of logical units of a memory is received. Address mask data that corresponds to the logical units is identified. Multiple transformed addresses are determined using the first address and the address mask data. The transformed addresses can include a target address corresponding to the first logical unit and additional addresses corresponding to other logical units. The memory operation is performed at the target address corresponding to the first logical unit and dummy memory operations are performed at the additional addresses corresponding to the additional logical units.

Abstract: A value corresponding to a physical variation of a device may be received. Furthermore, helper data associated with the physical variation of the device may be received. A result data may be generated based on a combination of the value corresponding to the physical variation of the device and the helper data. An error correction operation may be performed on the result data to identify one or more code words associated with the error correction operation. Subsequently, a target data may be generated based on the one or more code words.

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

Abstract: Systems and methods for protecting cryptographic keys stored in a non-volatile memory. An example method may comprise: storing a device root key in a non-volatile memory; storing a volatile key in a volatile memory; storing a masked cryptographic key in the non-volatile memory, wherein the masked cryptographic key is produced by combining a cryptographic key and the device root key; storing a masked device root key in the non-volatile memory, wherein the masked root key is produced by combining the device root key and the volatile key; and erasing the device root key from the non-volatile memory.

Abstract: A prover chip uses a key multiplier value generated by a proof-of-work function from a challenge value, a random number, and elliptic curve cryptography (ECC) techniques to generate a one-time (or ephemeral) use private key. Similarly, a verifier chip uses the key multiplier value generated by an equivalent proof-of-work function, a public key received from the prover, and ECC techniques to derive a one-time use public key that corresponds to the ephemeral private key generated by the prover chip. The prover chip uses the ephemeral private key to sign the second challenge value and send this signed second challenge value to the verifier chip. The verifier verifies the value it receives using the one-time use public key and if the signature on the second challenge value is valid, authenticates the prover chip to a system.

Abstract: Technologies for detecting and classifying errors detected in pipelined hardware are described. One device includes a hardware pipeline with a set of pipeline stages. Error detection logic can detect an error in the hardware pipeline, and control logic can classify the error in one of the multiple categories based on a type of the error, a position of the first data in a data stream that triggered the error, and a position of a pipeline stage in which the error is detected. The control logic can perform an error-response action based on the error classification of the error.

Abstract: Aspects of the present disclosure involve a method and a system to perform a cryptographic operation that involves a number theoretic transformation of a first vector to a second vector by obtaining components of the first vector, performing a plurality of iterations that each include determining a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values, the input values into a first iteration being the components of the first vector and the output values of the last iteration being representative of components of the second vector, and wherein one or more of the output values of at least one iteration are randomized by multiplying at least one input value by a random number, and determining, based on the output values of the last of the plurality of iterations, the components of the second vector.

Abstract: Described herein are technologies for application authentication and/or data encryption without stored pre-shared keys. In one resource controller, a processing device receives an application identifier (ID) from the application. The processing device provides a current nonce responsive to the application ID and provides the application access to the system resource responsive to determining that a hash of a current key received from the application equals a current tag. The current key is generated by the application based on code of the application and the current nonce. The current tag was previously provided from the application to the resource controller. The current tag can also be hashed by the application using the current key.

Abstract: A first device transmits a first message to a second device as part of a challenge-response protocol in order to authenticate the second device. A power limited power supply coupled to the second device limits power consumption by the second device during the second device's challenge-response protocol calculations. The first device measures a response time of the second device during the challenge-response protocol. The authentication of the second device is based on the response time of the second device while it has limited power consumption.