Abstract: In a general aspect, a GHASH semiconductor intellectual property (IP) core can include circuitry for calculating a GHASH function. The IP core can be configured to calculate the GHASH function by calculating the following quantities: X 0 = 0 ; X i + 1 = H k ? X i + ? j = 0 k - 1 ? ? n = 0 m - 1 ? C ki + j ? h ijn , where for any i and j; and ? n = 0 m - 1 ? h i ? j ? n = H j , where ? k > 1 ? and ? m > 1 .
Type:
Grant
Filed:
February 9, 2021
Date of Patent:
February 24, 2026
Assignee:
FORTIFYIQ, INC.
Inventors:
Ury Kreimer, Alexander Kesler, Yaacov Belenky, Vadim Bugaenko
Abstract: Techniques include replacing many of the functions used in finite-field-based arithmetic with lookup tables (LUTs) and combining such LUTs with redundancy-based protection. Advantageously, using LUTs makes it possible to dramatically decrease the redundancy level (e.g., from d=8 to d=3 or 4) and the power consumption and increase the maximal frequency, while preserving the same protection level, latency and performance. The improvement is applicable not only to AES, but also to other algorithms based on a finite field arithmetic, and in particular SM4, ARIA, and Camellia which use Sboxes very similar to or the same as the AES Sbox.
Type:
Grant
Filed:
September 5, 2023
Date of Patent:
September 2, 2025
Assignee:
FortifyIQ, Inc.
Inventors:
Ury Kreimer, Yaacov Belenky, Alexander Kesler
Abstract: In a general aspect, a method for testing vulnerability of a cryptographic function (CF) to a side-channel attack includes providing a plurality of input values to the function, where the CF, for each input value calculates a sum of the input value and a first value of the CF, and replaces a second value of the CF with the sum. The method further includes measuring a set of samples including a respective side-channel leakage sample for each input value. The method also includes iteratively performing a series of operations including splitting the set of samples into a plurality of subsets based on the input values, calculating a respective value for each subset based on samples of the subset, and comparing the respective values for different subsets to discover respective bit values of the first value and the second value from their least significant bits to most significant bits.
Type:
Grant
Filed:
February 23, 2023
Date of Patent:
March 4, 2025
Assignee:
FORTIFYIQ, INC.
Inventors:
Yaacov Belenky, Ury Kreimer, Alexander Kesler
Abstract: A method of improving performance of a data processor comprising: in a field of characteristic 2 computing XY by performing a series of: (i) multiplications of two different elements of the field; and (ii) raising an element of the field to a power Z wherein Z is a power of 2; wherein the number of multiplications (i) is at least two less than the number of ones (1s) in the binary representation of Y.
Type:
Grant
Filed:
July 11, 2022
Date of Patent:
October 29, 2024
Assignee:
FORTIFYIQ, INC.
Inventors:
Ury Kreimer, Alexander Kesler, Vadim Bugaenko, Yaacov Belenky
Abstract: A method for testing an HMAC implementation for vulnerability to a side-channel attack can include mounting a template attack. The attack can include generating, based on first side-channel leakage information associated with execution of a hash function of the HMAC implementation, a plurality of template tables. Each template table can correspond, respectively, with a subset of bit positions of an internal state of the hash function. The attack can further include generating, based on second side-channel leakage information, a plurality of hypotheses for an internal state of an invocation of the hash function based on a secret key. The method can further include generating, using the hash function, respective hash values generated from each of the plurality of hypotheses and a message. The method can also include comparing each of the respective hash values with a hash value generated using the secret key to determine vulnerability of the HMAC implementation.
Type:
Grant
Filed:
August 11, 2021
Date of Patent:
May 28, 2024
Assignee:
FortifyIQ, Inc.
Inventors:
Yaacov Belenky, Ury Kreimer, Alexander Kesler
Abstract: A semiconductor intellectual property (IP) core comprising a transformation engine designed and configured to represent each element of a field GF(28) using a polynomial of degree no higher than 7+d, where d>0 is a redundancy parameter. Also disclosed in the specification are several other IP cores and several different methods.
Type:
Grant
Filed:
January 16, 2020
Date of Patent:
August 16, 2022
Assignee:
FORTIFYIQ, INC.
Inventors:
Ury Kreimer, Alexander Kesler, Vadim Bugaenko, Yaacov Belenky