Abstract: Cryptographic methods and systems are described. Certain examples relate to performing cryptographic operations that involve a cryptographic permutation. The methods and systems may be used to provide cryptographic functions such as hashing, encryption, decryption and random number generation. In one example, a cryptographic architecture is provided. The cryptographic architecture has a processor interface comprising a set of cryptographic registers, where the processor interface is accessible by at least one processing unit. The cryptographic architecture also has a cryptographic permutation unit comprising circuitry to perform a cryptographic permutation using data stored within the set of cryptographic registers. In examples, the at least one processing unit instructs the cryptographic permutation and accesses a result of the cryptographic permutation using the processor interface.

Abstract: Certain examples described herein relate to at least a cryptographic system and a method of operating a cryptographic system. The cryptographic system may be implemented as a co-processor for performing post-quantum cryptographic functions. The cryptographic system has a set of bus interfaces for coupling to an external computing system, a cryptographic math unit and a control unit. The cryptographic math unit in certain examples is adapted to provide one or more masked modes of operation that secure the cryptographic operations against side-channel and non-invasive attacks. The method of operating a cryptographic system involves annotating secret data and tracking those annotations through one or more arithmetic operations.

Abstract: Disclosed herein are methods and systems for strengthening encryption schemes to side channel attacks. The strengthening of the encryption schemes can involve affine masking of one or more elements of the encryption schemes.

Abstract: Certain examples described herein relate to secure update propagation. The examples present systems and methods to transmit data in the form of updates over a network and to ensure the authenticity of the updates. The examples use a set-homomorphic digital signature scheme to sign updates such that a combined digital signature may be used to verify a batch of updates in place of a set of individual digital signatures. The combined digital signature may be generated by aggregating individual digital signatures.