Abstract: A device for detecting perturbation attacks performed on a digital circuit is provided.

Abstract: Embodiments provide a device for testing a bit sequence generated by a Random Number Generator, wherein the device is configured to apply one or more statistical tests to the bit sequence, in response the detection of N bits generated by the Random number generator, each statistical test providing at least one sum value derived from the bits of the sequence, the testing device comprising: a comparator for comparing at least one test parameter related to each statistical test to one or more thresholds; a validation unit configured to determine if the bit sequence is valid depending on the comparison made by the comparator for each statistical test; wherein at least one of the test parameter and the at least one threshold is determined from N and from a target error probability.

Abstract: There is provided a device for protecting a cryptographic program implemented in a cryptographic computing device, the cryptographic computing device includes one or more processors, the cryptographic program comprising instructions and being associated with an initial execution order of the instructions. The device comprises a compiler to compile the cryptographic program, which provides an intermediate representation of the cryptographic program comprising instructions and variables used to execute the instructions.

Abstract: There is provided a device of protecting an Integrated Circuit from perturbation attacks. The device includes a sensing unit configured to detect a perturbation attack, the sensing unit comprising a set of digital sensors comprising at least two sensors, the sensors being arranged in parallel. Each digital sensor provides a digitized bit output having a binary value, in response to input data, the sensing unit being configured to deliver at least one binary vector comprising a multi-bit value, the multi-bit value comprising at least two bit outputs provided by the set of digital sensors. The sensing device further comprising an analysis unit, the analysis unit being configured to receive at least one binary vector provided by the sensing unit, the analysis unit being configured to detect a perturbation attack from the at least one binary vector.

Abstract: A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the transmitter device being associated with a transmitter identifier. The transmitter device is configured to receive a transmitter partial private key from a trusted center, the transmitter device being configured to: send a request for two public session keys to the receiver device; receive from the receiver device a first ciphertext set, the first ciphertext set being derived from an encryption and authentication of two public session keys; decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key; determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, the second ciphertext comprising an encrypted message; send the second ciphertext set to the receiver device.

Abstract: There is provided a device for protecting the execution of a cryptographic operation from attacks, the cryptographic operation being implemented by a cryptographic algorithm, the cryptographic operation comprising at least one modular operation between a main base (m) representing a data block and at least one scalar (d) in at least one finite starting group. The device is configured to determine at least one intermediary group (E?) different from the at least one starting group (E), the number of intermediary groups being equal to the number of starting groups E. The device is further configured to determine at least one final group (E?) from the at least one starting group E and the at least one intermediary group E?. The base m being mapped to an auxiliary element (x) in the at least one intermediary group and to an auxiliary base (m?) in the at least one final group E?.

Abstract: A device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation includes the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders, each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder.

Abstract: A circuit includes a cipher accessing a plurality of read-write memory units configured to handle data tables obtained from a modified mask; wherein the modified mask is being determined from an initial mask and a random value, the random value selecting one or more modifications of the initial mask amongst a plurality of predefined modifications including permutation operations. Developments of the invention describe the use of mathematically optimal or equivalent masks; the use of random values; a range of permutation operations comprising offset shifting and/or rotation and/or XOR operations and/or coprime construction; the use of round masks; the use of a Physically Unclonable Function; the refresh or update of modified masks and/or round masks; and verifications of the optimality and/or integrity of masks. System features (e.g. CPU, co-processor, local and/or remotely accessed external memory storing masks, volatile memory) and computer program products are described.

Abstract: A System on Chip includes at least two hardware masters, a security circuit, and a communication infrastructure for communication between the hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol. Each hardware master is configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service.

Abstract: A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: a combinatorial function unit associated with each plaintext block, the combinatorial function unit being configured to determine a tweak block value by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, a first masking unit in association with each plaintext block, the first masking unit being configured to determine a masked value by applying a data masking algorithm to the tweak block value determined by the combinatorial function unit associated with the plaintext block.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: A machine characterization device for determining one or more machine characterization parameters of a computing device depending on a machine signature determined from sets of timing measurements associated with at least one machine characterization instruction executed by one or more processors comprised in the computing device using at least two machine configurations. A machine configuration comprises a sequence of two or more machine configuration instructions defining an order of execution of one or more instructions by the one or more processors.

Abstract: There is provided a cryptographic key determination device for determining one or more cryptographic keys in a cryptographic device, the cryptographic device being configured to execute one or more test programs, the cryptographic device comprising one or more components (11-i), each component (11-i) being configured to generate static and dynamic data, the dynamic data being generated in response to the execution of the one or more test programs, wherein the cryptographic key determination device comprises: a data extraction unit configured to extract at least one part of the static data and at least one part of the dynamic data generated by the one or more components (11-i), and a key generator configured to combine the at least one part of static data and the at least one part of dynamic data, and to determine the one or more cryptographic keys by applying a cryptographic function to the combined data.

Abstract: Countermeasures against fault injection attacks of a cryptographic integrated circuit, and more specifically laser fault injection attacks are provided. The invention consists in generating sequences of bits belonging to a set of allowed sequences, and storing these sequences on a set of Flip-Flops. Then the sequences stored on the Flip-Flops are checked and, if they do not belong to the allowed sequence, this is the sign that a fault injection attack occurred and caused a bit flip in one of the flip-flops. An alarm signal is then generated.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: A circuit for monitoring a circuit payload, includes a plurality of sensors distributed in the circuit, next to the predefined circuit payload; one or more memory units associated with the one or more sensors configured to store sensors' measures made by the one or more associated sensors, every p clock cycles; wherein the circuit is configured to read the sensors' measures stored in at least some of the memory units. Embodiments comprise the use of digital sensors, or analogical sensors coupled with digital converters; the use of FIFO type memory units, adjustments of the depths of the memory units; the use of Finite State Machines configured to cause the circuit to receive sensors' measures; the use of data obfuscation and/or reduction modules; the use of a signature circuit, the use of circuits configured to determine one or more attacks from the sensors' measures.

Abstract: A circuit for a Synthetic Physically Unclonable Function, acronym SPUF, in a computer device, wherein the circuit is configured to receive data from a plurality of hardware sensors and/or actuators accessible in the computer device; to determine deviations in the data; to determine a multivariate distribution of the deviations and to determine an identifier from the multivariate distribution. In described developments, deviations comprise random errors, statistical moments in data originating from sensors and/or actuators amongst accessible ones in the computer device can be selected, and entropy can be maximized. Computer program product embodiments are described.

Abstract: Embodiments of the invention provide a computing device comprising one or more processors, each processor comprising one or more processing unit, said one or more processing units being configured to execute at least one program, each program comprising data and/or instructions, the computing device further comprising, for at least some of the processors, a processor cache associated with each processor, the processor cache being configured to access data and/or instructions comprised in the programs executed by the processor, the computing device comprising: an auxiliary cache configured to access metadata associated with the data and/or instructions comprised in said programs; a security verification unit configured to retrieve, from the auxiliary cache, at least a part of the metadata associated with data and/or instructions corresponding to a memory access request sent by a processor (11) to the processor cache (117).

Abstract: Embodiments of the invention provide an electronic system for generating secret information comprising a Physically Unclonable Function (PUF) circuit, the PUF circuit being configured to provide a difference between two values of a physical variable of the PUF in response to a challenge applied to the PUF circuit. The system is configured to apply a set of challenges during an enrolment phase, and measure the physical variable difference provided by the PUF in response to each challenge.

Abstract: There is disclosed a method of handling a sensor, comprising the steps of: challenging a subset of sensor components under uniform conditions; receiving output signal values from said subset; for each component, determining the statistical moment of order i of the temporal distribution of the output signal value of said each sensor component; and determining one or more pathological sensor components whose sum of the distances of values to other components of the subset is greater than a threshold, the distance between two sensor components being determined by the difference of the ith statistical moment values of the two temporal distributions associated to the components obtained when challenging said subset under uniform conditions. Described developments comprise the use of imaging sensors, key or identifier generation, authentication mechanisms, determination of thresholds, use of helper data files, adjustments of light sources and/or beam shaping, handling of lossy compression and of videos.