Abstract: A substitution box, SBox, circuit that performs an SBox computational step when comprised in cryptographic circuitry. The SBox circuit comprises: a first circuit part comprising digital circuitry that generates a 4-bit first output signal (Y) from an 8-bit input signal (U); a second circuit part, configured to operate in parallel with the first circuit part and to generate a 32-bit second output signal (L) from the 8-bit input signal (U), wherein the 32-bit second output signal (L) consists of four 8-bit sub-results; and a third circuit part configured to produce four preliminary 8-bit results (K) by scalar multiplying each of the four 8-bit sub-results by a respective one bit of the 4-bit first output signal (Y), and to produce an 8-bit output signal (R) by summing the four preliminary 8-bit results (K).

Abstract: There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i, and wherein, when the register at the given index i has its status set to “undefined”, an internal status value is set to a first value, and else, when a value is read from the register at the given index i, the internal status value is set to a second value based on the read value. The method comprises writing the internal status value to the register at the given index i. The method comprises running the new instance.

Abstract: A substitution box, SBox, circuit that performs an SBox computational step when comprised in cryptographic circuitry. The SBox circuit comprises: a first circuit part comprising digital circuitry that generates a 4-bit first output signal (Y) from an 8-bit input signal (U); a second circuit part, configured to operate in parallel with the first circuit part and to generate a 32-bit second output signal (L) from the 8-bit input signal (U), wherein the 32-bit second output signal (L) consists of four 8-bit sub-results; and a third circuit part configured to produce four preliminary 8-bit results (K) by scalar multiplying each of the four 8-bit sub-results by a respective one bit of the 4-bit first output signal (Y), and to produce an 8-bit output signal (R) by summing the four preliminary 8-bit results (K).

Abstract: There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to a volatile part of the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i. The method comprises enabling the new instance to keep running only when successfully reading a first value representing no currently run instance of the trusted execution environment from the register at the index i or if the register at the given index i has its status set to “undefined” when checking the status.

Abstract: There is provided mechanisms for attesting a first TEE residing on a first node. A method is performed by a second TEE also residing on the first node. The method comprises obtaining a request from the first TEE to be attested. The method comprises, in response thereto, obtaining a shared key from a third TEE residing on a second node. The method comprises performing local attestation of the first TEE, whereby the first TEE is provided with the shared key from the second TEE.

Abstract: A method performed by a virtual trusted platform module, vTPM on an execution platform, comprises the steps of obtaining (S11) encrypted information (encvTPMContext) and a first identifier (Salt), both associated with a virtual machine, VM to be executed; retrieving (S14), using the identifier from a trusted launch authority, TLA, at least a first secret portion (SlaKeystart), the first secret portion (SlaKeystart) being dynamically linked to the VM and dependant on at least a property of the VM; and decrypting (S16) the encrypted information (encvTPMContext) with a decryption key (EncKeystart) derived from at least the first secret portion (SlaKeystart) and a first measurement result (VmDigeststart) of at least the VM.

Abstract: There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i, and wherein, when the register at the given index i has its status set to “undefined”, an internal status value is set to a first value, and else, when a value is read from the register at the given index i, the internal status value is set to a second value based on the read value. The method comprises writing the internal status value to the register at the given index i. The method comprises running the new instance.

Abstract: There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to a volatile part of the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i. The method comprises enabling the new instance to keep running only when successfully reading a first value representing no currently run instance of the trusted execution environment from the register at the index i or if the register at the given index i has its status set to “undefined” when checking the status.

Abstract: A method of providing a hash value for a piece of data is disclosed, where the hash value provides for a time-stamp for the piece of data upon verification, for limiting a risk of collisions between hash values. The method comprises collecting one or more root time-stamps for a root of a hash tree structure defining a hash function, wherein the root-time stamp is a root time-stamp from the past, determining whether a nonce may be received from a server, and upon failure to receive the nonce from the server, providing the hash value by a hash function of the root time-stamp and the piece of data, or upon success in receiving the nonce from the server, providing the hash value by the hash function of the root time-stamp, the piece of data and the nonce. An electronic device and a computer program are also disclosed.

Abstract: A method and encryption node (300) for providing encryption of a message m according to a selected encryption scheme. A noise computation engine (300a) in the encryption node (300) computes (3:1) a noise factor F as a function of a predefined integer parameter n of the selected encryption scheme and a random number r. When the message m is received (3:3) from a client (302) for encryption, an encryption engine (300b) in the encryption node (300), encrypts (3:4) the message m by computing a cipher text c as e=gm·F mod n2, where g is another predefined integer parameter of the selected encryption scheme. The cipher text c is then delivered (3:5) as an encryption of the message m, e.g. to the client (302) or to a cloud of processing resources (304).

Abstract: A method and encryption node (300) for providing encryption of a message m according to a selected encryption scheme. A set of k noise factors are pre-compiled (3:1) from random numbers and predefined integer parameters of the selected encryption scheme by the encryption node (300) in advance. The k noise factors are saved (300a) to be used for encrypting the message m when later requested (3:2) by a client (302). A subset of/noise factors are then selected (3:3) out of the pre-computed set of k noise factors and used as input to the encryption scheme when encrypting (3:5) the message m by computing a cipher text c which is delivered (3:6) as an encrypted message, e.g. to the client (302). Thereby, less time needs to be spent for computing the necessary noise factors after receiving the encryption request and higher throughput can thus be achieved for messages to be encrypted. In particular, the solution may be used to increase the throughput for a stream of messages.

Abstract: A client provides a hash value that provides for a time-stamp for data upon verification, by deriving a one-time signing key, OTSK, of a OTSK hash chain by applying a time fraction hash tree splitting a time slot corresponding to an index into time fractions such that the time slot is divided into fractions according to the number of leafs of the time fraction hash tree, forming a signing request by applying the OTSK for the fraction for the data to calculate hash values, and transmitting the signing request comprising the hash values to a server of a signing authority. The server receives the signing request from the client, derives a time stamp for the data including a hash path of the time fraction hash tree as a sub-tree of hash tree of the OTSK, and transmits the time stamp for the data.

Abstract: A device provides a one-time proof of knowledge about a one-time signing key to a server without revealing the one-time signing key by computing a hash as a hash function from the one-time signing key, and transmitting, to the server, the computed hash, an identity associated with the electronic device and a hash path of the hash. The server receives the message from the device and checks whether the hash corresponds to a one-time signing key for a root hash included in a public certificate associated with the identity, checks whether an index corresponding to the hash path from the one-time signing key to the root hash corresponds to a correct time slot, and determines it to be proven that the device is in possession of the correct one-time signing key when the checks are fulfilled.

Abstract: A method of providing a hash value for a piece of data is disclosed, where the hash value provides for a time-stamp for the piece of data upon verification, for limiting a risk of collisions between hash values. The method comprises collecting one or more root time-stamps for a root of a hash tree structure defining a hash function, wherein the root-time stamp is a root time-stamp from the past, determining whether a nonce may be received from a server, and upon failure to receive the nonce from the server, providing the hash value by a hash function of the root time-stamp and the piece of data, or upon success in receiving the nonce from the server, providing the hash value by the hash function of the root time-stamp, the piece of data and the nonce. An electronic device and a computer program are also disclosed.

Abstract: A hash value provides for a time-stamp for a piece of data upon verification. Providing the hash value includes deriving one-time signing keys of signer's one-time signing key hash chain by a one-way function of a secret key of the signer and a function of an index of the one-time signing key, and providing the hash value for the piece of data by a hash function including the piece of data and the derived one-time signing key. An electronic device having a processor arranged to implement a functional module for deriving a one-time signing key and providing a hash value for a piece of data by a hash function including the piece of data and the derived one-time signing key is also disclosed. The functional module is arranged to perform the method. A computer program for implementing the method on the electronic device is also disclosed.

Abstract: There is provided mechanisms for determining a verification path for each leaf of a tree. A method is performed by a tree manager processor. The method comprises acquiring leaf values of leaves of a tree. The method comprises determining a root value from a leaf to the root value of the leaves. The method comprises determining a verification path for each of the leaves. The verification path for each of the leaves is determined such that the size of each verification path is independent from the number of leaves. Each verification path comprises a partial result and a function that enables determination of said root value from its leaf value and said partial result. The partial result for the verification path for leaf is determined as a one-way function depending only on other leaves such that the verification path for leaf prohibits re-computation of any other leaf value from said partial result.

Abstract: A method of providing a hash value for a piece of data is disclosed, where the hash value provides for a time-stamp for the piece of data upon verification, for limiting a risk of collisions between hash values. The method comprises collecting one or more root time-stamps for a root of a hash tree structure defining a hash function, wherein the root-time stamp is a root time-stamp from the past, determining whether a nonce may be received from a server, and upon failure to receive the nonce from the server, providing the hash value by a hash function of the root time-stamp and the piece of data, or upon success in receiving the nonce from the server, providing the hash value by the hash function of the root time-stamp, the piece of data and the nonce. An electronic device and a computer program are also disclosed.

Abstract: A server receives a client's signing request comprising a hash value of data, the hash value being formed using a time-forwarded one-time signing key that comprises a time-forwarded index The server queues the signing request, pushes the hash value to a signature infrastructure entity at the time-forwarded time, and receives a time stamp in return. A client obtains a time stamp for each piece of a stream of pieces of data by collecting the pieces of data and deriving one-time signing keys of a one-time signing key hash chain, forming a stream of signing requests for the pieces of data by applying the one-time signing keys with time-forwarded indices for the respective piece of data to calculate hash values of the respective pieces of data, and transmitting the stream of signing requests comprising the hash values to a server for deriving time stamps for the pieces of data, respectively.

Abstract: A method performed by a virtual trusted platform module, vTPM on an execution platform, comprises the steps of obtaining (S11) encrypted information (encvTPMContext) and a first identifier (Salt), both associated with a virtual machine, VM to be executed; retrieving (S14), using the identifier from a trusted launch authority, TLA, at least a first secret portion (SlaKeystart), the first secret portion (SlaKeystart) being dynamically linked to the VM and dependant on at least a property of the VM; and decrypting (S16) the encrypted information (encvTPMContext) with a decryption key (EncKeystart) derived from at least the first secret portion (SlaKeystart) and a first measurement result (VmDigeststart) of at least the VM.

Abstract: There is provided mechanisms for determining a verification path for each leaf of a tree. A method is performed by a tree manager processor. The method comprises acquiring leaf values of leaves of a tree. The method comprises determining a root value from a leaf to the root value of the leaves. The method comprises determining a verification path for each of the leaves. The verification path for each of the leaves is determined such that the size of each verification path is independent from the number of leaves. Each verification path comprises a partial result and a function that enables determination of said root value from its leaf value and said partial result.