Abstract: Various embodiments relate to a fault detection system and method for a digital signature algorithm, including: producing a digital signature of a message using a digital signature algorithm; storing parameters from a last round of the digital signature algorithm; executing the last round of the digital signature algorithm using the stored parameters to produce a check signature; comparing the digital signature to the check signature; and outputting the digital signature when the digital signature is the same as the check signature.

Abstract: System and method for masking secret polynomials for cryptography receives a secret polynomial function in a polynomial ring, which is masked with one or more masking polynomials in which at least some coefficients have a same value. An arithmetic operation is performed on coefficients of the masking polynomials with repeated coefficients to produce an output having integer values. A cryptographic operation is then performed with the output of the arithmetic operation.

Abstract: Electronic device and method for performing number theoretic transforms (NTTs) on polynomials for cryptography uses an arithmetic transformation on an input polynomial with n coefficients to divide the input polynomial into multiple polynomials each with less than n coefficients such that the coefficients of the multiple polynomials add up to n. An NTT transformation is executed on the multiple polynomials such that the coefficients of each of the multiple polynomials are processed in parallel butterfly operations. A cryptographic operation is performed based on the results of the NTT transformation.

Abstract: A method for encoding data to be stored in a memory, including: encoding the data to be stored in memory with an error correcting code (ECC) as first encoded data, wherein the ECC is configured to have a minimum Hamming distance of at least 4t+1 in order to correct up to t bit errors and detect up to 3t bit errors where t?1; determining a Hamming weight of the first encoded data; encoding the determined Hamming weight, wherein for all higher Hamming weights the encoding should have at least 2t+1 bit-positions that change from 1 to 0 per Hamming weight; concatenating the first encoded data and the encoded Hamming weight as concatenated data; and storing the concatenated data in the memory.

Abstract: A method for provisioning a plurality of IC devices, the method including: providing, by a first entity, the plurality of IC devices; storing, by the first entity, in one of the plurality of IC devices used as a provisioning device, one or more keys, and a public key, wherein the one or more keys include a reprovisioning key for reprovisioning the remaining IC devices; installing, by the first entity, provisioning software in the provisioning device; signing, by the first entity, provisioning software using a private key, the private key corresponding to the public key; provisioning the remaining IC devices by the provisioning device including providing cryptographic assets to the remaining IC devices, wherein the cryptographic assets include cryptographic code and keys; and reserving space in the remaining IC devices for reprovisioning the remaining IC devices with updated cryptographic assets.

Abstract: Various embodiments relate to a method for storing and reading data from a memory. Data words stored in the memory may be grouped, and word specific parity information and shared parity information is generated, and the shared parity information is distributed among the group of words. During reading of a word, if more errors are detected than can be corrected with word parity data, the shared parity data is retrieved and used to make the error corrections.

Abstract: An entropy generator comprises an entropy source to generate a random bitstream and an entropy evaluator communicatively coupled to the entropy source to receive the random bitstream. The entropy evaluator includes a first counter to maintain a repetition count of one or more patterns of multiple bits successively included in the random bitstream, and an alert generator communicatively coupled to the first counter to generate an alert in response to the repetition count exceeding a defined threshold. The repetition count may be based on one or more exclusive-or (XOR) operations of a current bit of the random bitstream with one or more previous bits of the random bitstream.

Abstract: Various embodiments relate to a fault detection system and method for polynomial operations, including: selecting a plurality of evaluation points; evaluating a first polynomial at the plurality of evaluation points to produce first results; applying a first function to the first polynomial to produce a second polynomial; evaluating the second polynomial at the plurality of evaluation points second results; evaluating a second scalar function on the first results to produce third results; comparing the second results to the third results; and performing a polynomial operation using the second polynomial when the second results match the third results.

Abstract: Various embodiments relate to a fault detection system and method for a digital signature algorithm, including: producing a digital signature of a message using a digital signature algorithm; storing parameters from a last round of the digital signature algorithm; executing the last round of the digital signature algorithm using the stored parameters to produce a check signature; comparing the digital signature to the check signature; and outputting the digital signature when the digital signature is the same as the check signature.

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including matrix multiplication for lattice-based cryptography in a processor, the instructions, including: applying a first function to the rows of a matrix of polynomials to generate first outputs, wherein the first function excludes the identity function; adding an additional row to the matrix of polynomials to produce a modified matrix, wherein each element in the additional row is generated by a second function applied to a column of outputs associated with each element in the additional row; multiplying the modified matrix with a vector of polynomials to produce an output vector of polynomials; applying a verification function to the output vector that produces an indication of whether a fault occurred in the multiplication of the modified matrix with the vector of polynomials; and carrying out a cryptographic operation using

Abstract: Various embodiments relate to a memory controller configured to read data from a memory array, including: an error correction codes (ECC) encoder configured to encode data stored in the memory array; an ECC decoder configured to decode first data read from the memory array based upon a first read request and detect errors in the first data read from the memory array; and a fault controller configured to: command the memory controller to read other data from the memory array when the ECC detects an error; command the memory controller to re-read the first data from the memory array; when the ECC detects an error; compare the re-read first data to the read first data; and signal a fault attack when the re-read first data is different from the read first data.

Abstract: A true random number generator circuit includes a ring oscillator and a plurality of sampling circuits. The ring oscillator includes a plurality of series-connected stages coupled together in a ring. An output of a last stage of the ring oscillator is coupled to an input of a first stage of the ring oscillator. A sampling circuit of the plurality of sampling circuits has an input coupled to a node located between two adjacent stages of the plurality of series-connected stages. Every node of the ring oscillator is coupled to a corresponding sampling circuit of the plurality of sampling circuits. In another embodiment, a method for generating a random number is provided.

Abstract: Various embodiments relate to a memory controller configured to read data from a memory array, including: an error correction codes (ECC) encoder configured to encode data stored in the memory array; an ECC decoder configured to decode first data read from the memory array based upon a first read request and detect errors in the first data read from the memory array; and a fault controller configured to: command the memory controller to read other data from the memory array when the ECC detects an error; command the memory controller to re-read the first data from the memory array; when the ECC detects an error; compare the re-read first data to the read first data; and signal a fault attack when the re-read first data is different from the read first data.

Abstract: Embodiments of a physical unclonable function (PUF) device and a method for generating helper data for a PUF device with an array of cells are disclosed. In an embodiment, the PUF device comprises an array of cells, wherein each cell of the array generates an output signal, a reliable cell group detector coupled to the array of cells to find reliable groups of cells in the array of cells having sufficient reliable cells and output addresses of the reliable groups of cells, and a storage device coupled to the reliable cell group detector to store the addresses of the reliable groups of cells to be used as helper data for PUF response operations.

Abstract: A method is provided for secure provisioning of a device. In the method, a plurality of integrated circuit (IC) devices is manufactured by a first entity for use in the device. The first entity provides signed provisioning software and stores in at least one provisioning IC device one or more keys used for provisioning the plurality of ICs. The provisioning device with the signed provisioning software is provided to a second entity. The second entity verifies the provisioning software using a stored key. The provisioning software encrypts provisioning assets provided by the second entity and provides the encrypted provisioning assets to the third entity. The signed provisioning software is provided to a third entity by the first entity. During manufacturing of the manufactured products by the third entity, the provisioning software verifies and decrypts the encrypted provisioning assets of the second entity to provision all the plurality of IC devices.

Abstract: Various embodiments relate to a method for storing and reading data from a memory. Data words stored in the memory may be grouped, and word specific parity information and shared parity information is generated, and the shared parity information is distributed among the group of words. During reading of a word, if more errors are detected than can be corrected with word parity data, the shared parity data is retrieved and used to make the error corrections.

Abstract: Various embodiments relate to a method for storing and reading data from a memory. Data words stored in the memory may be grouped, and word specific parity information and shared parity information is generated, and the shared parity information is distributed among the group of words. During reading of a word, if more errors are detected than can be corrected with word parity data, the shared parity data is retrieved and used to make the error corrections.

Abstract: Embodiments of a physical unclonable function (PUF) device and a method for generating helper data for a PUF device with an array of cells are disclosed. In an embodiment, the PUF device comprises an array of cells, wherein each cell of the array generates an output signal, a reliable cell group detector coupled to the array of cells to find reliable groups of cells in the array of cells having sufficient reliable cells and output addresses of the reliable groups of cells, and a storage device coupled to the reliable cell group detector to store the addresses of the reliable groups of cells to be used as helper data for PUF response operations.

Abstract: Various embodiments relate to a method for storing and reading data from a memory. Data words stored in the memory may be grouped, and word specific parity information and shared parity information is generated, and the shared parity information is distributed among the group of words. During reading of a word, if more errors are detected than can be corrected with word parity data, the shared parity data is retrieved and used to make the error corrections.

Abstract: A method is provided for secure provisioning of a device. In the method, a plurality of integrated circuit (IC) devices is manufactured by a first entity for use in the device. The first entity provides signed provisioning software and stores in at least one provisioning IC device one or more keys used for provisioning the plurality of ICs. The provisioning device with the signed provisioning software is provided to a second entity. The second entity verifies the provisioning software using a stored key. The provisioning software encrypts provisioning assets provided by the second entity and provides the encrypted provisioning assets to the third entity. The signed provisioning software is provided to a third entity by the first entity. During manufacturing of the manufactured products by the third entity, the provisioning software verifies and decrypts the encrypted provisioning assets of the second entity to provision all the plurality of IC devices.