Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for an elliptic curve cryptography authentication method based on an elliptic curve in a processor, the instructions, comprising: generating, by a verifier, a random challenge r; multiplying, by the verifier, the random challenge r by a basepoint G to produce R; sending an x coordinate of R to a prover; receiving an x-coordinate of a first point P1 and a second point P2 from the prover, wherein P1 is based on a random share q1 of the private key q of the prover and R, and wherein P2 is based on a random share q2 of the private key q and R; where q=q1?q2; finding a point P1? on the elliptic curve having an x-coordinate of the first point P1; finding a point P2? on the elliptic curve having an x-coordinate of the second point P2; and authenticating the prover when an x-coordinate of one of (P1?+P2?) and (P1??P2?) matches an x-coordinate of r·Q, wherein Q is a pub

Abstract: An elliptic curve point validation method, comprising: receiving a standard projective X and Z coordinate on an elliptic curve; computing X·Z; inverting X·Z to get (XZ)?1; multiplying Z2, (XZ)?1, and a constant ?{square root over (b)} resulting in ?{square root over (b)}·x?1, where b is a constant of the elliptic curve; multiplying X2 and (XZ)?1 resulting in x; computing Tr(x) and checking that it has a value of 1, where Tr(?) is a trace of Frobenius map that maps an input to a value of 0 or 1; computing Tr(?{square root over (b)}x?1) and checking that it has a value of 0; and outputting x and a PointOnCurve value, where the PointOnCurve value indicates whether x is on the elliptic curve.

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for an elliptic curve cryptography authentication method based on an elliptic curve in a processor, the instructions, comprising: generating, by a verifier, a random challenge r; multiplying, by the verifier, the random challenge r by a basepoint G to produce R; sending an x coordinate of R to a prover; receiving an x-coordinate of a first point P1 and a second point P2 from the prover, wherein P1 is based on a random share q1 of the private key q of the prover and R, and wherein P2 is based on a random share q2 of the private key q and R; where q=q1?q2; finding a point P1? on the elliptic curve having an x-coordinate of the first point P1; finding a point P2? on the elliptic curve having an x-coordinate of the second point P2; and authenticating the prover when an x-coordinate of one of (P1?+P2?) and (P1??P2?) matches an x-coordinate of r·Q, wherein Q is a pub

Abstract: A memory system, comprising: i) a first electronic device comprising a processor, ii) a second electronic device being external to the first electronic device and comprising a memory, wherein the memory stores a memory image over at least a part of a data set stored on the memory, and iii) a hash value related to the memory image. The first electronic device and the second electronic device are coupled such that the processor has at least partial control over the second electronic device. The processor is configured to, when updating the data set stored on the memory of the second electronic device, also update the hash value related to the memory image using an incremental hashing operation so that only those parts of the memory image are processed that have changed.

Abstract: A device for providing a random number generator is provided. The device may include a true random number generator, at least one deterministic random number generator, and an exclusive OR logic function. The TRNG has an output and the at least one DRNG has an output. The exclusive OR logic function has a first input coupled to the output of the TRNG and a second input coupled to the output of the at least one DRNG, and an output for providing a random number. The TRNG and the at least one DRNG may include separate and independent entropy sources. A method for generating a random number is also provided.

Abstract: A device for providing a random number generator is provided. The device may include a true random number generator, at least one deterministic random number generator, and an exclusive OR logic function. The TRNG has an output and the at least one DRNG has an output. The exclusive OR logic function has a first input coupled to the output of the TRNG and a second input coupled to the output of the at least one DRNG, and an output for providing a random number. The TRNG and the at least one DRNG may include separate and independent entropy sources. A method for generating a random number is also provided.

Abstract: A memory system, comprising: i) a first electronic device comprising a processor, ii) a second electronic device being external to the first electronic device and comprising a memory, wherein the memory stores a memory image over at least a part of a data set stored on the memory, and iii) a hash value related to the memory image. The first electronic device and the second electronic device are coupled such that the processor has at least partial control over the second electronic device. The processor is configured to, when updating the data set stored on the memory of the second electronic device, also update the hash value related to the memory image using an incremental hashing operation so that only those parts of the memory image are processed that have changed.

Abstract: A method is provided for generating an elliptic curve cryptography key pair that uses two topologically identical pseudo-random number generators operating in parallel and in step with each other. One generator operates in the scalar number domain and the other generator operates in the elliptic curve point domain. Parallel sequences of pseudo-random elliptic curve points aG and corresponding scalars a are generated in this manner. A scalar a becomes a private key and an elliptic curve point aG is a public key of a key pair. Each generator is advanced by one iteration successively, and the isomorphic relationship ensures that the point domain generator always contains values which are multiples of the system base point according to values contained in the corresponding position in the number domain generator. In one embodiment, the pseudo-random number generators are each characterized as being lagged Fibonacci generators.

Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.

Abstract: A method of calculating the x-coordinate(xM) of a point mapping in an elliptic curve Diffie-Hellman key exchange protocol (EC-DHKF), wherein the point mapping is defined as sG+H, where sG is a point (xS,yS) on an elliptic curve and H is a point (xH,yH) on the elliptic curve, including: computing V=yS2 based upon the elliptic curve and xS; computing W=yH2 based upon the elliptic curve and xH; computing U=sqrt(W·V)mod p, where p is a large prime number; choosing U?=U or U?=p?U such that U? based upon a characteristic agreed upon by the parties to the EC-DHKF; computing xM based upon V, W, U?, xS, xH, and p.

Abstract: In high security devices, like smart cards, the on-board software may be embedded in ROM (read only memory). But, based on flexibility arguments, non-volatile flash memory based software storage can be more preferred. This invention describes a method to recover from a situation of data loss on flash devices by combining the on-device available secure boot-loading with embedded physical unclonable functions (PUF), where the PUF provides the cryptographic key for starting the data recovery procedure.

Abstract: A method is provided for performing elliptic curve cryptography that reduces the number of required computations to produce, for example, a key pair. The number of computations is reduced by changing how a random nonce used in the computations is selected. In an embodiment, a look-up table is generated having pre-computed scalar values and elliptic curve points. Every time a new pseudo-random value is created for use in the ECDSA, a combination of the look-up table values is used to create multiple intermediate values. One of the multiple intermediate values is randomly chosen as a replacement value for one of the existing table entries. Each time the look-up table is used, multiple entries in the look-up table are updated to new look-up table values as described. In this manner, new randomness is provided in every step to generate the next pseudo-random nonce as a combination of multiple internally stored temporary look-up table values. Alternately, another mathematical group may be used.

Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.

Abstract: In high security devices, like smart cards, the on-board software may be embedded in ROM (read only memory). But, based on flexibility arguments, non-volatile flash memory based software storage can be more preferred. This invention describes a method to recover from a situation of data loss on flash devices by combining the on-device available secure boot-loading with embedded physical unclonable functions (PUF), where the PUF provides the cryptographic key for starting the data recovery procedure.

Abstract: A data processing system having a PUF and method for providing multiple enrollments, or instantiations, of the PUF are provided. A PUF segment includes a plurality of SRAM cells on an integrated circuit. A PUF response from the PUF segment is used to create a first activation code and a first PUF key. A second PUF key may be created from the PUF response. Initially, during a second enrollment, the PUF response is combined with the first activation code to reproduce a codeword. The first secret string is reconstructed by encoding the codeword. The codeword is combined with the first activation code to reproduce the PUF response. Inverse anti-aging is applied to the PUF response. Then a second secret string is generated using a random number generator (RNG). The second secret string is encoded to produce a new codeword. The new codeword is combined with the recovered PUF response to create a second activation code. The second activation coded is hashed with the second secret string to provide a second PUF key.

Abstract: Reader (420) for determining the validity of a connection to a transponder (440), designed to measure a response time of a transponder (440) and to authenticate the transponder (440) in two separate steps. Transponder (440) for determining the validity of a connection to a reader (420), wherein the transponder (440) is designed to provide information for response time measurement to said reader (420) and to provide information for authentication to said reader (420) in two separate steps, wherein at least a part of data used for the authentication is included in a communication message transmitted between the reader (420) and the transponder (440) during the measuring of the response time.

Abstract: A method is provided for performing elliptic curve cryptography that reduces the number of required computations to produce, for example, a key pair. The number of computations is reduced by changing how a random nonce used in the computations is selected. In an embodiment, a look-up table is generated having pre-computed scalar values and elliptic curve points. Every time a new pseudo-random value is created for use in the ECDSA, a combination of the look-up table values is used to create multiple intermediate values. One of the multiple intermediate values is randomly chosen as a replacement value for one of the existing table entries. Each time the look-up table is used, multiple entries in the look-up table are updated to new look-up table values as described. In this manner, new randomness is provided in every step to more e?ciently generate the next pseudo-random nonce as a combination of multiple internally stored temporary look-up table values. Alternately, another mathematical group may be used.

Abstract: A method of calculating the x-coordinate(xM) of a point mapping in an elliptic curve Diffie-Hellman key exchange protocol (EC-DHKF), wherein the point mapping is defined as sG+H, where sG is a point (xS,yS) on an elliptic curve and H is a point (xH,yH) on the elliptic curve, including: computing V=yS2 based upon the elliptic curve and xS; computing W=yH2 based upon the elliptic curve and xH; computing U=sqrt(W·V) mod p, where p is a large prime number; choosing U?=U or U?=p?U such that U? based upon a characteristic agreed upon by the parties to the EC-DHKF; computing x based upon V, W, U?, xS, xH, and p.

Abstract: There is disclosed a method of providing a software update to a secure element comprised in a host device, comprising converting the software update into a sequence of ciphertext blocks using a chained encryption scheme, and transmitting said sequence of ciphertext blocks to the host device. Furthermore, there is disclosed a method of installing a software update on a secure element comprised in a host device, comprising receiving, by the host device, a sequence of ciphertext blocks generated by a method of providing a software update of the kind set forth, converting said sequence of ciphertext blocks into the software update, and installing the software update on the secure element. Furthermore, corresponding computer program products and a corresponding host device are disclosed.

Abstract: A method is provided for generating an elliptic curve cryptography key pair that uses two topologically identical pseudo-random number generators operating in parallel and in step with each other. One generator operates in the scalar number domain and the other generator operates in the elliptic curve point domain. Parallel sequences of pseudo-random elliptic curve points aG and corresponding scalars a are generated in this manner. A scalar a becomes a private key and an elliptic curve point aG is a public key of a key pair. Each generator is advanced by one iteration successively, and the isomorphic relationship ensures that the point domain generator always contains values which are multiples of the system base point according to values contained in the corresponding position in the number domain generator. In one embodiment, the pseudo-random number generators are each characterized as being lagged Fibonacci generators.