Abstract: Systems and methods for increasing security in a computer system are provided. The system includes one or more logic circuits. The one or more logic circuits receive a plurality of independent first entropy values from a hardware source, apply at least some of the plurality of independent first entropy values to a function to generate a second entropy value, and seed a pseudorandom number generator with the second entropy value. The one or more logic circuits also generate a random number using the pseudorandom number generator seeded with the second entropy value and may produce a block of ciphertext or message authentication code using the random number, or otherwise use the generated numbers as secure random numbers in applications such as cryptographic protocols.

Abstract: A method of persistently storing event counts includes generating, using a secret cryptographic key, a sequence of numbers arranged in a pseudorandom order. The sequence of numbers is indicative of a sequence of addresses of cells in an array of cells. Each cell in the array of cells is programmable from an initial state to a programmed state to persistently encode data indicative of counter values associated with a particular event. The method also includes comparing addresses of cells having the programmed state with the sequence of addresses to determine whether a tampering event occurred at the array of cells. The method further includes, based on the determination, authenticating the array of cells or performing a countermeasure.

Abstract: A device for, and method of, generating coded data from input data are disclosed. The device includes: an input for receiving input data, where the input data includes a plurality of data blocks; a plurality of bit mixers coupled in parallel to the input, where each bit mixer is configured to receive at least one data block of the plurality of data blocks, where no bit mixer of the plurality of bit mixers is configured to receive a same data block of the plurality of data blocks as another of the bit mixers of the plurality of bit mixers, and where no two bit mixers of the plurality of bit mixers are configured to produce same output values for same input values; a combiner communicatively coupled in parallel to the plurality of bit mixers; and an output communicatively coupled to the combiner, the output configured to provide coded data.

Abstract: A system for providing security in a computer system is provided. The system includes a plurality of ring oscillators and one or more logic circuits. The ring oscillators are equipped with a respective plurality of counters to count impulses of oscillating outputs of the ring oscillators. The one or more logic circuits start and stop the respective plurality of counters over repeated counting periods, and select a group of ring oscillators from the plurality of ring oscillators. The one or more logic circuits also determine a correlation between oscillating outputs of the group of ring oscillators. The one or more logic circuits further generate a notification indicating interference in the group of ring oscillators and thereby the plurality of ring oscillators when the correlation is above a predefined threshold correlation.

Abstract: Provided is a method and system for producing message authentication tags and a method and system for producing hash values using bit-mixers. The methods include producing a message authentication or hash value by obtaining a message; segmenting, padding by an electronic processor, the message into a number of equal sized message blocks comprising a first message block, one or more subsequent message blocks, and a final message block; performing, by the electronic processor, a first bit-mixing operation on the first message block with an initialization value; performing, by the electronic processor, subsequent bit-mixing operations on the one or more subsequent message blocks and the final message block with a previous message block; and producing, by the electronic processor, the message authentication tag based on the first bit-mixing operation and the subsequent bit-mixing operations, employing a secret key material.

Abstract: A system for providing security in a computer system is provided. The system includes a physical unclonable function (PUF) device and one or more logic circuits. At startup of the computer system, the logic circuits call the PUF device a preset plurality of times with an identical input value to generate a plurality of PUF values that are candidate identifiers of an integrated circuit. The logic circuits apply a hash function to the candidate identifiers to produce respective hash values. The logic circuits also access a reference hash value from a non-volatile memory and verify all of the respective hash values using the reference hash value. The logic circuits further enable the computer system to operate in a first mode or a second mode based on the verification results.

Abstract: A device for, and method of, generating coded data from input data are disclosed. The device includes: an input for receiving input data, where the input data includes a plurality of data blocks; a plurality of bit mixers coupled in parallel to the input, where each bit mixer is configured to receive at least one data block of the plurality of data blocks, where no bit mixer of the plurality of bit mixers is configured to receive a same data block of the plurality of data blocks as another of the bit mixers of the plurality of bit mixers, and where no two bit mixers of the plurality of bit mixers are configured to produce same output values for same input values; a combiner communicatively coupled in parallel to the plurality of bit mixers; and an output communicatively coupled to the combiner, the output configured to provide coded data.

Abstract: A system and method for encoding data by providing data expansion and compression functions for arbitrary input and output lengths. The input is partitioned into groups of sequential bits. A subkey is selected from secret key material for each group of the input bits. A tree of XOR gates applies XOR operations between the subkeys to generate the output. The XOR gates are arranged in layers and all the XOR gates within a layer switch at about the same time. A compression function is performed if the input length is greater than or equal to the output length and an expansion function is performed if the input length is less than or equal to the output length. There is no statistical correlation between the input and the output. A nonlinear function can be applied to the output such as an invertible S-Box, non-invertible S-Box, or series of Rotate-Add-XOR operations.

Abstract: System and methods for generating round keys for a cryptographic operation are disclosed. The systems and method can use logic circuits that are operable to: obtain first inputs and second inputs; perform a bit-mixer operation on each of the first inputs and the second inputs; and generate round keys based on the performing the bit-mixer operation. The first inputs include a plurality of equal sized subkeys from a key material that is divided into a plurality of equal sized key material sub-blocks, a cipher key and the second inputs include a random input, one or more previous round keys, a round number. The cryptographic operation includes a cipher, a hash function, or a stream generator. The bit-mixer operation includes an exclusive-OR (XOR) tree, a substitution-permutation network, or a double-mix Feistel network, or a Rotate-Add-XOR (RAX) construction.

Abstract: A method of persistently storing event counts includes generating, using a secret cryptographic key, a sequence of numbers arranged in a pseudorandom order. The sequence of numbers is indicative of a sequence of addresses of cells in an array of cells. Each cell in the array of cells is programmable from an initial state to a programmed state to persistently encode data indicative of counter values associated with a particular event. The method also includes comparing addresses of cells having the programmed state with the sequence of addresses to determine whether a tampering event occurred at the array of cells. The method further includes, based on the determination, authenticating the array of cells or performing a countermeasure.

Abstract: An integrated circuit system is provided. The system includes a ring oscillator including a first plurality of logic gates connected in a ring configuration. The system also includes a second plurality of logic gates used to implement a heater to generate a controlled amount of heat. The second plurality of logic gates is also used to implement a temperature sensor to measure a temperature of the ring oscillator. The system further includes one or more logic circuits coupled to the heater and the temperature sensor. The one or more logic circuits are used to control the heater to heat the ring oscillator only until the temperature of the ring oscillator is one of a plurality of predefined temperatures, during or after which the ring oscillator starts and operate.

Abstract: A system for providing security in a computer system is provided. The system includes a physical unclonable function (PUF) device and one or more logic circuits. At startup of the computer system, the logic circuits call the PUF device a preset plurality of times with an identical input value to generate a plurality of PUF values that are candidate identifiers of an integrated circuit. The logic circuits apply a hash function to the candidate identifiers to produce respective hash values. The logic circuits also access a reference hash value from a non-volatile memory and verify all of the respective hash values using the reference hash value. The logic circuits further enable the computer system to operate in a first mode or a second mode based on the verification results.

Abstract: An integrated circuit system is provided. The system includes a ring oscillator including a first plurality of logic gates connected in a ring configuration. The system also includes a second plurality of logic gates used to implement a heater to generate a controlled amount of heat. The second plurality of logic gates is also used to implement a temperature sensor to measure a temperature of the ring oscillator. The system further includes one or more logic circuits coupled to the heater and the temperature sensor. The one or more logic circuits are used to control the heater to heat the ring oscillator only until the temperature of the ring oscillator is one of a plurality of predefined temperatures, during or after which the ring oscillator starts and operate.

Abstract: Systems and methods for increasing security in a computer system are provided. The system includes one or more logic circuits. The one or more logic circuits receive a plurality of independent first entropy values from a hardware source, apply at least some of the plurality of independent first entropy values to a function to generate a second entropy value, and seed a pseudorandom number generator with the second entropy value. The one or more logic circuits also generate a random number using the pseudorandom number generator seeded with the second entropy value and may produce a block of ciphertext or message authentication code using the random number, or otherwise use the generated numbers as secure random numbers in applications such as cryptographic protocols.

Abstract: A system for providing security in a computer system is provided. The system includes a plurality of ring oscillators and one or more logic circuits. The ring oscillators are equipped with a respective plurality of counters to count impulses of oscillating outputs of the ring oscillators. The one or more logic circuits start and stop the respective plurality of counters over repeated counting periods, and select a group of ring oscillators from the plurality of ring oscillators. The one or more logic circuits also determine a correlation between oscillating outputs of the group of ring oscillators. The one or more logic circuits further generate a notification indicating interference in the group of ring oscillators and thereby the plurality of ring oscillators when the correlation is above a predefined threshold correlation.

Abstract: A system for providing security in a computer system is provided. The system includes a ring oscillator including a plurality of logic gates connected in a ring configuration. The system also includes logic circuits to start the ring oscillator by a ring-enable signal and a clock signal provided to a clock input of at least one controlled logic gate of the plurality of logic gates. The clock signal controls the at least one controlled logic gate and thereby synchronizes the ring oscillator to the clock signal. The clock signal is provided to the clock input for a predetermined warm-up duration, and thereafter, the logic circuits restart and operate the ring oscillator without the clock signal.

Abstract: Several ring oscillator constructions are provided. The ring oscillator includes a plurality of logic gates connected in a ring configuration. An output of each except a last of the plurality of logic gates is used as an input for a next one of the plurality of logic gates. The output of the last of the plurality of logic gates is fed back to and used as an input for a first of the plurality of logic gates. A logic gate of the plurality of logic gates includes an enable input to receive an enable signal to enable the logic gate and thereby the ring oscillator. The plurality of logic gates includes at least one controlled logic gate that also includes a clock input to receive a clock signal to control the at least one controlled logic gate and thereby synchronize the ring oscillator to the clock signal.

Abstract: A method of providing security in a computer system includes producing a plurality of sub-keys from key material and a respective address of a memory location in a memory and possibly other information. The method may include mixing the sub-keys together using a binary tree of exclusive-or operations, and to produce an intermediate result. The method may include performing a scrambling operation on the intermediate result to produce a key with which a block of ciphertext may be produced. And the method may include performing a write operation to write the block of ciphertext at the memory location having the respective address. In this regard, the memory may include a window of memory locations each of which stores a respective block of ciphertext produced with a respective key that changes from memory location to memory location.

Abstract: Provided is a method and system for producing message authentication tags and a method and system for producing hash values using bit-mixers. The methods include producing a message authentication or hash value by obtaining a message; segmenting, padding by an electronic processor, the message into a number of equal sized message blocks comprising a first message block, one or more subsequent message blocks, and a final message block; performing, by the electronic processor, a first bit-mixing operation on the first message block with an initialization value; performing, by the electronic processor, subsequent bit-mixing operations on the one or more subsequent message blocks and the final message block with a previous message block; and producing, by the electronic processor, the message authentication tag based on the first bit-mixing operation and the subsequent bit-mixing operations, employing a secret key material.

Abstract: A method of providing security in a computer system includes producing an initial block of data from a respective address of a memory location. An updated block of data may be calculated for each round of a plurality of rounds in a substitution-permutation network. This may include mixing an input block through a substitution layer including a plurality of substitution boxes, and a linear transformation layer including a permutation, to produce the updated block, before or after which respectively the input block or updated block may be mixed with a round key. The input block may be the initial block for the first round, and the updated block for an immediately preceding round for each round thereafter. A block of ciphertext may be produced with a key composed of the updated block for the last round, and the block of ciphertext may be written at the memory location.