Abstract: A device comprises a detector configured to detect an event, and a selector coupled to the detector and configured to generate a signal in response to a detection of an event by the detector. The signal is operable to select a set of input/output (I/O) parameters from among first and second stored sets of parameters. The device also includes a configuration module coupled to the selector. The configuration module is configured to output the selected set of I/O parameters.

Abstract: A device comprises a detector configured to detect an event, and a selector coupled to the detector and configured to generate a signal in response to a detection of an event by the detector. The signal is operable to select a set of input/output (I/O) parameters from among first and second stored sets of parameters. The device also includes a configuration module coupled to the selector. The configuration module is configured to output the selected set of I/O parameters.

Abstract: A device comprises a detector configured to detect an event, and a selector coupled to the detector and configured to generate a signal in response to a detection of an event by the detector. The signal is operable to select a set of input/output (I/O) parameters from among first and second stored sets of parameters. The device also includes a configuration module coupled to the selector. The configuration module is configured to output the selected set of I/O parameters.

Abstract: A device comprises a detector configured to detect an event, and a selector coupled to the detector and configured to generate a signal in response to a detection of an event by the detector. The signal is operable to select a set of input/output (I/O) parameters from among first and second stored sets of parameters. The device also includes a configuration module coupled to the selector. The configuration module is configured to output the selected set of I/O parameters.

Abstract: Various systems and methods for encrypting data are disclosed. In one aspect, the method includes receiving a memory address and a value to be written in the memory address. The method also includes encrypting the value using the memory address as an initial value for an encryption process. The method also includes storing the encrypted value in the memory address.

Abstract: An elliptic curve cryptographic system where point coordinates are transformed from a first coordinate system to a second coordinate system. The transformed coordinates are processed by field operations, which have been modified for operating on the transformed point coordinates. In some implementations, the point coordinates are transformed from an affine coordinate system to a projective coordinate system using a non-random value for the projective coordinate. In some implementations, the transformed projective representation of the point can be changed from a first representation of the point in projective coordinates to a second representation of the point in projective coordinates, where the projective coordinate used in the representation change is a random value.

Abstract: In an elliptic curve cryptographic system, point coordinates in a first coordinate system are transformed into a second coordinate system. The transformed coordinates are processed by field operations, which have been modified for operating on the transformed point coordinates. In some implementations, the point coordinates are transformed using a linear transformation matrix having coefficients. The coefficients can be fixed, variable or random. In some implementations, the transformation matrix is invertible.

Abstract: Various systems and methods for encrypting data are disclosed. In one aspect, the method includes receiving a memory address and a value to be written in the memory address. The method also includes encrypting the value using the memory address as an initial value for an encryption process. The method also includes storing the encrypted value in the memory address.

Abstract: A computer hardware implemented cryptography method computes a modular exponentiation, M :=Cd (mod p·q), upon a message data value C using a Chinese Remainder Theorem (CRT) based technique. To secure against cryptanalysis, the private key moduli p and q are transformed by multiplication with a generated random value s, so that p?: =p·s and q? :=q·s, as shown in an exemplary embodiment in FIG. 2. The CRT steps of the modular exponentiation are applied using the transformed moduli p? and q? to obtain a random intermediate message data value M?. A final reduction of M? modulo p·q yields the final message data value M. Values needed for the computation are loaded into data storage and accessed as needed by electronic processing hardware.

Abstract: A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation.

Abstract: A special form of a modulus and a modified Barrett reduction method are used to perform modular arithmetic in a cryptographic system. The modified Barrett reduction is a method of reducing a number modulo another number without the use of any division. By pre-computing static values used in the Barrett reduction method and by using a special form of the modulus, the calculation of reducing a number modulo another number can be reduced. This can result in a decrease in computation time, speeding up the overall cryptographic process.

Abstract: A modular multiplication method implemented in an electronic digital processing system takes advantage of the case where one of the operands W is known in advance or used multiple times with different second operands V to speed calculation. The operands V and W and the modulus M may be integers or polynomials over a variable X. A possible choice for the type of polynomials can be polynomials of the binary finite field GF(2N). Once operand W is loaded into a data storage location, a value P=?W·Xn+?/M? is pre-computed by the processing system. Then when a second operand V is loaded, the quotient q^ for the product V·W being reduced modulo M is quickly estimated, q^=?V·P/Xn+??, optionally randomized, q?=q^?E, and can be used to obtain the remainder r?=V·W?q?·M, which is congruent to (V·M) mod M. A final reduction can be carried out, and the later steps repeated with other second operands V.

Abstract: A modular multiplication method implemented in an electronic digital processing system takes advantage of the case where one of the operands W is known in advance or used multiple times with different second operands V to speed calculation. The operands V and W and the modulus M may be integers or polynomials over a variable X. A possible choice for the type of polynomials can be polynomials of the binary finite field GF(2N). Once operand W is loaded into a data storage location, a value P=?W·Xn+?/M? is pre-computed by the processing system. Then when a second operand V is loaded, the quotient q{circle around ( )} for the product V·W being reduced modulo M is quickly estimated, q{circle around ( )}=?V·P/Xn+??, optionally randomized, q?=q{circle around ( )}?E, and can be used to obtain the remainder r?=V·W?q?·M, which is congruent to (V·W) mod M. A final reduction can be carried out, and the later steps repeated with other second operands V.

Abstract: A cryptographically secure, computer hardware-implemented binary finite-field polynomial modular reduction method estimates and randomizes a polynomial quotient used for computation of a polynomial remainder. The randomizing error injected into the approximate polynomial quotient is limited to a few bits, e.g. less than half a word. The computed polynomial remainder is congruent with but a small random multiple of the residue, which can be found by a final strict binary field reduction by the modulus. In addition to a computational unit and operations sequencer, the computing hardware also includes a random or pseudo-random number generator for producing the random polynomial error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.

Abstract: A deterministic blinding method for cipher algorithms that employ key-mixing and substitution (S-box) operations uses a masking table constructed with a true mask and a plurality of dummy masks corresponding to every possible S-box input. Each mask is applied in the key-mixing operation (e.g., bitwise XOR) to the cipher key or to round subkeys to generate true and dummy keys or subkeys that are applied to the data blocks within the overall cipher algorithm or within individual cipher rounds. The mask values prevent side-channel statistical analyses from determining the true from the dummy keys or subkeys. The true mask is identifiable to the cipher but not by external observers.

Abstract: A method of protecting secret key integrity in a hardware cryptographic system includes first obtaining an encryption result and corresponding checksum of known data using the secret key, saving those results, then masking the secret key and storing the masked key. When the masked key is to be used in a cryptographic application, the method checks key integrity against fault attacks by decrypting the prior encryption results using the masked key. If upon comparison, the decryption result equals valid data, then the key's use in the cryptographic system can proceed. Otherwise, all data relating to the masked key is wiped from the system and fault injection is flagged.

Abstract: A cryptographically secure, computer hardware-implemented modular reduction method systematically underestimates and randomizes an approximate quotient used for computation of a remainder. The randomizing error injected into the approximate quotient is limited to a few bits, e.g. less than half a word. The computed remainder is congruent with but a small random multiple of the residue, which can be found by a final set of subtractions by the modulus. In addition to a computational unit and operations sequencer, the computing hardware also includes a random or pseudo-random number generator for producing the random error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.

Abstract: A cryptographically secure, computer hardware-implemented binary finite-field polynomial modular reduction method estimates and randomizes a polynomial quotient used for computation of a polynomial remainder. The randomizing error injected into the approximate polynomial quotient is limited to a few bits, e.g. less than half a word. The computed polynomial remainder is congruent with but a small random multiple of the residue, which can be found by a final strict binary field reduction by the modulus. In addition to a computational unit and operations sequencer, the computing hardware also includes a random or pseudo-random number generator for producing the random polynomial error. The modular reduction method thus resists hardware cryptoanalysis attacks, such as timing and power analysis attacks.

Abstract: A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation.

Abstract: A computational method for implementation in an electronic digital processing system performs integer division upon very large (multi-word) operands. An approximated reciprocal of the divisor is obtained by extracting the two most significant words of the divisor, adding one to the extracted value and dividing from a power of two out to two significant words. Multiplying this reciprocal value by a remainder (initialized as the dividend) obtains a quotient value, which is then decremented by a random value. The randomized quotient is multiplied by the actual divisor, and decremented from the remainder. The quotient value is accumulated to obtain updated quotient values. This process is repeated over a fixed number of rounds related to the relative sizes in words of the dividend and divisor. Each round corrects approximation and randomization errors from a preceding round.