Abstract: In one example an apparatus comprises a computer readable memory, hash logic to generate a message hash value based on an input message, signature logic to generate a signature to be transmitted in association with the message, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and accelerator logic to pre-compute at least one set of inputs to the signature logic. Other examples may be described.

Abstract: Embodiments are directed to post quantum public key signature operation for reconfigurable circuit devices. An embodiment of an apparatus includes one or more processors; and a reconfigurable circuit device, the reconfigurable circuit device including a dedicated cryptographic hash hardware engine, and a reconfigurable fabric including logic elements (LEs), wherein the one or more processors are to configure the reconfigurable circuit device for public key signature operation, including mapping a state machine for public key generation and verification to the reconfigurable fabric, including mapping one or more cryptographic hash engines to the reconfigurable fabric, and combining the dedicated cryptographic hash hardware engine with the one or more mapped cryptographic hash engines for cryptographic signature generation and verification.

Abstract: Systems, apparatuses and methods may provide for infrastructure node technology that conducts a mutual authentication with a vehicle and verifies, if the mutual authentication is successful, location information received from the vehicle. The infrastructure node technology may also send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time. Additionally, vehicle technology may conduct a mutual authentication with an infrastructure node and send, if the mutual authentication is successful, location information to the infrastructure node. The vehicle technology may also receive a token from the infrastructure node.

Abstract: In one example an apparatus comprises a computer readable memory, a signing facility comprising a plurality of hardware security modules, and a state synchronization manager comprising processing circuitry to select, from the plurality of hardware security modules, a set of hardware security modules to be assigned to a digital signature process, the set of hardware security modules comprising at least a first hardware security module and a second hardware module, and assign a set of unique state synchronization counter sequences to the respective set of hardware security modules, the set of state synchronization counter sequences comprising at least a first state synchronization counter sequence and a second state synchronization counter sequence. Other examples may be described.

Abstract: Technologies for memory and I/O efficient operations on homomorphically encrypted data are disclosed. In the illustrative embodiment, a cloud compute device is to perform operations on homomorphically encrypted data. In order to reduce memory storage space and network and I/O bandwidth, ciphertext blocks can be manipulated as data structures, allowing operands for operations on a compute engine to be created on the fly as the compute engine is performing other operations, using orders of magnitude less storage space and bandwidth.

Abstract: Technologies for remote attestation include a group member device to generate a signature of a message using a cryptographic key assigned to the group member device by a group manager and determine an authentication path that indicates a plurality of cryptographic hashes necessary to compute a group public key of a group associated with a plurality of group member devices. The cryptographic key is assigned to the group member device based on a permutation of a set of cryptographic keys generated by the plurality of group member devices. The group member device transmits the signature and the authentication path to a verifier device for verification of the signature.

Abstract: Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

Abstract: A technique includes generating a direct anonymous attestation (DAA)-based signature to prove an electronic device is a member of a group. Generating the signature includes determining a reciprocal of a prime modulus, and determining the reciprocal of the prime modulus comprises left bit shifting a Barrett multiplier by a predetermined number of bits and multiplying a result of the left bit shifting of the Barrett multiplier with the prime modulus.

Abstract: Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

Abstract: Systems, methods, apparatus, and articles of manufacture to prevent unauthorized release of information associated with a function as a service are disclosed. A system disclosed herein operates on in-use information. The system includes a function as a service of a service provider that operates on encrypted data. The encrypted data includes encrypted in-use data. The system also includes a trusted execution environment (TEE) to operate within a cloud-based environment of a cloud provider. The function as a service operates on the encrypted data within the TEE, and the TEE protects service provider information from access by the cloud provider. The encrypted in-use data and the service provider information form at least a portion of the in-use information.

Abstract: Systems, devices, and techniques for V2X communications using multiple radio access technologies (RATs) are described herein. A communication associated with one or more of the multiple RATs may be received at a device. The device may include a transceiver interface with multiple connections to communicate with multiple transceiver chains. The multiple transceiver chains can be configured to support multiple RATs. Additionally, the multiple transceiver chains may be controlled via the multiple connections of the transceiver interface to coordinate the multiple RATs to complete the communication.

Abstract: In a method for validating software updates, a data processing system contains a current version of a software component. The data processing system saves at least first and second current advance keys (AKs). After saving the current AKs, the data processing system receives an update package for a new version of the software component. The data processing system extracts a digital signature and two or more new AKs from the update package. The data processing system uses at least one current AK to determine whether the digital signature is valid. In response to a determination that the digital signature is valid, the data processing system uses a software image from the update package to update the software component, and the data processing system saves the new AKs, for subsequent utilization as the current AKs.

Abstract: Systems, apparatus, methods, and techniques for functional safe execution of encryption operations are provided. A fault tolerant counter and a complementary pair of encryption flows are provided. The fault tolerant counter may be based on a gray code counter and a hamming distance checker. The complementary pair of encryption flows have different implementations. The output from the complementary pair of encryption flows can be compared, and where different, errors generated.

Abstract: Systems, apparatus, methods, and techniques for facilitating privacy preserving secure communicating in a platoon of devices, such as, vehicles, roadside units, or the like is provided. A service initiator provisions a ring key-set as well as a public key-pair and distributes the keys to user equipment and service coordinators. During operation, user equipment can query, via a service coordinator, the existence of a platoon, form a platoon, or join a platoon with the ring key-set and the public key-pair. To form a platoon the service coordinator can generate a symmetric key and provide the symmetric key to the user equipment. Subsequently, user equipment can communicate using the symmetric key.

Abstract: Sensor data is accessed, which was generated sensors of a device in an environment. An observation of an event is determined, from the sensor data, that identifies movement of one or more machines within the environment in association with the event, where at least one of the machines is configured to move autonomously. Observation data is generated to describe the observation. The observation data is caused to be stored in a distributed linked data structure.

Abstract: In one example a prover device comprises one or more processors, a computer-readable memory, and signature logic to store a first cryptographic representation of a first trust relationship between the prover device and a verifier device, the first cryptographic representation based on a pair of asymmetric hash-based multi-time signature keys, receive an attestation request message from the verifier device, the attestation request message comprising attestation data for the verifier device and a hash-based signature generated by the verifier device, and in response to the attestation request message, to verify the attestation data, verify the hash-based signature generated by the verifier device using a public key associated with the verifier device, generate an attestation reply message using a hash-based multi-time private signature key and send the attestation reply message to the verifier device. Other examples may be described.

Abstract: An attestation protocol between a prover device (P), a verifier device (V), and a trusted third-party device (TPP). P and TPP have a first trust relationship represented by a first cryptographic representation based on a one-or-few-times, hash-based, signature key. V sends an attestation request to P, with the attestation request including a second cryptographic representation of a second trust relationship between V and TPP. In response to the attestation request, P sends a validation request to TPP, with the validation request being based on a cryptographic association of the first trust relationship and the second trust relationship. TPP provides a validation response including a cryptographic representation of verification of validity of the first trust relationship and the second trust relationship. P sends an attestation response to V based on the validation response.

Abstract: Embodiments are directed to post quantum public key signature operation for reconfigurable circuit devices. An embodiment of an apparatus includes one or more processors; and a reconfigurable circuit device, the reconfigurable circuit device including a dedicated cryptographic hash hardware engine, and a reconfigurable fabric including logic elements (LEs), wherein the one or more processors are to configure the reconfigurable circuit device for public key signature operation, including mapping a state machine for public key generation and verification to the reconfigurable fabric, including mapping one or more cryptographic hash engines to the reconfigurable fabric, and combining the dedicated cryptographic hash hardware engine with the one or more mapped cryptographic hash engines for cryptographic signature generation and verification.

Abstract: In one example an apparatus comprises a computer readable memory, hash logic to generate a message hash value based on an input message, signature logic to generate a signature to be transmitted in association with the message, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and accelerator logic to pre-compute at least one set of inputs to the signature logic. Other examples may be described.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS operations logic to manage XMSS functions, a chain function controller to manage chain function algorithms, a secure hash algorithm-2 (SHA2) accelerator, a secure hash algorithm-3 (SHA3) accelerator, and a register bank shared between the SHA2 accelerator and the SHA3 accelerator. Other examples may be described.