Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using polynomials for lattice-based cryptography in a processor, the instructions, including: applying a share-wise Kronecker substitution to arithmetic shares of a first polynomial; applying a Kronecker substitution to a second polynomial; multiplying share-wise the Kronecker substitution of the second polynomial and the arithmetic shares of the Kronecker substitution of the shares of the first polynomial to produce arithmetic shares of a first output; converting the shares of the first output to arithmetic shares of a polynomial representation; converting the arithmetic shares of the polynomial representation to Boolean shares of the polynomial representation; adding the Boolean shares of the polynomial representation to Boolean shares of a third polynomial to produce Boolean shares of a second output; and carrying out a cryptographic operation using the Bool

Abstract: A secure processing system configured to produce a hash based digital signature of a message, including: random number generator (RNG); a monotonic counter device configured to produce a monotonically increasing counter value; a hash accelerator configured to produce a hash of the message based upon a random number from the RNG and the counter value; and a run time integrity check (RTIC) device configured to check the integrity of the operation of the hash accelerator based upon the counter value.

Abstract: Various embodiments relate to a fault detection system and method for a digital signature algorithm, including: producing a digital signature of a message using a digital signature algorithm; storing parameters from a last round of the digital signature algorithm; executing the last round of the digital signature algorithm using the stored parameters to produce a check signature; comparing the digital signature to the check signature; and outputting the digital signature when the digital signature is the same as the check signature.

Abstract: A curved light guide structure configured to guide a spectral region, includes: end faces disposed at two ends of the ring segment structure; a first main side extending between the end faces and a second main side opposite the first main side and extending between the end faces; at least a first pass region on the first main side, the first pass region being configured to receive and let pass an optical signal within the spectral region, the curved light guide structure being configured to guide the optical signal along an axial direction between the end faces; and at least a second pass region on the second main side that is configured to let pass and to emit at least part of the optical signal from the curved light guide structure.

Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound ?0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound ?0 and a second bound ?1 from the Boolean shares to obtain z?B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z?B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound ?0 and second bound ?1.

Abstract: A device includes a computer readable memory storing a plurality of one-time signature (OTS) keypairs and a processor that is configured to execute a hash function on a message using a first private key of a first OTS keypair of the plurality of OTS keypairs to determine a message signature, execute the hash function to calculate a leaf node value of a hash tree using the first OTS keypair, determine a plurality of authentication path nodes in the hash tree, retrieve, from the computer readable memory, values of a first subset of the plurality of authentication path nodes, calculate values for each node in a second subset of the plurality of authentication path nodes, and store, in the computer readable memory, the values for each node in the authentication path and the value of the leaf node.

Abstract: A system and method of carrying out a binary arithmetic operation in a cryptographic operation for lattice-based cryptography. The variables used in the binary arithmetic operation may have their bits randomly rotated to counter side channel attacks. An addition and multiplication operation on variables with rotated bits are disclosed.

Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for generating keys in a hash based signature system in a processor, the instructions, including: generating, by a random number generator, a seed; repeatedly hashing the seed with a first hash function to produce n/k chained seeds, wherein n is a total number secret keys generated and k is a number of secret keys generated from each chained seed; and generating k secret keys from each of the n/k chained seeds using a second hash function, wherein at least one of the k secret keys is generated from another of the k secret keys in a sequential chain.

Abstract: A data processing system and method for norm checking a cryptographic operation for lattice-based cryptography in a processor, the instructions, including: multiplying a first polynomial by a second polynomial to produce a first output, wherein the d arithmetic shares have a modulus q?; securely converting the first output to d Boolean shares; securely subtracting a third polynomial from the first output to produce a second output, wherein the third polynomial is randomly generated and then offset by a first constant parameter; securely adding a first constant based upon a bound check and the first constant parameter to the second output to shift the values of the second output to positive values to produce a third output; and securely adding a second constant based upon the bound check to the third output to produce a carry bit.

Abstract: A communication node for optical-wireless communication in an optical-wireless communication network has: an input interface configured to receive a data signal, an optical transmitter configured to convert the data signal into an optical signal having an optical power, separation optics configured to spatially divide the optical signal into a plurality of optical partial signals having an associated spectral range to divide the optical power onto the plurality of optical partial signals, wherein the plurality of spectral ranges at least partially match. The communication node is configured to emit the plurality of optical partial signals for optical-wireless communication.

Abstract: A hardware converter configured to convert d arithmetic shares of x to d Boolean shares of x. The hardware converter has a plurality of addition layers in a tree structure. Each layer has a plurality of secure bit adders.

Abstract: A plurality of objects that comprise an input to a cryptographic signing function. For each object in the plurality of objects, an output value yi of a hash function is calculated, where the value i is equal to an index value of the object, a compressed output value xi of a compression function is calculated, the output value yi from the computer readable memory, and the compressed output value xi is stored. For each object in the plurality of objects, an output value y?i of the hash function is calculated, where the value i is equal to the index value of the object, a compressed output value x?i of the compression function executed on the output value y?i is calculated, the output value x?i is determined to be equal to the output value xi, and the output value y?i is transmitted in an output data stream.

Abstract: A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, including: computing vector z based on a secret nonce vector y, a first secret key vector s1, and a challenge polynomial c, wherein vectors z, y, and s1 include l polynomials having n coefficients, wherein polynomial c has n coefficients, and wherein l and n are integers; computing a difference value between all of the coefficients of the polynomials in the vector z; computing a number of how many of the computed difference values are outside a specified value range; computing a digital signature for an input message; and rejecting the digital signature when the computed number is greater than a threshold value.

Abstract: Various embodiments relate to a hardware device configured to compute a plurality of chained hash functions in parallel, including: a processor implementing p hash functions configured to operate on a small input, where p is an integer; a data unit connected to the plurality of hash functions, configured to store the outputs of plurality of hash functions that are then used as the input to a next round of computing the hash function, wherein the processor receives a single instruction and p small data inputs, and wherein each of the p hash functions are used to perform a chained hash function operation on a respective small input of the p small inputs.

Abstract: A device may include a computer-readable memory and an integrated circuit including a processor configured to implement a cryptographic operation, wherein the cryptographic operation enables computation of a cryptographic result using a bit masking value y. The processor may be configured to access the computer-readable memory to determine a set of bit indexes, wherein each bit index in the set of bit indexes is associated with a bit value in the bit masking value y, for each bit index in the set of bit indexes, calculate an adaptive share value in which the bit value associated with the bit index is masked, and execute a cryptographic operation using the adaptive share value.

Abstract: Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having ns arithmetic shares into a high part a1 and a low part a0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base ? to compute t(?)A; extracting Boolean shares a1(?)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t(?)A and performing an AND with ??1, where ?=???1 is a power of 2; unmasking a1 by combining Boolean shares of a1(?)B; calculating arithmetic shares a0(?)A of the low part a0; and performing a cryptographic function using a1 and a0(?)A.

Abstract: Various embodiments relate to a fault detection system and method for polynomial operations, including: selecting a plurality of evaluation points; evaluating a first polynomial at the plurality of evaluation points to produce first results; applying a first function to the first polynomial to produce a second polynomial; evaluating the second polynomial at the plurality of evaluation points second results; evaluating a second scalar function on the first results to produce third results; comparing the second results to the third results; and performing a polynomial operation using the second polynomial when the second results match the third results.

Abstract: In an ultra-wideband (UWB) communication network, a controller anchor changes which anchor of a group of anchors serves as initiator for each of multiple ranging rounds. Based on the capabilities of the anchors in the UWB communication network, the controller selects among multiple modes for designating which anchor serves as initiator for each ranging round. In a first mode, the anchors take turns serving as the initiator for successive ranging rounds in round robin fashion. In a second mode, the anchors randomly take turns serving as the initiator for ranging rounds. By dynamically selecting an initiator for each ranging round, launching a successful jamming attack becomes significantly more complicated.

Abstract: Various embodiments relate to a fault detection system and method for a digital signature algorithm, including: producing a digital signature of a message using a digital signature algorithm; storing parameters from a last round of the digital signature algorithm; executing the last round of the digital signature algorithm using the stored parameters to produce a check signature; comparing the digital signature to the check signature; and outputting the digital signature when the digital signature is the same as the check signature.

Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including matrix multiplication for lattice-based cryptography in a processor, the instructions, including: applying a first function to the rows of a matrix of polynomials to generate first outputs, wherein the first function excludes the identity function; adding an additional row to the matrix of polynomials to produce a modified matrix, wherein each element in the additional row is generated by a second function applied to a column of outputs associated with each element in the additional row; multiplying the modified matrix with a vector of polynomials to produce an output vector of polynomials; applying a verification function to the output vector that produces an indication of whether a fault occurred in the multiplication of the modified matrix with the vector of polynomials; and carrying out a cryptographic operation using