Abstract: An AES encryption processor is provided for reducing hardware with improved throughput. The processor is composed of a selector unit selecting an element of a state in response to row and column indices, a S-box for obtaining a substitution value with said selected element used as an index, a coefficient table providing first to fourth coefficients in response to said row index, first to fourth Galois field multiplexers respectively computing first to fourth products, which are obtained by multiplication of said substitution value with first to fourth coefficients, respectively, and an accumulator which accumulates the first to fourth products to develop first to fourth elements of a designated column of a resultant state.

Abstract: The cryptographic system and method for securing data from unauthorized access includes, in one embodiment, an iterative probabilistic cipher for converting plaintext into ciphertext comprising at least two components, a core and a flag. A corresponding key and the core and flag may be output in one or more data channels. For each round of encryption additional keys, cores and flags can be generated. Unless all keys, cores and flags are known, no recovery of the plaintext can be possible.

Abstract: A processor including instruction support for implementing the Kasumi block cipher algorithm may issue, for execution, programmer-selectable instructions from a defined instruction set architecture (ISA). The processor may include a cryptographic unit that may receive instructions for execution. The instructions include one or more Kasumi instructions defined within the ISA. In addition, the Kasumi instructions may be executable by the cryptographic unit to implement portions of a Kasumi cipher that is compliant with 3rd Generation Partnership Project (3GPP) Technical Specification TS 35.202 version 8.0.0. In response to receiving a Kasumi FL( )-operation instruction defined within the ISA, the cryptographic unit may perform an FL( ) operation, as defined by the Kasumi cipher, upon a data input operand and a subkey operand in which the data input operand and subkey operand may be specified by the Kasumi FL( )-operation instruction.

Abstract: A processor including instruction support for implementing the Data Encryption Standard (DES) block cipher algorithm may issue, for execution, programmer-selectable instructions from a defined instruction set architecture (ISA). The processor may include a cryptographic unit that may receive instructions for execution. The instructions include one or more DES instructions defined within the ISA. In addition, the DES instructions may be executable by the cryptographic unit to implement portions of an DES cipher that is compliant with Federal Information Processing Standards Publication 46-3 (FIPS 46-3). In response to receiving a DES key expansion instruction defined within the ISA, the cryptographic unit may generate one or more expanded cipher keys of the DES cipher key schedule from an input key.

Abstract: A method to generate a pairwise master key for use in establishing a wireless connection is presented. In one embodiment, the method comprises determining a region in an image. The method further comprises generating the pairwise master key based at least on contents of the region in the image.

Abstract: Data are converted between an unencrypted and an encrypted format according to the Rijndael algorithm, including a plurality of rounds. Each round is comprised of a fixed set of transformations applied to a two-dimensional array, designating states, of rows and columns of bit words. At least a part of the transformations are applied on a transposed version of the state, wherein rows and columns are transposed for the columns and rows, respectively.

Abstract: An apparatus for detecting a potential attack on a crypto-graphic calculation performing a calculation with at least one parameter includes first means for providing a parameter masked according to a first masking algorithm, first means for performing the calculation with the masked parameter in order to obtain a masked result of the calculation, means for remasking the masked result formed to process the masked result so that a remasked result masked according to a second masking algorithm is obtained, second means for providing a parameter masked according to the first masking algorithm, second means for performing the calculation with the provided masked parameter in order to obtain a second masked result, and means for examining the first remasked result and the second masked result in order to detect the potential attack.

Abstract: A method for protecting an electronic entity with encrypted access, against DFA (Differential Fault Analysis) attacks which includes: storing the result of a selected step (Rm, Kn) of an iterative process forming part of the cryptographic algorithm and in performing once more at least part of the steps of the iterative process up to a new computation of a result corresponding to the one which has been stored, comparing the two results and denying distribution of an encrypted message (MC) if they are different.

Abstract: Systems, apparatuses, and methods are provided for whitening and managing data for storage in non-volatile memories, such as Flash memory. In some embodiments, an electronic device such as media player is provided, which may include a system-on-a-chip (SoC) and a non-volatile memory. The SoC may include SoC control circuitry and a memory interface that acts as an interface between the SoC control circuitry and the non-volatile memory. The SoC can also include an encryption module, such as a block cipher based on the Advanced Encryption Standard (AES). The memory interface can direct the encryption module to whiten all types of data prior to storage in the non-volatile memory, including sensitive data, non-sensitive data, and memory management data. This can, for example, prevent or reduce program-disturb problems or other read/write/erase reliability issues.

Abstract: A cryptographic method for enhancing computation performance of a central processing unit involves the execution of a conversion function of the cryptographic method by the central processing unit. The conversion function computation requires the use of a plurality of substitution boxes. The method comprises the steps of: (A) detecting a processing bit length of the central processing unit; (B) generating at least one new substitution box from original substitution boxes according to the processing bit length and a bit permutation sequence, each of the at least one new substitution box containing a plurality of new substitution values whose bit length is equal to the processing bit length; and (C) using a bit expansion operation, a bitwise exclusive OR operation, the selection operations that use the at least one new substitution box generated in step (B), a plurality of bitwise AND operations, and at least one bitwise OR operation to conduct the conversion function computation.

Abstract: A printing device capable of preventing a printing process from being performed in accordance with print information sent from a printer driver in version for which permission of use is not given. In a host computer, a print data generator adds signature data to print data, which is transferred to a printer, by employing a signature algorithm and signature-related data. In a printer, a print data analyzing/processing unit extracts the signature data having been added to the print data transferred from the host computer, and verifies the extracted signature by employing a signature verification algorithm and signature verification data.

Abstract: A data security system that includes a first memory device to store message data to be secured, a second memory device to store microcode including an instruction set defining a cryptographic algorithm for use in securing the message data, and a processing unit to execute the microcode to implement the cryptographic algorithm.

Abstract: A method and apparatus for a system and process for generating a hashing value using any number of cryptographic hashing functions. The hashing process receives an input value to be hashed. The input value is cyptographically hashed and augmented. The augmented value is then cryptographically hashed. The process then iteratively applies a set of non-linear functions to these values. Each iteration maintaining a ‘left half’ and ‘right half.’ After the last iteration, the left and right portions are concatenated to form a hash value that is output.

Abstract: A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation.

Abstract: Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P{K1} XOR K2P{K2} equals the “standard” DES key K, and M1P{M1} XOR M2P{M2} equals the “standard” message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

Abstract: A method inserts synchronization markers into a standardized stream of compressed and ciphered data, wherein at least one part of the compressed data stream is ciphered bit by bit, by block cipher, and wherein a synchronization marker is only inserted into the compressed data stream after the number of ciphered bits has reached or exceeded the number of bits of the cipher block.

Abstract: The method and system of the invention provide a variety of techniques for using a selected alias and a selected personal identification entry (PIE) in conjunction with use of a transaction card, such as a credit card, debit card or stored value card, for example. A suitable number or other identification parameter is selected by the account-holder as an alias. The account-holder is then required to choose a PIE for security purposes. The alias is linked to the account-holder's credit card number via a database. When the account-holder enters into a transaction with a merchant, the physical card need not be present. The account-holder simply provides his or her alias and then the PIE. This can be done at any point of sale such as a store, catalog telephone order, or over the Internet. The alias and PIE are entered and authorization is returned from the credit card company.

Abstract: The present invention pertains to data security, and more particularly to the security of encrypted data that can be transmitted between computers and the like, as well as stored upon one or more computer systems. A technique is disclosed for efficiently implementing the Rijndael inverse cipher. In this manner, encrypted ciphertext can be efficiently decrypted or converted back into plaintext. Data throughput can be enhanced via pipelining while cost savings can be concurrently achieved as less wafer space and/or die area may be utilized. Adaptations may be made based upon a resulting complexity of implementing a particular design while satisfying a maximum throughput requirement.

Abstract: A secure approach for sending a original message from a sender to a receiver. The sender may encrypt the original message by performing an XOR (or XNOR) operation of the original message and a first random message (same size as original message) on a bit by basis to generate a second message. The receiver may also perform an XOR of the second message with a locally generated second random message. The resulting message is sent to the sender system. The sender system may again perform XOR operation of the received message and the first random message, and send the resulting message to receiver. The receiver may perform XOR operation on the received output to generate the original message sent by the sender. Other technologies such as digital signatures and key pairs (public key infrastructure) may be used in each communication between the sender and receiver to further enhance security.

Abstract: A cryptographic system for encrypting input data in accordance with an encryption algorithm having a repeated-round structure may include an encryption unit updating and storing encrypted data in accordance with the encryption algorithm in each given round, and outputting the encrypted data after executing the encryption for a given number of rounds. The system may include a compensation unit generating and storing compensation data so that a sum of a Hamming distance for the updated and stored data and a Hamming distance of the compensation data is maintained at a constant value.

Abstract: A method whereby an encryption apparatus encrypts a message on the basis of a fibration X(x, y, t) serving as a public key when private keys are two or more sections corresponding to fibration X(x, y, t)=0 of an algebraic surface X, the method comprises embedding plaintext M obtained by concatenating the message to a random number as the coefficients of plaintext polynomial M(t) of degree l?1 or less, and generating encrypted text F=Epk(M, p, q, f, X) from the plaintext polynomial M(t) by an encrypting process of performing operations including at least one of addition, subtraction, and multiplication of random polynomials p(x, y, t), q(x, y, t), a random irreducible polynomial f(t) of degree l or more, and the fibration X(x, y, t) with respect to the plaintext polynomial M(t).

Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.

Abstract: An apparatus comprising a mode circuit and an encryption circuit. The mode circuit may be configured to selectively provide register input data on an output signal when in a first mode and memory data on the output signal when in a second mode. The encryption circuit may be configured to interchangeably encrypt/decrypt between the register input data and the memory data.

Abstract: The present disclosure provides a parallelizable integrity-aware encryption technique. In at least one embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises whitening at least one message block with a first mask value, encrypting the whitened at least one message block using a block cipher and a first key, and whitening the encrypted at least one message block with a second mask value to generate at least one corresponding output ciphertext block. In another embodiment of the present disclosure, a parallelizable integrity-aware encryption method comprises applying a XOR function to all blocks of a message to compute a XOR-sum, applying a first mask value to the XOR-sum; encrypting the masked XOR-sum using a block cipher and a first key, and applying a second mask value to the encrypted XOR-sum to generate an integrity tag.

Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.

Abstract: It is desired to share one circuit by an encryption unit 200 and a decryption unit 500. A normal data transformation unit (FL) 251 and an inverse data transformation unit (FL?1) 273 are located at point symmetry on a non-linear data transformation unit 220, and a normal data transformation unit (FL) 253 and an inverse data transformation unit (FL?1) 271 are located at point symmetry on the non-linear data transformation unit 220. Therefore, the encryption unit 200 and the decryption unit 500 can be configured using the same circuits.

Abstract: It is desired to share one circuit by an encryption unit 200 and a decryption unit 500. A normal data transformation unit (FL) 251 and an inverse data transformation unit (FL?1) 273 are located at point symmetry on a non-linear data transformation unit 220, and a normal data transformation unit (FL) 253 and an inverse data transformation unit (FL?1) 271 are located at point symmetry on the non-linear data transformation unit 220. Therefore, the encryption unit 200 and the decryption unit 500 can be configured using the same circuits.

Abstract: Data to be encrypted (301) is partially extracted successively. A result of encrypting a previously extracted portion of the data is used to successively calculate that of encrypting the currently extracted portion of the data successively. Successively calculated results of the encryption are used to generate encrypted data (305). In generating the encrypted data, a finally calculated result of the encryption (PF(z+1)) is attached to the generated encrypted data. The finally calculated result is used as falsification detecting data (308) for detecting whether the data to be encrypted is falsified data.

Abstract: The elliptic-polynomial based Message Authentication Code (MAC) provides MAC generation methods based on the elliptic polynomial discrete logarithm problem. It is well known that an elliptic polynomial discrete logarithm problem is a computationally “difficult” or “hard” problem. The methods use both an elliptic polynomial polynomial and its twist, even if the polynomial and its twist are not isomorphic. Since both the polynomial and its twist are used, multiple x- and y-coordinates can be used to embed bit strings into a point that satisfies the elliptic polynomial, and the embedding process is non-iterative, so that the time required to embed the bit string is independent of the bit string content.

Abstract: The invention concerns a process for securing an electronic device incorporating a hardware component capable of autonomous implementation of calculation process f using one key K, the process involves calculating at least two new keys K?i such that at least one of said new keys is identical to key K, and one of said new keys is different from key K, and executing said calculation process f successively with each of said calculated keys K?i, using said hardware component.

Abstract: A system and method are described supporting secure implementations of 3DES and other strong cryptographic algorithms. A secure key block having control, key, and hash fields safely stores or transmits keys in insecure or hostile environments. The control field provides attribute information such as the manner of using a key, the algorithm to be implemented, the mode of use, and the exportability of the key. A hash algorithm is applied across the key and control for generating a hash field that cryptographically ties the control and key fields together. Improved security is provided because tampering with any portion of the key block results in an invalid key block. The work factor associated with any manner of attack is sufficient to maintain a high level of security consistent with the large keys and strong cryptographic algorithms supported.

Abstract: A cryptographic processing apparatus includes: at least one register configured to store data for operation; a first operation block configured to execute an operation in accordance with data stored in the register; a second operation block configured to execute a logic operation between one of a register-stored value and a key and an operation result of the first operation block; and a decode block configured to decode binary data in units of the predetermined number of bits to convert the binary data into decode data having the number of bits higher than the number of bits of the binary data.

Abstract: Methods and systems for securing data in a data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices. The method further includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks, and cryptographically splitting the session key into a plurality of session key fragments. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares, and encrypting each of the plurality of session key fragments with a workgroup key associated with a source of the block of data.

Abstract: The present disclosure includes methods and devices for parallel encryption/decryption. In one or more embodiments, an encryption/decryption device includes an input logic circuit, an output logic circuit, and a number of encryption/decryption circuits arranged in parallel between the input logic circuit and the output logic circuit. For example, each encryption/decryption circuit can be capable of processing data at an encryption/decryption rate, and the number of encryption/decryption circuits can be equal to or greater than an interface throughput rate divided by the encryption/decryption rate.

Abstract: An encoder according to the present invention embodiments employs a key expansion module to expand an encryption key by using logic and available clock cycles of an encryption process or loop. The key expansion module generates control signals to enable key expansion data to be injected at appropriate times into the encryption loop (e.g., during available clock cycles of the encryption loop) to perform the key expansion, thereby utilizing the resources of the encryption loop for key expansion. The key expansion module dynamically accounts for varying key lengths, and enables the encryption loop to combine the data being encrypted with proper portions of the expanded key. The use of encryption logic and available clock cycles of the encryption loop for the key expansion reduces the area needed by the encoder on a chip and enhances encoder throughput.

Abstract: Logic circuitry and corresponding software instructions for performing functions within the FL function of a Kasumi cipher. An RLAX logic circuit includes a bit-wise AND function, a reorder bus, and a bit-wise exclusive-OR function for generating a destination word from corresponding logic functions of portions of first and second operands, in executing an RLAX program instruction. An RLOX logic circuit includes a bit-wise OR function, a reorder bus, and a bit-wise exclusive-OR function for generating a destination word from corresponding logic functions of portions of first and second operands, in executing an RLOX program instruction. Plural instances of the logic circuits can be implemented in parallel, to simultaneously operate upon plural data blocks.

Abstract: The present invention discloses a digital signature scheme based on braid group conjugacy problem and a verifying method thereof, wherein a signatory S selects three braids x?LBm(l), x??Bn(l), a?Bn(l), and considers braid pair (x?,x) as a public key of S, braid a as a private key of S; Signatory S uses hash function h for a message M needing signature to get y=h(M)?Bn(l); generating a braid b?RBn?1?m(l) randomly, then signing M with a and b to obtain Sign(M)=a?1byb?1a; a signature verifying party V obtains the public key of S, calculating the message M by employing hash function h, obtaining the y=h(M); judging whether sign(M) and y, sign(M)x? and xy are conjugate or not, if yes, sign(M) is a legal signature of message M; the present invention reduces the number of braids involved and the number for conjugacy decision without reducing security, thereby improving the operation efficiency of signature.

Abstract: The present invention is directed to a three-phase encryption method and a three-phase decryption method, and an apparatus implementing the three-phase encryption method and/or the three-phase decryption method. To encrypt a message according to the three-phase encryption method, a content of a message is converted from a first form M to a second form M?; the content of the message is separated according to a spacing pattern; and the content of the message is scrambled according to a scrambling pattern. To decrypt the message encrypted using the three-phase encryption method, the scrambling and spacing patterns are reversed, and the content of the message is converted from the second form M? to the first form M.

Abstract: For a defined cryptographic process including an original substitution table, split masked substitution tables are provided to resist cryptographic attacks. The split masked substitution tables are defined with reference to a set of random value data words and a mask value. An entry in the split masked substitution tables is defined by selecting bits from the corresponding entry in the original masked substitution table, as masked by the corresponding one of the set of random value data words and by selecting bits from the corresponding one of the set of random value data words as masked by the mask value. The split masked substitution tables are usable in a modified cryptographic process based on the defined cryptographic process to permit a masked output to be generated. The split masked substitution tables are refreshed by each entry in the tables being refreshed upon access during execution of the modified cryptographic process.

Abstract: A method, system and program product for executing a cipher message assist instruction in a computer system by specifying, via the cipher message assist instruction, either a capability query installed function or execution of a selected function of one or more optional functions, wherein the selected function is an installed optional function, wherein the capability query determines which optional functions of the one or more optional functions are installed on the computer system.

Abstract: A hardware-facilitated secure software execution environment provides protection of both program instructions and data against unauthorized access and/or execution to maintain confidentiality and integrity of the software or the data during distribution, in external memories, and during execution. The secure computing environment is achieved by using a hardware-based security method and apparatus to provide protection against software privacy and tampering. A Harvard architecture CPU core is instantiated on the same silicon chip along with encryption management unit (EMU) circuitry and secure key management unit (SKU) circuitry. Credential information acquired from one or more sources is combined by the SKU circuitry to generate one or more security keys provided to the EMU for use in decrypting encrypted program instructions and/or data that is obtained from a non-secure, off-chip source such as an external RAM, an information storage device or other network source.

Abstract: An encryption and authentication technique that achieves enhanced integrity verification through assured error-propagation using a multistage sequence of pseudorandom permutations. The present invention generates intermediate data-dependent cryptographic variables at each stage, which are systematically combined into feedback loops. The encryption technique also generates an authentication tag without any further steps that is N times longer than the block size where N is the number of pseudorandom permutations used in the encipherment of each block. The authentication tag provides a unique mapping to the plaintext for any number of plaintext blocks that is less than or equal to N. In addition to being a stand alone encryption algorithm, the disclosed technique is applicable to any mode that uses pseudorandom permutations such as, key dependent lookup tables, S-Boxes, and block ciphers such as RC5, TEA, and AES.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: Disclosed herein are systems, methods, and computer readable-media for performing data encryption and decryption using a stream or block cipher with internal random states. The method includes splitting the input data into a predetermined number of blocks and processing each block. The processing includes creating sub-blocks, permuting the sub-blocks, replacing bytes using a lookup table, rotating bits, performing expansion and combining sets of bits. The element of randomness employed in this process allows for the same input to yield the same output, with differing internal states.

Abstract: Provided are a method and apparatus for encrypting data, and a method and apparatus for decrypting data. The method of encrypting data includes generating an encryption key by using current time information indicating a current time, encrypting data by using the generated encryption key, and transmitting the encrypted data.

Abstract: An apparatus for generating round-key words in accordance with a Rijndael algorithm. In one embodiment of the invention, the apparatus includes (a) a key expansion register block, having a key expansion register adapted to receive a final cipher key of a key expansion schedule in accordance with the Rijndael algorithm; (b) a round constant generator; (c) a first XOR adder adapted to add a first word of the key expansion register to a second word to generate and provide a first sum to the key expansion register block; (d) a transformation block adapted to generate a transformed word based on the first sum and the current round constant over four counts of a first cyclical counter; and (e) a second XOR adder adapted to add the transformed word to the first word of the key expansion register to generate and provide a second sum to the key expansion register block.

Abstract: The present invention provides a parallelizable integrity-aware encryption technique. In at least one embodiment of the invention, a parallelizable integrity-aware encryption method comprises whitening at least one message block with a first mask value, encrypting the whitened at least one message block using a block cipher and a first key, and whitening the encrypted at least one message block with a second mask value to generate at least one corresponding output ciphertext block. In another embodiment of the invention, a parallelizable integrity-aware encryption method comprises applying a XOR function to all blocks of a message to compute a XOR-sum, applying a first mask value to the XOR-sum; encrypting the masked XOR-sum using a block cipher and a first key, and applying a second mask value to the encrypted XOR-sum to generate an integrity tag.

Abstract: An encryption apparatus having an encryption interruption/restart function and temporarily interrupting packet processing accompanied with encryption to first process packets having a higher priority order, having a data storage memory for storing data for processing, a common key cipher block for encrypting transferred data to be processed by a common key cipher, and a memory access controller for controlling the data transfer from the data storage memory to the common key cipher block based on a descriptor providing information instructing the transfer data to be processed from the data storage memory, wherein the descriptor includes a descriptor format for instructing a cipher algorithm in the common key cipher and for instructing an encryption mode, and an encryption method.

Abstract: An apparatus including an initialization circuit and a hash computation circuit. The initialization circuit may be configured to present a number of initialization values. The hash computation circuit may be configured to generate hash values for the message in response to the padded message blocks and the initialization values. The hash computation circuit generally performs a diagonal cut technique that simultaneously uses values from a plurality of different cycle rounds in a single cycle round analog.

Abstract: To generate and verify signature data using a known signature algorithm whose safety is ensured from the viewpoint of calculation quantity and ensuring the authenticity thereof over a long time period. A message to be signed is transmitted, a padding-data item is added to the message, and a signature-data item of the message with the padding-data item added thereto is generated by using a hash function and a public-key cryptosystem. The addition step and the generation step are performed a predetermined number of times by using the signature-data item, as the padding-data item, and the signature-data items generated the predetermined number of times and the padding-data items added the predetermined number of times are externally transmitted with the message.