Abstract: In extended Feistel type common key block cipher processing, a configuration is realized in which an encryption function and a decryption function are commonly used. In a cryptographic processing configuration to which an extended Feistel structure in which the number of data lines d is set to an integer satisfying d?3 is applied, involution properties, that is, the application of a common function to encryption processing and decryption processing, can be achieved. With a configuration in which round keys are permuted or F-functions are permuted in the decryption processing, processing using a common function can be performed by setting swap functions for the encryption processing and the decryption processing to have the same processing style.

Abstract: Side channel attacks against a computing device are prevented by combinations of scrambling data to be stored in memory and scrambling the memory addresses of the data using software routines to execute scrambling and descrambling functions. Encrypted versions of variables, data and lookup tables, commonly employed in cryptographic algorithms, are thus dispersed into pseudorandom locations. Data and cryptographic primitives that require data-dependent memory accesses are thus shielded from attacks that could reveal memory access patterns and compromise cryptographic keys.

Abstract: A method and system distributes N shares of a secret among cooperating entities by forming a mathematical construct that has an embedded internal structure to allow authentication of a reconstructed secret. The mathematical construct can be a splitting polynomial constructed using the secret, a key and a message authentication code (MAC) as coefficients. The splitting polynomial is evaluated at N random evaluation points to obtain N result values. N shares of the secret are generated and distributed among the cooperating entities for storage. A reconstructed secret can be authenticated by computing the MAC of the reconstructed secret and verifying a relationship among the coefficients of a reconstructed splitting polynomial using the MAC. If the coefficients do not satisfy the relationship, one or more additional shares of the secret can be used to reconstruct the splitting polynomial and the secret.

Abstract: A method of simplifying a combinational circuit establishes an initial combinational circuit operable to calculate a set of target signals. A quantity of multiplication operations performed in a first portion of the initial combinational circuit is reduced to create a first, simplified combinational circuit. The first portion includes only multiplication operations and addition operations. A quantity of addition operations performed in a second portion of the first, simplified combinational circuit is reduced to create a second, simplified combinational circuit. The second portion includes only addition operations. Also, the second, simplified combinational circuit is operable to calculate the target signals using fewer operations than the initial combinational circuit.

Abstract: Logic circuitry and corresponding software instructions for performing functions within the FL function of a Kasumi cipher. An RLAX logic circuit includes a bit-wise AND function, a reorder bus, and a bit-wise exclusive-OR function for generating a destination word from corresponding logic functions of portions of first and second operands, in executing an RLAX program instruction. An RLOX logic circuit includes a bit-wise OR function, a reorder bus, and a bit-wise exclusive-OR function for generating a destination word from corresponding logic functions of portions of first and second operands, in executing an RLOX program instruction. Plural instances of the logic circuits can be implemented in parallel, to simultaneously operate upon plural data blocks.

Abstract: Conventional block ciphers that traffic in 128-bit block sizes are ill-suited for operating in small domains like credit card numbers. Some embodiments relate to techniques for constructing and speeding up practical and provably secure schemes for deterministically enciphering data from a small domain like credit card numbers using a conventional block cipher or other pseudorandom function.

Abstract: The invention relates to a method of probabilistic symmetric encryption of a plaintext message element with the aid of a secret key that can be represented in the form of a matrix. It comprises an operation of encrypting the plaintext message element, with the aid of the matrix parametrized by a random vector, so as to obtain an encrypted message element coupled to the random vector. Furthermore, there is envisaged a step of encoding the plaintext message element as a code word with the aid of an error correcting code having a given correction capacity and a step of adding a noise vector. The error correcting code and the noise vector are adapted so that the Hamming weight of the noise vector is less than or equal to the correction capacity of the correcting code.

Abstract: A cryptographic calculation is executed in an electronic component, according to a cryptographic algorithm including at least one application of a one-way function which is disabled upon an intrusion into the electronic component. The one-way function is based on a first affine operation corresponding to a first secret key. The one-way function is applied, by obtaining (11) first and second random values (r, r?), then, by obtaining a first result (13) by applying a second affine operation (?K1), which corresponds to a second secret key, to a first combination (12) of the first and second random values, and, by obtaining (14) thereafter a second result by applying a third affine operation (?K2) which corresponds to a third secret key to said first result.

Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by a protection process which obscures the round keys using the properties of group field automorphisms and applying masks to the states of the cipher, for encryption or decryption. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on “White Box” ciphers, by eliminating S-box operations, together with improved masking techniques and increasing the cipher's complexity against reverse engineering and key storage attacks.

Abstract: A memory is organized into blocks. In a write operation, data to be stored is combined with an address-dependent value (ADV) to form a block of information, and this block is encrypted. The block of encrypted information is written into a block of memory identified by the write address of the write operation. In a read operation, the block of encrypted information is read back from the memory and is decrypted to recover the data and the ADV. The address of the memory block from which the block of encrypted information was read is used to check the ADV to confirm that the ADV is related in the proper way to the address of the memory block that stored the encrypted information. If the check fails, the processor is prevented from executing the data, thereby preventing the processor from executing blocks of code that are in incorrect locations in memory.

Abstract: To realize a common-key block cipher process configuration with increased difficulty of key analysis and improved security. In a configuration for storing in a register an intermediate key generated by using a secret key transformation process and performing a transformation process on the register-stored data to generate a round key, a process of swapping (permuting) data segments constituting the register-stored data is executed to generate a round key. For example, four data segments are produced so that two sets of data segments having an equal number of bits are set, and a process of swapping the individual data segments is repeatedly executed to generate a plurality of different round keys. With this configuration, the bit array of each round key can be effectively permuted, and round keys with low relevance can be generated. A high-security cryptographic process with increased difficulty of key analysis can be realized.

Abstract: Systems and/or methods that facilitate secure electronic communication of data are presented. A cryptographic component facilitates securing data associated with messages in accordance with a cryptographic protocol. The cryptographic component includes a randomized exponentiation component that facilitates decryption of data and generation of digital signatures by exponentiating exponents associated with messages. An exponent is divided into more than one subexponent at an exponent bit that corresponds to a random number. Exponentiation of the first subexponent can be performed based on a left-to-right-type of exponentiation algorithm, and exponentiation of the second subexponent can be performed based on a right-to-left square-and-multiply-type of exponentiation algorithm. The final value is based on the exponentiations of the subexponents and can be decrypted data or a digital signature, which can be provided as an output.

Abstract: A system may include a memory having a unique identifier that uniquely identifies the memory. A package may be communicatively coupled to the memory. The package may include a processor, an identifier storage, and a boot storage. The identifier storage may store the unique identifier from the memory. The boot storage may include instructions to control booting of the processor based on the unique identifier in the identifier storage.

Abstract: A method includes, in a data storage device, receiving data having a particular proportion of zero values and one values and scrambling the data to generate scrambled data that has the particular proportion of zero values and one values.

Abstract: An encryption/decryption method of an endecryptor including a plurality of endecryption units supporting an XES mode with tweak and ciphertext streaming (XTS) includes dividing an input data stream into consecutive data units; inputting the divided data units to the endecryption units, respectively; and simultaneously processing the input data units at the respective endecryption units. According to the encryption/decryption method, parallel processing is performed to encrypt/decrypt data at higher speed.

Abstract: An encryption-enabled entropy coder for a multimedia codec is disclosed. The entropy coder implements a randomized Huffman coding scheme without storing multiple sets of Huffman tables in a ROM. The entropy coder includes a ROM storing a single set of code tables, a table lookup section coupled to the ROM which converts symbols to original codewords and vice versa by performing table lookup, and a table randomizer section for converting original Huffman codewords to randomized Huffman codewords and vice versa using an isomorphic code generator algorithm. The table randomizer section performs the conversion based on a key hopping sequence generated by a pseudorandom bit generator using an encryption/decryption key.

Abstract: A processor including instruction support for implementing the Data Encryption Standard (DES) block cipher algorithm may issue, for execution, programmer-selectable instructions from a defined instruction set architecture (ISA). The processor may include a cryptographic unit that may receive instructions for execution. The instructions include one or more DES instructions defined within the ISA. In addition, the DES instructions may be executable by the cryptographic unit to implement portions of an DES cipher that is compliant with Federal Information Processing Standards Publication 46-3 (FIPS 46-3). In response to receiving a DES key expansion instruction defined within the ISA, the cryptographic unit may generate one or more expanded cipher keys of the DES cipher key schedule from an input key.

Abstract: When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump.

Abstract: A system and method for implementing the Elliptic Curve scalar multiplication method in cryptography, where the Double Base Number System is expressed in decreasing order of exponents and further on using it to determine Elliptic curve scalar multiplication over a finite elliptic curve.

Abstract: An encrypting method including encrypting a first data segment of encryption target data on the basis of first key information, generating second key information on the basis of the first data segment by using a predetermined algorithm, and encrypting a second data segment of the encryption target data, which is different from the first data segment, on the basis of the second key information.

Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.

Abstract: This invention allows connection of an apparatus with a low security level without lowering the security level of a network even when such apparatus issues a connection request. This invention is directed to an access point which makes wireless communications with a station using an encryption method (AES). Upon reception of a connection request message including information indicating an encryption method (WEP) that can be used by a station, the access point checks if the encryption method (WEP) recognized based on the received connection request message is different from the encryption method (AES). When it is determined that the two encryption methods are different, the access point launches a controller which makes wireless communications with the station using that encryption method (WEP).

Abstract: A flexible aes instruction for a general purpose processor is provided that performs aes encryption or decryption using n rounds, where n includes the standard aes set of rounds {10, 12, 14}. A parameter is provided to allow the type of aes round to be selected, that is, whether it is a “last round”. In addition to standard aes, the flexible aes instruction allows an AES-like cipher with 20 rounds to be specified or a “one round” pass.

Abstract: This cryptographic apparatus executes calculations according to an FI function including a first non-linear function S9 and a second non-linear function S7, and includes a ROM recording a first table including, for each input X of 9 bits, a value obtained by exclusively ORing a first value and an first output from the function S9 with respect to the input X, wherein the first value is generated by shifting lower 7 bits in the first output to left by 9 bits, and a second table including, for each input Y of 7 bits, a value obtained by exclusively ORing a second value and the input Y, wherein the second value is generated by shifting a result of an exclusive OR of the input Y and a second output from the function S7 with respect to the input Y to left by 9 bits.

Abstract: Some embodiments of a method and apparatus for encrypting and decrypting data have been presented. In one embodiment, a current key is generated from a prior ciphertext block and another key, which may include a prior key used to encipher the prior ciphertext block or an initialization vector. Then a current plaintext block is enciphered using the current key to generate a current ciphertext block.

Abstract: A method of encryption, using an encryption key K with key length k, of at least one message M comprising uniformly distributed symbols, k bits are encrypted of messages at least k bits long, while shorter messages are lengthened, e.g. by padding or concatenation, to obtain a lengthened message at least k bits long before encryption. The encryption efficiency is thus optimized while the encryption security is retained. The encryption method is particularly suitable for JPEG2000 encoded packets comprising a message M. Also provided are an encryption apparatus, a decryption method and a decryption apparatus.

Abstract: A cryptography device which reduces side channel information including a first computing block adapted to either encrypt or decrypt received first input data and to output the encrypted or decrypted first input data as first output data at a first data output, a second computing block adapted to either encrypt or decrypt received second input data and to output the encrypted or decrypted second input data as second output data at a second data output, and a control unit connected to the first and second computing blocks and adapted in a first operating condition on the one hand to partially or completely assign the first output data to the first computing block as the first input data and on the other hand to completely or partially assign the first output data to the second computing block as part of the second input data.

Abstract: For a defined cryptographic process including an original substitution table, split masked substitution tables are provided to resist cryptographic attacks. The split masked substitution tables are defined with reference to a set of random value data words and a mask value. An entry in the split masked substitution tables is defined by selecting bits from the corresponding entry in the original masked substitution table, as masked by the corresponding one of the set of random value data words and by selecting bits from the corresponding one of the set of random value data words as masked by the mask value. The split masked substitution tables are usable in a modified cryptographic process based on the defined cryptographic process to permit a masked output to be generated. The split masked substitution tables are refreshed by each entry in the tables being refreshed upon access during execution of the modified cryptographic process.

Abstract: A method and system are provided for atomicity for elliptic curve cryptosystems (ECC-systems). The method includes a side channel atomic scalar multiplication algorithm using mixed coordinates. The mixed coordinates are chosen based on a ratio of I/M where I and M are the time required to execute an inversion and a multiplication in the ground field respectively. If the I/M ratio is less than 60, a mixture of affine and Jacobian coordinates are used during scalar multiplication. If the I/M ratio is 60 or more, a mixture of Chudnovsky-Jacobian and Jacobian coordinates are used during scalar multiplication. The method is optimized for elliptic curves over Fp defined by an equation of the form y2=x3+ax+b, where a, b?Fp, having a=?3.

Abstract: An apparatus for processing an F-function in a SEED encryption system includes: an arithmetic operation masking conversion unit for converting a logical operation mask value obtained by performing a logical operation of a SEED F-function input value and a random mask value into an arithmetic operation mask value; and a masking G-function unit for taking the arithmetic operation mask value from the arithmetic operation masking conversion unit as an input and producing an arithmetic operation output.

Abstract: A system and method for providing load balanced secure media content and data delivery (10) in a distributed computing environment is disclosed. Media content is segmented and encrypted into a set of individual encrypted segments on a centralized control center (15). Each individual encrypted segment has the same fixed size. The complete set of individual encrypted segments is staged to a plurality of intermediate control nodes (17, 19). Individual encrypted segments are mirrored from the staged complete set to a plurality of intermediate servers (21a-b, 23a-b). Requests are received from clients (11) for the media content at the centralized control center. Each individual encrypted segment in the set is received from one of an intermediate control node and an intermediate server optimally sited from the requesting client. The individual encrypted segments are reassembled into the media content for media playback.

Abstract: Perfected cryptographic protocol making it possible to counter attacks based on the analysis of the current consumption during the execution of a DES or similar. According to the invention, a message (M) is processed by two entities (A and B) and the entity (B) subject to attack executes a chain of operations known as DES in which it is chosen to carry out a given operation (O1, O2, O3 . . . On) or the same operation complemented (?1, ?2, ?3 . . . ?n), the choice being random.

Abstract: An encryption and decryption processing system for achieving SMS4 cryptographic procedure can be provided. The system includes a repeating encryption and decryption data processing device comprising a first constant array storing unit, a first data registering unit and a first data converting unit. The first constant array storing unit stores a first constant array and send it to N-data converting sub-units of the first data converting unit. The first data registering unit registers data, deliver the registered data to a first data converting sub-unit. The N-data converting sub-units perform a data conversion processing, and transmit the obtained conversion data to a next data converting sub-unit for subsequent processing until the data conversion processing processes are completed, a particular number of the completed processed being equal to a value of a data depth.

Abstract: A cryptographic process (such as the AES cipher) which uses table look up operations (TLUs) is hardened against reverse engineering attacks intended to recover the table contents and thereby the cipher key. This hardening involves removing any one-to-one correspondence between the TLU inputs and outputs, by altering the output of the TLU dynamically, e.g. at each execution (call) of the TLU. This is done by increasing the size of the tables, applying a dynamically determined mask value to the table input and/or output, or using an inverse of the table.

Abstract: The throughput of an encryption/decryption operation is increased in a system having a pipelined execution unit. Different independent encryptions (decryptions) of different data blocks may be performed in parallel by dispatching an AES round instruction in every cycle.

Abstract: An apparatus is disclosed for operating a symmetric cipher engine (SCE) in cipher-block chaining (CBC) mode. The apparatus includes a crypto operation hardware including the SCE and an XOR stage, an apparatus for storing a chaining value including a state register of the SCE, an input latch supplying the crypto operation hardware with data, and an output latch. The data may be reordered for decipher operation. Furthermore, a method is disclosed for operating a SCE in CBC mode, wherein the method involves a crypto operation hardware that includes the SCE and an XOR stage supplied with data. The method also may include using a state register of the SCE to apply a chaining value. The method further may comprise reordering data supplied to the crypto operation hardware for decipher operation.

Abstract: Systems, apparatuses, and methods are provided for whitening and managing data for storage in non-volatile memories, such as Flash memory. In some embodiments, an electronic device such as media player is provided, which may include a system-on-a-chip (SoC) and a non-volatile memory. The SoC may include SoC control circuitry and a memory interface that acts as an interface between the SoC control circuitry and the non-volatile memory. The SoC can also include an encryption module, such as a block cipher based on the Advanced Encryption Standard (AES). The memory interface can direct the encryption module to whiten all types of data prior to storage in the non-volatile memory, including sensitive data, non-sensitive data, and memory management data. This can, for example, prevent or reduce program-disturb problems or other read/write/erase reliability issues.

Abstract: A cryptography device which reduces side channel information including a first computing block adapted to either encrypt or decrypt received first input data and to output the encrypted or decrypted first input data as first output data at a first data output, a second computing block adapted to either encrypt or decrypt received second input data and to output the encrypted or decrypted second input data as second output data at a second data output, and a control unit connected to the first and second computing blocks and adapted in a first operating condition on the one hand to partially or completely assign the first output data to the first computing block as the first input data and on the other hand to completely or partially assign the first output data to the second computing block as part of the second input data.

Abstract: In one embodiment, a circuit arrangement for performing cryptographic operations is provided. The circuit includes a substitution block, a cryptographic circuit coupled to the substitution block, and a balancing circuit coupled to the substitution block. The substitution block includes a memory unit storing substitution values and ones-complement values that are corresponding ones-complements of the substitution values. The substitution block, responsive to a request to read a specified one of the substitution values, concurrently reads and outputs the specified substitution value and the corresponding ones-complement value. A power consumed in reading the specified substitution value is uniform with a power consumed in reading another one of the substitution values. The cryptographic circuit and the balancing circuit are configured to concurrently operate on each substitution value and the corresponding ones-complement value read from the memory, respectively.

Abstract: A method for protecting the execution of a ciphering or deciphering algorithm against the introduction of a disturbance in a step implementing one or several first values obtained from second values supposed to be invariant and stored in a non-volatile memory in which, during an execution of the algorithm: a current signature of the first values is calculated; this current signature is combined with a reference signature previously stored in a non-volatile memory; and the result of this combination is taken into account at least in the step of the algorithm implementing said first values.

Abstract: A method and a circuit for ciphering or deciphering data with a key by using at least one variable stored in a storage element and updated by the successive operations, the variable being masked by at least one first random mask applied before use of the key, then unmasked by at least one second mask applied after use of the key, at least one of the masks being dividable into several portions successively applied to the variable and which, when combined, represent the other mask.

Abstract: A common key block encryption device includes a first hash unit applying locked key permutation to a variable-length s-bit plaintext, and outputting a fixed-length n-bit first block and a second (s-n)-bit block; a first encryption processing unit outputting a third block encrypted by element of n-bit block tweakable block cipher using tweak, inputting the first block; a second encryption processing unit generating a random number (s-n)-bit block with a result of group computation of the third block and the first block as input by using an arbitrary cipher having theoretical security at least against a known-plaintext attack; and a second hash unit applying the locked key permutation to the result of the group computation of the random number block and the second block, and to the third block to output a fifth n-bit block and a sixth (s-n)-bit block. The fifth and sixth blocks are concatenated into an s-bit encryption.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: An apparatus includes an encryption module and a first key addition module. The encryption module generates a ciphertext block based on a cipher key and an input block. The encryption module includes a key module configured to provide Nr round keys based on the cipher key, and a cipher module configured to perform Nr cycles of encryption based on the input block and the Nr round keys. The cipher module includes an inversion module configured to generate first intermediate data by performing a matrix inversion operation on the input block, and a combined operation module configured to generate second intermediate data by performing, on the first intermediate data, an affine transformation operation and a mix columns operation. The first key addition module is configured to generate the input block based on the cipher key and a plaintext block. The first key addition module is external to the encryption module.

Abstract: Embodiments of methods for restoration an anti-theft platform are generally described herein. Other embodiments may be described and claimed.

Abstract: An asymmetric (dual key) data obfuscation process, based on the well known ElGamal cryptosystem algorithm, and which uses multiplicative cyclic groups to transform (obfuscate) digital data for security purposes. In the present system the data need not be a member of the cyclic group, unlike in the ElGamal cryptosystem algorithm. Also, any one of several additional mathematical data transformations are further applied to the transformed data, thereby enhancing security of the transformed data.

Abstract: A method of generating a dynamic group key of a group formed of a plurality of nodes, the method including: unicasting a public key that is based on respective secret keys of each of a plurality of general nodes excluding a master node, which is one of the plurality of nodes, wherein the unicasting is performed by the general nodes; broadcasting to the group an encryption value obtained by exponentially-calculating a secret key of the master node to the plurality of public keys, wherein the broadcasting is performed by the master node upon receiving the plurality of public keys; and obtaining a group key by using an inverse power-calculation of the respective secret keys of each of the general nodes based on the encryption value, wherein the obtaining is performed by the general nodes.

Abstract: Digital data blocks are encrypted, each data block that is to be encrypted being associated with a time reference. A value of an initialization vector Vi and an encryption key K are defined. Then, a counter C is obtained for each data block to be encoded, by combining the time reference and the value of the initialization vector. A series of binary encryption elements is obtained via an encryption function taking the encryption key K and counter C as input parameters. The data block is then encrypted by combining it with the series of binary encryption elements.

Abstract: In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable module returns the signature to a server from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms. The server that is performing the system configuration integrity check maintains a database of expected system configurations and performs subset of hashing and encryption algorithms as contained in the dynamically generated executable module. The result returned by the downloaded executable module is compared to that computed locally, and an error condition is raised if they do not match.

Abstract: Data are converted between an unencrypted and an encrypted format according to the Rijndael algorithm, including a plurality of rounds. Each round is comprised of a fixed set of transformations applied to a two-dimensional array, designating states, of rows and columns of bit words. At least a part of the transformations are applied on a transposed version of the state, wherein rows and columns are transposed for the columns and rows, respectively.