Abstract: Methods and apparatuses for synchronizing the exchange of cryptography information between kernel drivers. A high level application in an electronic system passes a pointer to a base driver. The pointer is a unique identifier for cryptography information, such as a Security Association (SA), that the base driver uses to populate a cryptography information table for performing cryptography operations on secure traffic data packets. If the network interface device and/or its associated driver are reset, the pointer is used to repopulate the cryptography information table with specific cryptography information needed to perform cryptography operations on the data packets.

Abstract: Quantum cryptography by polarization ambiguity is generally used but it involves polarization-maintained fibers.

Abstract: Techniques and systems can obtain a first private key usable with a classical cryptography algorithm and a second private key usable with a post-quantum cryptography algorithm based on classical and post-quantum public keys hosted by a computer-implemented storage of an online service provider. A plurality of keys to perform a cryptography operation on data hosted by the computer-implemented storage can be generated, the plurality of keys generated based on at least the first and second private keys and a cryptography derivation function identified in the computer-implemented storage. The plurality of keys can be used to perform the cryptography operation on the data hosted by the computer-implemented storage.

Abstract: Methods and apparatus are provided for implementing a cryptography engine for cryptography processing. A variety of techniques are described. A cryptography engine such as a DES engine can be decoupled from surrounding logic by using asynchronous buffers. Bit-sliced design can be implemented by moving expansion and permutation logic out of the timing critical data path. An XOR function can be decomposed into functions that can be implemented more efficiently. A two-level multiplexer can be used to preserve a clock cycle during cryptography processing. Key scheduling can be pipelined to allow efficient round key generation.

Abstract: Methods and apparatus are provided for implementing a cryptography engine for cryptography processing. A variety of techniques are described. A cryptography engine such as a DES engine can be decoupled from surrounding logic by using asynchronous buffers. Bit-sliced design can be implemented by moving expansion and permutation logic out of the timing critical data path. An XOR function can be decomposed into functions that can be implemented more efficiently. A two-level multiplexer can be used to preserve a clock cycle during cryptography processing. Key scheduling can be pipelined to allow efficient round key generation.

Abstract: Differential uncloneable variability-based cryptography techniques are provided. The differential cryptography includes a hardware based public physically uncloneable function (PPUF) to perform the cryptography. The PPUF includes a first physically uncloneable function (PUF) and a second physically uncloneable function. An arbiter determines the output of the circuit using the outputs of the first and second PUFs. Cryptography can be performed by simulating the PPUF with selected input. The output of the simulation, along with timing information about a set of inputs from where the corresponding input is randomly selected for simulation, is used by the communicating party that has the integrated circuit with the PPUF to search for an input that produces the output. The input can be configured to be the secret key or a part of the secret key.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing cryptographic operations subject to identity verification. One of the methods includes receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client including client identity information, wherein the cryptography chip includes a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations, and identity information associated with clients that are permitted to request cryptographic operations; determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations; and performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.

Abstract: A timing and synchronization apparatus and method for a quantum cryptography system is disclosed. A gating pulse is generated by a clock and synchronized to the receipt of transmitted photons at the detector. The apparatus is arranged to only accept photon detection events occurring during the gating period.

Abstract: A circuit and a method are provided for securing a coprocessor dedicated to cryptography. The disclosed circuit includes a scrambling register and an accessory input register to convey scrambling information in the form of electrical signals that disturb the visibility of certain electrical signals associated with confidential information such as digital keys.

Abstract: An application which requests cryptographic services from various service elements within an international cryptography framework is identified through a certificate to protect against the misuse of a granted level of cryptography. A cryptographic unit, one of the framework core elements, builds several certification schemes for application objects. One or more methods are provided that establish a degree of binding between an application code image and issued certificates using the framework elements. Within the framework, the application is assured of the integrity of the cryptographic unit from which it is receiving services. One or more mechanisms are provided which allow the application to validate that the cryptographic unit has not been replaced or tampered with.

Abstract: Embodiments include a method and a system for signcrypting data based on elliptic curve cryptography. In a head-end system data is encrypted using a random point R and digitally signed using the random point R. Only the x-coordinate Rx of the random point R and only the signature component ssignature of the signature are added to the data after signcrypting the data. In a smartcard the signcrypted data is verified using the random point R and decrypted using the random point R.

Abstract: A method of distributed cryptography for high consequence security systems which employs shared randomness between operating parties. Shared randomness is accomplished by sharing cryptographic keys stored in secure hardware tokens by potentially less secure software or general purpose computing units that perform distributed cryptography. The shared randomness is based on shared keys (at the tokens) and unique context. Shared random values are incorporated into the computation of partial results used in the distributed cryptographic calculation. The incorporation of shared randomness provides a hand-shake among the hardware tokens. When the operation is successful, a result is computed with assurance that the correct parties have taken part in forming the result. The hand-shake assures binding of operating parties and added system security.

Abstract: In one embodiment, a Home Agent receives a Mobile IP registration request from a group member, where the group member is a Mobile Node. The Home Agent generates a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups. The Home Agent generates a Mobile IP registration reply, where the Mobile IP registration reply identifies one or more key servers. Each of the one or more key servers serves at least one of the one or more groups and is adapted for distributing group cryptography material to members of each group that is served by the corresponding key server. The Home Agent sends the Mobile IP registration reply to the group member, thereby enabling the group member to obtain cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the cryptography group material to securely communicate with other group members.

Abstract: A method of distributed cryptography for high consequence security systems which employs shared randomness between operating parties. Shared randomness is accomplished by sharing cryptographic keys stored in secure hardware tokens by potentially less secure software or general purpose computing units that perform distributed cryptography. The shared randomness is based on shared keys (at the tokens) and unique context. Shared random values are incorporated into the computation of partial results used in the distributed cryptographic calculation. The incorporation of shared randomness provides a hand-shake among the hardware tokens. When the operation is successful, a result is computed with assurance that the correct parties have taken part in forming the result. The hand-shake assures binding of operating parties and added system security.

Abstract: A cover or components for cellphones or other digital devices featuring physical cryptography to forward and receive encrypted messages on a tamper-proof basis which uses physical encryption to send encrypted messages between two or more users, in which decoding of the forwarded message takes place by overlaying (30) on the cell phone device or digital device (1) a key image cover (20) matching the forwarded matrix image (10).

Abstract: Polynomial multiplication for side-channel protection in cryptography is described. An example of an apparatus includes one or more processors to process data; a memory to store data; and polynomial multiplier circuitry to multiply a first polynomial by a second polynomial, the first polynomial and the second polynomial each including a plurality of coefficients, the polynomial multiplier circuitry including a set of multiplier circuitry, wherein the polynomial multiplier circuitry is to select a first coefficient of the first polynomial for processing, and multiply the first coefficient of the first polynomial by all of the plurality of coefficients of the second polynomial in parallel using the set of multiplier circuits.

Abstract: In one embodiment, a Home Agent receives a Mobile IP registration request from a group member, where the group member is a Mobile Node. The Home Agent generates a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups. The Home Agent generates a Mobile IP registration reply, where the Mobile IP registration reply identifies one or more key servers. Each of the one or more key servers serves at least one of the one or more groups and is adapted for distributing group cryptography material to members of each group that is served by the corresponding key server. The Home Agent sends the Mobile IP registration reply to the group member, thereby enabling the group member to obtain cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the cryptography group material to securely communicate with other group members.

Abstract: An exemplary method includes defining a CM field, representing coefficients of a Frobenius element of a hyperelliptic curve over a prime field as non-linear polynomials that are functions of an integer x and selecting a value for x whereby the product of the Frobenius element and its complex conjugate is a prime number. Such a method may further include determining the order of the Jacobian of the hyperelliptic curve, for example, where the order is an almost prime number. Various other methods, devices, systems, etc., are also disclosed, which may be optionally used for cryptography.

Abstract: An apparatus and method for implementing a secure quantum cryptography system using two non-orthogonal states. For each qubit, the emitter station prepares a quantum system in one of two non-orthogonal quantum states in the time-basis to code bit values. Intra- and inter-qubit interference is then used to reveal eavesdropping attempts. Witness states are used to help reveal attacks performed across the quantum system separation.

Abstract: An apparatus and method for implementing a secure quantum cryptography system using two non-orthogonal states. For each qubit, the to emitter station prepares a quantum system in one of two non-orthogonal quantum states in the time-basis to code bit values. Intra- and inter-qubit interference is then used to reveal eavesdropping attempts. Witness states are used to help reveal attacks performed across the quantum system separation.