An electronic device and method of generating a Physically Unclonable Function (“PUF”) value is disclosed. An OTP memory with a plurality of OTP cells that can be reliably and deterministically programmed with a minimum and a maximum program voltage being selected for pre-conditioning. All OTP cells can be programmed at least once around the minimum program voltage to hide the program status. Data to be programmed into the OTP can be a fixed, time-varying voltage or data from an entropy source. The programmed OTP data can be masked for weak bits and further randomized to generate PUF output by compressing a bit stream into a single bit, e.g., single parity bit. The PUF output can be through a hash function and/or to generate keys.

Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

Systems and methods for generating min-increment counting bloom filters to determine count and frequency of device identifiers and attributes in a networking environment are disclosed. The system can maintain a set of data records including device identifiers and attributes associated with device in a network. The system can generate a vector comprising coordinates corresponding to counter registers. The system can identify hash functions to update a counting bloom filter. The system can hash the data records to extract index values pointing to a set of counter registers. The system can increment the positions in the min-increment counting bloom filter corresponding to the minimum values of the counter registers. The system can obtain an aggregated public key comprising a public key. The system can encrypt the counter registers using the aggregated shared key to generate an encrypted vector. The system can transmit the encrypted vector to a networked worker computing device.

Systems and methods for cryptography based on 128 bit integers include: receiving a complex input, the input including a 128-bit number; encrypting by: setting an imaginary part of the input to a predetermined value; encrypting the input using a Fourier transform and a scaling factor; adding a first noise and a second noise to the encrypted input, wherein the second noise obfuscates the first noise; and decrypting by: receiving the encrypted input with added first noise and second noise; estimating a standard deviation of the first noise based on an imaginary part of the received encrypted complex input; computing a standard deviation of the second noise based on the standard deviation of the first noise and a predetermined parameter; and decrypting the encrypted message using an inverse Fourier transform, the first noise, and the second noise.

A method for performing a matrix multiplication operation being secure against side-channel attacks according to one embodiment, which is performed by a computing device comprising one or more processors and a memory storing one or more programs to be executed by the one or more processors, includes shuffling an order of execution of multiplication operations between elements of a first matrix and elements of a second matrix for a matrix multiplication operation between the first matrix and the second matrix; and performing the matrix multiplication operation based on the shuffled order of execution.

A secure enclave may be used to satisfy privacy requirements and audit requirements. Code may be loaded into the secure enclave. The code may generate a predefined report based on data and added noise. The pre-defined report may be subject to audit requirements. The data may be subject to the privacy requirements. The secure enclave may generate an encryption key and a decryption key based on the code. Only the secure enclave may have access to the decryption key. And the secure enclave may allow only a verified copy of the code to access the decryption key. With the added noise, the report may satisfy a pre-defined differential privacy guarantee. Encrypting the code and ensuring that the report satisfies the differential privacy guarantee may satisfy the privacy requirements. Retaining the report, the code, the secure enclave, and the encrypted data may satisfy the audit requirements.

A secret key estimation device is provided for determining an estimate of at least one secret key used during a number of executions of a cryptographic function used by at least one cryptographic algorithm. The number of executions of the cryptographic function is at least equal to two. The secret key estimation device comprises an analysis unit for determining a plurality of sets of leakage traces from a side-channel information acquired during the number of executions of the cryptographic function. Each set of leakage traces corresponds to an execution of the cryptographic function and comprising at least one leakage trace. The secret key estimation device further comprises a processing unit configured to determine a statistical distribution of the acquired plurality of sets of leakage traces. The statistical distribution is dependent on a leakage function, the leakage function being represented in a basis of functions by a set of real values. The secret key estimation device is configured to determine the secret key from the statistical distribution of the plurality of sets of leakage traces using an estimation algorithm according to the maximization of a performance metric.

The present disclosure relates to a method and device for performing an elliptic curve cryptography computation comprising: twisting, by a first device based on a first index of quadratic or higher order twist (d), a first point (P′KB) on a first elliptic curve over a further elliptic curve twisted with respect to the first elliptic curve to generate a twisted key (PKB); transmitting the twisted key (PKB) to a further device; receiving, from the further device, a return value (ShS) generated based on the twisted key (PKB); and twisting, by the first device based on the first index of quadratic or higher order twist (d), the return value (ShS) over the first elliptic curve to generate a result (ShS′) of the ECC computation.

A method for executing a function, secured by temporal desynchronization, includes when a first legitimate instruction is loaded, noting the opcode of this first legitimate instruction, then constructing a dummy instruction on the basis of this noted opcode, the dummy instruction thus constructed being identical to the first legitimate instruction except that its operands are different, then incorporating the dummy instruction thus constructed into a sequence of dummy instructions used to delay the time at which a second legitimate instruction is executed.

A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret. The secret is retrieved from the memory device and processed in the hardware processing circuit in accordance with information included in the received challenge. The result of the processing in the hardware processing circuit is transmitted as a response to the challenge. The hardware processing circuit executes in a parallel manner, thereby reducing a signal that can be detected by an adversary attempting a side channel attack to secure the secret.