A system and method of secure communication between computing devices based on physical unclonable functions such as memories having dissolvable conductive paths is provided. The method involves enrolling a client device, the client device having a PUF such as a pristine ReRAM. The PUF is enrolled in a secure environment by reading and storing the resistances of the PUF's addressable memory cells. The cells are categorized into “rugged” and “vulnerable” categories on the basis of their resistance, the vulnerable cells being those more likely to be permanently altered during the generations of PUF responses. The rugged cells are used for the generation of PUF responses for cryptographic key generation, but the vulnerable cells may be inspected to detect unauthorized 3rd party access to the PUF.

A semiconductor structure serves to generate a physical unclonable function (PUF) code. The semiconductor structure includes a metal layer, N Titanium (Ti) structures, and N Titanium Nitride (Ti-N) structures, where N is a positive integer. The metal layer forms N metal structures. The Ti structures are respectively formed on one end of each metal structure. The Ti-N structures are respectively formed on top of the Ti structures. The metal structures and the corresponding Ti structures and the corresponding Ti-N structures respectively form a plurality of pillars. The pillars respectively provide a plurality of resistance values, and the resistance values serve to generate the PUF code.

One aspect of the present invention is a secure computation method including, acquiring a plurality of pieces of encrypted analysis target information being a plurality of pieces of encrypted information about an event to be analyzed, and analyzing, based on the plurality of pieces of the encrypted analysis target information, the event without decrypting the plurality of pieces of the encrypted analysis target information. In the secure computation method, encryption keys for the plurality of pieces of the encrypted analysis target information are unitary matrices, and at least one of the encryption keys for the plurality of pieces of the encrypted analysis target information is different from another of the encryption keys.

A decomposition unit (211) decomposes an exponent portion of a final exponentiation computation portion of pairing computation in an elliptic curve into an easy part and a hard part with using a polynomial Φ.sub.k(p(x)), the elliptic curve being expressed by: a polynomial r(x)=Φ.sub.k(T(x))/h.sub.2(x), a polynomial p(x)=h.sub.1(x)r(x)+T(x), and a polynomial t(x)=T(x)+1 which are expressed with using a cyclotomic polynomial Φ.sub.k(x) having a degree d, a polynomial T(x), a polynomial h.sub.1(x), and a polynomial h.sub.2(x); and an embedding degree k. An exponentiation computation unit (22) computes the hard part with using a power of a polynomial p(x).sup.i for each integer i of i=0, . . . , d−1, a power of λ.sub.d−i(x) where λ.sub.d−i(x)=c.sub.d, a power of λ.sub.i where λ.sub.i=T(x)λ.sub.i+1(x)+c.sub.i+1 for each integer i of i=0, . . . , d−2, a power of h.sub.1(x), a power of h.sub.2(x), multiplication, and inverse element computation.

A hardware security accelerator includes a configurable parser that is configured to receive a packet and to extract from the packet headers associated with a set of protocols. The security accelerator also includes a packet type detection unit to determine a type of the packet in response to the set of protocols and to generate a packet type identifier indicative of the type of the packet. A configurable security unit includes a configuration unit and a configurable security engine. The configuration unit configures the configurable security engine according to the type of the packet and to content of at least one of the headers extracted from the packet. The configurable security engine performs security processing of the packet to provide at least one security result.

A hardware security accelerator includes a configurable parser that is configured to receive a packet and to extract from the packet headers associated with a set of protocols. The security accelerator also includes a packet type detection unit to determine a type of the packet in response to the set of protocols and to generate a packet type identifier indicative of the type of the packet. A configurable security unit includes a configuration unit and a configurable security engine. The configuration unit configures the configurable security engine according to the type of the packet and to content of at least one of the headers extracted from the packet. The configurable security engine performs security processing of the packet to provide at least one security result.

A decomposition unit (211) decomposes an exponent portion of a final exponentiation computation portion of pairing computation in an elliptic curve into an easy part and a hard part, the elliptic curve being expressed by a polynomial r(x), a polynomial p(x), a polynomial t(x), an embedding degree k, and an integer u. A factorization unit (212) factorizes the hard part with using a homogeneous cyclotomic polynomial Ψ.sub.n(x, p). An exponentiation computation unit (22) performs computation of final exponentiation with using the easy part and the factorized hard part.

The present disclosure describes exemplary methods and systems that are applicable for hardware authentication, counterfeit detection, and in-field tamper detection in both printed circuit board and/or integrated circuit levels by utilizing random variations in boundary-scan path delay and/or current in the industry-standard JTAG-based design-for-test structure to generate unique device identifiers.

The present disclosure describes exemplary methods and systems that are applicable for hardware authentication, counterfeit detection, and in-field tamper detection in both printed circuit board and/or integrated circuit levels by utilizing random variations in boundary-scan path delay and/or current in the industry-standard JTAG-based design-for-test structure to generate unique device identifiers.

The present invention provides a glitch detector including a first inverter, second inverter, a charge sharing component and a warning flag generator. The first inverter is configured to receive a first signal at a first node to generate a second signal to a second node. The second inverter is configured to receive the second signal at the second node to generate the first signal to the first node. The charge sharing component is configured to selectively connect the first node to the second node. The warning flag generator is coupled to the first node or the second node, and configured to determine whether a supply voltage of the glitch detector suffers an under voltage glitch according to a voltage level of the first signal or a voltage level of the second signal, to determine whether to output a warning flag.