The random number generator comprises a linear feedback shift register (10), which comprises a series of storage elements (14(1), 14(2), . . . , 14(n)), a first input (11) to receive a clock signal from a clock oscillator (28), a feedback line (20) connecting the output of a last storage element (14(n)) with an input of at least a first storage element (14(1)), a second input (22) coupled with the feedback line (20) via at least one cell (15) and wherein the output of the cell (15) is coupled to an input of at least one of the storage elements (14(1), 14(2), . . . , 14(n)).

Integrated circuits with pseudo random bit sequence (PRBS) generation circuitry are provided. The PRBS generation circuitry may be configured to support parallel output generation in multiple modes, where the parallel bit width in each mode can be different. The PRBS generation circuitry may include a linear feedback shift register that implements a desired polynomial, one or more XOR tree circuits that produces the parallel output bits, a multiplexer for selectively routing a subset of the parallel output bits back to the input of the shift register, and a gearbox for performing an adjustable bit width conversion. Configured in this way, the PRBS generation circuitry can provide parallel PRBS generation with an adjustable bit width.

A verification apparatus and method are disclosed for testing a device or system which is operable in a number of states through which it can transition in a multiplicity of different sequences. The method and apparatus disclosed include a set of functional modules which correspond to the states of the device or system under test and which may be activated in a large number of pseudorandom sequences. Each time a module of the verification apparatus is activated it causes the device or system under test to transition to the corresponding state. Thus, when the functional modules of the verification apparatus are activated in a given sequence, the corresponding states of the device or system under test are called in the same sequence.

The disclosure is generally directed to a method and apparatus for encrypting and decrypting data on an integrated circuit. In various implementations, the apparatus includes an on-chip high performance bus bridge that transparently encrypts and decrypts data between the embedded microprocessor(s) and off-chip system memory. In some implementations, the apparatus is optimized to the transactions generated by the processor's cache controller (e.g., optimized for cache line size) and optimized to the bus protocol being used. This provides code protection with minimal effect on system performance latency and throughput. The implementation of multiple cryptographic engines allows for encryption of a complete cache line while incurring only a single latency for the first cipher rounds to be completed.

The disclosure relates to secure data storage and retrieval, in particular to methods and circuits for securely storing data to reduce the possibility of leakage via side channel attacks. Embodiments disclosed include a method of storing a value comprising a series of words, the method comprising: i) combining in a series of XOR operations a word of a first portion of the value, a word of a second portion of the value and an output word of a first random number generator to provide a first combined word; ii) storing the first combined word in a shift register; and iii) repeating steps i) and ii) for each successive word of the first and second portions of the value.

In a method for performing symmetric stream encryption of data using a keystream and for transmitting the encrypted data, wherein the keystream is generated using at least one feedback shift register, which is initialized by filling with a defined bit sequence, the data to be encrypted is distributed into data packets, wherein each data packet is encrypted separately. The one or more feedback shift register(s) is/are re-initialized in order to encrypt each data packet, wherein at least a first bit sequence and a second bit sequence are used in each case to initialize the one or more feedback shift registers, wherein the first bit sequence is added to each encrypted data packet in clear text or in coded form and the second bit sequence represents a secret key that is not added to the encrypted data packets. The encrypted data packets are transmitted in packet switching mode together with the respectively added bit sequence and optionally header data.

A volatile memories includes an address scrambler configured to scramble at least a portion of a received addresses to obscure address topography of a memory array using at least one scramble key. The at least one scramble key is generated by a random number generator. The address scrambler is configured to perform logical bitwise operations using between a received address and the at least one scramble key to generate the scrambled row address.

A semiconductor device of an embodiment includes a seed generator circuit configured to generate a seed from inputted data by using first random number sequence data generated by an XorShift circuit; and a random number generator circuit configured to receive the seed as input to generate second random number sequence data by a second XorShift circuit.

A control flow attacks based on return address signatures comprises: using a return address as a push return address when a response is given to an interrupt service routine; generating an encrypted push return address by an XOR encryption circuit by means of an n-bit binary key generated by a pseudo random number generator; then, generating a push_address signature value by an MD algorithm signature circuit; when the response to the interrupt service routine is over, reading an n-bit binary address out of a stack to serve as a pop return address; generating an encrypted pop return address by the XOR encryption circuit; generating a pop address signature value by the MD algorithm signature circuit; comparing the push_address signature value with the pop address signature value; and determining whether or not a data processor is under a control flow attack according to a comparison result.

Techniques and mechanisms providing a mode of random number generation to satisfy a requirement for a consumer of random numbers. In an embodiment, a device comprises a Gaussian random number generator (GRNG) circuit, multiple uniform random number generator URNG circuits, and circuitry which is coupled between the GRNG circuit and the URNG circuits. Based on an indication of one or more required performance characteristics and/or one or more required statistical characteristics, a controller identifies a corresponding one of multiple available random number generation (RNG) modes. The controller communicates control signals to provide the mode with the circuitry. In another embodiment, the control signals configure the circuitry to select one or more of the URNG circuits for use in calculating random numbers with the GRNG circuit.