An obfuscation process is described for obfuscating a cryptographic parameter of cryptographic operations such as calculations used in elliptical curve cryptography and elliptical curve point multiplication. Such obfuscation processes may be used for obfuscating device characteristics that might otherwise disclose information about the cryptographic parameter, cryptographic operations or cryptographic operations more generally, such as information sometimes gleaned from side channel attacks and lattice attacks.

An information processing apparatus comprises a partial modular exponentiation calculating part and a partial modular exponentiation synthesizing part. The partial modular exponentiation calculating part is given a base in plaintext and a modulo in plaintext and shared exponents and calculates a partial modular exponentiation that equals a set of shared values according to a modular exponentiation of the base raised by the shared exponent. The partial modular exponentiation synthesizing part calculates shared values of the modular exponentiation from the partial modular exponentiation that equals shared values relating to the modular exponentiation of a sum of shared exponents.

The disclosure concerns a method of protecting a calculation on a first number and a second number, including the steps of: generating a third number including at least the bits of the second number, the number of bits of the third number being an integer multiple of a fourth number; dividing the third number into blocks each having the size of the fourth number; successively, for each block of the third number: performing a first operation with a first operator on the contents of a first register and of a second register, and then on the obtained intermediate result and the first number, and placing the result in a third register; and for each bit of the current block, performing a second operation by submitting the content of the third register to a second operator with a function of the rank of the current bit of the third number, and then to the first operator with the content of the first or of the second register according to state 0 or 1 of said bit, and placing the result in the first or second register.

In a method for determining the modular inverse of a number, successive iterations are applied to two pairs each including a first variable and a second variable, such that at the end of each iteration and for each pair, the product of the second variable and of the number is equal to the first variable modulo a given module. Each iteration includes at least one division by two of the first variable of a first pair or of a second pair, or a combination of the first variable of the first pair and of the first variable of the second pair by addition or subtraction. At least some of the iterations including a combination by addition or subtraction include a step of storing the result of the combination in the first variable of a pair determined randomly from among the first pair and the second pair. An associated cryptographic processing device is also described.

A system for decoding a transmission include a client device configured to receives a superposition via one or more communication links. The superposition may correspond to a transmission encoded into a plurality of fragments. The system may determine a coefficient for each fragment contained in the superposition and initialize a decoding process. The decoding process may facilitate determining a value of each fragment based on the identified coefficient of each fragment in the superposition. Advantageously, the system, through use of a the one or more communication links, may be configured to decode the transmission to derive information transmitted from a data source quickly and reliably.

Aspects of the present disclosure describe a method and a system to support execution of the method to perform a cryptographic operation involving identifying an N-word number, X=XN?1 . . . X.sub.1X.sub.o, to be squared, performing a first loop comprising M first loop iterations, wherein M is a largest integer not exceeding (N+1)/2, each of the M first loop iterations comprising a second loop that comprises a plurality of second loop iterations, wherein an iteration m of the second loop that is within an iteration j of the first loop comprises computing a product X.sub.a*X.sub.b of a word X.sub.a and a word X.sub.b, wherein a+b=2j+m, j?0 and m?0, and wherein all second loops have an equal number of second loop iterations.

A digital encrypting and decrypting unit (PMEU) that operates according to a Rivest-Shamir-Adleman (RSA) cryptosystem based on Residue Numeral System (RNS) and Chinese Reminder Theorem (CRT). The unit includes two modular exponentiation calculating units (MES-1, MES-2) to process a two residual signals (X mod p; X mod q) to calculate a result of a modular exponentiation by a binary method. The calculating units have inputs (I-k[i], I-SM, I-MM) and outputs (O-k[i], O-SM, O-MM) for signals representing partial results of the modular exponentiation. A modular exponentiation controlling unit (MECU) is connected to the inputs and outputs of the calculating units to control flow of the signals representing the partial results of the modular exponentiation.

A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.

Minimizing information leakage during modular exponentiation using random masks is disclosed Minimizing information leakage during elliptic curve point multiplication is disclosed with windowing by using point randomization is disclosed. Elliptic curve point multiplication with windowing calculates and stores multiple points based on the point being multiplied and then processes multiple bits of the multiplier at a time is also disclosed.

A method of protecting a modular calculation on a first number and a second number, executed by an electronic circuit, including the steps of: combining the second number with a third number to obtain a fourth number; executing the modular calculation on the first and fourth numbers, the result being contained in a first register or memory location; initializing a second register or memory location to the value of the first register or to one; and successively, for each bit at state 1 of the third number: if the corresponding bit of the fourth number is at state 1, multiplying the content of the second register or memory location by the inverse of the first number and placing the result in the first register or memory location, if the corresponding bit of the fourth number is at state 0, multiplying the content of the second register or memory location by the first number and placing the result in the first register or memory location.