Described is a lattice cryptography processor with configurable parameters. The lattice cryptography processor includes a sampling circuit configured to operate in accordance with a Secure Hash Algorithm 3 (SHA-3)-based pseudo-random number generator (PRNG), a single-port random access memory (RAM)-based number theoretic transform (NTT) memory architecture and a modular arithmetic unit. The described lattice cryptography processor is configured to be programmed with custom instructions for polynomial arithmetic and sampling. The configurable lattice cryptography processor may operate with lattice-based CCA-secure key encapsulation and a variety of different lattice-based protocols including, but not limited to: Frodo, NewHope, qTESLA, CRYSTALS-Kyber and CRYSTALS-Dilithium, achieving up to an order of magnitude improvement in performance and energy-efficiency compared to state-of-the-art hardware implementations.

A radar sensing system for a vehicle has multiple transmitters and receivers on a vehicle. The transmitters are configured to transmit radio signals which are reflected off of objects in the environment. There are one or more receivers that receive the reflected radio signals. Each receiver has an antenna, a radio frequency front end, an analog-to-digital converter (ADC), and a digital signal processor. The transmitted signals are based on spreading codes generated by a programmable code generation unit. The receiver also makes use of the spreading codes generated by the programmable code generation unit. The programmable code generation unit is configured to selectively generate particular spreading codes that have desired properties.

An electronic calculating device (100) is provided arranged for encoded addition in an Abelian group N. The calculating device comprises a storage (140) configured to store encoded elements of the Abelian group N, an addition unit (150) arranged to add multiple encoded addends, wherein the addition unit is configured to form an encoded element comprising at least the encoded parts of the multiple encoded addends, and reduction unit (160) arranged to reduce an encoded element, by replacing in a sequence of the encoded elements, two encoded elements with a further encoded element.

A method creates and distributes cryptographic keys for securing communication at two terminals. Signals for creating correlated values in the two terminals are distributed via a first communication channel burdened with error, and the correlated values are present as keys. A checksum is formed on the basis of the first key present in the first terminal and the checksum is transferred to the second terminal via a second communication channel. A second checksum is formed on the basis of the second key present, and information derived from the two checksums is transferred via the second communication channel to a server. Based on the information derived from the checksums, the server determines a correction value, which, when applied to one or both keys, brings the keys into correspondence. The correction value is transferred to one or both terminals via the second communication channel and is applied to one or both keys.

Systems and methods for protecting from external monitoring attacks cryptographic data processing operations involving universal polynomial hash functions computation. An example method may comprise: receiving an input data block and an iteration result value; performing a first field multiplication operation to produce a new iteration result value, by iteratively processing, starting from a first bit position, bits of a combination of the input data block and the iteration result value, wherein the first bit position is represented by one of: a least-significant bit and a most-significant bit; performing a second field multiplication operation to produce a new mask correction value, by iteratively processing operand bits starting from a second bit position, wherein the second bit position is represented by one of: a least-significant bit and a most-significant bit, and wherein the second bit position is different from the first bit position; applying the new mask correction value to the new iteration result value; and producing, based on the new iteration result value, a value of a cryptographic hash function to be utilized by at least one of: an authenticated encryption operation or an authenticated decryption operation.

An integrated circuit may be provided with a modular multiplication circuit. The modular multiplication circuit may include an input multiplier for computing the product of two input signals, truncated multipliers for computing another product based on a modulus value and the product, a subtraction circuit for computing a difference between the two products. An error correction circuit may use the difference to look up an estimated quotient value and to subtract out an integer multiple of the modulus value from the difference in a single step, wherein the integer multiple is equal to the estimated quotient value. A final adjustment stage may be used to remove any remaining residual estimation error.

There is provided a device for processing homomorphically encrypted data. The device includes: inter-line butterfly array blocks, each inter-line butterfly array block including inter-line modulus butterfly units, each inter-line modulus butterfly unit being configured to perform a modulus butterfly operation based on a computation pair of data points received corresponding to a pair of input data points at a same row of a matrix of input data points; intra-line butterfly array blocks, each intra-line butterfly array block including intra-line modulus butterfly units, each intra-line modulus butterfly unit being configured to perform a modulus butterfly operation based on a computation pair of data points received corresponding to a pair of input data points at a same column of the matrix of input data points; and a clock counter communicatively coupled to each inter-line butterfly array block and each intra-line butterfly array block, and configured to output a counter signal for controlling each inter-line butterfly array block and each intra-line butterfly array block to operate with single cycle initiation interval. The matrix of input data points includes columns of input data points, whereby parallel input data points derived from the homomorphically encrypted data are arranged into the columns of input data points. Furthermore, the inter-line butterfly array blocks and the intra-line butterfly array blocks are arranged in series to form a pipeline for processing the matrix of input data points.

Disclosed embodiments relate to a unified Advanced Encryption Standard (AES), SMS4, and Camellia (CML) accelerator. In one example, a processor includes fetch circuitry to fetch a cipher instruction specifying an opcode, a datum, and a key, the opcode to specify one of three cryptographic modes and an operation, decode circuitry to decode the fetched cipher instruction, and execution circuitry to respond to the decoded cipher instruction by performing the operation using a selected one of three block ciphers corresponding to the specified cryptographic mode and a unified cipher datapath shared by the three block ciphers, the unified cipher datapath comprising a plurality of hybrid substitution boxes (Sboxes) to perform Galois Field (GF) multiplications and inverse computations, wherein the unified cipher datapath is to implement an eighth-order polynomial isomorphically equivalent to each polynomial used by the three block ciphers by calculating and then combining two fourth-order polynomials.

A crypto processor, a method of operating a crypto processor, and an electronic device including a crypto processor. A method of operating a crypto processor for performing a polynomial multiplication of lattice-based texts includes transferring coefficients of polynomials for the polynomial multiplication to multipliers, performing multiplications for a portion of the coefficients in parallel using the multipliers, performing an addition for a portion of results of the multiplications using an adder, and determining a result of the polynomial multiplication based on another portion of the results of the multiplications and a result of the addition.

According to one embodiment, an execution unit is described, which includes a mask generation circuit configured to generate a mask by multiplying a mask generation vector by blocks of codewords of a plurality of cyclic codes, a masking circuit configured to mask data to be processed by means of the mask, and an arithmetic logic unit configured to process the masked data by means of additions and rotations.