The disclosure provides a very flexible mechanism for a storage controller to create RAID stripes and to re-create corrupted stripes when necessary using the erasure coding scheme. Typically, this is known as a RAID 6 implementation/feature. The erasure code calculations are generated using the Galois Multiplication hardware and the system controller can pass any polynomial into the hardware on a per stripe calculation basis. The polynomial value is passed to the hardware via an input descriptor field. The descriptor controls the entire computation process.

A method for creating unified, efficient hardware implementations for multiple symmetric ciphers is described. For a chosen set of two or more distinct types of symmetric ciphers, a unified substitution box (SBOX) is designed that can implement most of the operations in a single hardware block, with small hardware blocks added before and after the unified SBOX for unique operations of each distinct symmetric cipher. Optimization techniques can also be applied to the linear operations and SBOX operations for the chosen set, rather than individually for each symmetric cipher, of the two or more distinct types of symmetric ciphers.

An electronic calculating device for performing arithmetic in a commutative ring includes a storage configured to store an increment table defined for an increment ring element, the increment table mapping an input ring element to an output integer-list encoding an output ring element, such that the output ring element equals the increment ring element ring-added to the input ring element. Using the increment table, a ring addition unit adds a first addition-input integer-list encoding a first addition-input ring element and a second addition-input integer list encoding a second addition-input ring element. The device may include a ring multiplication unit also using the increment table.

In one embodiment, a processor comprises a multiplier circuit to operate in an integer multiplication mode responsive to a first value of a configuration parameter; and operate in a carry-less multiplication mode responsive to a second value of the configuration parameter.

Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked compressing of coefficients of a polynomial having n.sub.s arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting a first arithmetic share of the n.sub.s arithmetic shares by an input mask ?.sub.1; scaling the shifted first arithmetic share by a value based on a first compression factor ? and a masking scaling factor ?.sub.1; shifting the scaled first arithmetic share by a value based on the masking scaling factor ?.sub.1; scaling a second to n.sub.s shares of the n.sub.s arithmetic shares by a value based on the first compression factor ? and the masking scaling factor ?.sub.1; converting the n.sub.s scaled arithmetic shares to n.sub.s Boolean shares; right shifting the n.sub.s Boolean shares based upon the masking scaling factor ?.sub.1 and a second compression factor ?.sub.2; XORing an output mask ?.sub.2 with the shifted first Boolean share to produce n.sub.s compressed Boolean shares; and carrying out a cryptographic operation using the n.sub.s arithmetic shares when the n.sub.s compressed Boolean shares indicates that the coefficients of the polynomial are within boundary values.

In one example an apparatus comprises an unsatisfied parity check (UPC) memory, an unsatisfied parity check (UPC) compute block communicatively coupled to the UPC memory, a first error memory communicatively coupled to the UPC compute block, a polynomial multiplication syndrome memory, a polynomial multiplication compute block communicatively coupled to the polynomial multiplication syndrome memory, a second error memory communicatively coupled to the polynomial multiplication compute block, a codeword memory communicatively coupled to the UPC compute block and the polynomial multiplication compute block, a multiplexer communicatively coupled to first error memory and to the polynomial multiplication compute block, and a controller communicatively coupled to the UPC memory, the polynomial multiplication syndrome memory, the codeword memory, and the multiplexer. Other examples may be described.

Subject matter disclosed herein may relate to arithmetic units of processors, and may relate more particularly to configurable arithmetic units. Configurable arithmetic units may comprise a plurality of basic units, and may further comprise a programmable fabric to selectively connect the plurality of basic units at least in part to process one or more sets of parameters in accordance with one or more specified arithmetic operations.

A method (500) of generating a cryptographic checksum for a message M(x) is provided. The method comprises pseudo-randomly selecting (502) at least two irreducible polynomials p.sub.i(x). Each irreducible polynomial p.sub.i(x) is selected based on a first cryptographic key from the set of irreducible polynomials of degree n.sub.i over a Galois Field. The method further comprises calculating (503) a generator polynomial p(x) of degree n=formula (I) as a product of the N irreducible polynomials formula (II), and calculating (505) the cryptographic checksum as a first function g of a division of a second function of M(x), (M(x)), modulo p(x), i.e., g((M(x)) mod p(x)). By replacing a standard checksum, such as a Cyclic Redundancy Check (CRC), with a cryptographic checksum, an efficient message authentication is provided. The proposed cryptographic checksum may be used for providing integrity assurance on the message, i.e., for detecting random and intentional message changes, with a known level of security. Further, a corresponding computer program, a corresponding computer program product, and a checksum generator for generating a cryptographic checksum, are provided. $\begin{array}{cc}{}_{i=1}^N{n}_i& \left(I\right)\\ p_i\left(x\right),p\left(x\right)={}_{i=1}^N{p}_i\left(x\right)\end{array}$

A low-latency digital-signature with side-channel security is described. An example of an apparatus includes a coefficient multiplier circuit to perform polynomial multiplication, the coefficient multiplier circuit providing Number Theoretic Transform (NTT) and INTT (Inverse NTT) processing; and one or more accessory operation circuits coupled with the coefficient multiplier circuit, each of the one or more accessory operation circuits to perform a computation based at least in part on a result of an operation of the NTT/INTT coefficient multiplier circuit, wherein the one or more accessory operation circuits are to receive results of operations of the NTT/INTT coefficient multiplier circuit prior to the results being stored in a memory.

In one embodiment, a processor comprises a multiplier circuit to operate in an integer multiplication mode responsive to a first value of a configuration parameter; and operate in a carry-less multiplication mode responsive to a second value of the configuration parameter.