Methods and systems are provided for protecting a circuit design for an integrated circuit. Logic circuits are identified in at least a portion of the circuit design for replacement. The logic circuits in the circuit design are replaced with a bitstream and configurable circuits that comprise memory circuits. A transformed circuit design is generated for the integrated circuit that comprises the configurable circuits. The configurable circuits in the transformed circuit design perform logic functions of the logic circuits when the bitstream is stored in the memory circuits in the configurable circuits.

A quantum-attack resistant operating system for use in a key management mechanism which is a full solution of cyber-security for quantum transmission via optical paths, in order to detect and bypass quantum computing attacks, or to perform quantum counterattacks, during various procedures of quantum key managements; wherein the system avoids the attacks of key tampering, destroying, detecting, and blocking, from other quantum systems in a quantum key storage phase; meanwhile, it also avoids the sniffing from other quantum systems on key entangled properties, in a quantum key clearing phase; in addition, in a quantum key recycling phase, facing quantum computing attacks, it not only can disrupt the judgement of other systems on key verification, but also consumes the computing resources on the attacker side; thereby the present invention provides a protection mechanism which cannot be achieved by a conventional PQC (Post-quantum cryptography) solution.

Methods, apparatus and computer program product for protecting a confidential integrated circuit design process. The computer-implemented method includes receiving a design specification dataset from a first untrusted computing device; extracting confidential design specification data from the design specification dataset; encrypting the confidential design specification data to produce encrypted confidential design specification data; generate a first encryption key to be associated with the encrypted confidential design specification data; retrieving a confidential design specification data subset for replacing a design element subset with a security hard macro (SHM) placeholder design element set; generating a security hard macro (SHM) placeholder feature set comprising those security hard macro (SHM) placeholder features representing mappings from the confidential design specification data subset to the SHM placeholder design element set; and transmitting, to the first untrusted computing device, the encrypted confidential design specification data, the first encryption key, and the SHM placeholder feature set.

Systems and methods are disclosed for side-channel attack mitigation for secure devices including cryptographic circuits using block ciphers that are not based upon feedback. For disclosed embodiments, an integrated circuit includes a cryptographic circuit and a controller. The cryptographic circuit performs cryptographic operations in a block cipher AES mode without feedback. The controller outputs control signals to the cryptographic circuit that cause the cryptographic circuit to perform the cryptographic operations on sequential data blocks with an internally permuted order to mitigate block cipher side-channel attacks. The internally permuted order can be generated using one or more random number generators, one or more pre-configured permutated orders, or other techniques. Further, sequential data blocks can be grouped into sequential subsets of data blocks, and the cryptographic operations can be performed in sequence for the subsets with data blocks within each subset being processed with an internally permuted order.

Systems and methods are disclosed for side-channel attack mitigation for secure devices including cryptographic circuits using block ciphers that are not based upon feedback. For disclosed embodiments, an integrated circuit includes a cryptographic circuit and a controller. The cryptographic circuit performs cryptographic operations in a block cipher AES mode without feedback. The controller outputs control signals to the cryptographic circuit that cause the cryptographic circuit to perform the cryptographic operations on sequential data blocks with an internally permuted order to mitigate block cipher side-channel attacks. The internally permuted order can be generated using one or more random number generators, one or more pre-configured permutated orders, or other techniques. Further, sequential data blocks can be grouped into sequential subsets of data blocks, and the cryptographic operations can be performed in sequence for the subsets with data blocks within each subset being processed with an internally permuted order.

Hardware masking may be used as a countermeasure to make power analysis attacks more difficult. Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values. One method of masking probabilistically splits each bit of a computation into multiple shares. Mask-share domains (i.e., the wires and gates that perform a computation on a share) are physically spaced to reduce coupling between mask-share domains. The mask-share domains may be connected to the same power supply network. The physical distance between mask-share domains along the power-supply network may be selected to reduce coupling between mask-share domains that may occur via the power supply network. The mask-share domains may each be connected to different on-chip power supply networks.

A method for remotely programming a programmable device designed to provide an expected sensitive result. The method including transmitting a first program code to the programmable device, the first program code being configured to get at least one distinctive data unique and physically inherent to the programmable device, retrieving the distinctive data, and transmitting a second program code based on the retrieved distinctive data to the programmable device, so as to load the second program code into the programmable device.

A method for remotely programming a programmable device designed to provide an expected sensitive result. The method including transmitting a first program code to the programmable device, the first program code being configured to get at least one distinctive data unique and physically inherent to the programmable device, retrieving the distinctive data, and transmitting a second program code based on the retrieved distinctive data to the programmable device, so as to load the second program code into the programmable device.

An integrated circuit device includes a semiconductor substrate layer and at least one active layer including electronic components and supported by the semiconductor substrate layer. The semiconductor substrate layer and the at least one active layer are sandwiched between two protective layers acting as physical obstacles to prevent the passage of radiations. In addition, the two protective layers are electrically connected to a detection circuit that can monitor an electrical information of the protective layers and detect a physical attack of at least one of the two protective layers, based on the monitored electrical information.

An integrated circuit device includes a semiconductor substrate layer and at least one active layer including electronic components and supported by the semiconductor substrate layer. The semiconductor substrate layer and the at least one active layer are sandwiched between two protective layers acting as physical obstacles to prevent the passage of radiations. In addition, the two protective layers are electrically connected to a detection circuit that can monitor an electrical information of the protective layers and detect a physical attack of at least one of the two protective layers, based on the monitored electrical information.