A method of performing a keyed cryptographic operation mapping an input message to an output message, wherein the input message comprises m input data and the output message comprises m output data and wherein the cryptographic operation includes at least one round and the cryptographic operation specifies a substitution box for mapping input data into output data, including: transforming each of the m input data into n output data using n split substitution boxes, wherein the n split substitution boxes sum to the specified substitution box; and mixing and combining the m×n output data.

A system for cryptographic processing comprises message unit (1, 7, 12) for providing a first message representation (3, 6, 11), wherein the first message representation is a representation of a message. The system comprises key unit (2) for providing a key representation (4, 9, 14), wherein the key representation is an encrypted representation of a first key of a first cryptographic algorithm and a second key of a second cryptographic algorithm, wherein the first cryptographic algorithm is different from the second cryptographic algorithm. The system comprises step unit (5, 10, 15) for performing a step of the first cryptographic algorithm and a step of the second cryptographic algorithm based on the first message representation (3, 6, 11) and the key representation, to obtain a second message representation (6, 11, 16).

A system for securely computing an elliptic curve scalar multiplication in an unsecured environment, including: a secure processor including secure memory, the secure processor configured to: split a secure scalar K into m.sub.2 random values k.sub.i, where i is an integer index; randomly select m.sub.1−m.sub.2 values k.sub.i for the indices m.sub.2<i≦m.sub.1; select m.sub.1 mask values δ.sub.i; compute m.sub.1 residues c.sub.i based upon random residues a.sub.i, δ.sub.π(i).sup.−1, and k.sub.π(i), wherein π(i) is a random permutation; compute m.sub.1 elliptic curve points G.sub.i based upon random residues a.sub.i and an elliptic point to be multiplied; receive m.sub.1 elliptic curve points; and compute the elliptic curve scalar multiplication by combining a portion of the received elliptic curve points and removing the mask values δ.sub.i from the portion of the received elliptic curve points; a memory device; and a processor in communication with the memory device, the processor being configured to: receive m.sub.1 residues c.sub.i and elliptic curve points G.sub.i; compute m.sub.1 elliptic curve points P.sub.i based upon the m.sub.1 residues c.sub.i and elliptic curve points G.sub.i; send the m.sub.1 elliptic curve points P.sub.i to the secure processor.

Disclosed are an apparatus and method for public key encryption using a white-box cipher algorithm. An apparatus for public key encryption using a white-box cipher algorithm includes a key table generator configured to generate at least one key table from a cipher key, a hidden-key table generator configured to convert the at least one key table into at least one hidden-key table, and an encryption algorithm generator configured to generate a white-box implemented encryption algorithm by using the at least one hidden-key table and an inverse operation of the conversion and provide the generated encryption algorithm as a public key for encryption.

A symmetrical iterated block encryption method includes: a bitwise XOR combination of a predetermined data word of a predetermined block with a predetermined data word of a predetermined round key; and a bitwise XOR combination of the predetermined data word with at least one other predetermined data word.

An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.

Combined physical unclonable function (PUFs); methods, apparatuses, systems, and computer program products for enrolling combined PUFs; and methods, apparatuses, systems, and computer program products for authenticating a device physically associated with a combined PUF are described. In an example embodiment, a combined PUF includes a plurality of PUFs and one or more logic gates. Each PUF includes a plurality of stages and an arbiter configured to generate a single PUF response based on response portions generated by the plurality of stages. The one or more logic gates are configured to combine the single PUF response for each of the plurality of PUFs in accordance with a combination function to provide a combined response.

A system architecture providing memory encryption suitable for protection against liquid nitrogen and trace probe attacks. In one embodiment, a method of and system for memory encryption are provided. A write request is received at a memory controller. The write request includes first data and a first address. The memory controller is embedded in a CPU and is operatively coupled to memory external to the CPU. The first data are encrypted at the memory controller to generate encrypted first data. The encrypted first data are written to the memory.

Various embodiments relate to a method and system for securely comparing a first and second polynomial, including: selecting a first subset of coefficients of the first polynomial and a second subset of corresponding coefficients of the second polynomial, wherein the coefficients of the first polynomial are split into shares and the first and second polynomials have coefficients; subtracting the second subset of coefficients from one of the shares of the first subset of coefficients; reducing the number of elements in the first subset of coefficients to elements by combining groups of / elements together; generating a random number for each of the elements of the reduced subset of coefficients; summing the product of each of the elements of the reduced subset of coefficients with their respective random numbers; summing the shares of the sum of the products; and generating an output indicating that the first polynomial does not equal the second polynomial when the sum does not equal zero.

The present invention relates to a receiver (2200) for recognizing blinding attacks in a quantum encrypted channel (1300) comprising an optical fiber, comprising a multipixel detector (2210) comprising a plurality of pixels, and configured to be illuminated by a light beam outputted by the optical fiber, and a processing unit (2220) connected to the multipixel detector (2210) and configured to determine the presence of a blinding attack if a predetermined number of pixels detects light within a predetermined interval. The invention further relates to the use of the receiver (2200) for recognizing blinding attacks in a quantum encrypted channel (1300) and to a method for recognizing blinding attacks in a quantum encrypted channel (1300).