The present invention relates to a computing device for executing a first cryptographic operation of a cryptographic process on useful input data, said computing device comprising a first processor, a second processor and a selection circuit wherein: —said selection circuit is configured: —for receiving, from an input bus, expanded input data obtained by interleaving dummy input data with said useful input data, —for determining positions of the dummy input data in said expanded input data, —and for extracting said dummy input data and said useful input data from the expanded input data based on said determined positions, —said first processor is configured for executing said first cryptographic operation of said cryptographic process on said extracted useful input data to obtain useful output data, —said second processor is configured for executing a second operation on said extracted dummy input data to obtain dummy output data, said computing device being configured for having said operations executed such that leakage generated by said first cryptographic operation is jammed by leakage generated by the second operation.

A computer-implemented method comprising: establishing, by an operation device, a wireless communication with a remote device; authenticating, by the operation device, the wireless communication with the remote device; receiving, at the operation device, a first command to perform a first operation; establishing a first maximum delay period using an estimated time delay, wherein the estimated time delay comprises an authentication delay, an encryption delay, or a combination thereof; determining, by the operation device, that the first command is received within a first maximum delay period; performing, by the operation device, the first operation; receiving, at the operation device, a second command to perform a second operation; establishing a second maximum delay period using the estimated time delay; determining, by the operation device, that the second command is received within a second maximum delay period; and performing, by the operation device, the second operation instructed in the second command.

A quantum-cryptographic-communication system according to an embodiment includes a key-integrated-management device, quantum-cryptography devices, and key-management-inspection devices. An inspection-target-value-calculating unit calculates an inspection-target value based on quantum-cryptography-device information related to a quantum-cryptography device. An expected-value-calculating unit calculates an expected value based on at least one of wiring information of a QKD link connected to the inspection-target-quantum-cryptography device; weather information of the site installed with the inspection-target-quantum-cryptography device; and the quantum-cryptography-device information. A permissible-value-calculating unit calculates a permissible value based on at least one of the wiring information, the weather information, and the quantum-cryptography-device information. A determining unit determines whether the inspection-target value is within the range of (expected value)−(permissible value) and within the range of (expected value)+(permissible value); and, when the inspection-target value is outside the range of (expected value)−(permissible value) and outside the range of (expected value)+(permissible value), transmits anomaly detection to a key integrated management device.

Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.

There is herein provided a method of performing Quantum Key Distribution, the method comprising, transmitting, in a first basis state, a first photon from a quantum transmitter to a quantum receiver; transmitting, in a second basis state, a second photon from the quantum transmitter to the quantum receiver, the second basis state being non-orthogonal to the first basis state and the transmitter and receiver being optically connected by both a first optical channel and a second optical channel, wherein the step of transmitting the first photon from the quantum transmitter to the quantum receiver in the first basis state comprises: transmitting the first photon from the quantum transmitter to the quantum receiver along either the first optical channel or the second optical channel, wherein the step of transmitting the second photon from the quantum transmitter to the quantum receiver in the second basis state comprises: transmitting a first portion of the probability distribution of the second photon from the transmitter to the receiver along the first optical channel; and transmitting a second portion of the probability distribution of the second photon from the transmitter to the receiver along the second optical channel.

AMD's Secure Encrypted Virtualization (SEV) is a hardware extension available in AMD's EPYC™ server processors to support confidential cloud computing. Although known attacks against SEV, which exploit its lack of encryption in the virtual machine (VM) control block or the lack of integrity protection of the encrypted memory and nested page tables, have been addressed in subsequent releases of SEV-Encrypted State (SEV-ES) and SEV-Secure Nested Paging (SEV-SNP), a new CipherLeaks attack presents a previously unexplored vulnerability for SEV-ES and SEV-SNP. The attack allows a privileged adversary to infer a guest VM's execution states or recover certain plaintext, e.g., to steal private keys from the constant-time implementation of the Rivest-Shamir-Adleman (RSA) algorithm and the Elliptic Curve Digital Signature Algorithm (ECDSA) in the latest OpenSSL library.

A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

A secret key estimation device is provided for determining an estimate of at least one secret key used during a number of executions of a cryptographic function used by at least one cryptographic algorithm. The number of executions of the cryptographic function is at least equal to two. The secret key estimation device comprises an analysis unit for determining a plurality of sets of leakage traces from a side-channel information acquired during the number of executions of the cryptographic function. Each set of leakage traces corresponds to an execution of the cryptographic function and comprising at least one leakage trace. The secret key estimation device further comprises a processing unit configured to determine a statistical distribution of the acquired plurality of sets of leakage traces. The statistical distribution is dependent on a leakage function, the leakage function being represented in a basis of functions by a set of real values. The secret key estimation device is configured to determine the secret key from the statistical distribution of the plurality of sets of leakage traces using an estimation algorithm according to the maximization of a performance metric.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.