A method for data decryption comprises receiving, over an AXI bus operating in burst mode, data access requests for data units stored in a memory, subdividing the requests received into requests for encrypted data units and requests for non-encrypted data units, forwarding both requests for encrypted data units and requests for non-encrypted data units towards the memory, retrieving the respective sets of data units over the AXI bus, and applying Advanced Encryption Standard, AES, processing to the requests for encrypted data units by calculating decryption masks for the encrypted data units and applying the decryption masks calculated to the encrypted data units retrieved. Subdividing the requests into requests for encrypted data units and requests for non-encrypted data units is performed depending on data start addresses and security information conveyed by the requests.

A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key. The processor of the RCC may send the derived key in blind to the client device

Systems, methods, and apparatuses relating to circuitry to implement an instruction to create and/or use data that is restricted in how it can be used are described. In one embodiment, a hardware processor comprises a decoder of a core to decode a single instruction into a decoded single instruction, the single instruction comprising a first input operand of a handle including a ciphertext of an encryption key (e.g., cryptographic key), an authentication tag, and additional authentication data, and a second input operand of data encrypted with the encryption key, and an execution unit of the core to execute the decoded single instruction to: perform a first check of the authentication tag against the ciphertext and the additional authentication data for any modification to the ciphertext or the additional authentication data, perform a second check of a current request of the core against one or more restrictions specified by the additional authentication data of the handle, decrypt the ciphertext to generate the encryption key only when the first check indicates no modification to the ciphertext or the additional authentication data, and the second check indicates the one or more restrictions are not violated, decrypt the data encrypted with the encryption key to generate unencrypted data, and provide the unencrypted data as a resultant of the single instruction.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for protecting user privacy in the playback of user sessions are described. In one aspect, a method includes accessing, for a user session with one or more user interfaces, event data that includes interface data specifying a structure of the user interface(s), and, for each of one or more user interface elements for which content was presented by the user interface(s) during the user session, an encrypted content element including the content of the user interface element encrypted using a public key corresponding to a rule enabling recording of the content of the user interface element and data identifying the rule. Playback of the user session is generated including, for each of the interface element(s), decrypting the encrypted content element for the user interface element and presenting the decrypted content during the playback of the user session.

This application relates to a synchronization circuit for synchronizing signals used in a threshold implementation operation process performing in an S-box of an encryption circuit. In one aspect, the synchronization circuit includes an enable signal generator configured to generate an enable signal. The synchronization circuit may also include a synchronization unit included in an encryption circuit and located inside an S-box that performs a threshold implementation operation that calculates by dividing bits of an input signal into bits equal to or greater than the number of bits of the input signal. The synchronization unit may be configured to synchronize signals used in a threshold implementation operation process based on the generated enable signal.

A system and method for enrollment and matching of a positive biometric identification belonging to an individual that has a biometric template of the individual cryptographically encrypted and masked to others. Data relating to the individual can be connected to the biometric identification in a way that others may access the data without being able to identify the individual or access the biometric template; hence privacy is preserved. The biometric template is completely controlled by the individual in the sense that the data is available and anonymized, but can only be de-anonymized by the individual.

This disclosure describes systems on a chip (SOCs) that prevent side channel attacks (SCAs). The SoCs of this disclosure concurrently operate multi-round encryption and decryption datapaths according to a combined sequence of encryption rounds and decryption rounds. An example SoC of this disclosure includes an engine configured to encrypt transmission (Tx) channel data using a multi-round encryption datapath, and to decrypt encrypted received (Rx) channel data using a multi-round decryption datapath. The SoC further includes a security processor configured to multiplex the multi-round encryption datapath against the multi-round decryption datapath on a round-by-round basis to generate a mixed sequence of encryption rounds and decryption rounds, and to control the engine to encrypt the Tx channel data and decrypt the encrypted Rx channel data according to the mixed sequence of encryption rounds and decryption rounds.

This disclosure describes systems on a chip (SOCs) that prevent side channel attacks (SCAs). An example SoC of this disclosure includes an engine configured to encrypt transmission (Tx) channel data using an encryption operation set configured with a first polynomial, and to decrypt encrypted received (Rx) channel data using a decryption operation set configured with a second polynomial different from the first polynomial. The SoC further includes a security processor configured to multiplex the encryption operation set against the decryption operation set with a varied sequence of selection inputs on a round-by-round basis to generate a mixed sequence of encryption rounds and decryption rounds, and to control the engine to encrypt the Tx channel data and decrypt the encrypted Rx channel data in a combined datapath according to the mixed sequence of encryption rounds and decryption rounds.

A method for performing privacy-preserving or secure multi-party computations enables multiple parties to collaborate to produce a shared result while preserving the privacy of input data contributed by individual parties. The method can produce a result with a specified high degree of precision or accuracy in relation to an exactly accurate plaintext (non-privacy-preserving) computation of the result, without unduly burdensome amounts of inter-party communication. The multi-party computations can include a Fourier series approximation of a continuous function or an approximation of a continuous function using trigonometric polynomials, for example, in training a machine learning classifier using secret shared input data. The multi-party computations can include a secret share reduction that transforms an instance of computed secret shared data stored in floating-point representation into an equivalent, equivalently precise, and equivalently secure instance of computed secret shared data having a reduced memory storage requirement.

An electronic device includes: a non-volatile memory configured to store data including encrypted data; and a digital circuit. The digital circuit includes: a microprocessor configured to access the non-volatile memory and an internal memory; and a decryption circuit arranged on an interconnect network identifying an internal data path for exchanging the data between the non-volatile memory and the microprocessor, and connected to a memory controller of the non-volatile memory for receiving blocks of data from the non-volatile memory, the decryption circuit being configured to: perform a decryption on the fly of blocks of the data read from the non-volatile memory to obtain read decrypted data; generate first decryption masks corresponding to first blocks of data being read from the non-volatile memory at a given read address; and generate second decryption masks corresponding to second blocks of data to be read from the non-volatile memory at a next estimated read address.