Various embodiments relate to a method for securely comparing a first polynomial represented by a plurality of arithmetic shares and a second compressed polynomial represented by a bitstring where the bits in the bitstring correspond to coefficients of the second polynomial, including: performing a first masked shift of the shares of the coefficients of the first polynomial based upon the start of the interval corresponding to the compressed coefficient of the second polynomial and a modulus value; performing a second masked shift of the shares of the coefficients of the first polynomial based upon the end of the interval corresponding to the compressed coefficient of the second polynomial; bitslicing the most significant bit of the first masked shift of the shares coefficients of the first polynomial; bitslicing the most significant bit of the second masked shift of the shares coefficients of the first polynomial; and combining the first bitsliced bits and the second bitsliced bits using an AND function to produce an output including a plurality of shares indicating that the first polynomial would compress to a bitstream matching the bitstream representing the second compressed polynomial.

Disclosed herein is a data storage device with storage medium that stores encrypted user content data. A cryptography engine uses a cryptographic key to decrypt the encrypted user content data. An access controller receives, from a user device, a request to register the user device and generates a challenge for a manager device. The manager device is located remotely from the data storage device. The controller sends, to the user device, the challenge for the manager device; receives, from the user device, a response calculated by the manager device to approve the request to register; calculates the cryptographic key based at least partly on the response calculated by the manager device; and creates and stores authorization data associated with the user device. The authorisation data indicates the cryptographic key, to register the user device with the data storage device.

A first input share value, a second input share value, and a third input share value may be received. The first input share value may be converted to a summation or subtraction between an input value and a combination of the second input share value and the third input share value. A random number value may be generated and combined with the second input share value and the third input share value to generate a combined value. Furthermore, a first output share value may be generated based on a combination of the converted first input share value, the combined value, and additional random number values.

Systems and methods that may be used to provide multitenant key derivation and management using a unique protocol in which key derivation may be executed between the server that holds the root key and a client that holds the derivation data and obtains an encryption key. In one or more embodiments, the derivation data may be hashed. The disclosed protocol ensures that the server does not get access to or learn anything about the client's derived key, while the client does not get access to or learn anything about the server's root key.

A method for executing by a circuit a substitution operation such that an output data may be selected in a substitution table using an input data as an index. The substitution operation may be performed using a new masked substitution table. The input data may be combined by XOR operations with a new value of a first mask parameter, and the output data may be combined by XOR operations with a new value of a second mask parameter. The new masked substitution table may be generated by computing the new value of the first mask parameter by applying XOR operations to a previous value of the first mask parameter and to a first input mask, computing the new value of the second mask parameter by applying XOR operations to a previous value of the second mask parameter and to a second input mask, and generating the new masked substitution table using a previous masked substitution table and the first and second input masks.

A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: a combinatorial function unit associated with each plaintext block, the combinatorial function unit being configured to determine a tweak block value by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, a first masking unit in association with each plaintext block, the first masking unit being configured to determine a masked value by applying a data masking algorithm to the tweak block value determined by the combinatorial function unit associated with the plaintext block.

A security device and an operating method thereof, which generate masking data for masking a key on the basis of a physically unclonable function (PUF), are provided. The security device includes a PUF circuit including a plurality of PUF cells outputting random key data and masking data, a key generator configured to generate a key through post-processing performed on the random key data, and a masking module configured to mask and store the key by using the masking data, wherein the random key data and the masking data are generated by different PUF cells.

The invention relates in particular to a method for securing the execution of a cryptographic algorithm (ALG) against passive sniffing, the method implementing masking (MSK) of data processed by the cryptographic algorithm. The masking (MSK) of said data includes a linear encoding step such as x′=x.Math.L+c, in which x is the data to be masked, x′ is the corresponding masked data, c is a code word included in a linear code C, and L is a matrix made up of linearly independent vectors not included in the linear code C. The invention also relates to a device (SC) implementing such a method.

Disclosed are systems and techniques for enhanced protection of cryptographic key generation in cryptographic applications. In particular, described is a method and a system that performs the method of obtaining input numbers associated with a cryptographic application, generating masking matrix based on at least one random value, obtaining masked numbers using a matrix product of the MM and the input numbers, determining a greatest common divisor (GCD) of the masked numbers, identifying a GCD of the input numbers, and using the identified GCD to generate a cryptographic key.

An apparatus includes a processor and a memory operatively coupled to the processor and associated with an instance of a distributed database at a first compute device. The processor is configured to select an anonymous communication path. Each blinded public key from a sequence of blinded public keys associated with the anonymous communication path is associated with a pseudonym of a compute device from a set of compute devices that implement the anonymous communication path. The processor is configured to generate an encrypted message encrypted with a first blinded public key. The processor is configured to generate an encrypted data packet including the encrypted message and a compute device identifier associated with a second compute device. The encrypted data packet is encrypted with a second blinded public key. The processor is configured to send the encrypted data packet to a third compute device.