An authentication protocol using a Hardware-Embedded Delay PUF (HELP), which derives randomness from within-die path delay variations that occur along the paths within a hardware implementation of a cryptographic primitive, for example, the Advanced Encryption Standard (AES) algorithm or Secure Hash Algorithm 3 (SHA-3). The digitized timing values which represent the path delays are stored in a database on a secure server (verifier) as an alternative to storing PUF response bitstrings thereby enabling the development of an efficient authentication protocol that provides both privacy and mutual authentication.

Methods, systems, and apparatuses for defending against cryptographic attacks using clock period randomization. The methods, systems, and apparatuses are designed to make side channel attacks and fault injection attacks more difficult by using a clock with a variable period during a cryptographic operation. In an example embodiment, a clock period randomizer includes a fixed delay generator and a variable delay generator, wherein a variable delay generated by the variable delay generator is based on a random or pseudorandom value that is changed occasionally or periodically. The methods, systems, and apparatuses are useful in hardware security applications where fault injection and/or side channel attacks are of concern.

Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to detokenize encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

A computer-implemented method comprises: committing a transaction amount t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising at least a transaction blinding factor r_t; encrypting a combination of the transaction blinding factor r_t and the transaction amount t with a public key PK_B of a recipient of the transaction; and transmitting the transaction commitment value T and the encrypted combination to a recipient node associated with the recipient for the recipient node to verify the transaction.

Various techniques provide systems and methods for facilitating iterative key generation and data encryption and decryption. In one example, a method includes encrypting, by an encryption logic circuit, a current data portion of plaintext data using a current encryption key to provide an encrypted current data portion. The method further includes generating, by the encryption logic circuit, a next encryption key for encryption of a next data portion of the plaintext data based on the current encryption key. Related methods and devices are also provided.

A challenge/response system separates a physically unclonable function from the challenge/response. Bits in a challenge are used to qualify random data values. The random data values are permuted to generate a result. The result is used to encrypt a response that is sent in reply to the challenge. Additional permuting mechanisms may be used to further obfuscate the response.

A method of operating at least one node in a communication network that uses a shared communication medium has been developed. The method includes adjusting, with a controller in a first node, a resistance of a first potentiometer in the first node to a first resistance level that the controller in the first node determines randomly, the first potentiometer in the first node being connected to an output of a transceiver in the first node and to a shared communication medium, and transmitting, with the transceiver in the first node, a first data bit through the output that is connected to the shared communication medium with the first potentiometer producing the first resistance level.

A key based technique that targets obfuscation of critical circuit parameters of an analog circuit block by masking physical characteristics of a transistor (width and length) and the circuit parameters reliant upon these physical characteristics (i.e. circuit biasing conditions, phase noise profile, bandwidth, gain, noise figure, operating frequency, etc.). The proposed key based obfuscation technique targets the physical dimensions of the transistors used to set the optimal biasing conditions. The widths and/or lengths of a transistor are obfuscated and, based on an applied key sequence, provides a range of potential biasing points. Only when the correct key sequence is applied and certain transistor(s) are active, are the correct biasing conditions at the target node set.

Techniques for mitigating timing attacks via dynamically triggered time dilation are provided. According to one set of embodiments, a computer system can track a count of application programming interface (API) calls or callbacks made by a program within each of a series of time buckets. The computer system can further determine that the count exceeds a threshold count for a predefined consecutive number of time buckets. Upon making this determination, the computer system can trigger time dilation with respect to the program, where the time dilation causes the program to observe a dilated view of time relative to real time.

Operationally, the invention transmits a number to a verifiable recipient which indicates to the receiver what the key will be, without sending the key, or some related key. It is an INPUT into a function that takes the inputs to arrive at a completely different key. The idea is that the partial key does not have any resemblance to the final key and does not give the attacker a clue as to what the final key will be, thus, making it far more difficult to find what appears to be a completely unrelated password/key than one that is not obscured. This is also known as using a partial key to transmit a blind key to a verifiable recipient.