The present invention relates to a method to securely load set of sensitive data hardware registers with sensitive data on a chip supporting hardware cryptography operations, said method comprising the following steps monitored by software instructions, at each run of a software: select a set of available hardware registers listed in a predefined list listing, in the chip architecture, the unused hardware registers and other relevant hardware registers not handling sensitive data and not disrupting chip functionality when loaded, establish an indexible register list of the address of the sensitive data hardware registers and of the hardware registers in the set of available hardware registers, in a loop, write each hardware register in this register list with random data, a random number of times, in random order except the last writing in each of the sensitive data hardware registers where a part of the sensitive data is written.

A process of hiding a key or data inside of random noise is introduced, whose purpose is to protect the privacy of the key or data. In some embodiments, the random noise is produced by quantum randomness, using photonic emission with a light emitting diode. When the data or key generation and random noise have the same probability distributions, and the key size is fixed, the security of the hiding can be made arbitrarily close to perfect secrecy, by increasing the noise size. The hiding process is practical in terms of infrastructure and cost, utilizing the existing TCP/IP infrastructure as a transmission medium, and using light emitting diode(s) and a photodetector in the random noise generator. In some embodiments, symmetric cryptography encrypts the data before the encrypted data is hidden in random noise, which substantially amplifies the computational complexity.

In various embodiments, a method for performing a lattice-based cryptographic operation is provided. The method includes obtaining a noise polynomial, a secret polynomial and a public polynomial, disguising at least one of the noise polynomial, the secret polynomial and the public polynomial by means of multiplying it with a random blinding polynomial, calculating the sum of the noise polynomial with the product of the public polynomial and the secret polynomial based on the disguised at least one polynomial, and determining a result of the lattice-based cryptographic operation based on the calculated sum of the noise polynomial with the product of the public polynomial and the secret polynomial.

One embodiment described herein provides a system and method for establishing a secure communication channel between a client and a server. During operation, the client generates a service request comprising a first dynamic message, transmits the first service request to the server, which authenticates the client based on the first dynamic message, and receives a second dynamic message from the server in response to the first dynamic message. The client authenticates the server based on the second dynamic message, and negotiates, via a quantum-key-distribution process, a secret key shared between the client and the server. The client and server then establish a secure communication channel based on at least a first portion of the secret key.

The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.

A method for executing an operation whereby a first input data, may be combined with a second input data, may include: defining data pairs whereby each data of a first input set is associated with a respective data of a second input set, the data in the first and second input sets may be obtained by applying Exclusive OR (XOR) operations to the first and second input data and to all first and second mask parameters of first and second mask sets; and computing output data by applying the operation to each of the data pairs, to obtain an output set, the first and second mask sets being such that a combination by XOR operations of each pairs of corresponding first and second mask parameters may produce a third mask set, where each mask sets may include a word column having a same number of occurrences of all possible values of the words.

A method for executing by a circuit a bit permutation operation by which bits of an input data are mixed to obtain an output data including at least two words, may include: generating a mask set including mask parameters, the mask set having one word column per word of the input data; generating an input set by combining the input data with each mask parameter of the mask set by Exclusive OR (XOR) operations; and computing an output set including output data resulting from the application of the bit permutation operation to each data in the input set, where the mask set may be generated such that the output set includes columns of output words, and each word column of the mask set an the output set including a same number of occurrences of all possible values of one input data word and respectively one output word.

A random-number generation unit generates a plurality of random numbers from a plurality of seeds. A data scrambling unit conceals concealment target data which is a concealment target by using the plurality of random numbers generated by the random-number generation unit. A transmission unit transmits concealed data which is the concealment target data concealed by the data scrambling unit to a data analysis device, and transmits any seed among the plurality of seeds to the data analysis device, after transmission of the concealed data to the data analysis device.

Examples provide a permission service for controlling service requests to web services. A permission controller monitors the number of active requests to a selected web service. When a permission request associated with the selected web service is received from a client, the permission service compares the current number of active requests to a per-service maximum threshold number of active requests. The permission controller maintains a per-threshold number of active requests customized for each web service. If the current request would exceed the threshold number if granted, the permission controller sends a denial with a random wait time to the client. The client resends the permission request on expiration of the wait time. The permission controller generates a different random wait time for each denial response. If the number of active requests is less than or equal to the threshold, the permission service grants permission to the client.

Methods are provided for testing and hardening software applications for the carrying out digital transactions which comprise a white-box implementation of a cryptographic algorithm. The method comprises the following steps: (a) feeding one plaintext of a plurality of plaintexts to the white-box implementation; (b) reading out and storing the contents of the at least one register of the processor stepwise while processing the machine commands of the white-box implementation stepwise; (c) repeating the steps (a) and (b) with a further plaintext of the plurality of plaintexts N-times; and (d) statistically evaluating the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts by searching for correlations between the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts to establish the secret key.