The invention proposes a novel type of infective countermeasure against fault injection attacks. Instead of determining the injected error before amplifying it, the novel countermeasure applies the same diffusion function to two intermediate ciphers obtained by executing a cryptographic operation on an input. The error is therefore amplified within the same intermediate ciphers, referred to as infective ciphers after diffusion. It is then possible to use diffusion functions which do not map the cipher 0 as an output equal to 0. A cipher recomposed from bits of undiffused ciphers is also generated. These infective and recomposed ciphers are XOR-combined to provide an output cipher. This approach makes it possible to adapt, by simple duplication of the pairs and associated specific diffusion functions, the protection offered by the countermeasure to a desired number of injected faults.

A method, system and computer program product for reducing the amount of helper data that needs to be stored using two innovative techniques. The first technique uses bit-error-rate (BER)-aware lossy compression. By treating a fraction of reliable bits as unreliable, it effectively reduces the size of the reliability mask. With the view of practical costs of production-time error characterization, the second technique enables economically feasible across-temperature per-bit BER evaluation for use in a number of fuzzy extractor optimizations based on bit-selection to reduce overall BER (with or without subsequent compression) using room-temperature only production-time characterization. The technique is based on stochastic concentration theory and allows efficiently forming confidence intervals for average across-temperature BER of a selected set of bits. By using these techniques, it is economically feasible to achieve a dramatic reduction in the amount of helper data that needs to be stored in non-volatile memory and/or one-time-programmable memory.

An approach is provided in which an information handling system performs multiple tests on a memory device using different supply voltage levels. The information handling system identifies a set of memory cells in the memory that produce a same set of results during each of the memory tests at the different supply voltage levels, and generates a random number based on a set of data values collected from the set of memory cells. In turn, the information handling system uses the random number generator in one or more processes executed by the information handling system.

According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

Embodiments of PUF systems are disclosed. Embodiments of such PUFs may be operated in the classical domain or the quantum domain, and moreover, may comprise substantially the same circuitry, and operate substantially the same, when operating in the classical domain or the quantum domain. Additionally, embodiments of such PUF systems may be effectively utilized to generate uniquely identifying signatures for electronic devices based on electronic circuity, photonic circuitry or some combination of electronic and photonic circuitry and may be utilized to generate such signatures for such electronic devices regardless of whether such electronic device themselves operate in the classical or quantum domain.

Aspects include a cryptographic hardware security module having a secure embedded heat pipe and methods for assembling the same. The cryptographic hardware security module can include a printed circuit board having one or more components. The cryptographic hardware security module can further include an encapsulation structure having a top can and a bottom can. The top can is fixed to a first surface of the printed circuit board and the bottom can is fixed to second surface of the printed circuit board opposite the first surface. A heat pipe is positioned between the top can and the component. The heat pipe includes two or more 180-degree bends. A portion of the heat pipe extends beyond a secure region of the encapsulation structure.

A secret key estimation device is provided for determining an estimate of at least one secret key used during a number of executions of a cryptographic function used by at least one cryptographic algorithm. The number of executions of the cryptographic function is at least equal to two. The secret key estimation device comprises an analysis unit for determining a plurality of sets of leakage traces from a side-channel information acquired during the number of executions of the cryptographic function. Each set of leakage traces corresponds to an execution of the cryptographic function and comprising at least one leakage trace. The secret key estimation device further comprises a processing unit configured to determine a statistical distribution of the acquired plurality of sets of leakage traces. The statistical distribution is dependent on a leakage function, the leakage function being represented in a basis of functions by a set of real values. The secret key estimation device is configured to determine the secret key from the statistical distribution of the plurality of sets of leakage traces using an estimation algorithm according to the maximization of a performance metric.

Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.

The embodiments herein are directed to technologies for backside security meshes of semiconductor packages. One package includes a substrate having a first interconnect terminal of a first type and a second interconnect terminal of a second type. The package also includes a first security mesh structure disposed on a first side of an integrated circuit die and a conductive path coupled between the first interconnect terminal and the second interconnect terminal. The first security mesh structure is coupled to the first interconnect terminal and the second interconnect terminal being coupled to a terminal on a second side of the integrated circuit die.

Systems and methods for digital circuit emulation with homomorphic encryption include: receiving, by a hardware design tool chain, a customization file containing a predetermined set of one or more cells; converting, by the hardware design tool chain, a first digital circuit representation in a set of hardware design language (HDL) files into a second digital circuit representation based on the predetermined set of cells in the customization file; receiving, by an encrypted circuit emulator, a set of encrypted inputs; and executing, by the encrypted circuit emulator, the second digital circuit representation using the set of encrypted inputs to generate a set of encrypted outputs.