Disclosed is a physical unclonable function generator circuit and testing method. In one embodiment, a testing method for physical unclonable function (PUF) generator includes: verifying a functionality of a PUF generator by writing preconfigured logical states to and reading output logical states from a plurality of bit cells in a PUF cell array; determining a first number of first bit cells in the PUF cell array, wherein the output logical states of the first bit cells are different from the preconfigured logical states; when the first number of first bit cells is less than a first predetermined number, generating a first map under a first set of operation conditions using the PUF generator and a masking circuit, generating a second map under a second set of operation conditions using the PUF generator and the masking circuit, determining a second number of second bit cells, wherein the second bit cells are stable in the first map and unstable in the second map; when the second number of second bit cells is determined to be zero, determining a third number of third bit cells, wherein the third bit cells are stable in the first map and stable in the second map; and when the third number of third bit cells are greater than a second preconfigured number, the PUF generator is determined as a qualified PUF generator.

A method comprises maintaining, for at least one remote device, a security footprint and a verified version of a software stack for the remote device, generating an attestation initiation token that includes a nonce to be used to generate an XMSS signature for attestation of the remote device, sending the attestation initiation token to the remote device, receiving, from the remote device, a modified message representative including a hash of a current version of a software stack for the remote device and an indicator of a version number of the current version of the software stack for the remote device, validating the hash, and in response to a determination that the hash is valid, generating an XMSS signature using the security footprint and the current version of a software stack for the remote device and a security footprint for the apparatus.

Unique Physical Unclonable (PUF) function objects may be created by molding or extruding specialized particles creating a measurable physical characteristic over a surface. The magnetized particles form a unique measurable magnetic “fingerprint” based on the random size, position, polar rotation, magnetization level, particle density, etc., of the particles. PUF objects may also vary in other physical characteristics by having a mixture of magnetic, conductive (magnetic or nonmagnetic), optically reflective or shaped, varied densities or mechanical properties resulting in random reflection, diffusion, or absorption of acoustical energy particles in a matrix or binder. The present invention envisions sensing any of the characteristics.

An electronic device such as a hardware security module device comprises a first cryptographic processing circuit configured to receive input data packets and apply thereto a first cryptographic processing to provide output data packets. A second cryptographic processing circuit is provided in the device, configured to receive the output data packets, apply thereto a second cryptographic processing inverse to the first cryptographic processing, and provide comparison data packets as a result of applying the second cryptographic processing to the output data packets received. A comparison processing circuit in the device is configured to compare the input data packets with the comparison data packets, and to produce an error signal as a result of the input data packets being different from the comparison data packets.

Fully homomorphic encryption integrated circuit (IC) chips, systems and associated methods are disclosed. In one embodiment, a method of operation for a number theoretic transform (NTT) butterfly circuit is disclosed. The (NTT) butterfly circuit includes a high input word path cross-coupled with a low word path. The high input word path includes a first adder/subtractor, and a first multiplier. The low input word path includes a second adder/subtractor, and a second multiplier. The method includes selectively bypassing the second adder/subtractor and the second multiplier, and reconfiguring the low and high input word paths into different logic processing units in response to different mode control signals.

A Physical Unclonable Function (PUF) based true random number generator (TRNG), a method for generating true random numbers, and an associated electronic device are provided. The PUF based TRNG may include a first obfuscation circuit, a cryptography circuit coupled to the first obfuscation circuit, and a second obfuscation circuit coupled to the cryptography circuit. The first obfuscation circuit obtains a first PUF value from a PUF pool of the electronic device, and performs a first obfuscation function on a preliminary seed based on the first PUF value to generate a final seed. The cryptography circuit utilizes the final seed as a key of a cryptography function to generate preliminary random numbers. The second obfuscation circuit obtains a second PUF value from the PUF pool, and performs a second obfuscation function on the preliminary random numbers based on the second PUF value to generate final random numbers.

A method of dynamically loading an encryption engine generates a relationship between encryption identifiers and information parameters. The information parameters includes information security levels, information sizes, and information access speeds. The encryption identifiers include a soft encryption identifier and a hard encryption identifier. A target encryption identifier of current to-be-encrypted information is obtained, and a target encryption mode of the current to-be-encrypted information is determined. An encryption engine corresponding to the current to-be-encrypted information is loaded according to the encryption mode. The method can reduce waste of resources, and improve an efficiency of encryption and decryption of information.

A system may include a cryptographic accelerator to generate a first check value based on a payload received in a message, and provide the first check value to a first comparator and to a second comparator. The system may include the first comparator to receive the first check value from the cryptographic accelerator, determine whether the first check value matches a second check value, the second check value being a check value received in the message, and provide a first output indicating whether the first check value matches the second check value. The system may include the second comparator to receive the first check value from the cryptographic accelerator, determine whether the first check value matches the second check value, and provide a second output indicating whether the first check value matches the second check value.

Modulus reduction for cryptography is described. An example of an apparatus includes multiplier circuitry to perform integer multiplication; and modulus reduction circuitry to perform modulus reduction based on a prime modulus, wherein the modulus reduction circuitry is to receive a product value, the product value resulting from multiplying a first n-bit value by a second n-bit value to generate the product value and perform modulus reduction to reduce the product value to a result within the prime modulus; and wherein the modulus reduction circuitry is based on shift and add operations.

An integrated circuit includes a secure hardware environment having a first input that receives a key number. A key generation device generates a secret key from the key number and a unique key. A signature generation device generates a signature associated with the key number. A second input of the secure hardware environment receives encrypted binary data. A decryption device operates to decrypt the received encrypted binary data using the secret key. A third input the secure hardware environment receives an authentication signature. An authentication device authorizes use of the secret key to decrypt only if the signature generated by the signature generation device is identical to the authentication signature.