A communication system includes a server and a plurality of terminals. The server manages a public key and a private key. Each terminal includes computing circuitry that adds noise to first target data stored in the terminal, encrypts the first target data, to which the noise is added, using the public key, randomly chooses and determines, out of the server and different terminals, a first transmission destination of the first target data, transmits the encrypted first target data to the determined first transmission destination, receives second target data from a different terminal, randomly chooses and determines, out of the server and the different terminals, a second transmission destination of the received second target data, and transmits the received second target data to the second determined transmission destination. The server receives target data transmitted from the terminals and decrypt the received target data using the private key.

A computing device (e.g., an FPGA or integrated circuit) processes an incoming packet comprising data to compute a Galois hash. The computing device includes a plurality of circuits, each circuit providing a respective result used to determine the Galois hash, and each circuit including: a first multiplier configured to receive a portion of the data; a first exclusive-OR gate configured to receive an output of the first multiplier as a first input, and to provide the respective result; and a second multiplier configured to receive an output of the first exclusive-OR gate, wherein the first exclusive-OR gate is further configured to receive an output of the second multiplier as a second input. In one embodiment, the computing device further comprises a second exclusive-OR gate configured to output the Galois hash, wherein each respective result is provided as an input to the second exclusive-OR gate.

A device which can be implemented on a single packaged integrated circuit or a multichip module comprises a plurality of non-volatile memory cells, and logic to use a physical unclonable function to produce a key and to store the key in a set of non-volatile memory cells in the plurality of non-volatile memory cells. The physical unclonable function can use entropy derived from non-volatile memory cells in the plurality of non-volatile memory cells to produce a key. Logic is described to disable changes to data in the set of non-volatile memory cells, and thereby freeze the key after it is stored in the set.

A methodology for requesting at least one signed security measurement from at least one module is provided. The methodology includes receiving the at least one signed security measurement from the at least one module; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

A method of operation concealment for a cryptographic system includes randomly selecting which one of at least two cryptographic operation blocks receives a key to apply a valid operation to data and outputs a result that is used for subsequent operations. Noise can be added by operating the other of the at least two cryptographic operation blocks using a modified key. The modified key can be generated by mixing the key with a block-unique-identifier, a device secret, a slowly adjusting output of a counter, or a combination thereof. In some cases, noise can be added to a cryptographic system by transforming input data of the other cryptographic operation block(s) by mixing the input data with the block-unique-identifier, device secret, counter output, or a combination thereof. A cryptographic system with operation concealment can further include a distributed (across a chip) or interweaved arrangement of subblocks of the cryptographic operation blocks.

An embodiment is directed to a hardware circuit for encrypting and/or decrypting data transmitted between a processor and a memory. The circuit is situated between the processor and memory. The circuit includes a first interface communicatively coupled to the processor via a set of buses. The circuit also includes a second interface communicatively coupled to the memory. The circuit further includes hardware logic capable of executing an encryption operation on data transmitted between the processor and memory, without adding latency to data transmission speed between the processor and the memory. The hardware logic is configured to encrypt data received at the first interface from the processor, and transmit the encrypted data to the memory via the second interface. The hardware logic is also configured to decrypt data received at the second interface from the memory, and transmit the decrypted data to the processor via the first interface.

A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.

A processor with an elliptic curve cryptographic algorithm and a data processing method thereof are shown. The processor has a first register storing a Hash value pointer, a second register storing a public key pointer, a third register storing a signature pointer, and a fourth register for storage of a verified result. In response to a first elliptic curve cryptographic instruction of an instruction set architecture, the processor reads the Hash value of the data by referring to the first register, obtains the public key by referring to the second register, obtains the digital signature to be verified by referring to the third register, performs a signature verification procedure using the elliptic curve cryptographic algorithm on the Hash value based on the public key and the digital signature to be verified to generate the verified result, and programs the verified result into the fourth register.

A reconfigurable PUF device based on fully electric field-controlled domain wall motion includes a voltage control layer, upper electrodes, a lower electrode, antiferromagnetic pinning layers, and a magnetic tunnel junction (MTJ). The MTJ includes, from bottom to top, a ferromagnetic reference layer, a potential barrier tunneling layer and a ferromagnetic free layer. In the device, an energy potential well is formed in a middle portion of the ferromagnetic free layer by applying a voltage to the voltage control layer to control magnetic anisotropy, and a current is fed into either of the upper electrodes to drive generation of the magnetic domain walls and pin the magnetic domain walls to the potential well. After the voltage is removed, the potential well is lowered so that the magnetic domain walls are in a metastable state, thereby either a high resistance state or a low resistance state is randomly obtained.

A physically unclonable function (PUF) device comprises a plurality of conductors, at least some of which are arranged so that they interact electrically and/or magnetically with one another. A media surrounds at least a portion of each of the conductors, and circuitry is configured for applying an electrical challenge signal to at least one of the conductors and for receiving an electrical output from at least one of the other conductors to generate an identifying response to the challenge signal that is unique to the device. The media comprises a plurality of interactive regions, the interactive regions having an electrical and/or magnetic response characteristic which is permanently altered in response to a predetermined environmental event, and the identifying response is altered with the response characteristic.