With respect to a method for execution by an information processing apparatus, the method includes calculating a reciprocal in multiplication on a residue field modulo a power of 2.

An apparatus method and computer media for implementing a white-box block cipher in a software application to create a secure software application having the same functionality as the software application. An implementation of a block cipher is created by: applying an isomorphism between an original finite field representation and a composite field representation, and using this isomorphism to reconstruct the cipher as operations that use only the elements of the composite field, including XOR, linear transformation and S-box; decomposing original S-box into several algebraic steps and merging some of these into other parts of the cipher; in the non-linear step of S-box, implementing the inversion in the original finite field representation with algorithm in the composite field representation; applying an initial threshold implementation of m input shares and n output shares to generate lookup tables for the non-linear step of S-box; applying further threshold implementations to different steps of the cipher to generate lookup tables. The block cipher is applied to at least a portion of the software application to create the secure software application and thereby increase security of a computing platform executing the secure software application.

An electronic calculating device (100) for performing arithmetic in a commutative ring (Z.sub.n; Z.sub.n [x]/f(x)) is presented. The calculating device comprising a storage (110) arranged to store an increment table (T) defined for an increment ring element (1; u.sup.t), the increment table mapping an input ring element (k=u.sup.k1−u.sup.k2) to an output integer-list (T((k.sub.1 k.sub.2))=(I1, I2)) encoding an output ring element (I=u.sup.I1−u.sup.I2), such that the output ring element equals the increment ring element ring-added to the input ring element (I=k−1). Using the increment table, a ring addition unit (130) adds a first addition-input integer-list ((a.sub.1, a.sub.2)) encoding a first addition-input ring element and a second addition-input integer list ((b1, b2)) encoding a second addition-input ring element. The device may comprise a ring multiplication unit (140) also using the increment table.

Methods and systems for protecting sensitive data and applications on a mobile device. In an embodiment, a mobile device processor of a mobile device downloads, from a digital wallet server computer, a mobile wallet application including a white box software development kit (SDK) which includes code protection processes, then obfuscates, by running the code protection processes of the white box SDK, consumer financial data and consumer authentication data and stores the obfuscated consumer financial data and consumer authentication data in a regular memory of the mobile device. The process also includes protecting, by the mobile device processor running the white box SDK, sensitive applications stored in the regular memory which execute during a transaction from attack, and re-obfuscating, by the mobile device processor, at least one of the consumer financial data and the consumer authentication data according to a predetermined time interval.

A method for obfuscating data at-transit can include receiving a request for communicating data, determining a sequence of data at-transit for a window of time; and providing the sequence of the data at transit for performing communications across interconnect to another component. The described method can be carried out by an obfuscation engine implemented in an electronic system such as within a secure element. A secure element can include a processor and a memory. The obfuscation engine can be part of the processor, part of the memory, or a stand-alone component.

Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

A method of implementing a cryptographic operation using a substitution box, comprising: specifying a set of self-equivalent functions for the substitution box; determining the minimum diversification number of the substitution box over the set of self-equivalent functions; comparing the minimum diversification number to a threshold value; including and implementing a cryptographic operation with selected substitution box when the minimum diversification number is greater or equal to a threshold value.

An electronic calculating device (100) for performing obfuscated arithmetic in a commutative ring (Z.sub.n; Z.sub.n[x]/f(x)) is presented. The calculating device comprising a storage (110) arranged to store an increment table (T) defined for an increment ring element (1; u.sup.t), the increment table mapping an input ring element (k=u.sup.k1−u.sup.k2) to an output integer-list (T((k.sub.1,k.sub.2))=(l.sub.1, l.sub.2)) encoding an output ring element (I=u.sup.l1−u.sup.l2), such that the output ring element equals the increment ring element ring-added to the input ring element (I=k+1). Using the increment table, a ring addition unit (130) adds a first addition-input integer-list ((a.sub.1, a.sub.2)) encoding a first addition-input ring element and a second addition-input integer list ((b.sub.1, b.sub.2)) encoding a second addition-input ring element. The device may comprise a ring multiplication unit (140) also using the increment table.

An electronic generation device (100) arranged to generate parameters for digital obfuscated arithmetic is provided. The generation device includes a prime number unit (110) arranged to generate a prime modulus (p) a base element unit (120) arranged to generate a prime modulus and a base element such that each ring-element modulo the prime modulus may be expressed as a difference between two powers of the potential base element.

Methods are provided for testing and hardening software applications for the carrying out digital transactions which comprise a white-box implementation of a cryptographic algorithm. The method comprises the following steps: (a) feeding one plaintext of a plurality of plaintexts to the white-box implementation; (b) reading out and storing the contents of the at least one register of the processor stepwise while processing the machine commands of the white-box implementation stepwise; (c) repeating the steps (a) and (b) with a further plaintext of the plurality of plaintexts N-times; and (d) statistically evaluating the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts by searching for correlations between the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts to establish the secret key.