Methods and systems for provable, auditable and secure software updates for resource-constrained IoT devices are provided via a security framework and a protocol for owner-controlled software updates for IoT devices through blockchain.

Techniques for calculating a hash value of a single secure array of memory blocks in a sequential set of dice. The array can be defined by a set of address-size pairs. Each pair provides a pointer by including an address of a memory block and a size of the block. The hash value can be calculated by: for each die that is not the last die, partially applying a hash function, without final padding, to the memory blocks of the secure array in the die to generate a partial digest. And, for the last die, fully applying the hash function, with the final padding, to the memory blocks of the secure array in the last die to generate the hash value of the secure array, which can include adding an accumulation of partial digests to data from the last die as a basis for the generation of the hash value.

According to one embodiment, an electronic device includes a non-volatile memory; a controller that is electrically connected to the non-volatile memory and configured for accessibility to a memory space including a plurality of management areas in a host; at least one counter that is provided for each of the plurality of management areas and configured to increment a count value each time data is stored in the corresponding one of the plurality of management areas; and a circuit configured to generate a first value relating to integrity of the data for each management area based on the count value and the data. The controller is configured to store the data and the first value associated with the data.

An evolving encryption circuit for transforming a plain-text data stream into an encrypted data stream, the evolving encryption circuit comprising a confusion box population manager that generates a plurality of confusion boxes, a confusion box population agent that applies at least one evolutionary operator to each of the generated plurality of confusion boxes to create an evolved plurality of confusion boxes, a confusion box fitness evaluator that evaluates a cryptographic fitness of each of the evolved plurality of confusion boxes and assigns a cryptographic fitness measure to each of the evolved plurality of confusion boxes, a confusion box library that stores each one of the evolved plurality of confusion boxes that has an assigned cryptographic fitness measure above a fitness threshold value; and an encryptor block that implements one of the confusion boxes stored in the confusion box library to transform the plain-text data stream into the encrypted data stream.

A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.

Disclosed are various embodiments for executing entity-specific cryptographic code in a cryptographic coprocessor. In one embodiment, encrypted code implementing a cryptographic algorithm is received from a service via a network. The cryptographic coprocessor decrypts the encrypted code. The cryptographic coprocessor executes the decrypted code to generate a cryptogram including information encrypted using the cryptographic algorithm. The cryptogram is sent to the service via the network.

In a general aspect, a method for testing vulnerability of a cryptographic function (CF) to a side-channel attack includes providing a plurality of input values to the function, where the CF, for each input value calculates a sum of the input value and a first value of the CF, and replaces a second value of the CF with the sum. The method further includes measuring a set of samples including a respective side-channel leakage sample for each input value. The method also includes iteratively performing a series of operations including splitting the set of samples into a plurality of subsets based on the input values, calculating a respective value for each subset based on samples of the subset, and comparing the respective values for different subsets to discover respective bit values of the first value and the second value from their least significant bits to most significant bits.

An electronic circuit includes an interface, a read-only memory in which encrypted data are stored, and cryptographic circuitry coupled to the interface. In operation, the cryptographic circuitry uses a decryption key received via the interface to decrypt the encrypted data. The electronic circuit performs one or more operations using the decrypted data.

A post-quantum strong authentication scheme uses a reference PIN code stored in the memory of a personal object 1. A server generates a secret ss and a corresponding cipher ct using a key encapsulation mechanism, KEM, and a public key pk of the user, and then generates a cryptographic key ss' with a one-way function, OWF, applied to the secret. An access terminal 2 receives ss' and ct, and then obtains a PIN entered by the user, encrypts the PIN with ss′, and finally transmits the encrypted PIN cPIN and ct to the personal object 1. The personal object obtains ss through KEM decapsulation of ct and, with its private key sk, generates ss' with OWF, and uses it to decrypt cPIN. Verification thereof validates a first authentication factor. The personal object generates and then sends a confirmation Know(ss) of the secret to the server, validating a second authentication factor.

Methods and apparatus for using characterized devices such as memories. In one embodiment, characterized memories are associated with a range of performances over a range of operational parameters. The characterized memories can be used in conjunction with a solution density function to optimize memory searching. In one exemplary embodiment, a cryptocurrency miner can utilize characterized memories to generate memory hard proof-of-work (POW). The results may be further validated against general compute memories; such that only valid solutions are broadcasted to the mining community. In one embodiment, the validation mechanism is implemented for a plurality of searching apparatus in parallel to provide a more distributed and efficient approach. Various other applications for characterized memories are also described in greater detail herein (e.g., blockchain, social media, machine learning, probabilistic applications and other error-tolerant applications).