Aspects of the present disclosure involves receiving an input message, generating a first random value that is used to blind the input message input message to prevent a side-channel analysis (SCA) attack, computing a second random value using the first random value and a factor used to compute the Montgomery form of a blinded input message without performing an explicit Montgomery conversion of the input message, and computing a signature using Montgomery multiplication, of the first random value and the second random value, wherein the signature is resistant to the SCA attack.

A method, system, or apparatus for generating and/or verifying a signature on a message is provided. The method, system, or apparatus at a signer may include receiving a message, generating a security parameter, generating at least two seeds corresponding to at least two servers based on the security parameter, transmitting the at least two seeds to each server of the at least two servers, determine a private key based on the security parameter or the at least two seeds, and generating, on the message, a signature based on the private key. The method, system, or apparatus at a verifier may include receiving, from a signer, a signature on a message, obtaining at least two partial public keys, determining a full public key based on the at least two partial public keys, and authenticating the signature on the message based on the full public key. Other aspects, embodiments, and features are also claimed and described.

Systems and methods for efficient computation of univariate statistical moments. An example method comprises: receiving a plurality of input traces, wherein each trace of the plurality of input traces includes a plurality of sample points; appending, to a trace matrix comprising combinations of pre-determined degrees of the sample points, a plurality of rows representing the plurality of input traces; appending, to a classifier matrix, a plurality of columns representing metadata associated with the plurality of input traces; applying a defined transformation to the classifier matrix to produce a transformed classifier matrix; incrementing an accumulator matrix by a product of the transformed classifier matrix and the trace matrix; computing, using a first subset of elements of the accumulator matrix, a first statistical moment for a first portion of the input traces identified by a first subset of elements of the classifier matrix, wherein the first subset of elements of the classifier matrix is identified by a first classifier value; and computing, by subtracting each element of the first subset of elements of the accumulator matrix from a corresponding sum of elements of the input traces stored by the accumulator matrix, a second statistical moment for a second portion of the input traces identified by a second subset of elements of the classifier matrix, wherein the second subset of elements of the classifier matrix is identified by a second classifier value.

Embodiments disclosed systems and methods to broadcast a message to one or more virtual data processing (DP) accelerators. In response to receiving a broadcast instruction from an application, the broadcast instruction designating one or more virtual DP accelerators of a plurality of virtual DP accelerators to receive a broadcast message, the system encrypts the broadcast message based on a broadcast session key for a broadcast communication session. The system determines one or more public keys of one or more security key pairs each associated with one of the designated virtual DP accelerators. The system encrypts the broadcast session key based on the determined one or more public keys. The system broadcasts the encrypted broadcast message, and the one or more encrypted broadcast session keys to adjacent virtual DP accelerators for propagation.

An integrated-circuit device comprises a physical-unclonable-function (PUF) unit, a secure module, and an interconnect system communicatively coupled to the PUF unit and to the secure module. The device transfers a PUF key from the PUF unit to the secure module, over the interconnect system. In order to do this, the secure module generates a random value. The secure module then sends the random value to the PUF unit. The PUF unit then performs a bitwise XOR operation between the received random value and the PUF key, to generate a masked value. The PUF unit then transfers the masked value over the interconnect system to the secure module. The secure module then unmasks the PUF key by performing a bitwise XOR operation between the received masked value and the random value.

Systems and methods for determining cryptographic operation masks for improving resistance to external monitoring attacks. An example method may comprise: selecting a first input mask value, a first output mask value, and one or more intermediate mask values; based on the first output mask value and the intermediate mask values, calculating a first transformation output mask value comprising two or more portions, wherein concatenation of all portions of the first transformation output mask value produces the first transformation output mask value, and wherein exclusive disjunction of all portions of the first transformation output mask value is equal to the first output mask value; and performing a first masked transformation based on the first transformation output mask value and the first input mask value.

An example private processing pipeline may include: a masked decryption unit to perform a masked decryption operation transforming input data into masked decrypted data; a masked functional unit to produce a masked result by performing a masked operation on the masked decrypted data; and a masked encryption unit to perform a masked encryption operation transforming the masked result into an encrypted result.

A method for performing a matrix multiplication operation being secure against side-channel attacks according to one embodiment, which is performed by a computing device comprising one or more processors and a memory storing one or more programs to be executed by the one or more processors, includes shuffling an order of execution of multiplication operations between elements of a first matrix and elements of a second matrix for a matrix multiplication operation between the first matrix and the second matrix; and performing the matrix multiplication operation based on the shuffled order of execution.

Methods and systems for controlling access to secure data use a custodial TRNG disk. Source data is encrypted using first key data from a first TRNG disk to generate encrypted data which is stored at a first location by a first entity. A second TRNG disk has second key data which is stored at a second location by a second entity. A first TRNG disk copy and a second TRNG disk copy are made identical to the first TRNG disk and the second TRNG disk, respectively, and are stored at one or more locations by a custodial entity. The first key data and the second key data are encoded together, and then transmitted to one or more of the first or second entities. The first quantity of encrypted data is decryptable using the encoded first key data and the second key data.

To protect against physical and side-channel attacks, circuit assemblies may mount a main processor opposite of a cryptographic processor such that traces between the two processors are hidden in a substrate. Another substrate defining a cavity may be mounted on the bottom of the substrate to enclose the cryptographic processor and prevent physical access without disrupting the cryptographic operations. Voltage converters with integrated inductors may also be included in the cavity to generate electromagnetic noise that will disrupt the sensitive equipment used in side-channel attacks. An electromagnetic shield may be sputtered on top of the main processor to block electromagnetic sniffing attacks while still allowing the processor to be coupled with a heat sink.