Embodiments protect against memory-based side-channel attacks by efficiently shuffling data. In an example implementation, in response to a data access request by an encryption methodology regarding a first data element from amongst a plurality of data elements stored in memory, a storage address of a second data element of the plurality is determined. This storage address is determined using (i) an address of the first data element in the memory, (ii) a permutation function, and (iii) a random number. In turn, the first data element is stored at the determined storage address of the second data element and the second data element is stored at the address of the first data element. In this way, embodiments protect encryption methodologies from memory-based side-channel attacks.

According to an embodiment, an encryption processing device includes a memory and one or more processors. The memory stores a plurality of divided masks to be applied to an input sentence on which mask processing is performed in unit of processing of a predetermined size corresponding to a size of data obtained by dividing target data of encryption processing into a plurality of pieces, the divided masks having a same size as that of data obtained by further dividing the data of the unit of processing. The one or more processors are configured to: read out the plurality of divided masks from the memory at different respective timings, and generate a plurality of first masks by using the read-out divided masks at different respective timings; and execute arithmetic processing on intermediate data of the encryption processing using the plurality of first masks at different respective timings.

The embodiments herein are directed to technologies for backside security meshes of semiconductor packages. One package includes a substrate having a first interconnect terminal of a first type and a second interconnect terminal of a second type. The package also includes a first security mesh structure disposed on a first side of an integrated circuit die and a conductive path coupled between the first interconnect terminal and the second interconnect terminal. The first security mesh structure is coupled to the first interconnect terminal and the second interconnect terminal being coupled to a terminal on a second side of the integrated circuit die.

A method for protecting data includes encrypting information to generate a first tweak, combining a data block with the first tweak, encrypting the tweaked data block to form encrypted data, combining the encrypted data with the first tweak, and providing the combined encrypted data for storage in a memory address. Storing the combined encrypted data at the memory address generates a first stimulus different from a second stimulus generated by storing same encrypted data combined with a second tweak at the memory address. The first stimulus is generated based on the first tweak and the second stimulus is generated based on the second tweak.

A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret. The secret is retrieved from the memory device and processed in the hardware processing circuit in accordance with information included in the received challenge. The result of the processing in the hardware processing circuit is transmitted as a response to the challenge. The hardware processing circuit executes in a parallel manner, thereby reducing a signal that can be detected by an adversary attempting a side channel attack to secure the secret.

A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, corresponding methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

A cryptographical apparatus for converting input bit sequences, whose overflow-free arithmetic addition results in a secret, into output bit sequences whose logic XORing results in the secret. The apparatus comprises a data interface for providing a first input bit sequence and a second input bit sequence and a processing circuit configured to a) gate the first input bit sequence and the second input bit sequence to obtain a logic result indicating overflow bit positions at which both the first input bit sequence and the second input bit sequence have a value of one; and to b) change the first and/or second input bit sequence at at least one overflow bit position. The processing circuit is configured to repeatedly perform steps a) and b) by using the respectively changed input bit sequences, until the logic result indicates no further overflow bit position and the output bit sequences are obtained.

A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.

Secure communication between users and resources of an electrical infrastructure and associated systems and methods. A representative secure distributed energy resource (DER) communication system provides for the creation of trust rules that govern the permitted communications between users and resources of an electrical infrastructure system, and the enforcement of the trust rules.

A power supply device is used to provide power to an encryption and decryption device of a security system, including a safety power supply device, which is used to supply the supply voltage according to the system voltage; a regulated voltage source, which is used to provide a regulated voltage; and a voltage selection device, which is electrically connected with the safety power supply device, the stable voltage source and the encryption and decryption device. During the startup period of the security system, or, after the startup period of the security system and the encryption/decryption device performs encryption/decryption, only the supply voltage is selected as the driving voltage of the encryption/decryption device. After the startup period of the security system and the encryption and decryption device does not perform encryption and decryption, the voltage only the regulated voltage is selected as the driving voltage of the encryption and decryption device.