An image sensor includes a non-volatile memory (NVM) storing a encoded private key and partial information of a private key, using first random numbers generated by repeating a first random number generation operation using the partial information of the private key, and a security circuit that performs a decryption operation on a cipher text received from a controller. The security circuit includes a self-recursive decoder that receives the encoded private key from the NVM during the decryption operation, repeats a second random number generation operation using the partial information of the private key to generate second random numbers, and uses the second random numbers to restore the encoded private key to the private key, and a crypto module that uses the restored private key to decrypt the cipher text.

Technologies for selectively distributing a same random number to multiple cryptographic circuits are described. One apparatus includes a plurality of cryptographic circuits. Each of the plurality of cryptographic circuits is to receive a random number for differential power analysis (DPA) protection of a cryptographic operation. At least two of the plurality of cryptographic circuits are configured to selectively use a same random number.

A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.

A value corresponding to an input for a cryptographic operation may be received. The value may be masked by multiplying the value with a first number modulo a prime number. The cryptographic operation may subsequently be performed on the masked value.

The present disclosure relates to methods, devices, and systems for generating a signature of a message by a first device based on a secret key and a public key. The method includes generating a first parameter based on a first multiplication operation on the secret key and a first random number. The method further includes generating a first electronic signature based on the first parameter and the public key. The method further includes generating a second parameter based on the first random number, a second random number, and the message. The method further includes generating a second electronic signature based on the first parameter, the second parameter, the second random number, and the first electronic signature. The method further includes outputting, to a second device, the message, the first electronic signature, and the second electronic signature.

The present disclosure relates to a method of fault detection in an application, by an electronic circuit, of a first function to a message, including the steps of generating, from the message, a non-zero even number N of different first sets, each including P shares; applying, to the P shares of each first set, one or a plurality of second functions delivering, for each first set, a second set including Q images; and cumulating all the images, starting with at most Q-1 images selected from among the Q images of a same second set.

A cryptographic acceleration card generates, using an attribute unique to a blockchain integrated station that comprises the cryptographic acceleration card, an identity private key for the blockchain integrated station. The cryptographic acceleration card generates a private key ciphertext by encrypting the identity private key. The cryptographic acceleration card stores the private key ciphertext.

A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, according methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

An apparatus and method for detecting a change in electrical properties in a system is disclosed. Embodiments of the disclosure enable the detection of a change in electrical properties in a system by, in response to a load generated on a power delivery network power in at least part of the system, measuring noise induced in the power delivery network in response to the load. Based on the measured noise, a dynamic-response property of the power delivery network is determined and the dynamic-response property is compared to a stored reference dynamic-response property of the power delivery network based on a predetermined load. In the event of a difference between the dynamic-response property and the reference dynamic-response property, a response to the event is triggered to indicate tampering with the power delivery network.

This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.