A system, method and computer-readable storage medium with instructions for protecting an electronic device against fault attack. Given a data represented as an input codeword of a systematic linear error correcting code, the technology provides the secure computation of the output codeword corresponding to the result of the non-linear function applied to this data. Other systems and methods are disclosed.

A data processing method and apparatus relate to the field of communications technologies and applicable to data processing used to resolve a low security problem of data stored in a memory. A memory encryption/decryption (MED) apparatus receives a data write command, encrypts to-be-written data, scrambles an address to which data is to be written, and then saves a cyclic redundancy check (CRC) code of the to-be-written data and encrypted to-be-written data in a memory according to a scrambled address to which data is to be written. Solutions provided in the embodiments of the present disclosure are.

Aspects of the present disclosure relate to an apparatus comprising analogue circuitry comprising an entropy source, the entropy source being configured to provide a random output. The apparatus comprises first digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, and second digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, the second digital circuitry being a duplicate of the first digital circuitry. The apparatus comprises difference detection circuitry to determine a difference of operation between the first digital circuitry and the second digital circuitry. Each of the first digital circuitry and the second digital circuitry comprises entropy checking circuitry to check the entropy of the output of the entropy source.

According to various embodiments, a control device is described including an application core including a processor, a memory and a direct memory access controller and a security module coupled to the application core via a computer bus. The direct memory access controller is configured to read data from the memory, generate a hash value for the data and provide the hash value to the security module via the computer bus. The security module is configured to process the hash value.

The present invention relates to a method for executing a program (P) in an electronic device such as a smart card, including: computing, during execution of the program (P), an integrity datum (X1, X12) relating to a set (E) of code instructions of program (P), the set (E) having a single code instruction (Inst_1) or a sequence of code instructions (Inst_1, Inst_2) intended to be implemented consecutively, after computation of the integrity datum, executing a last code instruction of the set (E) by a processor of the electronic device, after execution of the last code instruction, integrity checking the set (E) on the basis of the computed integrity datum (X1, X12), to generate a result, signaling or not signaling an error as a function of the generated result.

Described herein are systems and methods that prevent against fault injection attacks. In various embodiments this is accomplished by taking advantage of the fact that an attacker cannot utilize a result that has been faulted to recover a secret. By using infective computation, an error is propagated in a loop such that the faulted value will provide to the attacker no useful information or information from which useful information may be extracted. Faults from a fault attack will be so large that a relatively large number of bits will change. As a result, practically no secret information can be extracted by restoring bits.

A method for protecting against faults in a computation of a point multiplication Q=[k]P on an elliptic curve E defined over a prime field .sub.p, including: defining an integer r and a group ={()|/r} represented with elements having a group law that coincides with a group law used in the representation for E(.sub.p) and isomorphic to an additive group (/r).sup.+ through isomorphism ; forming a combined group E(.sub.p)

Some embodiments are directed to a cryptographic device (100) arranged to compute a block cipher on an input message (110). The device computes a plurality of intermediate block cipher results by computing and re-computing a first intermediate block cipher result (151) of the plurality of intermediate block cipher results by applying the plurality of block cipher rounds sequentially to the input message followed by one or more additional block cipher rounds. A plurality of averaging functions are applied to the plurality of intermediate block cipher results, the results of which are added, after which the inverse of the one or more additional block cipher rounds is applied.

Presented are low-cost secure systems and methods that protect cryptographic systems against attacks that seek to exploit the shortcomings of common software-based erasure mechanisms. Various embodiments, protect an Elliptic-Curve Cryptography (ECC) secret from fault attacks. This may be accomplished, for example, by not exposing ECC secrets from the Modular Arithmetic Accelerator (MAA) memory after a Destructive Reset Source (DRS).

A vehicle-to-X communication apparatus includes a generating device which is designed to generate a vehicle-to-X message to be sent, a signing device which is designed to sign the vehicle-to-X message to be sent, a first verification device which is designed to verify the vehicle-to-X message to be sent, a transmitting device which is designed to send the vehicle-to-X message. The first verification device is configured according to a higher safety integrity level than the generating device, the signing device and/or the transmitting device. Furthermore, a corresponding method as well as the use of the apparatus in a vehicle or an infrastructure facility is disclosed.