The disclosure relates to secure data storage and retrieval, in particular to methods and circuits for securely storing data to reduce the possibility of leakage via side channel attacks. Embodiments disclosed include a method of storing a value comprising a series of words, the method comprising: i) combining in a series of XOR operations a word of a first portion of the value, a word of a second portion of the value and an output word of a first random number generator to provide a first combined word; ii) storing the first combined word in a shift register; and iii) repeating steps i) and ii) for each successive word of the first and second portions of the value.

A circuit includes a first processing unit and a second identical processing unit. A first communication bus passes encrypted data between one of a plurality of functions and one or both of the first and second processing units. A selection circuit determines whether the encrypted bus is coupled to the first processing unit, the second processing unit, or both of the first and second processing units.

This disclosure relates to a method for securing the execution of a program by a processor, including a comparison instruction for comparing two data items, followed by a program operation which is selected as a function of a comparison result provided by the comparison instruction. The method may include, before the execution of the comparison instruction, calculating in various ways comparison data representative of the equality of the data to be compared, after the execution of the comparison instruction, verifying whether the comparison data calculated are consistent with the fact that the program operation is selected or not selected, and activating an error signal if the comparison data are mutually inconsistent or inconsistent with the result of the comparison.

An integrated circuit (IC) includes first and second secure memory elements storing identical data and a memory management system that executes a memory operation on the first secure memory element and a control operation on the second secure memory element simultaneously. The control operation is associated with safety of the IC and is executed to enable error detection in the second secure memory element, fault injection for the second secure memory element, masking of a power profile associated with the memory operation, or a combination thereof. After the execution of the memory operation and the control operation, the memory management system copies the data of the first secure memory element to the second secure memory element to maintain sanity of the second secure memory element.

An apparatus comprises an input register comprising a state register and a parity field, a first round secure hash algorithm (SHA) datapath communicatively coupled to the state register, comprising a first section to perform a ? step of a SHA calculation, a second section to perform a ? step and a ? step of the SHA calculation, a third section to perform a ? step of the SHA calculation and a fourth section to perform a ? step of the SHA calculation.

Described is a system that includes a queue cluster including first network devices that cooperate to communicate with end nodes of a network and to store information from the end nodes in memory, a processing cluster comprising second network devices that cooperate to perform one or more tasks on the information from the queue cluster, and a database cluster including third network devices that cooperate to provide storage for use by the processing cluster, with the queue cluster, the processing cluster, and the database cluster being part of a local network that is connectable to an external network, the local network including a wireless mesh network and for the one or more tasks, a network device among the second network devices is selected as a leader responsible for task execution.

Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes.

The present specification is related to analysis of digital circuits for assessing a fault sensitivity of a digital logic circuit. An example method includes: obtaining a set of input vectors that represent possible inputs to the digital logic circuit; for each output gate of the plurality of digital logic gates: (i) for each input vector of the set of input vectors, determining a cumulative output delay for the output gate, and (ii) determining an averaged cumulative output delay for the output gate by averaging the cumulative output delays for the output gate that were determined for multiple input vectors of the set of input vectors; generating a fault sensitivity score for the digital logic circuit based on the averaged cumulative output delays for the output gates of the digital logic circuit; and providing the fault sensitivity score.

The disclosure concerns an encryption function applied to a first word, a second word, a third word, and a fourth word including: multiplying the third word by the fourth word; adding the result of the multiplication; subtracting the result of the addition to the second word from the result of the addition to the first word; adding the result of the subtraction; combining with a constant the result of the addition of the third word to the result of the subtraction; and multiplying by two the result of said combination and circularly shifting the codes of the respective results of the addition of the fourth word to the result of the subtraction, of the addition of the second word to the result of the multiplication, and of the addition of the first word to the result of the multiplication.

An encryption module and method for performing an encryption/decryption process executes two cryptographic operations in parallel in multiple stages. The two cryptographic operations are executed such that different rounds of the two cryptographic operations are performed in parallel by the same instruction or the same finite state machine (FSM) state for hardware implementation.