Embodiments decrypt or partially decrypt an encoded message or a private key, the encoded message or private key encoded by a public-key cryptography algorithm. Embodiments encode the public-key cryptography algorithm using a language of a program synthesizer and construct a grammar for the program synthesizer. Embodiments train the program synthesizer with training data comprising input-output pairs and execute the trained program synthesizer to generate a mathematical formula. Embodiments validate the generated mathematical formula and then perform the decrypting using the trained and validated program synthesizer.

A system may include a cryptographic accelerator to generate a first check value based on a payload received in a message, and provide the first check value to a first comparator and to a second comparator. The system may include the first comparator to receive the first check value from the cryptographic accelerator, determine whether the first check value matches a second check value, the second check value being a check value received in the message, and provide a first output indicating whether the first check value matches the second check value. The system may include the second comparator to receive the first check value from the cryptographic accelerator, determine whether the first check value matches the second check value, and provide a second output indicating whether the first check value matches the second check value.

Aspects of the present disclosure involve a method and a system to perform the method to obtain a cryptographic output of a plurality of rounds of a cipher, by performing a plurality of modified rounds of the cipher, each of the modified rounds computing an unmasking transform, an operation of a respective round of the cipher, and a masking transform, the unmasking transform being an inverse of the masking transform of a previous round of the cipher.

In a general aspect, a GHASH semiconductor intellectual property (IP) core can include circuitry for calculating a GHASH function. The IP core can be configured to calculate the GHASH function by calculating the following quantities:

[00001]$X_0=0;$

[00002]$X_{i+1}=H^k{X}_i+{\displaystyle {.Math.}_{j=0}^{k-1}{\displaystyle {.Math.}_{n=0}^{m-1}{C}_{ki+j}{h}_{ijn},\text{where for any}i\text{and}j;\text{and}}}$

[00003]${\displaystyle {.Math.}_{n=0}^{m-1}{h}_{ijn}=H^j,\text{where}k>1\text{and}m>1.}$

The present invention provides a glitch detector including a first inverter, second inverter, a charge sharing component and a warning flag generator. The first inverter is configured to receive a first signal at a first node to generate a second signal to a second node. The second inverter is configured to receive the second signal at the second node to generate the first signal to the first node. The charge sharing component is configured to selectively connect the first node to the second node. The warning flag generator is coupled to the first node or the second node, and configured to determine whether a supply voltage of the glitch detector suffers an under voltage glitch according to a voltage level of the first signal or a voltage level of the second signal, to determine whether to output a warning flag.

In accordance with an embodiment, a method for transaction between an application executed by a processor and a peripheral via a hardware abstraction layer includes: configuring the peripheral comprising writing a transaction configuration emitted by the application into configuration registers of the peripheral via the hardware abstraction layer; verifying compliance of the transaction configuration written in the configuration registers; and executing the transaction only when the transaction configuration written in the configuration registers is compliant based on the verifying.

A method for cryptographic processing includes: storing an initial value as the current value; implementing a predetermined number of first steps, including one involving obtaining second data by applying a first cryptographic algorithm to first data, the others each involving the application of the first cryptographic algorithm to the current value and the storage of the result as the new current value; implementation of the predetermined number of second steps, including one involving the obtaining of fourth data by applying, to third data, a second cryptographic algorithm that is the inverse of the first cryptographic algorithm, the others each involving the application of the second cryptographic algorithm to the current value and the storage of the result as the new current value; and verification of the equality of the first data and the fourth data, and of the equality of the current value and the initial value.

The present disclosure relates to secure storage, in a non-volatile memory, of initial data encrypted using a second data, including selecting a pointer aimed at an initial address of a memory cell of an initial part of the non-volatile memory, and encrypting the pointer using the second data; and-storing the encrypted pointer in the non-volatile memory.

Various embodiments provide for failure mode analysis of a circuit design, which can be used as part of electronic design automation (EDA). In particular, some embodiments provide for failure mode analysis of a circuit design by determining a set of functional primitives of a circuit design component (e.g., cell at gate level) that contribute to a root cause logic for a specific failure mode.

The present disclosure relates to a method of fault detection in an application, by an electronic circuit, of a first function to a message, including the steps of generating, from the message, a non-zero even number N of different first sets, each including P shares; applying, to the P shares of each first set, one or a plurality of second functions delivering, for each first set, a second set including Q images; and cumulating all the images, starting with at most Q-1 images selected from among the Q images of a same second set.