A cryptographic processing method comprises the following steps: obtaining a second number determined by adding to a first number the order of a finite group or a multiple of this order; determining a quotient and a remainder by dividing the second number by a random number; obtaining a third element equal to the combination of elements equal to a first element of the finite group and in number equal to the product of the quotient and the random number; obtaining a fourth element equal to the combination of elements equal to the first element and in number equal to the remainder; determining a second element by combining the third element and the fourth element.

An embodiment integrated circuit includes a first electromagnetic pulse detection device that comprises a first loop antenna formed in an interconnection structure of the integrated circuit, a first end of the first antenna being connected to a first node of application of a power supply potential and a second end of the antenna being coupled to a second node of application of the power supply potential, and a first circuit connected to the second end of the first antenna and configured to output a first signal representative of a comparison of a first current in the first antenna with a first threshold.

Systems, methods, and apparatuses for protecting a secret on a device with limited memory, while still providing tamper resistance, are described. To achieve security, an encoding computer can apply a memory-hard function MHF to a secret S and determine a result Y, then determine a proof π for the result Y. Then, the encoding computer can send a codeword C comprising the secret S and the proof π to a decoding computer. The decoding computer can retrieve the codeword C from persistent memory and parse the secret S and the proof π. The decoding device can use transient memory decode the codeword C by verifying the proof π was generated with the secret S and the result Y. When the correctness of the result Y is verified, the decoding device can apply a cryptographic function to input data using the secret S then reset the transient memory.

A system, method and elliptic curve cryptography scheme having a fault injection attack resistant protocol. The cryptographic scheme has a first arithmetic operation having at least one of a single input bit, a single output bit, or a single output bit-string that is vulnerable to a fault injection attack. The protocol includes: performing a first arithmetic operation to determine a first output; performing a second arithmetic operation to determine a second output, the second arithmetic operation being a variant of the first arithmetic operation; and comparing the first output and the second output, and if the comparison is incompatible, outputting an invalidity condition, otherwise, outputting the first output.

An integrated circuit includes, in part, a key management unit configured to generate a seeding key during a start-up phase, an encryption module configured to encrypt data using the seeding key and deliver the encrypted data to a second integrated circuit, and an encoder configured to encode the seeding key and deliver the encoded seeding key to the second IC. The second integrated circuit includes, in part, a decoder configured to decode the seeding key. Each of the integrated circuits further includes, in part, a linear-feedback shift register that receives the same clock signals and loads the seeding key.

The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.

A cryptographic device (100) arranged to compute a target block cipher (B.sub.t) on an input message (110), the device comprising a first and second block cipher unit (121, 122) arranged to compute the target block cipher (B.sub.t) on the input message, and a first control unit (130) arranged to take the first block cipher result and the second block cipher result as input, and to produces the first block cipher result only if the block cipher results are equal.

Provided is a method for generating a digital signature of an input message (M) based on a secret key (d.sub.A) of a client device having access to a first set and a second set of precomputed data stored in a storage unit. The first set of precomputed data comprises private element parts (k.sub.i) protected with an homomorphic encryption. The second set of precomputed data comprises public element parts (Q.sub.i) paired with the private element parts of the first set. Each private element part is a discrete logarithm of the public element part paired therewith. The private element (k), can be homomorphically encrypted, by combining homomorphically encrypted private element parts selected in the first set (k.sub.i). The selection of the public and private element parts depends on the input message. Other embodiments are disclosed.

Described herein are systems and methods that prevent against fault injection attacks. In various embodiments this is accomplished by taking advantage of the fact that an attacker cannot utilize a result that has been faulted to recover a secret. By using infective computation, an error is propagated in a loop such that the faulted value will provide to the attacker no useful information or information from which useful information may be extracted. Faults from a fault attack will be so large that a relatively large number of bits will change. As a result, practically no secret information can be extracted by restoring bits.

A redundancy system includes a first computational device and a second computational device each configured to receive at least one input and to generate a first output and a second output, respectively, based on the at least one input; a random sequence generator configured to generate a random bit sequence; a random delay selector configured to determine a random delay based on the random bit sequence; a first random delay circuit configured to delay outputting the at least one input to the first computational device based on the random delay; a second random delay circuit configured to delay outputting the second output based on the random delay; and a fault detection circuit configured to receive the first output and the delayed second output, and to generate a comparison result based on comparing the first input to the delayed second output.