A system-on-chip (SoC) is provided that includes security control registers, the security control registers including security flags for security critical assets of the SoC, wherein each security flag includes multiple bits. A set of security critical bits is signaled from a configuration storage of the SoC with a set of validation bits to be used to validate the set of security critical bits.

A decryption integrated circuit (IC) includes an interface configured to receive an encrypted block of data and a decryption datapath. The decryption datapath has a plurality of computational stages arranged in a pipeline configured to decrypt the encrypted block of data to form a decrypted block of data. A non-linear computational stage included in the pipeline of the decryption datapath includes multiple asymmetric logical paths and multiple bypassable latches. A first signal traverses a first logical path and a second signal traverses a second logical path having a greater number of logical units than the first logical path. Each bypassable latch is positioned in a respective logical path of the multiple asymmetric logical paths. The decryption IC further includes a controller configured to assign an individual random bit sequence to each bypassable latch to randomly activate or randomly disable each bypassable latch of the multiple bypassable latches.

Methods, systems, and apparatuses for defending against cryptographic attacks using clock period randomization. The methods, systems, and apparatuses are designed to make side channel attacks and fault injection attacks more difficult by using a clock with a variable period during a cryptographic operation. In an example embodiment, a clock period randomizer includes a fixed delay generator and a variable delay generator, wherein a variable delay generated by the variable delay generator is based on a random or pseudorandom value that is changed occasionally or periodically. The methods, systems, and apparatuses are useful in hardware security applications where fault injection and/or side channel attacks are of concern.

The present disclosure relates to a method of fault detection in an application, by an electronic circuit, of a first function to a message, including the steps of generating, from the message, a non-zero even number N of different first sets, each including P shares; applying, to the P shares of each first set, one or a plurality of second functions delivering, for each first set, a second set including Q images; and cumulating all the images, starting with at most Q-1 images selected from among the Q images of a same second set.

An electronic system can include a charge storage device controllably connected to a voltage source; a protected circuit block controllably connected to the charge storage device for receiving a voltage supply from the charge storage device, the protected circuit block operating via an operating clock signal; a voltage detector coupled to the voltage supply of the protected circuit block; a comparator coupled to an output of the voltage detector; and a countermeasure processor coupled to receive an alert signal from an output of the comparator. The voltage at the voltage supply is related to the frequency of the operating clock and a frequency manipulation attack is detected by monitoring a difference between the voltage supply and a comparison voltage.

A vehicle-to-X communication apparatus includes a generating device which is designed to generate a vehicle-to-X message to be sent, a signing device which is designed to sign the vehicle-to-X message to be sent, a first verification device which is designed to verify the vehicle-to-X message to be sent, a transmitting device which is designed to send the vehicle-to-X message. The first verification device is configured according to a higher safety integrity level than the generating device, the signing device and/or the transmitting device. Furthermore, a corresponding method as well as the use of the apparatus in a vehicle or an infrastructure facility is disclosed.

The disclosure concerns an encryption function applied to a first word, a second word, a third word, and a fourth word including: multiplying the third word by the fourth word; adding the result of the multiplication; subtracting the result of the addition to the second word from the result of the addition to the first word; adding the result of the subtraction; combining with a constant the result of the addition of the third word to the result of the subtraction; and multiplying by two the result of said combination and circularly shifting the codes of the respective results of the addition of the fourth word to the result of the subtraction, of the addition of the second word to the result of the multiplication, and of the addition of the first word to the result of the multiplication.

In a method for determining the modular inverse of a number, successive iterations are applied to two pairs each including a first variable and a second variable, such that at the end of each iteration and for each pair, the product of the second variable and of the number is equal to the first variable modulo a given module. Each iteration includes at least one division by two of the first variable of a first pair or of a second pair, or a combination of the first variable of the first pair and of the first variable of the second pair by addition or subtraction. At least some of the iterations including a combination by addition or subtraction include a step of storing the result of the combination in the first variable of a pair determined randomly from among the first pair and the second pair. An associated cryptographic processing device is also described.

An electronic system can include a charge storage device controllably connected to a voltage source; a protected circuit block controllably connected to the charge storage device for receiving a voltage supply from the charge storage device, the protected circuit block operating via an operating clock signal; a voltage detector coupled to the voltage supply of the protected circuit block; a comparator coupled to an output of the voltage detector; and a countermeasure processor coupled to receive an alert signal from an output of the comparator. The voltage at the voltage supply is related to the frequency of the operating clock and a frequency manipulation attack is detected by monitoring a difference between the voltage supply and a comparison voltage.

Aspects of the present disclosure relate to an apparatus comprising analogue circuitry comprising an entropy source, the entropy source being configured to provide a random output. The apparatus comprises first digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, and second digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, the second digital circuitry being a duplicate of the first digital circuitry. The apparatus comprises difference detection circuitry to determine a difference of operation between the first digital circuitry and the second digital circuitry. Each of the first digital circuitry and the second digital circuitry comprises entropy checking circuitry to check the entropy of the output of the entropy source.