A method for side-channel attack mitigation in streaming encryption includes reading an input stream into a decryption process, extracting an encryption envelope having a wrapped key, a cipher text, and a first message authentication code (MAC) from the input stream, generating a second MAC using the wrapped key of the encryption envelope, and performing decryption of the cipher text in constant time by determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key.

A key negotiation method and an electronic device are provided, and relate to the field of communications technologies. Specifically, the method includes: An IoT control device multicasts, in a first local area network, a discovery message that carries a first public key, and sends a second ciphertext to a first IoT device after receiving a first ciphertext and a second public key. After receiving a third ciphertext from the first IoT device, the IoT control device decrypts the third ciphertext based on a first session key, to obtain a second signature and second session information; verifies the second signature based on a long-term public key of the first IoT device; and performs encrypted communication with the first IoT device based on the first session key after the second signature is successfully verified.

Examples described herein relate to integrating a blockchain-enabled reader with a blockchain network over machine-to-machine communication protocol. A subscriber node may receive event data published by a publisher node. The event data may be communicated to the publisher node from a blockchain-enabled reader using a machine-to-machine communication protocol. The event data may be attested by the blockchain-enabled reader using a decentralized identity provisioned to the blockchain-enabled reader from the blockchain network. The decentralized identity of the blockchain-enabled reader may be verified. The event data may be submitted by the subscriber node to a distributed ledger upon successful verification of the decentralized identity of the blockchain-enabled reader.

Systems and methods are disclosed for side-channel attack mitigation for secure devices including cryptographic circuits using block ciphers that are not based upon feedback. For disclosed embodiments, an integrated circuit includes a cryptographic circuit and a controller. The cryptographic circuit performs cryptographic operations in a block cipher AES mode without feedback. The controller outputs control signals to the cryptographic circuit that cause the cryptographic circuit to perform the cryptographic operations on sequential data blocks with an internally permuted order to mitigate block cipher side-channel attacks. The internally permuted order can be generated using one or more random number generators, one or more pre-configured permutated orders, or other techniques. Further, sequential data blocks can be grouped into sequential subsets of data blocks, and the cryptographic operations can be performed in sequence for the subsets with data blocks within each subset being processed with an internally permuted order.

A data processing method includes: determining, in response to a request of an access terminal for writing target data to a blockchain, a target node role with a read permission for the target data, an access terminal connected with each node device having a permission of a node role corresponding to the node device; acquiring an encryption key corresponding to the target node role; performing encryption processing on the target data according to the encryption key to obtain a cipher text corresponding to the target data, the cipher text corresponding to the target data being decryptable for an access terminal corresponding to the target node role; and storing the cipher text corresponding to the target data to the blockchain.

One-to-many cryptographic systems and methods are disclosed, and a network employing the same, including numerous industry applications. The embodiments of the present invention can generate and regenerate the same symmetric key from a random token. The one-to-many cryptographic systems and methods include a central location and a cryptographic module being in communication with each other. The cryptographic module is configured to encrypt and/or decrypt data received a remote location and output encrypted and/or decrypted data. The cryptographic module includes a key generator configured to use two or more inputs to reproducibly generate the symmetric key and a cryptographic engine configured to use the symmetric key for encrypting and decrypting data. Corresponding methods, and network employing the same, are also provided.

A method for implementing a fast UBDM transform includes receiving a first, input vector via a processor, and partitioning the first vector to produce a magnitude vector and a sign vector. A second vector, including a modified magnitude vector and a modified sign vector, is generated by: applying a permutation to the magnitude vector to produce the modified magnitude vector, converting the sign vector, based on an algorithm, into an intermediate sign vector, and applying nonlinear layers to the intermediate sign vector. Each nonlinear layer includes a permutation, an S-box transformation, a diffusive linear operation and/or an Xor operation. Multiple linear layers are applied to the second vector to produce a third vector, the third vector being a transformed version of the first vector. A first signal representing the third vector is sent to at least one transmitter for transmission of a second signal representing the transformed data vector.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain data storage. One of the methods includes receiving a transaction associated with a blockchain network; determining, after the transaction is performed, an updated account state of a blockchain account involved in the transaction; adding, to a history state object database and after a current block is appended to a blockchain associated with the blockchain network based on performing a consensus algorithm, the updated account state, a hash value of the updated account state, an account identifier (ID) of the blockchain account, and a block ID of the current block; and updating, based on the hash value of the account state, the account ID, and the block ID, a state tree stored in a history state database.

This application relates to a synchronization circuit for synchronizing signals used in a threshold implementation operation process performing in an S-box of an encryption circuit. In one aspect, the synchronization circuit includes an enable signal generator configured to generate an enable signal. The synchronization circuit may also include a synchronization unit included in an encryption circuit and located inside an S-box that performs a threshold implementation operation that calculates by dividing bits of an input signal into bits equal to or greater than the number of bits of the input signal. The synchronization unit may be configured to synchronize signals used in a threshold implementation operation process based on the generated enable signal.

A data security apparatus includes an analog component. The analog component operates internally with a high degree of entropy. This high degree of entropy resides in the interactions between its internal components in response to an external driving signal. The interactions within the analog component have a level of entropy that is high enough to make digital simulation of the analog component impractical. Because the analog component is impractical to digitally simulate it is referred to as being digitally unclonable. The data security apparatus processes data by encrypting plaintext data into ciphertext and/or decrypting data from ciphertext into plaintext. Part of the conversion between plaintext and ciphertext uses the analog component. Since the analog component is digitally unclonable (that is, impractical to digitally simulate), the part of the conversion process that uses the analog component requires possession of the analog component itself or the possession of another analog component that has the same signature.