The invention relates to a method of authentication of a contactless communication circuit, PICC, by a contactless communication terminal, PCD. Within the PCC, a first number is generated and without encryption, transmitted to the PCD. Within the PCD a second number is determined by decryption of the first number with a first key. The determination of a third number is based on the second number, and the determination of a fourth number is by encryption of the third number with the first key. Decryption of the fourth number with the first key to obtain the third number and an interruption of the authentication if a sixth number obtained from the third number is different from a seventh number, is performed by the PICC.

An algorithm execution method includes carrying out a first execution of the algorithm by a processing unit, sending at least one first result, which is to be written into a memory, to a memory management circuit, and storing said first result into a first area of the volatile memory. The method also includes carrying out a second execution of the algorithm by the processing unit, sending at least one second result, which is to be written into the memory, to the memory management circuit, and applying, by means of the memory management circuit, a different processing for the at least one second result in the second execution than was applied for the at least one first results in the first execution.

Aspects of the present disclosure involves receiving an input message, generating a first random value that is used to blind the input message to prevent a side-channel analysis (SCA) attack, computing a second random value using the first random value and a factor used to compute the Montgomery form of a blinded input message without performing an explicit Montgomery conversion of the input message, and computing a signature using Montgomery multiplication, of the first random value and the second random value, wherein the signature is resistant to the SCA attack.

This document discloses techniques, apparatuses, and systems for sparse encodings for control signals. Integrated circuits (ICs) may transmit various signals to manage interactions between circuit components of the IC. These critical signals are common targets for malicious attacks because, when altered, they can cause the IC to perform differently than is intended, and in some cases, bypass security measures. To protect against these attacks, the sparse encodings for control signals described herein transmit critical signals with sparse encodings. Further, multiple rails may be used to transmit a single bit of the sparsely encoded critical signals across each rail. In this way, the techniques described herein may provide a scalable solution that may be adjusted differently based on each implementation.

An apparatus, computer-readable medium and computer-implemented method for masking data, including applying an irreversible function to a first data element to generate a derivative data element, the first data element being of a first data type and the derivative data element being of a second data type different than the first data type, selecting at least a portion of the derivative data element to serve as a template, generating a masked data element as the result of converting the template from the second data type to the first data type.

Various embodiments relate to a method and system for securely comparing a first and second polynomial, including: selecting a first subset of coefficients of the first polynomial and a second subset of corresponding coefficients of the second polynomial, wherein the coefficients of the first polynomial are split into shares and the first and second polynomials have coefficients; subtracting the second subset of coefficients from one of the shares of the first subset of coefficients; reducing the number of elements in the first subset of coefficients to elements by combining groups of / elements together; generating a random number for each of the elements of the reduced subset of coefficients; summing the product of each of the elements of the reduced subset of coefficients with their respective random numbers; summing the shares of the sum of the products; and generating an output indicating that the first polynomial does not equal the second polynomial when the sum does not equal zero.

The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

Multiple systems may determine neural-network output data and neural-network parameter data and may transmit the data therebetween to train and run the neural-network model to predict an event given input data. A data-provider system may perform a dot-product operation using encrypted data, and a secure-processing component may decrypt and process that data using an activation function to predict an event. Multiple secure-processing components may be used to perform a multiplication operation using homomorphic encrypted data.

A cryptographic processor is described comprising a processing circuit configured to perform a round function of an iterated cryptographic algorithm, a controller configured to control the processing circuit to apply a plurality of iterations of the round function on a message to process the message in accordance with the iterated cryptographic algorithm and a transformation circuit configured to transform the input of a second iteration of the round function following a first iteration of the round function of the plurality of iterations and to supply the transformed input as input to the second iteration wherein the transformation circuit is implemented using a circuit camouflage technique.

There is provided an apparatus that includes input circuitry to receive input data and output circuitry to output a sequence of instructions to be executed by data processing circuitry. Generation circuitry performs a generation process to generate the sequence of instructions using the input data. The sequence of instructions comprises an indirect control flow instruction having a field that indicates where a target of the indirect control flow instruction is stored. The generation process causes at least one of the instructions in the sequence of instructions to store a state of control flow speculation after execution of the indirect control flow instruction. The at least one of the instructions in the sequence of instructions that stores the state of control flow speculation is inhibited from being subject to data value speculation by the data processing circuitry.