A cryptographic device includes hardware data processing circuitry and software data processing circuitry coupled to the hardware data processing circuitry. The device, in operation, executes a plurality of rounds of a symmetrical data cipher algorithm and protects the execution of the plurality of rounds of the symmetrical data cipher algorithm. The protecting includes executing data masking and unmasking operations using the hardware data processing circuitry, executing linear operations applied to data using the software data processing circuitry, executing linear operations applied to masks using the hardware data processing circuitry, and executing non-linear operations applied to data using one of the hardware data processing circuitry or the software data processing circuitry.

Systems and methods are disclosed for data protection in a cluster of data processing accelerators (DPAs). The cluster of accelerators may include DPAs of a third party accelerator that may not be trusted. To ensure data protection in the cluster, a first DPA that receives a request from a second DPA to access a resource of the first DPA authenticates the second DPA. If the second DPA passes authentication, the second DPA is permitted to access non-sensitive resources of the first DPA, otherwise the second DPA is not permitted access to any resources of the first DPA and the first DPA breaks a communication link with the second DPA. Authentication is premised on a shared secret function between DPAs and a random number generated by the first DPA. The shared secret function is updateable by, e.g., a patch from a manufacturer of the DPA.

An artificial intelligence calculation semiconductor device is provided. The artificial intelligence calculation semiconductor device comprising: a control unit; and a MAC (Multiply and Accumulator) calculator which executes a homomorphic encryption calculation through the control unit, wherein the MAC calculator includes an NTT (Numeric Theoretic Transform)/INTT (Inverse NTT) circuit which generates cipher texts by performing a homomorphic multiplication calculation through transformation or inverse transformation of data, a cipher text multiplier which executes a multiplication calculation between the cipher texts, a cipher text adder/subtractor which executes addition and/or subtraction calculations between the cipher texts, and a rotator which performs a cyclic shift of a slot of the cipher texts.

A writing method of a crypto device includes receiving a write request from a central processing unit, determining a write attribute of the write request, and performing one of a partial write operation and a full write operation according to the write attribute. In the full write operation, a random number for a version count is generated, a key stream is generated using the version count, the key stream and write data are encrypted in a first logical operation, and the encrypted data and the version count are stored in a memory device.

A system on a chip (SoC) includes a security processor configured to determine that a first channel ID describing a {source, destination} tuple for a crypto packet matches a second channel ID describing a corresponding {source, destination} tuple for a preceding crypto packet received immediately prior to the crypto packet. The SoC also includes a decryption engine configured to, responsive to the determination that the first channel ID matches the second channel ID: obtain a set of round keys applied to perform an add round key computational stage of a previous decryption datapath used to decrypt a preceding cipher text block obtained from the preceding crypto packet, and to reuse the set of round keys to perform a corresponding add round key computational stage of a current decryption datapath used to decrypt a cipher text block obtained from the crypto packet.

Technologies for securely providing one or more remote accelerators hosted on edge resources to a client compute device includes a device that further includes an accelerator and one or more processors. The one or more processors are to determine whether to enable acceleration of an encrypted workload, receive, via an edge network, encrypted data from a client compute device, and transfer the encrypted data to the accelerator without exposing content of the encrypted data to the one or more processors. The accelerator is to receive, in response to a determination to enable the acceleration of the encrypted workload, an accelerator key from a secure server via a secured channel, and process, in response to a transfer of the encrypted data from the one or more processors, the encrypted data using the accelerator key.

A method including a security chip receiving a cryptographic operation request; the security chip acquiring a measurement result, wherein the measurement result is a result of measuring a dynamic measurement module in a cryptographic operation module by using a platform measurement root; and the security chip starting a cryptographic operation when determining that the measurement result is identical to a pre-stored standard value. The present disclosure solves a technical problem of failure to guarantee a dynamic trust for measurement code when starting dynamic measurement of a cryptographic operation.

A method for determining a preimage element of a cryptographic hash function includes providing an output value of a cryptographic hash function and hash function operations of the cryptographic hash function; for each of the hash function operations, determining at least one hash function relation, comprising an equation and/or an inequality; determining an optimization problem comprising: the output value, at least one constraint assigned to an iteration of the cryptographic hash function, and optimization variables comprising internal state variables of the cryptographic hash function and at least one preimage variable, wherein the at least one constraint is determined from the at least one hash function relation and comprises preceding internal state variables assigned to a preceding iteration; and solving the optimization problem and determining a preimage element of the cryptographic hash function from an optimizing value of the at least one preimage variable.

A method of operating a homomorphic encryption operation accelerator includes performing a number theoretic transform (NTT) operation on each of first homomorphic ciphertext and second homomorphic ciphertext, and performing a base conversion operation by adding a partial sum using a first value of the NTT operation.

A device of executing a cryptographic operation on bit vectors, the execution of the cryptographic operation includes the execution of at least one arithmetic addition operation between a first operand and a second operand. Each operand comprises a set of components, each component corresponding to a given bit position of the operand. The device comprises a set of elementary adders, each elementary adder being associated with a given bit position of the operands and being configured to perform a bitwise addition between a component of the first operand at the given bit position and the corresponding component of the second operand at the given bit position using the carry generated by the computation performed by the elementary adder corresponding to the previous bit position. Each elementary adder has a sum output corresponding to the bitwise addition and a carry output, the result of the arithmetic addition operation being derived from the sum outputs provided by each elementary adder. The device is configured to apply a mask to each operand component input of at least some of the elementary adders using a masking logical operation, the mask being a random number.