A client system includes a client-side host device, and a client-side storage device including a storage controller and a storage memory. The storage controller includes a host interface, a processor configured to control a read operation and a write operation for the storage memory, and a homomorphic encryption and decryption accelerator configured to, based on receiving a read request from the client-side host device, perform homomorphic encryption on first plaintext data that is read from the storage memory, to generate first homomorphic ciphertext data, and provide the first homomorphic ciphertext data to the client-side host device through the host interface, and based on receiving a write request from the client-side host device, perform homomorphic decryption on second homomorphic ciphertext data that is received through the host interface, to generate second plaintext data, and write the second plaintext data in the storage memory.

Technologies disclosed herein provide cryptographic computing. An example processor includes a core to execute an instruction, where the core includes a register to store a pointer to a memory location and a tag associated with the pointer. The tag indicates whether the pointer is at least partially immutable. The core also includes circuitry to access the pointer and the tag associated with the pointer, determine whether the tag indicates that the pointer is at least partially immutable. The circuitry is further, based on a determination that the tag indicates the pointer is at least partially immutable, to obtain a memory address of the memory location based on the pointer, use the memory address to access encrypted data at the memory location, and decrypt the encrypted data based on a key and a tweak, where the tweak including one or more bits based, at least in part, on the pointer.

An apparatus for obfuscating power consumption associated with one or more operations of a logic circuitry of a processor. The apparatus comprises counterbalance circuitry configured to provide a second power consumption to directly counterbalance the power consumption associated with the one or more operations of the logic circuitry. The second power consumption varies inversely with the power consumption associated with the one or more operations of the logic circuitry. The apparatus further comprises header circuitry configured to enable a common node to vary in voltage corresponding to the one or more operations of the logic circuitry. The counterbalance circuitry and the header circuitry are each coupled to the logic circuitry at the common node.

N key generation circuits are arranged in a pipeline having N stages. Each key generation circuit is configured to generate a round key as a function of a respective input key and a respective round constant. Output signal lines that carry the round key from a key generation circuit in a stage of the pipeline, except the key generation circuit in a last stage of the pipeline, are coupled to the key generation circuit in a successive stage of the pipeline to provide the respective input key.

An encryptor/decryptor, an electronic device including the encryptor/decryptor, and a method of operating the encryptor/decryptor are provided. The method of operating the encryptor/decryptor includes distributing an input plaintext stream to a plurality of encryption/decryption cores by pieces of plaintext data; performing a first operation by a first encryption/decryption core from among the plurality of encryption/decryption cores; and encrypting the plaintext data to ciphertext data or decrypting the ciphertext data to the plaintext data by each of the plurality of encryption/decryption cores by using a result of performing the first operation in the first encryption/decryption core.

Cryptographic processor chips, systems and associated methods are disclosed. In one embodiment, a cryptographic processor is disclosed. The cryptographic processor includes a first cryptographic processing module to perform a first logic operation. The first cryptographic processing module includes first input circuitry to receive ciphertext input symbols. A first pipeline stage performs a first operation on the ciphertext input symbols and generates a first stage output. On-chip memory temporarily stores the first stage output and feeds the first stage output to a second pipeline stage in a pipelined manner. The second pipeline stage is configured to perform a second operation on the first stage output in a pipelined manner with respect to the first pipeline stage.

Apparatuses, methods and storage medium associated with single pass parallel encryption are disclosed herein. In embodiments, an apparatus for computing may comprise an encryption engine to encrypt a video stream. The encryption engine may comprise a plurality of encryption pipelines to respectively encrypt a plurality of video sub-streams partitioned from the video stream in parallel in a single pass as the video sub-streams are being generated. The plurality of encryption pipelines may use a corresponding plurality of multi-part encryption counters to encrypt the corresponding video sub-streams as the video sub-streams are being generated. Each of the multi-part encryption counters used by one of the encryption pipelines may comprise a sub-portion that remains constant while encoding the corresponding video sub-stream, but the sub-key is unique for the one encryption pipeline, and differs from corresponding sub-portions of the multi-part encryption counters used by the other encryption pipelines. Other embodiments may be disclosed or claimed.

A heterogeneous processing system for federated learning and privacy-preserving computation, including: a serial subsystem configured for distributing processing tasks and configuration information of processing tasks, the processing task indicating performing an operation corresponding to computing mode on one or more operands; and a parallel subsystem configured for, based on the configuration information, selectively obtaining at least one operand of the one or more operands from an intermediate result section on the parallel subsystem while obtaining remaining operand(s) of the one or more operands with respect to the at least one operand from the serial subsystem, and performing the operation on the operands obtained based on the configuration information.

Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows:
client_key_MSB=AES128(base_key_1, client_ID),  (1)
client_key_LSB=AES128(base_key_2, client_ID+pad), and  (2)
client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

A technique for generating a keystream (128) for ciphering or deciphering a data stream (122) is provided. As to a method aspect of the technique, a nonlinear feedback shift register, NLFSR (112), including n register stages implemented in a Galois configuration is operated. At least one register stage of the implemented n register stages is representable by at least one register stage of a linear feedback shift register, LFSR. A first subset of the implemented n register stages is representable by a second subset of a second NLFSR. A number of register stages receiving a nonlinear feedback in the second NLFSR is greater than one and less than a number of register stages receiving a nonlinear feedback in the implemented NLFSR. The keystream (128) is outputted from a nonlinear output function (118). An input of the nonlinear output function (118) is coupled to at least two of the implemented n register stages of the NLFSR (112).