Systems and methods for protecting block cipher computation operations from external monitoring attacks. An example apparatus for implementing a block cipher may comprise a memory device to store instructions for computing a block cipher; and a processing device coupled to the memory device. The processing device performs a Data Encryption Standard (DES) cryptographic operation with multiple rounds of a Feistel structure, each round including a substitution function and a transformation function that combines an expansion function and a permutation function into a single operation. The transformation function transforms a first input portion of an internal state of the respective round and a second input portion of the internal state into a first output portion and a second output portion of data. The second output portion is equal to the first input portion and the first output portion is dependent on a combined permutation output from the transformation function.

An integrated circuit features technology for generating a keystream. The integrated circuit comprises a cipher block with a linear feedback shift register (LFSR) and a finite state machine (FSM). The LFSR and the FSM are configured to generate a stream of keys, based on an initialization value and an initialization key. The FSM comprises an Sbox that is configured to use a multiplicative mask to mask data that is processed by the Sbox when the LFSR and the FSM are generating the stream of keys. Other embodiments are described and claimed.

The present disclosure relates to a method for communicating between an electronic tag and a computer connected to the internet, wherein the electronic tag: encrypts at least part of the information to be transmitted, using a data format preserving algorithm; generates a URL comprising at least the encrypted part of the information; and transmits the URL to an NFC reader.

A trust relationship may be established between a host system and a storage system. An asymmetric key pair including a private key unique to a host system and a public key may be generated. During provisioning of the host system to the storage system, the host system may send the public key to the storage system. The storage system may be configured to record the public key for the host system, for example, in a masking table that defines I/O connectivity for logical storage units between a host system and the storage system. The public key may be used later to validate the host system to the storage system. The private key may be stored on the host system and be unreadable, or may be encrypted with an unreadable encryption key stored on the host system.

A method for performing an elliptic curve cryptographic process to generate output data based on input data, the elliptic curve cryptographic process based on an elliptic curve over a finite field, wherein the generation of the output data comprises generating, based on a predetermined point V of the elliptic curve and a positive R-bit integer k, a first point of the elliptic curve that is based, at least in part, on the point kV of the elliptic curve, wherein k=Σ.sub.r=0.sup.R−1 2.sup.rb.sub.r and, for each r=0,1, . . . , R−1, b.sub.r is the bit value of k at bit position r of k, wherein the method comprises: storing, according to a partition of the R bit positions for k into T groups of bit positions P.sub.t (t=0, 1, . . . , T−1), a corresponding lookup table L.sub.t having, for each of the 2.sup.|P.sup.t.sup.|possible options for assigning to the |P.sub.t| bit positions s ∈ P.sub.t a respective bit value x.sub.s, a corresponding point of the elliptic curve that is based, at least in part, on the point (Σ.sub.s∈P.sub.t2.sup.sx.sub.s)V of the elliptic curve; obtaining k; and determining the first point as Σ.sub.t=0.sup.T−1l.sub.t, where l.sub.t is the point of the elliptic curve that corresponds, in lookup table L.sub.t, to the option for assigning to the |P.sub.t| bit positions s ∈ P.sub.t the corresponding bit value b.sub.s.

A method of performing a cryptographic process in a secured manner, wherein the cryptographic process generates output data based on input data, the generating of the output data involving generating a value y based on an amount of data x, the value y representing a combination, according to a linear transformation L, of respective outputs from a plurality of S-boxes S.sub.n (n=0, . . . , N−1) for integer N>1, wherein each S-box S.sub.n (n=0, . . . , N−1) implements a respective function H.sub.n that is either (a) the composition of a respective first function F.sub.n and a respective linear or affine second function G.sub.n so that H.sub.n=G.sub.n∘F.sub.n, or (b) the composition of a respective first function F.sub.n, a respective linear or affine second function G.sub.n and a respective third function W.sub.n so that H.sub.n=G.sub.n∘F.sub.n∘W.sub.n, wherein the method comprises: performing a first processing stage and a second processing stage to generate the value y based on the amount of data x, wherein: the first processing stage uses a plurality of first lookup tables to generate respective outputs, each output being based on at least part of the amount of data x, wherein, for each S-box S.sub.n (n=0, . . . , N−1), the respective first function F.sub.n is implemented by a corresponding first lookup table; and the second processing stage combines outputs from a plurality of second lookup tables to generate the value y, wherein the input to each second lookup table is formed from the output of a plurality of the first lookup tables, and wherein the set of second lookup tables is based on the second functions G.sub.n (n=0, . . . , N−1) and the linear transformation L.

Various embodiments relate to a method for securely comparing a first polynomial represented by a plurality of arithmetic shares and a second compressed polynomial represented by a bitstring where the bits in the bitstring correspond to coefficients of the second polynomial, including: performing a first masked shift of the shares of the coefficients of the first polynomial based upon the start of the interval corresponding to the compressed coefficient of the second polynomial and a modulus value; performing a second masked shift of the shares of the coefficients of the first polynomial based upon the end of the interval corresponding to the compressed coefficient of the second polynomial; bitslicing the most significant bit of the first masked shift of the shares coefficients of the first polynomial; bitslicing the most significant bit of the second masked shift of the shares coefficients of the first polynomial; and combining the first bitsliced bits and the second bitsliced bits using an AND function to produce an output including a plurality of shares indicating that the first polynomial would compress to a bitstream matching the bitstream representing the second compressed polynomial.

A method and apparatus for securely generating an output is disclosed. In one embodiment, the method comprises generating a white-box implementation having unlocked white-box look up table (LUTs) for node-encoded secrets, the node-encoded secrets to be encoded for operation solely on a node of a network and globally encoded white-box LUTs for globally-encoded secrets to be encoded for operation on the node and at least another node; generating, from the white box implementation, a soft-locked white-box implementation having a plurality of node-specific locked white-box LUTs and modified globally encoded LUTs. The method further comprises receiving a global secret encoded according to the base file; generating the node-encoded secrets by applying node-specific locking transformations to the global secret; and generating, by the node, the output according to at least one of the globally-encoded secrets or the node-encoded secrets.

A system includes a plurality of storage units each including a network port operably coupled to the network, where one or more storage vaults is associated with the plurality of storage units and each storage vault of the one or more storage vaults represents a software-constructed grouping of storage units of the plurality of storage units, where the software-constructed grouping of storage units stores encoded data slices, where a data segment is encoded using an information dispersal algorithm to produce the encoded data slices, and where a storage unit: receives, via the network port, a request regarding the data segment stored in the software-constructed grouping of storage units, obtains, from a data structure pertaining to the software-constructed grouping of storage units, information regarding the request, determines whether the request is valid based on the information regarding the request, and when the request is valid, the storage unit executes the request.

In various embodiments, a computer-readable memory medium coupled to a processor is disclosed. The memory medium is configured to store instructions which cause the processor to retrieve a seed value, receive a digital bit stream, receive a digital bit stream, generate a stream of random bits, using the seed value as a seed to a pseudo random number generator (PRNG), wherein the stream of random bits contains at least as many bits as the digital bit stream, shuffle bits of the stream of random bits to create a random bit buffer, generate an obfuscated digital bit stream by applying a first exclusive OR (XOR) to the digital bit stream and the random bit buffer, wherein the obfuscated digital bit stream has the same number of bits as the digital bit stream, and provide the obfuscated digital bit stream to the communications interface.