A method of performing a keyed cryptographic operation mapping an input message to an output message, wherein the input message comprises m input data and the output message comprises m output data and wherein the cryptographic operation includes at least one round and the cryptographic operation specifies a substitution box for mapping input data into output data, including: transforming each of the m input data into n output data using n split substitution boxes, wherein the n split substitution boxes sum to the specified substitution box; and mixing and combining the m×n output data.

Distributed, consistent utility-preserving data masking is provided by retrieving an original value from a data table; initiating a communication with a mapping service to ascertain whether or not a masking table of the mapping service includes a fictionalized value associated with the original value; when the masking table does not include a fictionalized value associated with the original value, producing a fictionalized value for the original value wherein the fictionalized value preserves at least one utility function of the original value, updating the mapping service to include the fictionalized value in the masking table, and applying a first masking operation by replacing the retrieved original value with the fictionalized value.

Examples are disclosed that relate to the securing of a distributed sensor system. One example provides a security component configured to be communicatively coupled between a trusted element and a distributed sensor system. The security component includes a secured controller configured to receive a signal for forwarding to a sensor of the distributed sensor system, authenticate the signal as being sent from the trusted element, and forward the authenticated signal to the sensor. Further, when the signal is not authenticated as being sent from the trusted element, the secured controller may be configured to not forward the signal to the sensor. The security component also includes a feedback controller configured to analyze signals received from the distributed sensor system and send one or more feedback instructions to the trusted element based at least on the signals from the distributed sensor system.

The disclosure concerns implementing, by a cryptographic circuit, a set of substitution operations of a cryptographic process involving a plurality of substitution tables. For each set of substitution operations of the cryptographic process, a series of sets of substitution operations are performed. One set of the series is a real set of substitution operations corresponding to the set of substitution operations of the cryptographic process. One or more other sets are dummy sets of substitution operations, each dummy set being based on a different permutation of said substitution tables.

A cryptographic circuit performs a substitution operation of a cryptographic algorithm based on a scrambled substitution table. For each set of one or more substitution operations of the cryptographic algorithm, the circuit performs a series of sets of one or more substitution operations of which: one is a real set of one or more substitution operations defined by the cryptographic algorithm, the real set of one or more substitution operations being based on input data modified by a real scrambling key; and one or more others are dummy sets of one or more substitution operations, each dummy set of one or more dummy substitution operations being based on input data modified by a different false scrambling key.

Methods are provided for testing and hardening software applications for the carrying out digital transactions which comprise a white-box implementation of a cryptographic algorithm. The method comprises the following steps: (a) feeding one plaintext of a plurality of plaintexts to the white-box implementation; (b) reading out and storing the contents of the at least one register of the processor stepwise while processing the machine commands of the white-box implementation stepwise; (c) repeating the steps (a) and (b) with a further plaintext of the plurality of plaintexts N-times; and (d) statistically evaluating the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts by searching for correlations between the contents of the registers and the plaintexts, the intermediate results and/or the ciphertexts generated from the plaintexts to establish the secret key.

An application code obfuscating apparatus includes a secret code divider, a secret code caller, a code converter and an obfuscating part. The secret code divider is configured to divide an application code having a first type into a secret code and a normal code. The secret code caller generating part is configured to generate a secret code caller to call the secret code. The code converter is configured to convert the secret code having the first type to a second type. The obfuscating part is configured to generate a first table and a second table. The first table includes an obfuscated signature of the secret code and a first random vector. The second table includes an offset of the secret code which corresponds to the obfuscated signature of the secret code and a second random vector which is liked with the first random vector.

A cryptographic device includes hardware data processing circuitry and software data processing circuitry coupled to the hardware data processing circuitry. The device, in operation, executes a plurality of rounds of a symmetrical data cipher algorithm and protects the execution of the plurality of rounds of the symmetrical data cipher algorithm. The protecting includes executing data masking and unmasking operations using the hardware data processing circuitry, executing linear operations applied to data using the software data processing circuitry, executing linear operations applied to masks using the hardware data processing circuitry, and executing non-linear operations applied to data using one of the hardware data processing circuitry or the software data processing circuitry.

The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).

To identify slice errors, a processing module of a computing device in a dispersed storage network (DSN) sends first list digest requests to at least first and second dispersed storage (DS) units. The requests indicates a first range of slice names to include in a first list digest. The processing module receives digest responses from the DS units, and compares the digest responses to determine whether they identify the same slices. If they do not identify the same slices, the processing module sends second list digest requests indicating a sub-range of the first range of slice names to include in second list digests. The sub-range continues to be narrowed until the processing module identifies at least one sub-range of slice names where a slice error exists.