Disclosed approaches for validating initialization vectors determining by a configuration control circuit whether or not an input initialization vector is within a range of valid initialization vectors. In response to determining that the initialization vector is within the range of valid initialization vectors, the configuration control circuit decrypts the ciphertext into plaintext using the input initialization vector and configures a memory circuit with the plaintext. In response to determining that the first initialization vector is outside the range of valid initialization vectors, the configuration control circuit signals that the first initialization vector is invalid.

A method performs cryptographic operations on data in a processing device. An iterative operation between a first operand formed by a given number of words and a second operand using a secret key is performed. The iterative operation includes, for each bit of the secret key, applying one of a first set operations and a second set of operations to the first operand and to the second operand depending on of the bit, and conditionally swapping words of the first and the second operand based on a control bit value obtained by applying a logic XOR function to a random bit.

A method for key generation is arranged in a client processor device, by means of which a second public client key P.sub.c′ of the client is generated. The public key P.sub.c′ is formed by a calculation, or sequence of calculations, which does not contain any operation whose result depends exclusively on the nonce s and at least one public value, or the public key P.sub.c′ being formed by a calculation, or sequence of calculations, where into each operation in which the nonce s enters, at least one non-public value enters the first private client key k.sub.c or the second private client key k.sub.c′, for example as a result of the calculation P.sub.c′=(k.sub.c′.Math.s).Math.G+(k.sub.c′.Math.k.sub.c).Math.P.sub.t.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

A method of performing an equality check in a secure system, including: receiving an input v having a known input property; splitting the input v into t secret shares v.sub.i where i is an integer index and t is greater than 1; splitting an input x into k secret shares x.sub.i where i is an integer index and k is greater than 1; splitting the secret shares x.sub.i into a s chunks resulting in s.Math.k chunks y.sub.j where j is an integer index; calculating a mapping chain t times for each secret share v.sub.i, wherein the mapping chain including s.Math.k affine mappings F.sub.j, wherein y.sub.j and F.sub.j−1(y.sub.j−1) are the inputs to F.sub.j and the F.sub.0(y.sub.0)=v.sub.i; and determining if the outputs have a known output property indicating that the input x equals a desired value.

Some embodiments described herein include an apparatus having a processor communicatively coupled to a memory. The processor is configured to monitor, at a characteristic controller, a first characteristic of an electronic device. The processor is then configured to receive side-channel signature analysis of the electronic device from a signature analyzer. The processor is configured to determine if the first characteristic of the electronic device has changed or will change in a predefined period of time based on the side-channel signature analysis. The processor is then configured to adjust a second characteristic of the electronic device and/or filtering characteristics such that the side-channel signature analysis reflects predefined side-channel behavior.

A random number generator resistant to side-channel attacks. The random number generator includes an entropy unit generating random pulses, a random frequency clock generator generating random frequencies by receiving random pulses output from the entropy unit, and an MCU externally masking a specific operation or a specific instruction based on a random frequency received from the random frequency clock generator.

A method for performing a power disturbing operation to reduce a success rate of cryptosystem power analysis attack, an associated cryptosystem processing circuit and an associated electronic device are provided. The method includes: generate at least one random number; generating a plurality of power disturbing parameters respectively corresponding to a plurality of bit calculation phases according to the at least one random number, where the plurality of bit calculation phases represent a plurality of cryptosystem processing phases related to a predetermined cryptosystem, and correspond to a plurality of private key bits of a private key, respectively; and according to the plurality of power disturbing parameters, enabling at least one predetermined circuit of a plurality of predetermined circuits in the plurality of bit calculation phases, respectively, to use power corresponding to the plurality of power disturbing parameters to perform the power disturbing operation in the plurality of bit calculation phases, respectively.

A method for side-channel attack mitigation in streaming encryption includes reading an input stream into a decryption process, extracting an encryption envelope having a wrapped key, a cipher text, and a first message authentication code (MAC) from the input stream, generating a second MAC using the wrapped key of the encryption envelope, and performing decryption of the cipher text in constant time by determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key.

Systems and methods are disclosed for side-channel attack mitigation for secure devices including cryptographic circuits using block ciphers that are not based upon feedback. For disclosed embodiments, an integrated circuit includes a cryptographic circuit and a controller. The cryptographic circuit performs cryptographic operations in a block cipher AES mode without feedback. The controller outputs control signals to the cryptographic circuit that cause the cryptographic circuit to perform the cryptographic operations on sequential data blocks with an internally permuted order to mitigate block cipher side-channel attacks. The internally permuted order can be generated using one or more random number generators, one or more pre-configured permutated orders, or other techniques. Further, sequential data blocks can be grouped into sequential subsets of data blocks, and the cryptographic operations can be performed in sequence for the subsets with data blocks within each subset being processed with an internally permuted order.