公开(公告)号：US20220083439A1

公开(公告)日：2022-03-17

申请号：US17447600

申请日：2021-09-14

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Marcio Juliato ,  Manoj R. Sastry

IPC: G06F11/27 ,  H04L9/30 ,  G06F11/22 ,  H04L9/32 ,  H04L9/00

Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults. Other embodiments are described and claimed.

公开(公告)号：US20220021517A1

公开(公告)日：2022-01-20

申请号：US17342271

申请日：2021-06-08

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Luis Kida ,  Reshma Lal

IPC: H04L9/06 ,  H04L9/08

Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first block cipher pipeline to encrypt a count using a key; a first exclusive-OR (XOR) to generate a first XOR result of the encrypted count and a length multiplied by an authentication key; a second block cipher pipeline to encrypt (count+1) using the key; a second XOR to generate a second XOR result of plaintext data and the encrypted (count+1); a plurality of Galois field multipliers (GFMs) to perform Galois field multiplication on additional authenticated data (AAD), powers of the authentication key, and ciphertext data; and a plurality of exclusive-ORs (XORs) to combine results of the GFMs and the first XOR result to generate an authentication tag. Other embodiments are described and claimed.

公开(公告)号：US20220006630A1

公开(公告)日：2022-01-06

申请号：US17480360

申请日：2021-09-21

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Andrea Basso ,  Dumitru-Daniel Dinu ,  Avinash L. Varna ,  Manoj Sastry

IPC: H04L9/30 ,  H04L9/32 ,  H04L9/08

Abstract: An apparatus comprises an input register comprising an input polynomial, a processing datapath communicatively coupled to the input register comprising a plurality of compute nodes to perform a number theoretic transform (NTT) algorithm on the input polynomial to generate an output polynomial in NTT format. The plurality of compute nodes comprises at least a first butterfly circuit to perform a series of butterfly calculations on input data and a randomizing circuitry to randomize an order of the series of butterfly calculations.

公开(公告)号：US11205017B2

公开(公告)日：2021-12-21

申请号：US16456339

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Vikram Suresh ,  Sanu Mathew ,  Rafael Misoczki ,  Santosh Ghosh ,  Raghavan Kumar ,  Manoj Sastry ,  Andrew H. Reinders

IPC: G06F21/72 ,  G06F21/76 ,  H04L9/32 ,  H04L9/08

Abstract: Embodiments are directed to post quantum public key signature operation for reconfigurable circuit devices. An embodiment of an apparatus includes one or more processors; and a reconfigurable circuit device, the reconfigurable circuit device including a dedicated cryptographic hash hardware engine, and a reconfigurable fabric including logic elements (LEs), wherein the one or more processors are to configure the reconfigurable circuit device for public key signature operation, including mapping a state machine for public key generation and verification to the reconfigurable fabric, including mapping one or more cryptographic hash engines to the reconfigurable fabric, and combining the dedicated cryptographic hash hardware engine with the one or more mapped cryptographic hash engines for cryptographic signature generation and verification.

公开(公告)号：US20200169383A1

公开(公告)日：2020-05-28

申请号：US16776467

申请日：2020-01-29

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay ,  Michael E. Kounavis ,  Santosh Ghosh ,  Sergej Deutsch ,  Anant Vithal Nori ,  Jayesh Gaur ,  Sreenivas Subramoney ,  Karanvir S. Grewal

IPC: H04L9/06 ,  G06F12/1027 ,  G06F9/30

Abstract: A processor comprises a first register to store an encoded pointer to a memory location. First context information is stored in first bits of the encoded pointer and a slice of a linear address of the memory location is stored in second bits of the encoded pointer. The processor also includes circuitry to execute a memory access instruction to obtain a physical address of the memory location, access encrypted data at the memory location, derive a first tweak based at least in part on the encoded pointer, and generate a keystream based on the first tweak and a key. The circuitry is to further execute the memory access instruction to store state information associated with memory access instruction in a first buffer, and to decrypt the encrypted data based on the keystream. The keystream is to be generated at least partly in parallel with accessing the encrypted data.

公开(公告)号：US10536264B2

公开(公告)日：2020-01-14

申请号：US15392324

申请日：2016-12-28

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R Sastry ,  Jesse R. Walker ,  Ravi L. Sahita ,  Abhishek Basak ,  Vedvyas Shanbhogue ,  David M. Durham

IPC: H04L9/06 ,  G06F21/72 ,  G06F21/44

Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.

公开(公告)号：US20190319805A1

公开(公告)日：2019-10-17

申请号：US16456368

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj Sastry ,  Prakash Iyer ,  Ting Lu

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/06 ,  G06F7/72

Abstract: Embodiments are directed to a digital signature verification engine for reconfigurable circuit devices. An embodiment of an apparatus includes one or more processors; and a reconfigurable circuit device, the reconfigurable circuit device including digital signal processing (DSP) blocks and logic elements (LEs), wherein the one or more processors are to configure the reconfigurable circuit device to operate as a signature verification engine for a bit stream, the signature verification engine including a hybrid multiplication unit, the hybrid multiplication unit combining a set of LEs and a set of the DSPs to multiply operands for signature verification.

公开(公告)号：US10404459B2

公开(公告)日：2019-09-03

申请号：US15428773

申请日：2017-02-09

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R. Sastry

IPC: H04L9/30 ,  H04L9/00 ,  H04K1/00

Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads a datapath selector signal that indicates a 256-bit data width or a 384-bit data width. The ECC engine reads one or more parameters having a data width indicated by the datapath selector signal from a data port. The ECC engine reads an opcode from an instruction port that identifies an ECC operation such as an elliptic curve operation or a prime field arithmetic operation. The ECC engine performs the operation with the data width identified by the datapath selector. The ECC engine writes results data having the data width identified by the datapath selector to one or more output ports. The ECC engine may perform the elliptic curve operation with a specified side-channel protection level. The computing device may include a cryptography driver to control the ECC engine. Other embodiments are described and claimed.

公开(公告)号：US20190229901A1

公开(公告)日：2019-07-25

申请号：US16368800

申请日：2019-03-28

Applicant: Intel Corporation

Inventor： Reouven Elbaz ,  Hooi Kar Loo ,  Poh Thiam Teoh ,  Su Wei Lim ,  Patrick D. Maloney ,  Santosh Ghosh

IPC: H04L9/08 ,  H04L9/12 ,  G06F13/42

Abstract: Methods, systems, and apparatuses associated with hardware mechanisms for link encryption are disclosed. In various embodiments, an interconnect interface is coupled to a processor core to interconnect a peripheral device to the processor core via a link established between the peripheral device and the interconnect interface. The interconnect interface is to select a cryptographic engine of a plurality of cryptographic engines instantiated in the interconnect interface for the link. The cryptographic engine is to symmetrically encrypt data to be transmitted through the link. In more specific embodiments, each of the plurality of cryptographic engines is instantiated for one of a request type on the link, a virtual channel on the link, or a request type within a virtual channel on the link.

公开(公告)号：US10313130B2

公开(公告)日：2019-06-04

申请号：US15277462

申请日：2016-09-27

Applicant: Intel Corporation

Inventor： Rafael Misoczki ,  Steffen Schulz ,  Manoj R. Sastry ,  Santosh Ghosh ,  Li Zhao

IPC: H04L29/06 ,  H04L9/32

Abstract: One embodiment provides a signer device. The signer device includes hash signature control logic and signer signature logic. The hash signature control logic is to retrieve a first nonce, to concatenate the first nonce and a message to be transmitted and to determine whether a first message representative satisfies a target threshold. The signer signature logic is to generate a first transmitted signature based, at least in part, on the first message representative, if the first message representative satisfies the target threshold. The hash signature control logic is to retrieve a second nonce, concatenate the second nonce and the message to be transmitted and to determine whether a second message representative satisfies the target threshold, if the first message representative does not satisfy the target threshold.