公开(公告)号：US20220083651A1

公开(公告)日：2022-03-17

申请号：US17024107

申请日：2020-09-17

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Avinash L. Varna ,  Reuven Elbaum ,  Manoj Sastry

IPC: G06F21/55

Abstract: Protection of authentication tag computation against power and electromagnetic side-channel attacks is described. An example of one or more storage mediums includes instructions for performing a process for calculation of an authentication tag for a data encryption operation, including generating one or more random values; receiving multiple data blocks for calculation, and performing calculation utilizing the received data blocks and the one or more random values to generate intermediate values; performing a data accumulation operation to accumulate random values in calculation of the data blocks; and calculating the authentication tag based at least in part on the generated intermediate values and the accumulated random values.

公开(公告)号：US20220078024A1

公开(公告)日：2022-03-10

申请号：US17014600

申请日：2020-09-08

Applicant: Intel Corporation

Inventor： RAFAEL MISOCZKI ,  Andrew H. Reinders ,  Santosh Ghosh ,  Manoj Sastry

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/06 ,  H04L9/14 ,  H04L9/08 ,  G06N10/00

Abstract: An apparatus comprises a plurality of hardware security modules, at least a first hardware security module in the plurality of hardware security modules comprising processing circuitry to generate a first plurality of pairs of cryptographic key pairs comprising a first plurality of private keys and a first plurality of public keys, forward the first plurality of public keys to a remote computing device, receive, from the remote computing device, a first plurality of ciphertexts, wherein each ciphertext in the plurality of ciphertexts represents an encryption of a cryptographic seed with a public key selected from the plurality of public keys, receive, from a subset of hardware security modules in the plurality of hardware security modules, a subset of private keys.

公开(公告)号：US20220075738A1

公开(公告)日：2022-03-10

申请号：US17475768

申请日：2021-09-15

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Kirk Yap ,  Siddhartha Chhabra

IPC: G06F12/14 ,  H04L9/32 ,  H04L9/06

Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry. The computing device may include: a key-hash operator configured to provide a Message Authentication Code (MAC) for a secure Hash Algorithm (SHA) as a function of a hash-key, MAC-key, metadata and data; a multi-round (MR) circuitry configured to receive the MAC from the key-hash operator and to compute substantially all SHA round-functions during each clock cycle, the multi-round circuitry further comprising combination logic to process all sub-round functions of the SHA function substantially simultaneously; and a Memory Integrity Pipeline (MIP) engine to compute a hash digest, the hash digest further comprising a MAC key, a metadata and the cache line data; the MIP further comprising an input prep logic, an SHA pipeline logic and an MAC validation logic.

公开(公告)号：US20220014363A1

公开(公告)日：2022-01-13

申请号：US17484820

申请日：2021-09-24

Applicant: Intel Corporation

Inventor： Andrea Basso ,  Santosh Ghosh ,  Manoj Sastry

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/30 ,  G06F7/72

Abstract: Combined post-quantum security utilizing redefined polynomial calculation is described. An example of an apparatus includes a first circuit for key encapsulation operation; a second circuit for digital signature operation; and a NTT (Number Theoretic Transform) multiplier circuit, wherein the NTT multiplier circuit provides for polynomial multiplication for both the first circuit and the second circuit, wherein the apparatus is to remap coefficients of polynomials for the first circuit to a prime modulus for the second circuit, and perform polynomial multiplication for the first circuit utilizing the remapped coefficients of the polynomials for the first circuit.

公开(公告)号：US11218320B2

公开(公告)日：2022-01-04

申请号：US16455908

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Vikram Suresh ,  Sanu Mathew ,  Manoj Sastry ,  Santosh Ghosh ,  Raghavan Kumar ,  Rafael Misoczki

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

Abstract: In one example an apparatus comprises a computer readable memory, hash logic to generate a message hash value based on an input message, signature logic to generate a signature to be transmitted in association with the message, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and accelerator logic to pre-compute at least one set of inputs to the signature logic. Other examples may be described.

公开(公告)号：US20210406239A1

公开(公告)日：2021-12-30

申请号：US16912378

申请日：2020-06-25

Applicant: Intel Corporation

Inventor： Michael E. Kounavis ,  Santosh Ghosh ,  Sergej Deutsch ,  Michael LeMay ,  David M. Durham

IPC: G06F16/22 ,  G06F16/2455 ,  G06F16/2457 ,  G06F21/60 ,  G06F21/62 ,  G06F9/38 ,  H03M13/00

Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to compute a plurality of hash functions that combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein each of the plurality of hash functions differs in one of the additions, the bit-level reordering, the wide substitutions, or the bit-linear mixing; and access a hash table utilizing results of the plurality of hash functions.

公开(公告)号：US11169934B2

公开(公告)日：2021-11-09

申请号：US16021496

申请日：2018-06-28

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Kirk Yap ,  Siddhartha Chhabra

IPC: G06F12/14 ,  H04L9/32 ,  H04L9/06

Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry. The computing device may include: a key-hash operator configured to provide a Message Authentication Code (MAC) for a secure Hash Algorithm (SHA) as a function of a hash-key, MAC-key, metadata and data; a multi-round (MR) circuitry configured to receive the MAC from the key-hash operator and to compute substantially all SHA round-functions during each clock cycle, the multi-round circuitry further comprising combination logic to process all sub-round functions of the SHA function substantially simultaneously; and a Memory Integrity Pipeline (MIP) engine to compute a hash digest, the hash digest further comprising a MAC key, a metadata and the cache line data; the MIP further comprising an input prep logic, an SHA pipeline logic and an MAC validation logic.

公开(公告)号：US20210297243A1

公开(公告)日：2021-09-23

申请号：US17342267

申请日：2021-06-08

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Luis Kida ,  Reshma Lal

IPC: H04L9/08 ,  H04L9/06

Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first permutation cipher pipeline to defuse a count and a key into a permutation state; a first exclusive-OR (XOR) to generate ciphertext data from 64-bits of the new permutation state; and plaintext data; a concatenator to concatenate the plaintext data and additional authenticated data (AAD) to produce a concatenation result; a second XOR to generate an XOR result from the concatenation result and the latest permutation state; and a second permutation pipeline to generate an authentication tag of the XOR result and the key.

公开(公告)号：US20190327096A1

公开(公告)日：2019-10-24

申请号：US16456058

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Xiruo Liu ,  Rafael Misoczki ,  Manoj R. Sastry ,  Santosh Ghosh ,  Li Zhao

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/30 ,  H04L9/14

Abstract: An attestation protocol between a prover device (P), a verifier device (V), and a trusted third-party device (TPP). P and TPP have a first trust relationship represented by a first cryptographic representation based on a one-or-few-times, hash-based, signature key. V sends an attestation request to P, with the attestation request including a second cryptographic representation of a second trust relationship between V and TPP. In response to the attestation request, P sends a validation request to TPP, with the validation request being based on a cryptographic association of the first trust relationship and the second trust relationship. TPP provides a validation response including a cryptographic representation of verification of validity of the first trust relationship and the second trust relationship. P sends an attestation response to V based on the validation response.

公开(公告)号：US20190318130A1

公开(公告)日：2019-10-17

申请号：US16456308

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Debayan Das ,  Carlos Tokunaga ,  Avinash L. Varna ,  Joseph Friel

IPC: G06F21/72 ,  G06F21/64 ,  G06F21/12

Abstract: Embodiments are directed to countermeasures against hardware side-channel attacks on cryptographic operations. An embodiment of an apparatus includes multiple crypto cores; and a current source including multiple current source blocks, the current source blocks including a respective current source block associated with each of the crypto cores, and wherein the current sources blocks are switchable to switch on a current source block associated with each active core of the multiple crypto cores and to switch off a current source associated with each inactive core of the multiple cryptographic cores.