公开(公告)号：US20160359618A1

公开(公告)日：2016-12-08

申请号：US14866997

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Augustin J. Farrugia ,  Thomas Icart

IPC: H04L9/06 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04L9/0618 ,  H04L9/0631 ,  H04L9/14 ,  H04L63/1466 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/34

Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.

Abstract translation: 一些实施例提供了一种用于执行迭代块密码的方法。 线旋转和列旋转被组合以具有多种AES状态的表示。 这些保护可以在静止模式下执行，其中旋转被直接包括在代码和表中，或者在动态模式中，其中根据一些熵上下文变量在执行时随机选择旋转。 两种模式也可以有利地组合在一起。

公开(公告)号：US20160261405A1

公开(公告)日：2016-09-08

申请号：US14639026

申请日：2015-03-04

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/14

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.

Abstract translation: 一些实施例提供了用于执行密码处理的方法。 该方法接收第一和第二密码密钥。 该方法生成与第一和第二密码密钥中的每一个对应的一组子密钥。 用于第一密码密钥的子密钥集合取决于第一密码密钥和第二密码密钥。 该方法通过使用生成的子项集执行加密处理。

公开(公告)号：US08918768B2

公开(公告)日：2014-12-23

申请号：US13707437

申请日：2012-12-06

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: G06F9/44 ,  G06F9/45

CPC classification number: G06F21/14

Abstract: A method and an apparatus for receiving a first source code having a code block to update the first source code with multiple copies of the code block to protect against correlation attacks are described. The code block can perform one or more operations for execution based on the first source code. The operations can be performed via a random one of the copies of the code block. A second source code based on the updated first source code can be generated to be executed by a processor to produce an identical result as the first source code.

Abstract translation: 描述了一种用于接收具有代码块的第一源代码的方法和装置，用于更新具有代码块的多个副本的第一源代码以防止相关攻击。 代码块可以执行一个或多个基于第一源代码执行的操作。 可以通过代码块的副本中的随机的一个执行操作。 可以生成基于更新的第一源代码的第二源代码以由处理器执行以产生与第一源代码相同的结果。

公开(公告)号：US20140348323A1

公开(公告)日：2014-11-27

申请号：US13902723

申请日：2013-05-24

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/28

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/16

Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.

Abstract translation: 描述使用块密码器列旋转的计算机实现的信息安全方法的各种实施例。 密码状态列旋转提供对白箱侧通道存储器相关性攻击的抵抗，其设计用于逆向设计与信息安全系统相关联的对称密码密钥。 可以对块密码的密码状态执行列旋转操作，然后从结果中移除，以在存储器中提供数据的混淆，同时不影响所得到的密码或解密操作的输出。 该方法另外包括根据第一旋转指标执行迭代特定密码子密钥的第一次旋转，对密码状态矩阵执行块密码操作的迭代，并且根据密码状态矩阵的倒数旋转密码状态矩阵的列 第一次旋转指数。

公开(公告)号：US20140301546A1

公开(公告)日：2014-10-09

申请号：US14015523

申请日：2013-08-30

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/30

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US09716586B2

公开(公告)日：2017-07-25

申请号：US15000223

申请日：2016-01-19

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/00 ,  H04L9/06 ,  H04L9/30

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

公开(公告)号：US09692592B2

公开(公告)日：2017-06-27

申请号：US14866997

申请日：2015-09-27

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Augustin J. Farrugia ,  Thomas Icart

IPC: H04L29/06 ,  H04L9/06 ,  H04L9/14

CPC classification number: H04L9/0618 ,  H04L9/0631 ,  H04L9/14 ,  H04L63/1466 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/34

Abstract: Some embodiments provide a method for performing an iterative block cipher. Line rotations and column rotations are combined to have a diversity of representations of the AES state. These protections can be performed either in static mode where the rotations are directly included in the code and the tables or in dynamic mode where the rotations are chosen randomly at execution time, depending on some entropic context variables. The two modes can also be advantageously combined together.

公开(公告)号：US20160080143A1

公开(公告)日：2016-03-17

申请号：US14487872

申请日：2014-09-16

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Mathieu Ciet ,  Benoit Chevallier-Mames ,  Thomas Icart ,  Augustin J. Farrugia

IPC: H04L9/06 ,  H04L9/08

CPC classification number: H04L9/0618 ,  H04L9/0637 ,  H04L2209/04 ,  H04L2209/043 ,  H04L2209/16 ,  H04L2209/24

Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.

Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行，而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中，用于第一块的至少两个轮次一个接一个地执行，而对于该组中的任何其他块，没有任何中间轮。

公开(公告)号：US09143317B2

公开(公告)日：2015-09-22

申请号：US13902723

申请日：2013-05-24

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L29/06 ,  H04L9/06 ,  H04L9/00

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/16

Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.

Abstract translation: 描述使用块密码器列旋转的计算机实现的信息安全方法的各种实施例。 密码状态列旋转提供对白箱侧通道存储器相关性攻击的抵抗，其设计用于逆向设计与信息安全系统相关联的对称密码密钥。 可以对块密码的密码状态执行列旋转操作，然后从结果中移除，以在存储器中提供数据的混淆，同时不影响所得到的密码或解密操作的输出。 该方法另外包括根据第一旋转指标执行迭代特定密码子密钥的第一次旋转，对密码状态矩阵执行块密码操作的迭代，并且根据密码状态矩阵的倒数旋转密码状态矩阵的列 第一次旋转指数。

公开(公告)号：US09774443B2

公开(公告)日：2017-09-26

申请号：US14639026

申请日：2015-03-04

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Bruno Kindarji ,  Thomas Icart ,  Augustin J. Farrugia ,  Mathieu Ciet

IPC: H04L9/06 ,  H04L9/00

CPC classification number: H04L9/0631 ,  H04L9/002 ,  H04L2209/046 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/60

Abstract: Some embodiments provide a method for performing a cryptographic process. The method receives first and second cipher keys. The method generates a set of subkeys corresponding to each of the first and second cipher keys. The set of subkeys for the first cipher key is dependent on the first cipher key and the second cipher key. The method performs the cryptographic process by using the generated sets of subkeys.