公开(公告)号：US09639673B2

公开(公告)日：2017-05-02

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

公开(公告)号：US20160211972A1

公开(公告)日：2016-07-21

申请号：US15000223

申请日：2016-01-19

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US09264222B2

公开(公告)日：2016-02-16

申请号：US14015523

申请日：2013-08-30

Applicant: Apple Inc.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: H04L9/30 ,  H04L9/06

CPC classification number: H04L9/0637 ,  H04L9/0631 ,  H04L9/30 ,  H04L2209/24

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract translation: 在一个实施例中，在加密和/或解密过程中保护一个或多个密钥的方法，介质和系统可以使用该过程中的预计算值，使得一个或多个密钥的至少一部分不被使用或暴露在 的过程。 在一种方法的一个示例中，AES加密处理的内部状态被保存以用于其中AES加密处理中使用的密钥未被暴露或使用的计数器模式流密码操作。

公开(公告)号：US09565018B2

公开(公告)日：2017-02-07

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/00 ,  H04L9/06 ,  G09C1/00

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US09515818B2

公开(公告)日：2016-12-06

申请号：US14487872

申请日：2014-09-16

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Mathieu Ciet ,  Benoit Chevallier-Mames ,  Thomas Icart ,  Augustin J. Farrugia

IPC: H04L9/00 ,  H04L9/28 ,  H04L9/06 ,  H04L9/08 ,  G06F11/00 ,  G06F12/14

CPC classification number: H04L9/0618 ,  H04L9/0637 ,  H04L2209/04 ,  H04L2209/043 ,  H04L2209/16 ,  H04L2209/24

Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.

Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行，而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中，用于第一块的至少两个轮次一个接一个地执行，而对于该组中的任何其他块，没有任何中间轮。

公开(公告)号：US20150363580A1

公开(公告)日：2015-12-17

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14 ,  G06F9/45

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

Abstract translation: 伪造的加密层混淆技术可以用来诱骗攻击者在攻击者通常忽略的代码段上花费逆向工程的努力。 为此，混淆技术可以识别可能对攻击者感兴趣的代码段，并将其伪装成较高的值段。 这可以通过将代码的较低值部分转换为包括已知存在于较高值的代码部分中的代码模式，常量或其他特性来实现，例如加密例程。 为了转换代码部分，混淆技术可以使用一个或多个程序修改，包括控制流修改，常数值调整以模拟公知的加密标量，缓冲区扩展，伪特征表插入，类似调试的信息插入，导出函数代码 生成链接和/或加密算法特定指令插入。

公开(公告)号：US20150349951A1

公开(公告)日：2015-12-03

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: H04L9/06

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US20140165030A1

公开(公告)日：2014-06-12

申请号：US13707437

申请日：2012-12-06

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: G06F9/44

CPC classification number: G06F21/14

Abstract: A method and an apparatus for receiving a first source code having a code block to update the first source code with multiple copies of the code block to protect against correlation attacks are described. The code block can perform one or more operations for execution based on the first source code. The operations can be performed via a random one of the copies of the code block. A second source code based on the updated first source code can be generated to be executed by a processor to produce an identical result as the first source code.

Abstract translation: 描述了一种用于接收具有代码块的第一源代码的方法和装置，用于更新具有代码块的多个副本的第一源代码以防止相关攻击。 代码块可以执行一个或多个基于第一源代码执行的操作。 可以通过代码块的副本中的随机的一个执行操作。 可以生成基于更新的第一源代码的第二源代码以由处理器执行以产生与第一源代码相同的结果。