公开(公告)号：US20140165208A1

公开(公告)日：2014-06-12

申请号：US13707444

申请日：2012-12-06

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Daniel F. Reynaud ,  Jonathan G. McLachlan ,  Julien Lerouge ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/60

CPC classification number: G06F21/14 ,  G06F8/30

Abstract: A method and an apparatus that provide rewriting code to dynamically mask program data statically embedded in a first code are described. The program data can be used in multiple instructions in the first code. A code location (e.g. an optimal code location) in the first code can be determined for injecting the rewriting code. The code location may be included in two or more execution paths of first code. Each execution path can have at least one of the instructions using the program data. A second code may be generated based on the first code inserted with the rewriting code at the optimal code location. The second code can include instructions using the program data dynamically masked by the rewriting code. When executed by a processor, the first code and the second code can generate identical results.

Abstract translation: 描述提供重写代码来动态地屏蔽静态嵌入在第一代码中的程序数据的方法和装置。 程序数据可以在第一个代码中的多个指令中使用。 可以确定第一代码中的代码位置（例如，最佳代码位置）用于注入重写代码。 代码位置可以被包括在第一代码的两个或多个执行路径中。 每个执行路径可以具有使用程序数据的指令中的至少一个。 可以基于在最佳代码位置插入重写代码的第一代码来生成第二代码。 第二代码可以包括使用由重写代码动态屏蔽的程序数据的指令。 当由处理器执行时，第一代码和第二代码可以产生相同的结果。

公开(公告)号：US09565018B2

公开(公告)日：2017-02-07

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/00 ,  H04L9/06 ,  G09C1/00

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US09515818B2

公开(公告)日：2016-12-06

申请号：US14487872

申请日：2014-09-16

Applicant: Apple Inc.

Inventor： Bruno Kindarji ,  Mathieu Ciet ,  Benoit Chevallier-Mames ,  Thomas Icart ,  Augustin J. Farrugia

IPC: H04L9/00 ,  H04L9/28 ,  H04L9/06 ,  H04L9/08 ,  G06F11/00 ,  G06F12/14

CPC classification number: H04L9/0618 ,  H04L9/0637 ,  H04L2209/04 ,  H04L2209/043 ,  H04L2209/16 ,  H04L2209/24

Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.

Abstract translation: 一些实施例提供了一种用于执行包括多个轮次的块密码操作的方法。 该方法接收包含几个块的消息。 该方法选择一组块。 该集合具有特定数量的块。 该方法对所选择的块集合应用加密操作。 在集合中的第一块的特定轮次的加密操作在对于集合中的第二块的特定轮次之后的轮次之后执行，而在第一块之前的不同的特定轮次在比不同的前一轮之前执行 特别是第二块。 在一些实施例中，用于第一块的至少两个轮次一个接一个地执行，而对于该组中的任何其他块，没有任何中间轮。

公开(公告)号：US20150363580A1

公开(公告)日：2015-12-17

申请号：US14306713

申请日：2014-06-17

Applicant: Apple Inc.

Inventor： Pierre Betouin ,  Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Cédric Tessier ,  Jean-Baptiste Aviat ,  Mathieu Ciet ,  Thomas Icart

IPC: G06F21/14 ,  G06F9/45

CPC classification number: G06F21/14 ,  G06F2221/0748

Abstract: The fake cryptographic layer obfuscation technique can be used to lure an attacker into expending reverse engineering efforts on sections of code the attacker would normally ignore. To do this the obfuscation technique can identify sections of code that are likely to be of lesser interest to the attacker and disguise them as higher value sections. This can be achieved by transforming a lower value section of code to include code patterns, constants, or other characteristics known to exist in sections of code of higher value, such as cryptographic routines. To transform a code section, the obfuscation technique can use one or more program modifications including control flow modifications, constant value adjustments to simulate well-known cryptographic scalars, buffer extensions, fake characteristic table insertion, debug-like information insertion, derivation function-code generation linking, and/or cryptographic algorithm specific instruction insertion.

Abstract translation: 伪造的加密层混淆技术可以用来诱骗攻击者在攻击者通常忽略的代码段上花费逆向工程的努力。 为此，混淆技术可以识别可能对攻击者感兴趣的代码段，并将其伪装成较高的值段。 这可以通过将代码的较低值部分转换为包括已知存在于较高值的代码部分中的代码模式，常量或其他特性来实现，例如加密例程。 为了转换代码部分，混淆技术可以使用一个或多个程序修改，包括控制流修改，常数值调整以模拟公知的加密标量，缓冲区扩展，伪特征表插入，类似调试的信息插入，导出函数代码 生成链接和/或加密算法特定指令插入。

公开(公告)号：US20150349951A1

公开(公告)日：2015-12-03

申请号：US14291591

申请日：2014-05-30

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Bruno Kindarji ,  Mathieu Ciet ,  Thomas Icart

IPC: H04L9/06

CPC classification number: H04L9/0631 ,  G06F9/30007 ,  G09C1/00 ,  H04L2209/16 ,  H04L2209/603 ,  H04L2209/76

Abstract: Some embodiments provide for an improved method for performing AES cryptographic operations. The method applies a look up table operation that includes several operations embedded within look up tables. The embedded operations include a permutation operation to permute several bytes of AES state, a multiplication operation to apply a next round's protection to the AES state, an affine function and an inverse affine function to conceal the multiplication operation, and an inverse permutation operation to remove a previous round's protection. Some embodiments provide for an optimized method for efficiently performing such protected AES operations. The method alternates rounds of AES processing between software processing (e.g. processing by a CPU, performed according to software instructions) and hardware processing (e.g. processing by cryptographic ASIC).

Abstract translation: 一些实施例提供了用于执行AES加密操作的改进方法。 该方法应用查询表操作，其中包含嵌入在查找表中的多个操作。 嵌入式操作包括将AES状态置换几个字节的置换操作，将下一轮的保护应用于AES状态的乘法运算，用于隐藏乘法运算的仿射函数和反向仿射函数以及用于去除的逆置换操作 前一轮的保护。 一些实施例提供了用于有效执行这种受保护的AES操作的优化方法。 该方法在软件处理（例如，CPU的处理，根据软件指令执行）和硬件处理（例如通过加密ASIC的处理）之间交替进行AES处理。

公开(公告)号：US20140165030A1

公开(公告)日：2014-06-12

申请号：US13707437

申请日：2012-12-06

Applicant: APPLE INC.

Inventor： Benoit Chevallier-Mames ,  Mathieu Ciet ,  Thomas Icart ,  Bruno Kindarji ,  Augustin J. Farrugia

IPC: G06F9/44

CPC classification number: G06F21/14

Abstract: A method and an apparatus for receiving a first source code having a code block to update the first source code with multiple copies of the code block to protect against correlation attacks are described. The code block can perform one or more operations for execution based on the first source code. The operations can be performed via a random one of the copies of the code block. A second source code based on the updated first source code can be generated to be executed by a processor to produce an identical result as the first source code.

Abstract translation: 描述了一种用于接收具有代码块的第一源代码的方法和装置，用于更新具有代码块的多个副本的第一源代码以防止相关攻击。 代码块可以执行一个或多个基于第一源代码执行的操作。 可以通过代码块的副本中的随机的一个执行操作。 可以生成基于更新的第一源代码的第二源代码以由处理器执行以产生与第一源代码相同的结果。

公开(公告)号：US08495390B2

公开(公告)日：2013-07-23

申请号：US13748184

申请日：2013-01-23

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Mathiew Ciet ,  Jon McLachlan

IPC: G06F11/30 ,  G06F12/14 ,  H04K1/00 ,  H04L9/00 ,  H04L9/28

CPC classification number: G06F21/14 ,  G06F8/51 ,  H04L9/002 ,  H04L9/3013 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/16

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.