公开(公告)号：US12047491B2

公开(公告)日：2024-07-23

申请号：US17243058

申请日：2021-04-28

Applicant: NXP B.V.

Inventor： Joppe Willem Bos ,  Mario Lamberger ,  Joost Roland Renes ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/06 ,  H04L9/32 ,  H04L9/00

CPC classification number: H04L9/0643 ,  H04L9/3236 ,  H04L9/50

Abstract: Various embodiments relate to a hardware device configured to compute a plurality of chained hash functions in parallel, including: a processor implementing p hash functions configured to operate on a small input, where p is an integer; a data unit connected to the plurality of hash functions, configured to store the outputs of plurality of hash functions that are then used as the input to a next round of computing the hash function, wherein the processor receives a single instruction and p small data inputs, and wherein each of the p hash functions are used to perform a chained hash function operation on a respective small input of the p small inputs.

公开(公告)号：US11528124B2

公开(公告)日：2022-12-13

申请号：US17224359

申请日：2021-04-07

Applicant: NXP B.V.

Inventor： Marc Gourjon ,  Joppe Willem Bos ,  Joost Roland Renes ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/00 ,  H04L9/30

Abstract: Various embodiments relate to a method for securely comparing a first polynomial represented by a plurality of arithmetic shares and a second compressed polynomial represented by a bitstring where the bits in the bitstring correspond to coefficients of the second polynomial, including: performing a first masked shift of the shares of the coefficients of the first polynomial based upon the start of the interval corresponding to the compressed coefficient of the second polynomial and a modulus value; performing a second masked shift of the shares of the coefficients of the first polynomial based upon the end of the interval corresponding to the compressed coefficient of the second polynomial; bitslicing the most significant bit of the first masked shift of the shares coefficients of the first polynomial; bitslicing the most significant bit of the second masked shift of the shares coefficients of the first polynomial; and combining the first bitsliced bits and the second bitsliced bits using an AND function to produce an output including a plurality of shares indicating that the first polynomial would compress to a bitstream matching the bitstream representing the second compressed polynomial.

公开(公告)号：US11500976B2

公开(公告)日：2022-11-15

申请号：US17087752

申请日：2020-11-03

Applicant: NXP B.V.

Inventor： Nikita Veshchikov ,  Christine van Vredendaal

IPC: G06F21/32 ,  H04L9/32 ,  G06F21/55

Abstract: A biometric authentication method is provided. In the method, identification information is collected from a user. A biometric scanner is used to scan a particular biometric characteristic of the user. If the user identification corresponds to the scanned biometric characteristic, then the scanner requests the user perform a predetermined action of a portion of the user's body. The predetermined action may be, for example, a hand gesture. The biometric characteristic is monitored while the predetermined action is being scanned. The scanner determines that the predetermined action is performed with the same portion of the user's body that was scanned for the biometric characteristic. The scanner determines if the portion of the user's body leaves the scanning area and monitors the scanning area for extraneous objects. The method provides more resistance against a replay attack.

公开(公告)号：US20220337389A1

公开(公告)日：2022-10-20

申请号：US17224359

申请日：2021-04-07

Applicant: NXP B.V.

Inventor： Marc GOURJON ,  Joppe Willem Bos ,  Joost Roland Renes ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/00 ,  H04L9/30

Abstract: Various embodiments relate to a method for securely comparing a first polynomial represented by a plurality of arithmetic shares and a second compressed polynomial represented by a bitstring where the bits in the bitstring correspond to coefficients of the second polynomial, including: performing a first masked shift of the shares of the coefficients of the first polynomial based upon the start of the interval corresponding to the compressed coefficient of the second polynomial and a modulus value; performing a second masked shift of the shares of the coefficients of the first polynomial based upon the end of the interval corresponding to the compressed coefficient of the second polynomial; bitslicing the most significant bit of the first masked shift of the shares coefficients of the first polynomial; bitslicing the most significant bit of the second masked shift of the shares coefficients of the first polynomial; and combining the first bitsliced bits and the second bitsliced bits using an AND function to produce an output including a plurality of shares indicating that the first polynomial would compress to a bitstream matching the bitstream representing the second compressed polynomial.

公开(公告)号：US20220286286A1

公开(公告)日：2022-09-08

申请号：US17190986

申请日：2021-03-03

Applicant: NXP B.V.

Inventor： Joost Roland Renes ,  Joppe Willem Bos ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/30 ,  G06F7/72

Abstract: Various embodiments relate to a method for multiplying a first and a second polynomial in the ring [X]/(XN−1) to perform a cryptographic operation in a data processing system, the method for use in a processor of the data processing system, including: receiving the first polynomial and the second polynomial by the processor; mapping the first polynomial into a third polynomial in a first ring and a fourth polynomial in a second ring using a map; mapping the second polynomial into a fifth polynomial in the first ring and a sixth polynomial in the second ring using the map; multiplying the third polynomial in the first ring with the fifth polynomial in the first ring to produce a first multiplication result; multiplying the fourth polynomial in the second ring with the sixth polynomial in the second ring to produce a second multiplication result using Renes multiplication; and combining the first multiplication result and the second multiplication result using the map.

公开(公告)号：US20220231831A1

公开(公告)日：2022-07-21

申请号：US17154116

申请日：2021-01-21

Applicant: NXP B.V.

Inventor： Tobias Schneider ,  Joppe Willem Bos ,  Joost Roland Renes ,  Christine van Vredendaal

IPC: H04L9/00

Abstract: Various embodiments relate to a method and system for securely comparing a first and second polynomial, including: selecting a first subset of coefficients of the first polynomial and a second subset of corresponding coefficients of the second polynomial, wherein the coefficients of the first polynomial are split into shares and the first and second polynomials have coefficients; subtracting the second subset of coefficients from one of the shares of the first subset of coefficients; reducing the number of elements in the first subset of coefficients to elements by combining groups of / elements together; generating a random number for each of the elements of the reduced subset of coefficients; summing the product of each of the elements of the reduced subset of coefficients with their respective random numbers; summing the shares of the sum of the products; and generating an output indicating that the first polynomial does not equal the second polynomial when the sum does not equal zero.

公开(公告)号：US11206136B1

公开(公告)日：2021-12-21

申请号：US16884136

申请日：2020-05-27

Applicant: NXP B.V.

Inventor： Joost Roland Renes ,  Joppe Willem Bos ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/30 ,  G06F7/53

Abstract: A method is provided for multiplying two polynomials. In the method, first and second polynomials are evaluated at 2t inputs, where t is greater than or equal to one, and where each input is a fixed power of two 2l/(2t) multiplied with a different power of a primitive root of unity, thereby creating 2 times 2t integers, where l is an integer such that 2l is at least as large as the largest coefficient of the resulting product multiplying the first and second polynomials. The 2 times 2t integers are then multiplied pairwise, and a modular reduction is performed to get 2t integers. A linear combination of the 2t integers multiplied with primitive roots of unity is computed to get 2t integers whose limbs in the base 2l-bit representation correspond to coefficients of the product of the first and second polynomials. The method can be implemented on a processor designed for performing RSA and/or ECC type cryptographic operations.

公开(公告)号：US20210377026A1

公开(公告)日：2021-12-02

申请号：US16884136

申请日：2020-05-27

Applicant: NXP B.V.

Inventor： Joost Roland Renes ,  Joppe Willem Bos ,  Tobias Schneider ,  Christine van Vredendaal

IPC: H04L9/30 ,  G06F7/53

Abstract: A method is provided for multiplying two polynomials. In the method, first and second polynomials are evaluated at 2t inputs, where t is greater than or equal to one, and where each input is a fixed power of two multiplied with a different power of a primitive root of unity, thereby creating 2 times 2t integers, where is an integer such that is at least as large as the largest coefficient of the resulting product multiplying the first and second polynomials. The 2 times 2t integers are then multiplied pairwise, and a modular reduction is performed to get 2t integers. A linear combination of the 2t integers multiplied with primitive roots of unity is computed to get 2t integers whose limbs in the base -bit representation correspond to coefficients of the product of the first and second polynomials. The method can be implemented on a processor designed for performing RSA and/or ECC type cryptographic operations.

公开(公告)号：US20210264295A1

公开(公告)日：2021-08-26

申请号：US16795774

申请日：2020-02-20

Applicant: NXP B.V.

Inventor： Brian ERMANS ,  Wilhelmus Petrus Adrianus Johannus Michiels ,  Christine van Vredendaal

IPC: G06N5/04 ,  G06N20/00 ,  G06F16/901

Abstract: A method is provided for analyzing a classification in a machine learning model (ML). In the method, the ML model is trained using a training dataset to produce a trained ML model. One or more samples are provided to the trained ML model to produce one or more prediction classifications. A gradient is determined for the one of more samples at a predetermined layer of the trained ML model. The one or more gradients and the one or more prediction classifications for each sample are stored. Also, an intermediate value of the ML model may be stored. Then, a sample is chosen to analyze. A gradient of the sample is determined if the gradient was not already determined when the at least one gradient is determined. Using the at least one gradient, and one or more of a data structure, a predetermined metric, and an intermediate value, the k nearest neighbors to the sample are determined. A report comprising the sample and the k nearest neighbors may be provided for analysis.