Unified accelerator for classical and post-quantum digital signature schemes in computing environments

US 11,456,877 B2
Filed: 06/28/2019
Issued: 09/27/2022
Est. Priority Date: 06/28/2019
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine-readable medium comprising instructions which, when executed by a computing device, cause the computing device to perform operations comprising:

unifying classical cryptography and post-quantum cryptography through a unified hardware accelerator hosted by a trusted platform of the computing device;

facilitating unification of a first finite state machine associated with the classical cryptography and a second finite state machine associated with the post-quantum cryptography using one or more of a hash engine, a set of register file banks, and a modular exponentiation engine, wherein the hash engine, the set of register file banks, and the module exponentiation engine are allowed direct memory access;

computing a bitmask based on an address and a seed and writing the bitmask to a first bank of the set of register file banks using the hash engine;

computing a key based on the address and the seed and writing the key to a second bank of the set of register file banks using the hash engine;

fetching a first hash function from a third bank of the set of register file banks and adding the first hash function to the bitmask in the first bank; and

appending results of the addition of the first hash function to the bitmask to the key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is described for facilitating unified accelerator for classical and post-quantum digital signature schemes in computing environments. A method includes unifying classical cryptography and post-quantum cryptography through a unified hardware accelerator hosted by a trusted platform of the computing device. The method may further include facilitating unification of a first finite state machine associated with the classical cryptography and a second finite state machine associated with the post-quantum cryptography though one or more of a single the hash engine, a set of register file banks, and a modular exponentiation engine.

Citations

11 Claims

1. At least one non-transitory machine-readable medium comprising instructions which, when executed by a computing device, cause the computing device to perform operations comprising:
- unifying classical cryptography and post-quantum cryptography through a unified hardware accelerator hosted by a trusted platform of the computing device;
  
  facilitating unification of a first finite state machine associated with the classical cryptography and a second finite state machine associated with the post-quantum cryptography using one or more of a hash engine, a set of register file banks, and a modular exponentiation engine, wherein the hash engine, the set of register file banks, and the module exponentiation engine are allowed direct memory access;
  
  computing a bitmask based on an address and a seed and writing the bitmask to a first bank of the set of register file banks using the hash engine;
  
  computing a key based on the address and the seed and writing the key to a second bank of the set of register file banks using the hash engine;
  
  fetching a first hash function from a third bank of the set of register file banks and adding the first hash function to the bitmask in the first bank; and
  
  appending results of the addition of the first hash function to the bitmask to the key.
- View Dependent Claims (2, 3, 4)
- - 2. The non-transitory machine-readable medium of claim 1, wherein the first finite state machine comprises a classical public key cryptography signatures (PKCS) finite state machine, and wherein the second finite state machine comprises an extended Merkel signature scheme (XMSS) finite state machine, wherein the trusted platform includes a field-programmable gate array (FPGA) platform coupled to one or more processors including a central processing unit, wherein the hash engine comprises a secure hash algorithm (SHA) engine.
  - 3. The non-transitory machine-readable medium of claim 1, wherein the operations further comprise:
    - computing a second hash function based on the results using the hash engine;
      
      writing the results to the third bank; and
      
      upon completing a signature and verification loop, fetching the results from the third bank through direct memory access.
  - 4. The non-transitory machine-readable medium of claim 1, wherein the computing device comprises one or more processors including one or more of an application processor and a graphics processor, wherein the one or more processors are co-located on a common semiconductor package.

5. A method comprising:
- unifying classical cryptography and post-quantum cryptography through a unified hardware accelerator hosted by a trusted platform of the computing device;
  
  facilitating unification of a first finite state machine associated with the classical cryptography and a second finite state machine associated with the post-quantum cryptography using one or more of a hash engine, a set of register file banks, and a modular exponentiation engine, wherein the hash engine, the set of register file banks, and the module exponentiation engine are allowed direct memory access;
  
  computing a bitmask based on an address and a seed and writing the bitmask to a first bank of the set of register file banks using the hash engine;
  
  computing a key based on the address and the seed and writing the key to a second bank of the set of register file banks using the hash engine;
  
  fetching a first hash function from a third bank of the set of register file banks and adding the first hash function to the bitmask in the first bank; and
  
  appending results of the addition of the first hash function to the bitmask to the key.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the first finite state machine comprises a classical public key cryptography signatures (PKCS) finite state machine, and wherein the second finite state machine comprises an extended Merkel signature scheme (XMSS) finite state machine, wherein the trusted platform includes a field-programmable gate array (FPGA) platform coupled to one or more processors including a central processing unit, wherein the hash engine comprises a secure hash algorithm (SHA) engine.
  - 7. The method of claim 5, further comprising:
    - computing a second hash function based on the results using the hash engine;
      
      writing the results to the third bank; and
      
      upon completing a signature and verification loop, fetching the results from the third bank through direct memory access.
  - 8. The method of claim 5, wherein the method is facilitated by a computing device having one or more processors including one or more of an application processor or a graphics processor, wherein the one or more processors are co-located on a common semiconductor package.

9. An apparatus comprising:
- one or more processors to;
  
  unify classical cryptography and post-quantum cryptography through a unified hardware accelerator hosted by a trusted platform of the computing device;
  
  facilitate unification of a first finite state machine associated with the classical cryptography and a second finite state machine associated with the post-quantum cryptography using one or more of a hash engine, a set of register file banks, and a modular exponentiation engine, wherein the hash engine, the set of register file banks, and the module exponentiation engine are allowed direct memory access;
  
  compute a bitmask based on an address and a seed and writing the bitmask to a first bank of the set of register file banks using the hash engine;
  
  compute a key based on the address and the seed and writing the key to a second bank of the set of register file banks using the hash engine;
  
  fetch a first hash function from a third bank of the set of register file banks and adding the first hash function to the bitmask in the first bank; and
  
  append results of the addition of the first hash function to the bitmask to the key.
- View Dependent Claims (10, 11)
- - 10. The apparatus of claim 9, wherein the first finite state machine comprises a classical public key cryptography signatures (PKCS) finite state machine, and wherein the second finite state machine comprises an extended Merkel signature scheme (XMSS) finite state machine, wherein the trusted platform includes a field-programmable gate array (FPGA) platform coupled to one or more processors including a central processing unit, wherein the hash engine comprises a secure hash algorithm (SHA) engine.
  - 11. The apparatus of claim 9, wherein the one or more processors are further to:
    - compute a second hash function based on the results using the hash engine;
      
      write the results to the third bank; and
      
      upon completing a signature and verification loop, fetch the results from the third bank through direct memory access, wherein the one or more processors include one or more of the central processing unit and a graphics processing unit, wherein the one or more processors are co-located on a common semiconductor package.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Mathew, Sanu, Sastry, Manoj, Ghosh, Santosh, Suresh, Vikram, Reinders, Andrew H., Kumar, Raghavan, Misoczki, Rafael
Primary Examiner(s)
Ortiz Criado, Jorge L
Assistant Examiner(s)
Hussein, Hassan A

Application Number

US16/456,187
Publication Number

US 20190319804A1
Time in Patent Office

1,187 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

G06F 21/76   in application-specific int...

G09C 1/00   Apparatus or methods whereb...

H04L 2209/122   Hardware reduction or effic...

H04L 9/0869   involving random numbers or...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Unified accelerator for classical and post-quantum digital signature schemes in computing environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Unified accelerator for classical and post-quantum digital signature schemes in computing environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links