# Robert J. Lambert, Cambridge CA

## Robert J. Lambert, Cambridge CA

Patent application number | Description | Published |
---|---|---|

20090077144 | METHOD AND APPARATUS FOR PERFORMING FINITE FIELD CALCULATIONS - In general terms, the invention provides a finite field engine and methods for operating on elements in a finite field. The finite field engine provides finite field sub-engines suitable for any finite field size requiring a fixed number of machine words. The engine reuses these engines, along with some general purpose component or specific component providing modular reduction associated with the exact reduction (polynomial or prime) of a specific finite field. The engine has wordsized suitable code capable of adding, subtracting, multiplying, squaring, or inverting finite field elements, as long as the elements are representable in no more than the given number of words. The wordsized code produces unreduced values. Specific reduction is then applied to the unreduced value, as is suitable for the specific finite field. In this way, fast engines can be produced for many specific finite fields, without duplicating the bulk of the engine instructions (program). | 03-19-2009 |

20090113252 | FAULT DETECTION IN EXPONENTIATION AND POINT MULTIPLICATION OPERATIONS USING A MONTGOMERY LADDER - A system and method are provided enabling implicit redundancies such as constant differences and points that should be on the same curve, to be checked at the beginning, end and intermittently throughout the computation to thwart fault injection attacks. This can be implemented by checking the constant difference in point pairs during point multiplication, by checking constant scalings in exponentiation pairs, and by checking that any intermediate point is on the curve and/or in the correct subgroup of the curve. | 04-30-2009 |

20090262930 | METHOD FOR STRENGTHENING THE IMPLEMENTATION OF ECDSA AGAINST POWER ANALYSIS - A method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method masks a cryptographic operation using a generator G. A secret value, which may be combined with the generator G to form a secret generator is generated. The secret value is divided into a plurality of parts. A random value is generated for association with the plurality of parts. Each of the plurality of parts is combined with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value. Each of the new values is used in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation. The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks. | 10-22-2009 |

20090268900 | SIGNED MONTGOMERY ARITHMETIC - A system and method configured for applying Montgomery style reduction directly to negative quantities as well as positive values, producing the new form which does not require conditional operations to move values into the positive range. The low-order components of the resulting product, or partially completed product, can be reduced either by the addition of multiples of the modulus, as is usual in the standard Montgomery multiplication which accepts positive values, or by subtracting multiples of the modulus, which of course depends on the actual computation. Signed versions of the Montgomery values in a Montgomery computation are used to avoid the conditional addition and subtraction that can leak information, for example, using a two's complement representation. | 10-29-2009 |

20090323944 | METHOD OF PUBLIC KEY GENERATION - A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated. | 12-31-2009 |

20100278334 | METHOD AND APPARATUS FOR MINIMIZING DIFFERENTIAL POWER ATTACKS ON PROCESSORS - A method of masking a cryptographic operation using a secret value, comprising the steps of dividing the secret value into a plurality of parts; combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and utilizing each of the individual parts in the operation. | 11-04-2010 |

20110268270 | Method of Public Key Generation - A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated. | 11-03-2011 |

20120230494 | Accelerated Verification of Digital Signatures and Public Keys - Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained. | 09-13-2012 |

20130064367 | ACCELERATED VERIFICATION OF DIGITAL SIGNATURES AND PUBLIC KEYS - Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained. | 03-14-2013 |

20130073867 | METHOD FOR STRENGTHENING THE IMPLEMENTATION OF ECDSA AGAINST POWER ANALYSIS - A method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method masks a cryptographic operation using a generator G. A secret value, which may be combined with the generator G to form a secret generator is generated. The secret value is divided into a plurality of parts. A random value is generated for association with the plurality of parts. Each of the plurality of parts is combined with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value. Each of the new values is used in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation. The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks. | 03-21-2013 |

20130101112 | METHOD AND APPARATUS FOR MINIMIZING DIFFERENTIAL POWER ATTACKS ON PROCESSORS - A method of masking a cryptographic operation using a secret value, comprising the steps of dividing the secret value into a plurality of parts; combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and utilizing each of the individual parts in the operation. | 04-25-2013 |