	US 12,413,399 B2
	Fault detection in post-quantum cyptography
Melissa Azouaoui, Norderstedt (DE); Joppe Willem Bos, Wijgmaal (BE); Tobias Schneider, Graz (AT); Joost Roland Renes, Eindhoven (NL); and Björn Fay, Brande-Hörnerkirchen (DE)
Assigned to NXP B.V., Eindhoven (NL)
Filed by NXP B.V., Eindhoven (NL)
Filed on Oct. 6, 2022, as Appl. No. 17/938,564.
Prior Publication US 2024/0137214 A1, Apr. 25, 2024
Int. Cl. H04L 9/08 (2006.01); G06F 17/16 (2006.01); H04L 9/30 (2006.01)

CPC H04L 9/0852 (2013.01) [G06F 17/16 (2013.01); H04L 9/3093 (2013.01)]

18 Claims

1. A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including matrix multiplication for lattice-based cryptography in a processor, the instructions, when executed, cause the processor to:

apply, by the processor, a first function to rows of a public matrix of polynomials to generate first outputs, wherein the first function excludes an identity function;

add, by the processor, an additional row to the public matrix of polynomials to produce a modified matrix, wherein each element in the additional row is generated by a second function applied to a column of the first outputs;

multiply, by the processor, the modified matrix with a vector of polynomials to produce an output vector of polynomials;

apply, by the processor, a verification function to the output vector that produces an indication of whether a fault occurred in the multiplication of the modified matrix with the vector of polynomials; and

selectively perform, using the processor, a cryptographic operation using a private key to produce a signed output using the output vector when the verification function indicates that no fault occurred in the multiplication of the modified matrix with the vector of polynomials.