Data values encryption method by Daemen, Joan & Assche, G. Van






The following full text is a publisher's version.
 
 









( 19 ) United States 
( 12 ) Patent Application Publication ( 10 ) Pub . No .: US 2021/0110050 A1 
DAEMEN et al . ( 43 ) Pub . Date : Apr. 15 , 2021 
( 54 ) DATA VALUES ENCRYPTION METHOD ( 52 ) U.S. CI . 
CPC 
( 71 ) Applicant : PROTON WORLD 
INTERNATIONAL N.V. , Diegem ( BE ) 
GO6F 21/602 ( 2013.01 ) ; G06F 21/72 
( 2013.01 ) 
( 57 ) ABSTRACT ( 72 ) Inventors : Joan DAEMEN , Malden ( NL ) ; Gilles 
VAN ASSCHE , Woluwe - St - Lambert 
( BE ) 
( 21 ) Appl . No .: 17 / 067,510 
( 22 ) Filed : Oct. 9 , 2020 
( 30 ) Foreign Application Priority Data 
A method encrypts , using an encryption circuit , a first data 
value having a number n of first binary words , each word 
having a number m of bits . The encrypting includes gener 
ating a second data value having a same number n of second 
binary words of m bits each and outputting a result of the 
encryption . The number n is an integer greater than or equal 
to 3 , m and n do not have a common integer division , and 
n or m is even . A second binary word of the second data 
value having a rank i is equal to a sum of : a first binary word 
having a same rank i ; and a product of : a complement of a 
first binary word having rank ( i + 1 ) modulo n ) , shifted by a 
first number of bit positions ; and a first binary word having 
rank ( i + 2 ) modulo n ) , shifted by a second number of bit 
positions . 
Oct. 14 , 2019 ( FR ) 1911404 
Publication Classification 
( 51 ) Int . Ci . 
G06F 21/60 ( 2006.01 ) 
GO6F 21/72 ( 2006.01 ) 
F 
a ( 0 ) a ( 1 ) a ( 2 ) a ( 3 ) a ( 4 ) 
30 30 30 30 
30 50 
40 50 
d ( 4 ) KP 40 
( 3 ) 
20 
Ca ( 4 ) 
a ( 0 ) a ( 2 a ( 3 ) 
( 2 ) c ( 3 ) 
b ( 0 ) b ( 2 ) b ( 3 ) b ( 4 ) 
10 
Patent Application Publication Apr. 15 , 2021 Sheet 1 of 4 US 2021/0110050 A1 
a ( 1 ) a ( 2 ) a ( 3 ) a ( 4 ) 
30 30 30 
30 
50 SO 50 50 
d ( 4 ) 40 le ( 2 ) 
? ( 3 ) 20 
C ( 0 ) 
eo ) 




d ( 2 ) 
20 
a ( 4 ) 
c ( 4 ) a ( 0 ) a ( 2 ) 0 ( 3 ) 
b ( 0 ) b ( 2 ) b ( 3 ) b ( 4 ) 
10 
FIG . 1 







130 . H 
140 1 
150 
FIG . 2 










FIG . 4 






FIG . 5 
US 2021/0110050 A1 Apr. 15 , 2021 
1 
DATA VALUES ENCRYPTION METHOD 
BACKGROUND 
Technical Field 
[ 0001 ] The present disclosure relates generally to data 
values protection , and more specifically to a data values 
encryption and / or decryption method , a hash method , or a 
method for calculating a message authentication code 
( MAC ) . The present disclosure further relates to devices 
configured to implement a data values encryption and 
decryption method . 
Background Art 
[ 0002 ] Many techniques exist making it possible to protect 
data values used by electronic devices . Cryptographic tech 
niques , such as data values encryption , are particularly used 
for this purpose . 
[ 0003 ] Data values encryption is an operation by which 
usable and readable data values are transformed , using an 
algorithm , into data values that can only be read by people 
or machines knowing this algorithm . This algorithm can , for 
example , use an encryption and / or decryption key . People 
seeking to learn these data values , called attackers , can know 
the algorithm , but without knowing the key . 
[ 0004 ] There is a need for ever more powerful data values 
encryption methods , and for increasingly strong electronic 
circuits implementing these methods .
BRIEF SUMMARY 
[ 0005 ] One embodiment provides an encryption method , 
executed by an electronic circuit , comprising a first opera 
tion , applied to a first data value comprising a number of first 
binary words with m bits each , and supplying a second data 
value comprising a same number n of second binary words 
with m bits each , in which each second binary word is equal 
to the sum of : 
[ 0006 ] the first binary word of equal rank ; and 
[ 0007 ] the product of the complementary of the first binary 
word of following rank modulo n whose bits have undergone 
a shift by a first number of positions , multiplied by the first 
binary word with a rank equal to the higher rank of the 
following rank modulo n , whose bits have undergone a shift 
by a second number of positions , 
[ 0008 ] wherein n is greater than or equal to 3 , m and n do 
not have a common integer division , and n or m is even . 
[ 0009 ] According to one embodiment , m is even . 
[ 0010 ] According to one embodiment , the first number is 
equal to 1 . 
[ 0011 ] According to one embodiment , the second number 
is equal to 2 . 
[ 0012 ] According to one embodiment , n is equal to 5 . 
[ 0013 ] According to one embodiment , m is equal to 4 or 
64 . 
[ 0014 ] According to one embodiment : 
[ 0015 ] the sum of the first operation is a bitwise sum ; 
[ 0016 ] the product of the first operation is a bitwise 
product ; and 
[ 0017 ] the complementary of a binary word of the first 
operation is the bitwise complementary of a binary word . 
[ 0018 ] According to one embodiment , the method com 
prises at least one linear second operation . 
[ 0019 ] According to one embodiment , said second opera 
tion is a linear diffusion operation . 
[ 0020 ] According to one embodiment , the method com 
prises a binary word rotation operation in a data value . 
[ 0021 ] According to one embodiment , the method com 
prises an operation to add a revolution constant . 
[ 0022 ] According to one embodiment , the method com 
prises a bit shifting operation in the binary words . 
[ 0023 ] An embodiment provides an encryption circuit 
configured to carry out the encryption method described 
above . 
[ 0024 ] An embodiment provides a memory comprising a 
first set of data values to be encrypted and a second set of 
data values representing the data values of the first set 
encrypted by the encryption method disclosed above . 
[ 0025 ] In an embodiment , a method , comprises : encrypt 
ing , using an encryption circuit , a first data value having a 
number n of first binary words , each word having a number 
m of bits , the encrypting including generating a second data 
value having a same number n of second binary words of m 
bits each ; and outputting a result of the encryption , wherein 
n is an integer greater than or equal to 3 , m and n do not have 
a common integer division , n or m is even , and a second 
binary word of the second data value having a rank i is equal 
to a sum of : a first binary word having a same rank i ; and a 
product of : a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit positions ; 
and a first binary word having rank ( i + 2 ) modulo n ) , shifted 
by a second number of bit positions . In an embodiment , the 
number of bits mis even . In an embodiment , the first number 
of bit positions is equal to 1 bit position . In an embodiment , 
the second number of bit positions is equal to 2 bit positions . 
In an embodiment , the number n of binary words is equal to 
5 binary words . In an embodiment , the number of bits m is 
equal to 4 bits or equal to 64 bits . In an embodiment , the sum 
is a bitwise sum ; the product is a bitwise product ; and the 
complement of a binary word is the bitwise complement of 
the binary word . In an embodiment , the encrypting com 
prises applying a linear operation to the second data value . 
In an embodiment , the encrypting comprises applying one or 
more linear operations . In an embodiment , the one or more 
linear operations include a linear diffusion operation . In an 
embodiment , the one or more linear operations include a 
binary word rotation operation . In an embodiment , the one 
or more linear operations include an operation to add a 
revolution constant . In an embodiment , the one or more 
linear operations include a binary - word bit shifting opera 
tion . 
[ 0026 ] In an embodiment , a device comprises : one or 
more memories ; and digital signal processing circuitry 
coupled to the one or more memories , which , in operation , 
encrypts a first data value having a number n of first binary 
words , each word having a number m of bits , the encrypting 
including generating a second data value having a same 
number n of second binary words of m bits each , wherein n 
is an integer greater than or equal to 3 , m and n do not have 
a common integer division , n or m is even , and a second 
binary word of the second data value having a rank i is equal 
to a sum of : a first binary word having a same rank i ; and a 
product of : a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit positions ; 
and a first binary word having rank ( ( i + 2 ) modulo n ) , shifted 
by a second number of bit positions . In an embodiment , the 
number of bits m is even . In an embodiment , the first number 
US 2021/0110050 A1 Apr. 15 , 2021 
2 
product is a bitwise product ; and the complement of a binary 
word is the bitwise complement of the binary word . In an 
embodiment , the contents comprise instructions executed by 
the digital signal processing circuitry . In an embodiment , the 
contents comprise a look - up table storing a first set of data 
values to be encrypted and a corresponding second set of 
data values . 
BRIEF DESCRIPTION OF THE SEVERAL 
VIEWS OF THE DRAWINGS 
[ 0030 ] The foregoing features and advantages of various 
embodiments , as well as others , will be described in detail 
in the following description of specific embodiments given 
by way of illustration and not limitation with reference to the 
accompanying drawings , in which : 
[ 0031 ] FIG . 1 schematically shows the operation of one 
embodiment of an encryption operation ; 
[ 0032 ] FIG . 2 shows , schematically and in block diagram 
form , one embodiment of a data values encryption algo 
rithm ; 
[ 0033 ] FIG . 3 shows , schematically and in block diagram 
form , one embodiment of an encryption device ; 
[ 0034 ] FIG . 4 shows , schematically and in block diagram 
form , another embodiment of an encryption device ; and 
[ 0035 ] FIG . 5 very schematically shows , in the form of 
blocks , an embodiment of an electronic circuit of the type to 
which the embodiments which will be described may apply . 
DETAILED DESCRIPTION 
of bit positions is equal to 1 bit position and the second 
number of bit positions is equal to 2 bit positions . In an 
embodiment , the number n of binary words is equal to 5 
binary words . In an embodiment , the sum is a bitwise sum ; 
the product is a bitwise product ; and the complement of a 
binary word is the bitwise complement of the binary word . 
[ 0027 ] In an embodiment , a method comprises : executing 
an operation by an electronic circuit ; and protecting the 
electronic circuit during execution of the operation , the 
protecting including : encrypting , using the encryption cir 
cuit , a first data value having a number n of first binary 
words , each word having a number m of bits , the encrypting 
including generating a second data value having a same 
number n of second binary words of m bits each , wherein n 
is an integer greater than or equal to 3 , m and n do not have 
a common integer division , n or m is even , and a second 
binary word of the second data value having a rank i is equal 
to a sum of : a first binary word having a same rank i ; and a 
product of : a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit positions ; 
and a first binary word having rank ( ( i + 2 ) modulo n ) , shifted 
by a second number of bit positions . In an embodiment , the 
sum is a bitwise sum ; the product is a bitwise product ; and 
the complement of a binary word is the bitwise complement 
of the binary word . In an embodiment , the encrypting 
comprises applying one or more linear operations . 
[ 0028 ] In an embodiment , a system , comprises : a func 
tional circuit ; and digital signal processing circuitry coupled 
to the functional circuit . The digital processing circuitry , in 
operation , encrypts a first data value having a number n of 
first binary words , each word having a number m of bits , the 
encrypting including generating a second data value having 
a same number n of second binary words of m bits each , 
wherein n is an integer greater than or equal to 3 , m and n 
do not have a common integer division , n or m is even , and 
a second binary word of the second data value having a rank 
i is equal to a sum of : a first binary word having a same rank 
i ; and a product of a complement of a first binary word 
having rank ( ( i + 1 ) modulo n ) , shifted by a first number of bit 
positions , and a first binary word having rank ( ( i + 2 ) modulo 
n ) , shifted by a second number of bit positions . In an 
embodiment , the encrypting protects an operation of the 
functional circuit . In an embodiment , the sum is a bitwise 
sum ; the product is a bitwise product ; and the complement 
of a binary word is the bitwise complement of the binary 
word . 
[ 0029 ] In an embodiment , a non - transitory computer - read 
able medium's contents configure digital signal processing 
circuitry to perform a method , the method comprising : 
executing an operation ; and protecting the digital signal 
processing circuitry during execution of the operation , the 
protecting including encrypting a first data value having a 
number n of first binary words , each word having a number 
m of bits , the encrypting including generating a second data 
value having a same number n of second binary words of m 
bits each , wherein n is an integer greater than or equal to 3 , 
m and n do not have a common integer division , n or m is 
even , and a second binary word of the second data value 
having a rank i is equal to a sum of : a first binary word 
having a same rank i ; and a product of : a complement of a 
first binary word having rank ( ( i + 1 ) modulo n ) , shifted by a 
first number of bit positions ; and a first binary word having 
rank ( ( i + 2 ) modulo n ) , shifted by a second number of bit 
positions . In an embodiment , the sum is a bitwise sum ; the 
[ 0036 ] Like features have been designated by like refer 
ences in the various figures , unless the context indicates 
otherwise . In particular , the structural and / or functional 
features that are common among the various embodiments 
may have the same references and may dispose identical 
structural , dimensional and material properties . 
[ 0037 ] For the sake of clarity , only the operations and 
elements that are useful for an understanding of the embodi 
ments described herein have been illustrated and described 
in detail . 
[ 0038 ] Unless indicated otherwise , when reference is 
made to two elements connected together , this signifies a 
direct connection without any intermediate elements other 
than conductors , and when reference is made to two ele 
ments coupled together , this signifies that these two ele 
ments can be connected or they can be coupled via one or 
more other elements . 
[ 0039 ] In the following disclosure , unless indicated oth 
erwise , when reference is made to absolute positional quali 
fiers , such as the terms “ front ” , “ back ” , “ top ” , “ bottom ” , 
" left ” , “ right ” , etc. , or to relative positional qualifiers , such 
as the terms “ above ” , “ below ” , “ higher ” , “ lower ” , etc. , or to 
qualifiers of orientation , such as “ horizontal ” , “ vertical ” , 
etc. , reference is made to the orientation shown in the 
figures . 
[ 0040 ] Unless specified otherwise , the expressions 
" around ” , “ approximately ” , “ substantially ” and “ in the order 
of ” signify within 10 % , or within 5 % . 
[ 0041 ] FIG . 1 shows the operation , schematically and in 
block form , of an encryption operation F able to be used in 
an encryption method . 
[ 0042 ] The operation F is a function using , as input , a data 
value a comprising a number n of binary words a ( 0 ) , a ( 1 ) , . 
US 2021/0110050 A1 Apr. 15 , 2021 
3 
[ 0053 ] P and q may be constants determined from propa 
gation analyses . A propagation analysis in particular studies 
the influence of the modification of a bit in a binary data 
values encryption algorithm . An example propagation analy 
sis method is given in the article “ The design of Xoodoo and 
Xoofff ” by Daemen , J. , Hoffert , S. , Van Assche , G. , & Van 
Keer , R. ( 2018 ) . According to one embodiment , the number 
p is equal to one and the number q is equal to two . 
[ 0054 ] In other words , each binary word b ( i ) may be 
considered as a result of the application , to the binary word 
a ( i ) , of the operation F defined by the following formula : 
b ( i ) = F ( a ( i ) ) = a ( i ) + a ( i + 1 [ n ] ) ) << 1 ) ( a ( i + 2 [ n ] ) << 2 ) Math 5 
Math 1 [ 0055 ] The operation F is a reversible operation if and 
only if the product of the number of binary words n in a data 
value and the length m of a binary word is odd . Under these 
conditions , the operation F can be used as a permutation in 
an encryption algorithm . 
[ 0056 ] According to one embodiment , the number n is 
greater than or equal to 3. The numbers m and n do not have 
a common integer division . The number m or the number n 
is even . In this case , the operation F is not reversible . 
However , the likelihood of two data values having the same 
antecedent is given by the following formula : 
2 - n * m = 1 + 21 - n * m / 2 + 21 - n * m ) 
Math 2 
Math 6 
.. , a ( n - 1 ) . Each binary word a ( 0 ) , a ( 1 ) , ... , a ( n - 1 ) is made 
up of a number m of bits , where m is an integer . 
[ 0043 ] The operation F provides , as output , a data value b 
of the same type as the data value a , that is to say , comprising 
a same number n of binary words b ( 0 ) , 6 ( 1 ) , ... , b ( n - 1 ) , 
each binary word b ( 0 ) , 6 ( 1 ) , ... , b ( n - 1 ) being made up of 
the same number m of bits . In the example illustrated in FIG . 
1 , each data value a , respectively b , comprises n = 5 binary 
words a ( 0 ) to a ( 4 ) , respectively b ( 0 ) to b ( 4 ) . 
[ 0044 ] Each binary word b ( i ) , i varying from 0 to n – 1 , is 
defined as being the sum of the binary word a ( i ) and a binary 
word c ( i ) . The sum operation is a bitwise modulo two 
operation , and is designated in FIG . 1 by a gate 10 ( + ) . The 
binary word b ( i ) may be defined by the following formula : 
b ( i ) = ( a ( i ) + c ( i ) ) mod 2 
where : 
[ 0045 ] the “ + ” sign designates a bitwise sum , or an exclu 
sive OR logic gate ; and 
[ 0046 ] “ mod ” designates the modulo operation . 
[ 0047 ] Each binary word c ( i ) comprises said number m of 
bits , and is the result of a product of two binary numbers d ( i ) 
and e ( i ) . The product operation is a bitwise product , and is 
designated in FIG . 1 by a gate 20 of the AND type . The 
binary word c ( i ) may be defined by the following formula : 
c ( i ) = d ( i ) : eli ) 
where the “ , ” sign designates a bitwise product , or an 
exclusive AND logic gate . 
[ 0048 ] The binary word d ( i ) comprises the number m of 
bits , and is the result of the complementary of the binary 
word of following rank relative to the binary word a ( i ) , the 
bits of which have been shifted by p positions . “ Binary word 
of following rank relative to the binary word a ( i ) ” means that 
the binary word of following rank relative to the word a ( i ) 
is the binary word a ( i + 1 ) , and that the binary word of rank 
following the word a ( n - 1 ) is the binary word a ( 0 ) . It will 
therefore be noted that the binary word of following rank 
relative to the binary word a ( i ) is the binary word a ( i + 1 [ n ] ) . 
The complementary operation provides the bitwise comple 
mentary , or bitwise complement , of a binary word , and is 
designated in FIG . 1 by a gate 30 of the inverting type . The 
operation making it possible to shift the position of the bits 
of a binary word by p positions is designated in FIG . 1 by 
a block 40 ( << p ) . The bit shifting operation in a binary word 
is for example an operation to shift bits to the left . The 
binary word d ( i ) may be defined by the following formula : 
d ( i ) = COMP ( a ( i + 1 [ n ] ) ) << p 
where : 
[ 0049 ] the sign “ [ n ] ” indicates modulo n ; 
[ 0050 ] the function " COMPO ” designates the bitwise 
complementary ; and 
[ 0051 ] the sign “ << p ” designates the shift by p positions 
of a bit in a binary word . 
[ 0052 ] The binary word e ( i ) comprises said number m of 
bits , and is equal to the binary word of following rank of the 
binary word a ( i ) , denoted a ( i + 2 [ n ] ) , the bits of which have 
been shifted by q positions . The operation making it possible 
to shift the position of the bits of a binary word by q 
positions is designated in FIG . 1 by a block 50 ( << q ) . The 
binary word e ( i ) may be defined by the following formula : 
[ 0057 ] As an example , for a data value a comprising n = 5 
binary words with m = 4 bits , this likelihood is in the order of 
9.5 * 10 ̂ ( - 7 ) . According to another example , for a data value 
a comprising n = 5 binary words with m = 64 bits , this likeli 
hood is in the order of 4.7 * 10 ̂ ( - 97 ) . These likelihoods are 
very low . One advantage of this operation F is therefore that 
it can be used as a permutation under the conditions men 
tioned above . 
[ 0058 ] FIG . 2 illustrates , schematically and in block dia 
gram form , one exemplary embodiment of an algorithm 100 
using the operation F disclosed in relation with FIG . 1. As 
an example , the operation F can be used in a cyclic function , 
or in a permutation . This cyclic function , or this permuta 
tion , can be used in an algorithm , for example , an encryp 
tion , hash or calculation algorithm , or in an authenticated 
encryption scheme . As an example , the algorithm 100 is an 
encryption algorithm . 
[ 0059 ] The encryption algorithm 100 is applied to encrypt 
a data value 100 comprising n binary words A ( 0 ) , A ( 1 ) , .. 
. , A ( n - 1 ) with m bits each . As an example , the data value 
A comprises n = 5 binary words each comprising m = 64 bits . 
[ 0060 ] In a step 110 , the operation F is applied to the data 
value A , as disclosed in relation with FIG . 1 , in order to 
supply a data value B. As previously disclosed , the data 
value B comprises n binary words B ( 0 ) , B ( 1 ) , ... , B ( n - 1 ) 
with m bits each . 
Math 3 
[ 0061 ] In a step 120 , a linear diffusion operation G is 
applied to the data value B in order to provide a data value 
C comprising n binary words C ( O ) , C ( 1 ) , ... , C ( n - 1 ) with 
m bits each . Each binary word C ( i ) , i varying from 0 to n - 1 , 
is the result of the bitwise sum modulo two of the binary 
word B ( i ) and a constant K defined by the following 
formula : e ( i ) = a ( i + 2 [ n ] } << q Math 4 
US 2021/0110050 A1 Apr. 15 , 2021 
4 
Math 7 
K = - = ( 360 ) « r + ( Bo ) « B ( i ) << S 
[ 0062 ] r and s are , like the constants p and q , constants 
which may be determined from propagation analyses . 
According to one embodiment , r is equal to 12 and s is equal 
to 17 . 
[ 0063 ] In a step 130 , a rotation operation H is applied to 
the data value C in order to provide a data value D 
comprising n binary words DO ) , D ( 1 ) , ... , D ( n - 1 ) with m 
bits each . Each binary word D ( i ) is equal to the binary word 
of the data value C of higher rank , that is to say , the binary 
word C ( i + 1 [ n ] ) . 
[ 0064 ] In a step 140 , a revolution constant addition opera 
tion I is applied to the data value D in order to provide a data 
value E comprising n binary words E ( 0 ) , E ( 1 ) , ... , E ( n - 1 ) 
with m bits each . Each binary word E ( i ) is equal to the sum 
modulo two of the binary word D ( i ) and a revolution 
constant T ( ) , with j varying between 0 and the number of 
revolutions of the algorithm 100 , that is to say , the number 
of times that the algorithm is applied to a data value . The 
revolution constant T ) is , for example , defined by the 
integer immediately below the figure defined by the follow 
ing formula : 
262-11 Math 8 
[ 0065 ] In a step 150 , a bit shifting operation J is applied to 
the data value E in order to provide a data value F com 
prising n binary words F ( 0 ) , F ( 1 ) , ... , F ( n - 1 ) with m bits 
each . Each binary word F ( i ) is defined by the following 
formula : 
[ 0073 ] FIG . 5 very schematically shows an embodiment of 
an electronic circuit 1 of the type to which the described 
embodiments may apply . Circuit 1 comprises : a processing 
circuit 11 ( PU ) , for example , a state machine , a micropro 
cessor , a programmable logic circuit , one or more processing 
cores , etc .; one or a plurality of volatile and / or non - volatile 
storage areas 13 ( MEM ) for storing all or part of the data and 
programs ; one or a plurality of data , address , and / or control 
buses 15 between the different elements internal to circuit 1 ; 
an input - output interface 17 ( 1/0 ) for communicating with 
the outside of circuit 1 ; and various other circuits according 
to the application , symbolized in FIG . 1 by a block 19 
( FCT ) . 
[ 0074 ] According to the shown embodiment , circuit 1 
further comprises an encryption circuit or function 2 
( ALGO ) implementing one or a plurality of encryption 
algorithms . Element 2 may be a hardware circuit executing 
the encryption algorithm in hardware fashion ( wired logic ) , 
a software function executing a program implemented by a 
processor ( for example , circuit 11 ) , a look - up table , various 
combinations thereof , etc. For example , the circuit 200 of 
FIG . 3 or the circuit 300 of FIG . 4 may be employed . In an 
example of application to printer cartridges , a cartridge and 
a printer may be equipped with circuits of the type in FIG . 
1 . 
[ 0075 ] Various embodiments and variants have been 
described . Those skilled in the art will understand that 
certain features of these embodiments can be combined and 
other variants will readily occur to those skilled in the art . In 
particular , the operation F can be applied to encryption 
algorithms other than that disclosed in relation with FIG . 2 . 
[ 0076 ] Finally , the practical implementation of the 
embodiments and variants described herein is within the 
capabilities of those skilled in the art based on the functional 
description provided hereinabove . 
[ 0077 ] Some embodiments may take the form of or com 
prise computer program products . For example , according to 
one embodiment there is provided a computer readable 
medium comprising a computer program adapted to perform 
one or more of the methods or functions described above . 
The medium may be a physical storage medium , such as for 
example a Read Only Memory ( ROM ) chip , or a disk such 
as a Digital Versatile Disk ( DVD - ROM ) , Compact Disk 
( CD - ROM ) , a hard disk , a memory , a network , or a portable 
media article to be read by an appropriate drive or via an 
appropriate connection , including as encoded in one or more 
barcodes or other related codes stored on one or more such 
computer - readable mediums and being readable by an 
appropriate reader device . 
[ 0078 ] Furthermore , in some embodiments , some or all of 
the methods and / or functionality may be implemented or 
provided in other manners , such as at least partially in 
firmware and / or hardware , including , but not limited to , one 
or more application - specific integrated circuits ( ASICs ) , 
digital signal processors , discrete circuitry , logic gates , stan 
dard integrated circuits , controllers ( e.g. , by executing 
appropriate instructions , and including microcontrollers 
and / or embedded controllers ) , field - programmable gate 
arrays ( FPGAs ) , complex programmable logic devices 
( CPLDs ) , etc. , as well as devices that employ RFID tech 
nology , and various combinations thereof . 
[ 0079 ] The various embodiments described above can be 
combined to provide further embodiments . Aspects of the 
embodiments can be modified , if necessary to employ con 
F ( i ) = E ( i ) << v ( i ) Math 9 
where v ( i ) is a component of a vector v comprising n 
components v ( 0 ) , v ( 1 ) , v ( n - 1 ) , each of these compo 
nents being an integer . 
[ 0066 ] According to one embodiment , when n = 5 , v is , for 
example , equal to ( 0 , 2 , 10 , 19 , 33 ) . 
[ 0067 ] The data value F is therefore the result of the 
encryption of the data value A by the encryption method 
100 . 
[ 0068 ] FIG . 3 shows , schematically and in block diagram 
form , one embodiment of an electronic encryption device 
200 comprising an encryption circuit 201 ( PU ) . 
[ 0069 ] The encryption circuit 201 is configured to imple 
ment the encryption algorithm disclosed in relation with 
FIG . 2. To that end , the encryption circuit 201 comprises , 
inter alia , an input 203 and an output 205. The input 203 is 
configured to receive the data value A disclosed in relation 
with FIG . 2. The output 205 is configured to supply the data 
value F disclosed in relation with FIG . 2 . 
[ 0070 ] The encryption circuit 201 for example comprises 
a digital processing unit of the digital signal processor ( DSP ) 
or microprocessor type . 
[ 0071 ] FIG . 4 shows , schematically and in block diagram 
form , another embodiment of an encryption module or 
circuit 300 comprising a memory 301 ( MEM ) . 
[ 0072 ] The memory 301 comprises a match or look - up 
table associating a dataset of the type of the data value A 
disclosed in relation with FIG . 2 , with a set comprising the 
set of images of these data values by the algorithm disclosed 
in relation with FIG . 2 . 
US 2021/0110050 A1 Apr. 15 , 2021 
5 
cepts of the various patents , applications and publications to 
provide yet further embodiments . 
[ 0080 ] These and other changes can be made to the 
embodiments in light of the above - detailed description . In 
general , in the following claims , the terms used should not 
be construed to limit the claims to the specific embodiments 
disclosed in the specification and the claims , but should be 
construed to include all possible embodiments along with 
the full scope of equivalents to which such claims are 
entitled . Accordingly , the claims are not limited by the 
disclosure . 
A method , comprising : 
encrypting , using an encryption circuit , a first data value 
having a number n of first binary words , each word 
having a number m of bits , the encrypting including 
generating a second data value having a same number 
n of second binary words of m bits each ; and 
outputting a result of the encryption , wherein n is an 
integer greater than or equal to 3 , m and n do not have 
a common integer division , nor m is even , and a second 
binary word of the second data value having a rank i is 
equal to a sum of : 
a first binary word having a same rank i ; and 
a product of : 
a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit 
positions ; and 
a first binary word having rank ( ( i + 2 ) modulo n ) , 
shifted by a second number of bit positions . 
2. The method according to claim 1 , wherein the number 
of bits m is even . 
3. The method according to claim 1 , wherein the first 
number of bit positions is equal to 1 bit position . 
4. The method according to claim 1 , wherein the second 
number of bit positions is equal to 2 bit positions . 
5. The method according to claim 1 , wherein the number 
n of binary words is equal to 5 binary words . 
6. The method according to claim 1 , wherein the number 
of bits m is equal to 4 bits or equal to 64 bits . 
7. The method according to claim 1 , wherein : 
the sum is a bitwise sum ; 
the product is a bitwise product ; and 
the complement of a binary word is the bitwise comple 
ment of the binary word . 
8. The method according to claim 1 , wherein the encrypt 
ing comprises applying a linear operation to the second data 
value . 
9. The method according to claim 1 , wherein the encrypt 
ing comprises applying one or more linear operations . 
10. The method according to claim 9 , wherein the one or 
more linear operations include a linear diffusion operation . 
11. The method according to claim 9 , wherein the one or 
more linear operations include a binary word rotation opera 
tion . 
12. The method according to claim 9 , wherein the one or 
more linear operations include an operation to add a revo 
lution constant . 
13. The method according to claim 9 , wherein the one or 
more linear operations include a binary - word bit shifting 
operation . 
14. A device , comprising : 
one or more memories ; and 
digital signal processing circuitry coupled to the one or 
more memories , which , in operation , encrypts a first 
data value having a number n of first binary words , 
each word having a number m of bits , the encrypting 
including generating a second data value having a same 
number n of second binary words of m bits each , 
wherein n is an integer greater than or equal to 3 , m and 
n do not have a common integer division , n or m is 
even , and a second binary word of the second data 
value having a rank i is equal to a sum of : 
a first binary word having a same rank i ; and 
a product of : 
a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit 
positions ; and 
a first binary word having rank ( ( i + 2 ) modulo n ) , 
shifted by a second number of bit positions . 
15. The device according to claim 14 , wherein the number 
of bits m is even . 
16. The device according to claim 14 , wherein the first 
number of bit positions is equal to 1 bit position and the 
second number of bit positions is equal to 2 bit positions . 
17. The device according to claim 14 , wherein the number 
n of binary words is equal to 5 binary words . 
18. The device according to claim 14 , wherein : 
the sum is a bitwise sum ; 
the product is a bitwise product ; and 
the complement of a binary word is the bitwise comple 
ment of the binary word . 
19. A method , comprising : 
executing an operation by an electronic circuit ; and 
protecting the electronic circuit during execution of the 
operation , the protecting including : 
encrypting , using the encryption circuit , a first data value 
having a number n of first binary words , each word 
having a number m of bits , the encrypting including 
generating a second data value having a same number 
n of second binary words of m bits each , wherein n is 
an integer greater than or equal to 3 , m and n do not 
have a common integer division , n or m is even , and a 
second binary word of the second data value having a 
rank i is equal to a sum of : 
a first binary word having a same rank i ; and 
a product of : 
a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit 
positions ; and 
a first binary word having rank ( ( 1 + 2 ) modulo n ) ,
shifted by a second number of bit positions . 
20. The method according to claim 19 , wherein : 
the sum is a bitwise sum ; 
the product is a bitwise product ; and 
the complement of a binary word is the bitwise comple 
ment of the binary word . 
21. The method according to claim 19 , wherein the 
encrypting comprises applying one or more linear opera 
tions . 
22. A system , comprising : 
a functional circuit ; and 
digital signal processing circuitry coupled to the func 
tional circuit , wherein the digital signal processing 
circuitry , in operation , encrypts a first data value having 
a number n of first binary words , each word having a 
number m of bits , the encrypting including generating 
a second data value having a same number n of second 
binary words of m bits each , wherein n is an integer 
US 2021/0110050 A1 Apr. 15 , 2021 
6 
greater than or equal to 3 , m and n do not have a 
common integer division , n or m is even , and a second 
binary word of the second data value having a rank i is 
equal to a sum of :
a first binary word having a same rank i ; and 
a product of : 
a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit 
positions ; and 
a first binary word having rank ( ( i + 2 ) modulo n ) , 
shifted by a second number of bit positions . 
23. The system according to claim 22 , wherein the 
encrypting protects an operation of the functional circuit . 
24. The system according to claim 22 , wherein : 
the sum is a bitwise sum ; 
the product is a bitwise product ; and 
the complement of a binary word is the bitwise comple 
ment of the binary word . 
25. A non - transitory computer - readable medium having 
contents which configure digital signal processing circuitry 
to perform a method , the method comprising : 
executing an operation ; and 
protecting the digital signal processing circuitry during 
execution of the operation , the protecting including 
encrypting a first data value having a number n of first 
binary words , each word having a number m of bits , the 
encrypting including generating a second data value 
having a same number n of second binary words of m 
bits each , wherein n is an integer greater than or equal 
to 3 , m and n do not have a common integer division , 
n or m is even , and a second binary word of the second 
data value having a rank i is equal to a sum of : 
a first binary word having a same rank i ; and 
a product of : 
a complement of a first binary word having rank 
( ( i + 1 ) modulo n ) , shifted by a first number of bit 
positions ; and 
a first binary word having rank ( ( i + 2 ) modulo n ) ,
shifted by a second number of bit positions . 
26. The non - transitory computer - readable medium 
according to claim 25 , wherein : 
the sum is a bitwise sum ; 
the product is a bitwise product ; and 
the complement of a binary word is the bitwise comple 
ment of the binary word . 
27. The non - transitory computer - readable medium 
according to claim 25 , wherein the contents comprise 
instructions executed by the digital signal processing cir 
cuitry . 
28. The non - transitory computer - readable medium 
according to claim 25 , wherein the contents comprise a 
look - up table storing a first set of data values to be encrypted 
and a corresponding second set of data values . 
