Various embodiments include a modulo operation generator associated with a cache memory in a computer-based system. The modulo operation generator generates a first sum by performing an addition and/or a subtraction function on an input address. A first portion of the first sum is applied to a lookup table that generates a correction value. The correction value is then added to a second portion of the first sum to generate a second sum. The second sum is adjusted, as needed, to be less than the divisor. The adjusted second sum forms a residue value that identifies a cache memory slice in which the input data value corresponding to the input address is stored. By generating the residue value in this manner, the cache memory efficiently distributes input data values among the slices in a cache memory even when the number of slices is not a power of two.

A system for securely computing an elliptic curve scalar multiplication in an unsecured environment, including: a secure processor including secure memory, the secure processor configured to: split a secure scalar K into m.sub.2 random values k.sub.i, where i is an integer index; randomly select m.sub.1−m.sub.2 values k.sub.i for the indices m.sub.2<i≦m.sub.1; select m.sub.1 mask values δ.sub.i; compute m.sub.1 residues c.sub.i based upon random residues a.sub.i, δ.sub.π(i).sup.−1, and k.sub.π(i), wherein π(i) is a random permutation; compute m.sub.1 elliptic curve points G.sub.i based upon random residues a.sub.i and an elliptic point to be multiplied; receive m.sub.1 elliptic curve points; and compute the elliptic curve scalar multiplication by combining a portion of the received elliptic curve points and removing the mask values δ.sub.i from the portion of the received elliptic curve points; a memory device; and a processor in communication with the memory device, the processor being configured to: receive m.sub.1 residues c.sub.i and elliptic curve points G.sub.i; compute m.sub.1 elliptic curve points P.sub.i based upon the m.sub.1 residues c.sub.i and elliptic curve points G.sub.i; send the m.sub.1 elliptic curve points P.sub.i to the secure processor.

Methods and apparatus for performing surface code computations using Auto-CCZ states. In one aspect, a method for implementing a delayed choice CZ operation on a first and second data qubit using a quantum computer includes: preparing a first and second routing qubit in a magic state; interacting the first data qubit with the first routing qubit and the second data qubit with the second routing qubit using a first and second CNOT operation, where the first and second data qubits act as controls for the CNOT operations; if a received first classical bit represents an off state: applying a first and second Hadamard gate to the first and second routing qubit; measuring the first and second routing qubit using Z basis measurements to obtain a second and third classical bit; and performing classically controlled fixup operations on the first and second data qubit using the second and third classical bits.

Methods and apparatus for performing surface code computations using Auto-CCZ states. In one aspect, a method for implementing a delayed choice CZ operation on a first and second data qubit using a quantum computer includes: preparing a first and second routing qubit in a magic state; interacting the first data qubit with the first routing qubit and the second data qubit with the second routing qubit using a first and second CNOT operation, where the first and second data qubits act as controls for the CNOT operations; if a received first classical bit represents an off state: applying a first and second Hadamard gate to the first and second routing qubit; measuring the first and second routing qubit using Z basis measurements to obtain a second and third classical bit; and performing classically controlled fixup operations on the first and second data qubit using the second and third classical bits.

A binary logic circuit for determining y=x mod(2.sup.m−1), where x is an n-bit integer, y is an m-bit integer, and n>m, includes reduction logic configured to reduce x to a sum of a first m-bit integer β and a second m-bit integer γ; and addition logic configured to calculate an addition output represented by the m least significant bits of the following sum right-shifted by m: a first binary value of length 2m, the m most significant bits and the m least significant bits each being the string of bit values represented by β; a second binary value of length 2m, the m most significant bits and the m least significant bits each being the string of bit values represented by γ; and the binary value 1.

A binary logic circuit for determining y=x mod(2.sup.m−1), where x is an n-bit integer, y is an m-bit integer, and n>m, includes reduction logic configured to reduce x to a sum of a first m-bit integer β and a second m-bit integer γ; and addition logic configured to calculate an addition output represented by the m least significant bits of the following sum right-shifted by m: a first binary value of length 2m, the m most significant bits and the m least significant bits each being the string of bit values represented by β; a second binary value of length 2m, the m most significant bits and the m least significant bits each being the string of bit values represented by γ; and the binary value 1.

A modular multiplication circuit includes a main operation circuit, a look-up table, and an addition unit. The main operation circuit updates a sum value and a carry value according to 2.sup.iA corresponding to a first operation value A and m bits of a second operation value B currently under operation, m is a positive integer, i is from 0 to m-1. The look-up table records values related to a modulus, and selects one of the values as a look-up table output value according to the sum value. The addition unit updates the sum value and the carry value according to the look-up table output value and outputs the updated sum value and the updated carry value to the main operation circuit. The modular multiplication circuit updates the sum value and the carry value in a recursive manner by using m different bits of the second operation value B.

The disclosure concerns a method of protecting a calculation on a first number and a second number, including the steps of: generating a third number including at least the bits of the second number, the number of bits of the third number being an integer multiple of a fourth number; dividing the third number into blocks each having the size of the fourth number; successively, for each block of the third number: performing a first operation with a first operator on the contents of a first register and of a second register, and then on the obtained intermediate result and the first number, and placing the result in a third register; and for each bit of the current block, performing a second operation by submitting the content of the third register to a second operator with a function of the rank of the current bit of the third number, and then to the first operator with the content of the first or of the second register according to state “0” or “1” of said bit, and placing the result in the first or second register.

A system, method and computer-readable medium provide secure communication between a first and a second computer system based on supersingular isogeny elliptic curve cryptography. The first computer system and the second computer system each determine kernels K.sub.A and K.sub.B including computing mP+nQ by accessing a lookup table stored in a memory that contains a range of doubles of an end point of the respective kernels, where P and Q are points on the public elliptic curve and m and n are integers. The first computer system and the second computer system compute secret isogenies by determining a respective kernel K.sub.BA and K.sub.AB using mixed-base multiplicands with a single inversion, including computing the respective kernel K.sub.BA and K.sub.AB by converting the multiplicands to base 32, and computing scalar multiplications using the base 32 multiplicands.

A method and compression unit for compressing a block of image data to satisfy a target level of compression, wherein the block of image data comprises a plurality of image element values, each image element value comprising one or more data values relating to a respective channel. For each of the channels: (i) an origin value for the channel for the block is determined, (ii) difference values are determined representing differences between the data values and the determined origin value for the channel for the block, and (iii) a first number of bits for losslessly representing a maximum difference value of the difference values for the channel for the block is determined. The determined first number of bits for each of the channels is used to determine a respective second number of bits for each of the channels, the second number of bits being determined such that representing each of the difference values for the channels with the respective second number of bits satisfies the target level of compression for compressing the block of image data. Compressed data is formed, having for each of the one or more channels an indication of the determined origin value for the channel, an indication of the determined first number of bits for the channel, and representations of the determined difference values for the channel, wherein each of the representations of the determined difference values for the channel uses the determined second number of bits for the channel, such that the target level of compression is satisfied.