Methods, systems and apparatus for performing windowed quantum arithmetic. In one aspect, a method for performing a product addition operation includes: determining multiple entries of a lookup table, comprising, for each index in a first set of indices, multiplying the index value by a scalar for the product addition operation; for each index in a second set of indices, determining multiple address values, comprising extracting source register values corresponding to indices between i) the index in the second set of indices, and ii) the index in the second set of indices plus the predetermined window size; and adjusting values of a target quantum register based on the determined multiple entries of the lookup table and the determined multiple address values.

The present disclosure relates to a method and device for performing an elliptic curve cryptography computation comprising: twisting, by a first device based on a first index of quadratic or higher order twist (d), a first point (P′KB) on a first elliptic curve over a further elliptic curve twisted with respect to the first elliptic curve to generate a twisted key (PKB); transmitting the twisted key (PKB) to a further device; receiving, from the further device, a return value (ShS) generated based on the twisted key (PKB); and twisting, by the first device based on the first index of quadratic or higher order twist (d), the return value (ShS) over the first elliptic curve to generate a result (ShS′) of the ECC computation.

The present disclosure relates generally to arithmetic units of processors, and may relate more particularly to multi-cycle division operations. Multiple-cycles of a radix-m division operation may be performed to generate one or more signal states representative of a result value based at least in part on a dividend value and a divisor value.

A cryptographical apparatus for converting input bit sequences, whose overflow-free arithmetic addition results in a secret, into output bit sequences whose logic XORing results in the secret. The apparatus comprises a data interface for providing a first input bit sequence and a second input bit sequence and a processing circuit configured to a) gate the first input bit sequence and the second input bit sequence to obtain a logic result indicating overflow bit positions at which both the first input bit sequence and the second input bit sequence have a value of one; and to b) change the first and/or second input bit sequence at at least one overflow bit position. The processing circuit is configured to repeatedly perform steps a) and b) by using the respectively changed input bit sequences, until the logic result indicates no further overflow bit position and the output bit sequences are obtained.

A system for transmitting information may include a server that generates pseudo-random superpositions, each superposition including multiple packet fragments encoded using a Galois field. The system may transmit the superpositions across a plurality of communication links, which form a single logical path, to a client device. Communication links may include a combination of diverse communication channels, and more preferably one or more low latency (but low bandwidth) communication links and one or more high bandwidth (but high latency) communication links. Advantageously, the use of a plurality of communication links may facilitate transmitting information quickly and reliably.

A system for transmitting information may include a server that generates pseudo-random superpositions, each superposition including multiple packet fragments encoded using a Galois field. The system may transmit the superpositions across a plurality of communication links, which form a single logical path, to a client device. Communication links may include a combination of diverse communication channels, and more preferably one or more low latency (but low bandwidth) communication links and one or more high bandwidth (but high latency) communication links. Advantageously, the use of a plurality of communication links may facilitate transmitting information quickly and reliably.

A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.

Embodiments are directed to elliptic curve cryptography scalar multiplications in a generic field with heavy pipelining between field operations. A bit width is determined of operands in data to be processed by a modular hardware block. It is checked whether the bit width of the operands matches a fixed bit width of the modular hardware block. In response to there being a match, the modular hardware block processes the operands. In response to there being a mismatch, the operands are modified to be accommodated by the fixed bit width of the modular hardware block.

A secure selective product computation system (100) has conditions [c.sub.0], . . . , [c.sub.n−1] and a binary table including m.sub.0,0, m.sub.0,1, . . . , m.sub.n−1,0, and m.sub.n−1, 1 as inputs, and outputs a total product [A] of multipliers selected according to the conditions. A condition integrator (11) calculates share values [c.sub.ic.sub.i+1]. A table convertor (12) generates a 4-value table including m′.sub.00, m′.sub.01, m′.sub.10, and m′.sub.11 A public value multiplier (13) calculates [ai]:=[c.sub.ic.sub.i+1](m.sub.00+m.sub.11−m.sub.01−m.sub.10)+[c.sub.i](m.sub.i+1,0−m.sub.i,0)+[c.sub.i+1](m.sub.i,1−m.sub.i,0)+m.sub.i,0. A real number multiplier (14) calculates a value [A] obtained by multiplying all [a.sub.i]. A selective multiplier (15) multiplies [A] by a multiplier selected from multipliers m.sub.n−1, 0 and m.sub.n−1,1 according to c.sub.n−1 when n is an odd number.

A secure selective product computation system (100) has conditions [c.sub.0], . . . , [c.sub.n−1] and a binary table including m.sub.0,0, m.sub.0,1, . . . , m.sub.n−1,0, and m.sub.n−1, 1 as inputs, and outputs a total product [A] of multipliers selected according to the conditions. A condition integrator (11) calculates share values [c.sub.ic.sub.i+1]. A table convertor (12) generates a 4-value table including m′.sub.00, m′.sub.01, m′.sub.10, and m′.sub.11 A public value multiplier (13) calculates [ai]:=[c.sub.ic.sub.i+1](m.sub.00+m.sub.11−m.sub.01−m.sub.10)+[c.sub.i](m.sub.i+1,0−m.sub.i,0)+[c.sub.i+1](m.sub.i,1−m.sub.i,0)+m.sub.i,0. A real number multiplier (14) calculates a value [A] obtained by multiplying all [a.sub.i]. A selective multiplier (15) multiplies [A] by a multiplier selected from multipliers m.sub.n−1, 0 and m.sub.n−1,1 according to c.sub.n−1 when n is an odd number.