Embodiments are directed to countermeasures for side-channel attacks on protected sign and key exchange operations. An embodiment of storage mediums includes instructions for commencing a process including an elliptic curve scalar multiplication (ESM) operation including application of a secret scalar value; splitting the secret scalar value into two random scalar values; counting a number of leading ‘0’ bits in the scalar value and skipping the number of leading ‘0’ bits in processing; performing an ESM iteration for each bit of the secret scalar value beginning with a most significant ‘1’ bit of the scalar value including a Point Addition operation and a Point Double operation for each bit on randomized points; performing ESM operation dummy iterations equal to the number of leading ‘0’ bits; and returning an output result for the ESM operation.

Disclosed herein is an apparatus for calculating a cryptographic component R.sup.2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises a processor configured to set a start value to be equal to R mod n, perform b iterations of a shift and subtract operation on the start value to produce a base value, wherein the start value is set to be equal to the base value after each iteration, set a multiplication operand to be equal to the base value, and perform k iterations of a Montgomery modular multiplication of the multiplication operand with the multiplication operand to produce an intermediate result, wherein the multiplication operand is set to be equal to the intermediate result after each iteration, wherein the shift and subtract operation comprises determining a shifted start value which is equivalent to the start value multiplied by two, and subtracting n from the shifted start value if the shifted start value is greater than or equal to n.

Disclosed herein is an apparatus for calculating a cryptographic component R.sup.2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises an arithmetic logic unit configured to iteratively perform Montgomery multiplication of a first operand with a second operand to produce an intermediate result, wherein the first operand and the second operand are set to the intermediate result after each iteration, responsive to a termination condition being met, determine an adjustment parameter indicative of a difference between the intermediate result and the cryptographic component, and perform Montgomery multiplication of the intermediate result with the adjustment parameter, to calculate the cryptographic component for the cryptographic function.

Disclosed herein are an apparatus and method for calculating a multiplicative inverse. The apparatus for calculating a multiplicative inverse includes a data input unit for receiving input data, a multiplicative inverse calculation unit for dividing an input degree-8 finite field corresponding to the input data into two first degree-4 finite fields so as to perform Advanced Encryption Standard (AES) encryption on the input data, and for performing a multiplicative inverse calculation on the first degree-4 finite fields in consideration of a circuit depth value (T-Depth) and qubit consumption of quantum gates in a quantum circuit, and a data output unit for outputting result data obtained by performing the multiplicative inverse calculation.

This disclosure is directed to multiplier circuitry that includes a multiplier that is configurable to generate a plurality of subproducts by performing a plurality of multiplication operations involving values having a first precision using a recursive multiplication process in which a second multiplier of the multiplier performs a second plurality of multiplication operations involving values having a second precision that are derived from the values having the first precision.

A method of operating a homomorphic encryption operation accelerator includes performing a number theoretic transform (NTT) operation on each of first homomorphic ciphertext and second homomorphic ciphertext, and performing a base conversion operation by adding a partial sum using a first value of the NTT operation.

A processing device for federated learning, including: a modular exponentiation module including at least one modular exponentiation engine; a pre-processing module for providing operations corresponding to a plurality of operator modes; a montgomerization module for providing montgomerization operations; a confusion calculation module for providing modular multiplication operations in montgomery space; a montgomery reduction module for providing montgomery reduction operations; and a controller for determining, according to an input operator mode, whether to enable at least two modules out of the pre-processing module, the montgomerization module, the confusion calculation module, and the montgomery reduction module, so as for cooperatively performing the input operator mode together with the modular exponentiation module.

A modular operation device for handling a modular multiplication, comprises a controller, configured to divide a multiplicand into a plurality of multiplicand words, a multiplier into a plurality of multiplier words, and a modulus into a plurality of modulus words; a first plurality of processing elements, coupled to the controller, configured to compute a first plurality of updated carry results and a first plurality of updated sum results; a second plurality of processing elements, coupled to the controller, configured to compute a second plurality of updated carry results and a second plurality of updated sum results; and a reduction element, coupled to the controller, configured to compute a resulting remainder according to the second plurality of updated carry results and the second plurality of updated sum results.

Embodiments are directed to homomorphic encryption for machine learning and neural networks using high-throughput Chinese remainder theorem (CRT) evaluation. An embodiment of an apparatus includes a hardware accelerator to receive a ciphertext generated by homomorphic encryption (HE) for evaluation, decompose coefficients of the ciphertext into a set of decomposed coefficients, multiply the decomposed coefficients using a set of smaller modulus determined based on a larger modulus, and convert results of the multiplying back to an original form corresponding to the larger modulus by performing a reverse Chinese remainder theorem (CRT) transform on the results of multiplying the decomposed coefficients.

A modular multiplication circuit includes a main operation circuit, a look-up table, and an addition unit. The main operation circuit updates a sum value and a carry value according to 2.sup.iA corresponding to a first operation value A and m bits of a second operation value B currently under operation, m is a positive integer, i is from 0 to m−1. The look-up table records values related to a modulus, and selects one of the values as a look-up table output value according to the sum value. The addition unit updates the sum value and the carry value according to the look-up table output value and outputs the updated sum value and the updated carry value to the main operation circuit. The modular multiplication circuit updates the sum value and the carry value in a recursive manner by using m different bits of the second operation value B.