The present application discloses a calculator and a method thereof. The calculator is configured to accelerate the number-theoretic transformation of a 2.sup.N-dimensional polynomial. The calculator includes a first coefficient memory, a second coefficient memory, a twiddle factor memory, a plurality of processing units and a data flow controller. In the odd-number rounds of coefficient computation operations, the processing units perform first calculation procedures to read coefficients from the first coefficient memory for modulo calculation, and perform first writing procedures to write output coefficients to the second coefficient memory. In even-number rounds of coefficient computation operations, the processing units performs second calculation procedures to read coefficients from the second coefficient memory for modulo calculations, and perform second writing procedures to write output coefficients to the first coefficient memory.

A processing device for federated learning, including: a modular exponentiation module including at least one modular exponentiation engine; a pre-processing module for providing operations corresponding to a plurality of operator modes; a montgomerization module for providing montgomerization operations; a confusion calculation module for providing modular multiplication operations in montgomery space; a montgomery reduction module for providing montgomery reduction operations; and a controller for determining, according to an input operator mode, whether to enable at least two modules out of the pre-processing module, the montgomerization module, the confusion calculation module, and the montgomery reduction module, so as for cooperatively performing the input operator mode together with the modular exponentiation module.

The present disclosure relates to an arrangement (200) for simulating a quantum Toffoli gate. The arrangement is arranged to receive at least first, second, third, fourth, fifth and sixth classical input bits (a, b, c, d, e, f) and arranged to output at least first, second, third, fourth, fifth and sixth classical output bits. The first, third and fifth classical output bits are arranged to simulate controlled-controlled-NOT, CCNOT, logic based on the first, third and fifth classical input bits (a, c, e). The second, fourth and sixth classical output bits are arranged to simulate phase kickback based on the first, second, third, fourth and sixth classical input bits (a, b, c, d, f). The present disclosure also relates to corresponding systems, methods and computer programs.

Provided are a security processor for performing a remainder operation by using a random number and an operating method of the security processor. The security processor includes a random number generator configured to generate a first random number; a modular calculator configured to generate a first random operand based on first data and the first random number and generate output data through a remainder operation on the first random operand, wherein a result value of the remainder operation on the first input data is identical to a result value of the remainder operation on the first random operand.

Embodiments are directed to homomorphic encryption for machine learning and neural networks using high-throughput Chinese remainder theorem (CRT) evaluation. An embodiment of an apparatus includes a hardware accelerator to receive a ciphertext generated by homomorphic encryption (HE) for evaluation, decompose coefficients of the ciphertext into a set of decomposed coefficients, multiply the decomposed coefficients using a set of smaller modulus determined based on a larger modulus, and convert results of the multiplying back to an original form corresponding to the larger modulus.

A device includes a random number generator configured to generate a random number, a memory configured to store at least one lookup table, and a processing circuit configured to generate a generator based on the random number, create the at least one lookup table based on the generator, and write the created at least one lookup table to the memory, wherein the processing circuit is configured to access the memory based on a first input and a second input, and generate a result of a modular multiplication of the first input by the second input based on the at least one lookup table.

Various embodiments relate to a method for multiplying a first and a second polynomial in the ring [X]/(X.sup.N−1) to perform a cryptographic operation in a data processing system, the method for use in a processor of the data processing system, including: receiving the first polynomial and the second polynomial by the processor; mapping the first polynomial into a third polynomial in a first ring and a fourth polynomial in a second ring using a map; mapping the second polynomial into a fifth polynomial in the first ring and a sixth polynomial in the second ring using the map; multiplying the third polynomial in the first ring with the fifth polynomial in the first ring to produce a first multiplication result; multiplying the fourth polynomial in the second ring with the sixth polynomial in the second ring to produce a second multiplication result using Renes multiplication; and combining the first multiplication result and the second multiplication result using the map.

Various embodiments relate to a method for multiplying a first and a second polynomial in the ring [X]/(X.sup.N−1) to perform a cryptographic operation in a data processing system, the method for use in a processor of the data processing system, including: receiving the first polynomial and the second polynomial by the processor; mapping the first polynomial into a third polynomial in a first ring and a fourth polynomial in a second ring using a map; mapping the second polynomial into a fifth polynomial in the first ring and a sixth polynomial in the second ring using the map; multiplying the third polynomial in the first ring with the fifth polynomial in the first ring to produce a first multiplication result; multiplying the fourth polynomial in the second ring with the sixth polynomial in the second ring to produce a second multiplication result using Renes multiplication; and combining the first multiplication result and the second multiplication result using the map.

A system includes an addressable memory array, one or more processing cores, and an accelerator framework coupled to the addressable memory. The accelerator framework includes a Multiply ACcumulate (MAC) hardware accelerator cluster. The MAC hardware accelerator cluster has a binary-to-residual converter, which, in operation, converts binary inputs to a residual number system. Converting a binary input to the residual number system includes a reduction modulo 2.sup.m and a reduction modulo 2.sup.m−1, where m is a positive integer. A plurality of MAC hardware accelerators perform modulo 2.sup.m multiply-and-accumulate operations and modulo 2.sup.m−1 multiply-and-accumulate operations using the converted binary input. A residual-to-binary converter generates a binary output based on the output of the MAC hardware accelerators.

Embodiments are directed to countermeasures for side-channel attacks on protected sign and key exchange operations. An embodiment of storage mediums includes instructions for commencing a process including an elliptic curve scalar multiplication (ESM) operation including application of a secret scalar value; splitting the secret scalar value into two random scalar values; counting a number of leading ‘0’ bits in the scalar value and skipping the number of leading ‘0’ bits in processing; performing an ESM iteration for each bit of the secret scalar value beginning with a most significant ‘1’ bit of the scalar value including a Point Addition operation and a Point Double operation for each bit on randomized points; performing ESM operation dummy iterations equal to the number of leading ‘0’ bits; and returning an output result for the ESM operation.