A cryptographic processing method comprises the following steps: obtaining a second number determined by adding to a first number the order of a finite group or a multiple of this order; determining a quotient and a remainder by dividing the second number by a random number; obtaining a third element equal to the combination of elements equal to a first element of the finite group and in number equal to the product of the quotient and the random number; obtaining a fourth element equal to the combination of elements equal to the first element and in number equal to the remainder; determining a second element by combining the third element and the fourth element.

A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.

Methods for secure random selection of t client devices from a set of N client devices and methods for secure computation of inputs of t client devices randomly selected from N client devices are described. Such random selection method may include determining an initial binary vector b of weight t by setting the first t bits to one: b.sub.i=1, 1≤i≤t, and all further bits to zero: b.sub.i=0, t<i≤N; each client device i (i=1, . . . , N) of the set of N client devices jointly generating a random binary vector b of weight t in an obfuscated domain on the basis of the initial binary vector b including: determining a position n in the binary vector; determining a random number r in {n, n+1, . . . N}; and, using the random number to swap binary values at positions n and r of the binary vector b.

A processing device for federated learning, including: a modular exponentiation module including at least one modular exponentiation engine; a pre-processing module for providing operations corresponding to a plurality of operator modes; a montgomerization module for providing montgomerization operations; a confusion calculation module for providing modular multiplication operations in montgomery space; a montgomery reduction module for providing montgomery reduction operations; and a controller for determining, according to an input operator mode, whether to enable at least two modules out of the pre-processing module, the montgomerization module, the confusion calculation module, and the montgomery reduction module, so as for cooperatively performing the input operator mode together with the modular exponentiation module.

A secure computation system for secure exponentiation involving a non-secret base and a secret exponent comprises at least four secure computation server apparatuses connected to each other via a network, and each of the secure computation server apparatuses has: a reshare part that outputs reshares for an input including at least a share of the exponent by an operation closed within each of the secure computation server apparatuses; and a multiplication part that performs the secure exponentiation by executing multiplication using shares obtained by having the reshare part reshare the exponent that has been decomposed into additions of shares of the exponent.

A method and apparatus for securely processing an input to generate an output according to one or more encoded secrets is disclosed. In one embodiment, the method comprises a set of secrets S composed of a plurality of secrets s.sub.1, s.sub.2,..., s.sub.n, generating a first data structure based on the random encoding of the first secret s.sub.1, and performing a plurality of cryptographic operations according to the input and the encoded secrets s.sub.2,..., s.sub.n to compute the output according to each secret in the white-box implementation, the white-box implementation having at least one further data structure operating on the randomly encoded of the secrets.

Provided is a secure computation technique for efficiently uniforming exponent parts of floating points. A secret exponent part uniforming system which, from a share ([[.sup..fwdarw.a]].sup.P, [[.sup..fwdarw.ρ]].sup.Q) of a floating point vector (.sup..fwdarw.a= (a.sub.0,..., a.sub.m-1), .sup..fwdarw.ρ=(ρ.sub.0, ..., ρ.sub.m-1)), calculates a share ([[.sup.~b]].sup.P, [[.sup..fwdarw.ρ.sub.max]].sup.Q) of a floating point vector with uniformed exponent parts (.sup..fwdarw.b= (b.sub.0,..., b.sub.m-1), .sup..fwdarw.ρ.sub.max=(ρ.sub.max, ..., ρ.sub.max) (ρ.sub.max=max{ρ.sub.0, ..., ρ.sub.m-1}), 2.sup.ρ_ia.sub.i≒2.sup.ρ_maxb.sub.i is satisfied), comprises a mantissa part calculation means for calculating a share [[.sup..fwdarw.b]].sup.P by calculating a share [[b.sub.i]].sup.P (b.sub.i=2.sup.-ρ_dif,ia.sub.i) of the number b.sub.i from the i-th element of the share [[.sup..fwdarw.a]].sup.P and the i-th element of a share <<.sup..fwdarw.ρ.sub.dif>>.sup.Q converted by replicated secret sharing from a share

[[.sup..fwdarw.ρ.sub.dif]].sup.Q=[[.sup..fwdarw.ρ]].sup.Q-[[.sup..fwdarw.ρ.sub.max]].sup.Q.

A processing device for federated learning, including: a modular exponentiation module including at least one modular exponentiation engine; a pre-processing module for providing operations corresponding to a plurality of operator modes; a montgomerization module for providing montgomerization operations; a confusion calculation module for providing modular multiplication operations in montgomery space; a montgomery reduction module for providing montgomery reduction operations; and a controller for determining, according to an input operator mode, whether to enable at least two modules out of the pre-processing module, the montgomerization module, the confusion calculation module, and the montgomery reduction module, so as for cooperatively performing the input operator mode together with the modular exponentiation module.

Some embodiments are directed to an electronic computation device (100) arranged for obfuscated execution of a multiplication. The device comprises a storage (120) arranged for storing multiple variables used in the execution of an arithmetic operation, a variable (x: y; 2) of the multiple variables being represented as multiple multiplicative shares (X=(x.sub.0, x.sub.1, . . . , x.sub.m−1); Y=(y.sub.0, y.sub.1, . . . , y.sub.m−1); 20), said multiplicative shares being represented in the storage as multiple additive shares (x.sub.i=(x.sub.i,0,x.sub.i,1, . . . , x.sub.i,n−1); Yi=(y.sub.i,0,y.sub.i,1, . . . , y.sub.i,n−1); 210, 220).

The present disclosure provides methods and systems for ensuring the security of a blockchain and associated network, and for enabling the establishment of consensus regarding the state of the blockchain. A method of the disclosure may be implemented by one or more nodes on a blockchain network, using a non-parallelisable algorithm to calculate an output based on a computational difficulty parameter, a hash of at least one blockchain transaction; and/or a hash of at least one blockchain block header. The non-parallelisable, inherently sequential algorithm comprises at least one of the following operations or a combination thereof: a recursive operation, a modular exponentiation and/or a repeated squaring operation.