The present disclosure provides methods and systems for ensuring the security of a blockchain and associated network, and for enabling the establishment of consensus regarding the state of the blockchain. A method of the disclosure may be implemented by one or more nodes on a blockchain network, using a non-parallelisable algorithm to calculate an output based on a computational difficulty parameter, a hash of at least one blockchain transaction; and/or a hash of at least one blockchain block header. The non-parallelisable, inherently sequential algorithm comprises at least one of the following operations or a combination thereof: a recursive operation, a modular exponentiation and/or a repeated squaring operation.

A method of protecting a modular exponentiation calculation on a first number and an exponent, modulo a first modulo, executed by an electronic circuit using a first register or memory location and a second register or memory location, successively including, for each bit of the exponent: generating a random number; performing a modular multiplication of the content of the first register or memory location by that of the second register or memory location, and placing the result in one of the first and second registers or memory locations selected according to the state of the bit of the exponent; performing a modular squaring of the content of one of the first and second registers or memory locations selected according to the state of the exponent, and placing the result in this selected register or memory location, the multiplication and squaring operations being performed modulo the product of the first modulo by said random number.

Methods and systems for masking certain cryptographic operations in a manner designed to defeat side-channel attacks are disclosed herein. Squaring operations can be masked to make squaring operations indistinguishable or less distinguishable from multiplication operations. In general, squaring operations are converted into multiplication operations by masking them asymmetrically. Additional methods and systems are disclosed for defeating DPA, cross-correlation, and high-order DPA attacks against modular exponentiation.

Different clients encrypt secrets using a server's public RSA key, blind them using randomly generated onetime use blinding factors, and bind them to unique identifiers of corresponding client policies. Encrypted, blinded secrets bound to unique policy ids are transmitted to the server. The server processes different encrypted, blinded secrets received from different clients according to the bound policies. Processing an encrypted blinded secret can involve decrypting it using the corresponding policy id and the server's private key, resulting in a decrypted but still blinded secret which is not readable by the server. The server can then transmit the decrypted blinded secret to one or more clients according to the policy. A client that receives the decrypted blinded secret can unblind and read the secret as plaintext, provided the client has the policy id and the unblinding factor.

Various embodiments relate to a device for generating code which implements modular exponentiation, the device including: a memory used to store a lookup table; and a processor in communication with the memory, the processor configured to: receive information for a generated randomized addition chain; output code for implementing the modular exponentiation which loads elements from the lookup table including intermediate results which utilize the information for a generated randomized addition chain; and output code for implementing the modular exponentiation which uses the loaded elements to compute the next element.

A method of protecting a modular calculation on a first number and a second number, executed by an electronic circuit, including the steps of: combining the second number with a third number to obtain a fourth number; executing the modular calculation on the first and fourth numbers, the result being contained in a first register or memory location; initializing a second register or memory location to the value of the first register or to one; and successively, for each bit at state 1 of the third number: if the corresponding bit of the fourth number is at state 1, multiplying the content of the second register or memory location by the inverse of the first number and placing the result in the first register or memory location, if the corresponding bit of the fourth number is at state 0, multiplying the content of the second register or memory location by the first number and placing the result in the first register or memory location.

A method of protecting a modular exponentiation calculation on a first number and an exponent, modulo a first modulo, executed by an electronic circuit using a first register or memory location and a second register or memory location, successively including, for each bit of the exponent: generating a random number; performing a modular multiplication of the content of the first register or memory location by that of the second register or memory location, and placing the result in one of the first and second registers or memory locations selected according to the state of the bit of the exponent; performing a modular squaring of the content of one of the first and second registers or memory locations selected according to the state of the exponent, and placing the result in this selected register or memory location, the multiplication and squaring operations being performed modulo the product of the first modulo by said random number.

Various embodiments relate to a method of encoding data and a related device and non-transitory machine readable storage medium, including: determining a plurality of factors of a value, b, to be exponentiated; retrieving, from a lookup table, a plurality of lookup table entries associated with the plurality of factors; calculating a product of the plurality of lookup table entries; and calculating a residue of the product using a cryptographic key modulus, N, to produce an exponentiated value, s.

Various embodiments relate to a method, system, and non-transitory machine-readable medium encoded with instructions for execution by a processor for performing modular exponentiation, the non-transitory machine-readable medium including: instructions for iteratively calculating a modular exponentiation, b.sup.d mod n, including: instructions for squaring a working value, c; and instructions for conditionally multiplying the working value, c, by a base value, b, dependent on a bit of an exponent, d, including: instructions for unconditionally multiplying the working value, c, by a lookup table entry associated with the base value.

Various embodiments relate to a device for generating code which implements modular exponentiation, the device including: a memory used to store a lookup table; and a processor in communication with the memory, the processor configured to: receive information for a generated randomized addition chain; output code for implementing the modular exponentiation which loads elements from the lookup table including intermediate results which utilize the information for a generated randomized addition chain; and output code for implementing the modular exponentiation which uses the loaded elements to compute the next element.