A system includes an addressable memory array, one or more processing cores, and an accelerator framework coupled to the addressable memory. The accelerator framework includes a Multiply ACcumulate (MAC) hardware accelerator cluster. The MAC hardware accelerator cluster has a binary-to-residual converter, which, in operation, converts binary inputs to a residual number system. Converting a binary input to the residual number system includes a reduction modulo 2.sup.m and a reduction modulo 2.sup.m−1, where m is a positive integer. A plurality of MAC hardware accelerators perform modulo 2.sup.m multiply-and-accumulate operations and modulo 2.sup.m−1 multiply-and-accumulate operations using the converted binary input. A residual-to-binary converter generates a binary output based on the output of the MAC hardware accelerators.

A binary logic circuit for determining the ratio x/d where x is a variable integer input, the binary logic circuit comprising: a logarithmic tree of modulo units each configured to calculate x[a:b]mod d for respective block positions a and b in x where b>a with the numbering of block positions increasing from the most significant bit of x up to the least significant bit of x, the modulo units being arranged such that a subset of M−1 modulo units of the logarithmic tree provide x[0:m]mod d for all m∈{1, M}, and, on the basis that any given modulo unit introduces a delay of 1: all of the modulo units are arranged in the logarithmic tree within a delay envelope of ┌log.sub.2 M┐; and more than M−2.sup.u of the subset of modulo units are arranged at the maximal delay of ┌log.sub.2 M┐, where 2.sup.u is the power of 2 immediately smaller than M.

A binary logic circuit for determining the ratio x/d where x is a variable integer input, the binary logic circuit comprising: a logarithmic tree of modulo units each configured to calculate x[a: b] mod d for respective block positions a and b in x where b>a with the numbering of block positions increasing from the most significant bit of x up to the least significant bit of x, the modulo units being arranged such that a subset of M−1 modulo units of the logarithmic tree provide x[0: m] mod d for all m∈{1, M}, and, on the basis that any given modulo unit introduces a delay of 1: all of the modulo units are arranged in the logarithmic tree within a delay envelope of ┌log.sub.2 M┐; and more than M−2.sup.u of the subset of modulo units are arranged at the maximal delay of ┌log.sub.2 M┐, where 2.sup.u is the power of 2 immediately smaller than M.

A data loading and storage system includes a storage module, a buffering module, a control module, a plurality of data loading modules, a plurality of data storage modules and a multi-core processor array module. The data is continuously stored in a DDR, and the data computed by the multi-core processor may be arranged continuously or be arranged according to a certain rule. After DMA reads the data into the DATA_BUF module by a BURST mode, in order to support fast loading of the data into the multi-core processor array, the data loading modules (i.e., load modules) are designed. In order to quickly store the computed result of the multi-core processor array into the (DATA_BUF module according to a certain rule, the data storage modules (i.e., store module) are designed.

Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having n.sub.s arithmetic shares into a high part a.sub.1 and a low part a.sub.0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t.sup.(⋅)A; extracting Boolean shares a.sub.1.sup.(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t.sup.(⋅)A and performing an AND with ζ−1, where ζ=−α.sup.−1 is a power of 2; unmasking a.sub.1 by combining Boolean shares of a.sub.1.sup.(⋅)B; calculating arithmetic shares a.sub.0.sup.(⋅)A of the low part a.sub.0; and performing a cryptographic function using a.sub.1 and a.sub.0.sup.(⋅)A.

A method for digital signing of a document using a predetermined secret key. An initial internal state is determined by application to a condensate of the document of a first white box implementation of generation of a main nonce; then a modular sum of the main nonce and of a predetermined constant. The method also determines a first internal state by application to the initial internal state of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant. The method then determines a second internal state by application to said condensate of a second white box implementation of generation of the main nonce; and a second modular arithmetic operation function of the first internal state, of the main signature nonce and of the secret key. It then generates a digital signature of the document from the first internal state and the second internal state.

This disclosure relates to data encryption and decryption. In one aspect, a method includes receiving, by a second peer end computing device, first data from a first peer end computing device. The second end computing device generates a random term based on a result range pre-agreed upon with the first peer end computing device. The result range includes a minimum result value and a maximum result value. The random term is a product of a random number and an agreed upon constant. The agreed upon constant is greater than a difference between the maximum result value and the minimum result value. The second peer end computing device performs a homomorphic operation based on the first data, local private second data, and the random term to obtain an encryption result. The second peer end computing device returns the encryption result to the first peer end computing device.

The present invention provides a bit decomposition secure computation system comprising: a share value storage apparatus to store share values obtained by applying (2, 3) type RSS using modulo of power of 2 arithmetic; a decomposed share value storage apparatus to store a sequence of share values obtained by applying (2, 3) type RSS using modulo 2 arithmetic; and a bit decomposition secure computation apparatus that, with respect to sharing of a value w, r1, r2, and r3 satisfying w=r1+r2+r3 mod 2{circumflex over ( )}n, where {circumflex over ( )} is a power operator and n is a preset positive integer, being used as share information by the (2, 3) type RSS stored in the share value storage apparatus, includes: an addition sharing unit that sums two values out of r1, r2 and r3 by modulo 2{circumflex over ( )}n, generates and distributes a share value of the (2, 3) type RSS with respect to the sum; and a full adder secure computation unit that executes addition processing of the value generated by the addition sharing unit and a value not used by the addition sharing unit, for each digit, by using secure computation of a full adder, and stores the result in the decomposed share value storage apparatus.

This disclosure relates to data encryption and decryption. In one aspect, a method includes receiving, by a second peer end computing device, first data from a first peer end computing device. The second end computing device generates a random term based on a result range pre-agreed upon with the first peer end computing device. The result range includes a minimum result value and a maximum result value. The random term is a product of a random number and an agreed upon constant. The agreed upon constant is greater than a difference between the maximum result value and the minimum result value. The second peer end computing device performs a homomorphic operation based on the first data, local private second data, and the random term to obtain an encryption result. The second peer end computing device returns the encryption result to the first peer end computing device.

In a method for determining the modular inverse of a number, successive iterations are applied to two pairs each including a first variable and a second variable, such that at the end of each iteration and for each pair, the product of the second variable and of the number is equal to the first variable modulo a given module. Each iteration includes at least one division by two of the first variable of a first pair or of a second pair, or a combination of the first variable of the first pair and of the first variable of the second pair by addition or subtraction. At least some of the iterations including a combination by addition or subtraction include a step of storing the result of the combination in the first variable of a pair determined randomly from among the first pair and the second pair. An associated cryptographic processing device is also described.