An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptic Curve Cryptography point addition algorithm for mixed Affine-Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.

A technique for locking a blockchain transaction based on undetermined data, using a blockchain network. A locking node may include a locking script in a blockchain transaction to lock a digital asset. The locking script includes a public key for a determined data source and instructions to cause a validating node executing the locking script to verify the source of data provided in an unlocking script by: a) generating a modified public key based on the public key for the determined data source and based on data defined in the unlocking script; and b) evaluating a cryptographic signature in the unlocking script based on the modified public key. The blockchain transaction containing the locking script is sent by the locking node to the blockchain network. The lock may be removed using a cryptographic signature generated from a private key modified based on the data.

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd

A cryptographic calculation includes obtaining a point P(X,Y) from a parameter t on an elliptical curve Y.sup.2=f(X); and from polynomials X1(t), X2(t), X3(t) and U(t) satisfying: f(X1(t)).Math.f(X2(t)).Math.f(X3(t))=U(t).sup.2 in Fq, with q=3 mod 4. Firstly a value of the parameter t is obtained. Next, the point P is determined by: (i) calculating X1=X1(t), X2=X2(t), X3=X3(t) and U=U(t); (ii) if the term f(X1).Math.f(X2) is a square, then testing whether the term f(X3) is a square in Fq and if so calculating the square root of f(X3) in order to obtain the point P(X3); (iii) otherwise, testing whether the term f(X1) is a square and, if so, calculating the square root of f(X1) in order to obtain the point P(X1); (iv) otherwise, calculating the square root of f(X2) in order to obtain the point P(X2). This point P is useful in a cryptographic application.

A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.

Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as sample power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security. In certain embodiments, system immunity is maintained by performing elliptic scalar operations that use secret-independent operation flow in a secure Elliptic Curve Cryptosystem.

A cryptographic calculation includes obtaining a point P(X,Y) from a parameter t on an elliptical curve Y.sup.2=f(X); and from polynomials X1(t), X2(t), X3(t) and U(t) satisfying: f(X1(t)).Math.f(X2(t)).Math.f(X3(t))=U(t).sup.2 in Fq, with q=3 mod 4. Firstly a value of the parameter t is obtained. Next, the point P is determined by: (i) calculating X1=X1(t), X2=X2(t), X3=X3(t) and U=U(t); (ii) if the term f(X1).Math.f(X2) is a square, then testing whether the term f(X3) is a square in Fq and if so calculating the square root of f(X3) in order to obtain the point P(X3); (iii) otherwise, testing whether the term f(X1) is a square and, if so, calculating the square root of f(X1) in order to obtain the point P(X1); (iv) otherwise, calculating the square root of f(X2) in order to obtain the point P(X2). This point P is useful in a cryptographic application.

Embodiments of a system for, and method for using, an elliptic curve cryptography integrated circuit are generally described herein. An elliptic curve cryptography (ECC) operation request may be received. One of a plurality of circuit portions may be instructed to perform the ECC operation. The plurality of circuit portions that may be used include a finite field arithmetic circuit portion, an EC point addition and doubler circuit portion, a finite field exponentiation circuit portion, and a point multiplier circuit portion. The result of the ECC operation may then be output.

Systems and methods described herein relate to techniques in which multiple parties each generate and exchange quantities that are based on a shared secret (e.g., powers of the shared secret) without exposing the shared secret. According to a protocol, two or more parties may exchange sets of elliptic curve points generated over polynomials that can be used, by each of the two or more parties, to determine a power of a shared secret. The protocol may be utilised as part of determining parameters for a smart contract that is broadcast to a blockchain network (e.g., Bitcoin). Based on the protocol, an additional party (e.g., a third party different from the two or more parties) may perform a computational task such as execution of the smart contract.

A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.