An electronic key pre-distribution device for configuring multiple network nodes with local key information is provided. The key pre-distribution device applies at least a first hash function and a second hash function to a digital identifier of a network node. The first and second hash functions map the digital identifier to a first public point and a second public point on a first elliptic curve and second elliptic curve. A first and second secret isogeny are applied to the first and second public elliptic curve points, to obtain a first private elliptic curve point and second private elliptic curve point that are part of private key material for the network node.

Embodiments are directed to a digital signature verification engine for reconfigurable circuit devices. An embodiment of an apparatus includes one or more processors; and a reconfigurable circuit device, the reconfigurable circuit device including digital signal processing (DSP) blocks and logic elements (LEs), wherein the one or more processors are to configure the reconfigurable circuit device to operate as a signature verification engine for a bit stream, the signature verification engine including a hybrid multiplication unit, the hybrid multiplication unit combining a set of LEs and a set of the DSPs to multiply operands for signature verification.

Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as simple power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security. In certain embodiments, system immunity is maintained by performing elliptic scalar operations that use secret-independent operation flow in a secure Elliptic Curve Cryptosystem.

According to an embodiment, the arithmetic device includes a controller. The controller is configured to: convert a bit string of m bits (where m is an integer of 4 or more) representing a multiplication value k when a certain condition is satisfied; set a value based on a coordinate value P of a specific point for a first variable and a second variable based on a second bit value from a least significant bit of the bit string; perform loop processing (m−3) times for multiplication processing of performing multiplication on the first variable and addition processing of adding two different points which are not infinite points by adding the first variable and the second variable; and output a coordinate value kP obtained by a scalar multiplication of the coordinate value P with the multiplication value k based on processing for a most significant bit of the bit string.

A method and protocol for determining linear combinations of a first and second point for an elliptic curve cryptography scheme, including determining a first scalar multiplication of the first point with a first scalar, the first scalar multiplication including performing iteratively in relation to the value of the first scalar either one of: doubling of the first point in Jacobian projective coordinates; or mixed addition with the first point in affine coordinates; determining a combination point by adding the second point to the resultant of the first scalar multiplication; obtaining an affine coordinate representation of the combination point; determining a second scalar multiplication of the combination point with a second scalar, the second scalar multiplication including performing iteratively in relation to the value of the second scalar either one of: doubling of the combination point in Jacobian projective coordinates; or mixed addition with the combination point in affine coordinates.

An electronic key pre-distribution device (110) for configuring multiple network nodes (210, 211) with local key information is provided. The key pre-distribution device comprises applies at least a first hash function (147) and a second hash function (148) to a digital identifier of a network node. The first and second hash functions map the digital identifier to a first public point (141; H.sub.1(ID)) and a second public point (142; H.sub.2(ID)) on a first elliptic curve (131) and second elliptic curve (132). A first and second secret isogeny (135) is applied to the first and second public elliptic curve point (141, 142), to obtain a first private elliptic curve point (151) and second private elliptic curve point (152) being part of private key material (155) for the network node (210).

A method and apparatus for securely processing an input to generate an output according to one or more encoded secrets is disclosed. In one embodiment, the method comprises a set of secrets S composed of a plurality of secrets s.sub.1, s.sub.2,..., s.sub.n, generating a first data structure based on the random encoding of the first secret s.sub.1, and performing a plurality of cryptographic operations according to the input and the encoded secrets s.sub.2,..., s.sub.n to compute the output according to each secret in the white-box implementation, the white-box implementation having at least one further data structure operating on the randomly encoded of the secrets.

The invention relates to efficient zero knowledge verification of composite statements that involve both arithmetic circuit satisfiability and dependent statements about the validity of public keys (key-statement proofs) simultaneously. The method enables a prover to prove this particular statement in zero-knowledge. More specifically, the invention relates to a computer-implemented method for enabling zero-knowledge proof or verification of a statement (S) in which a prover proves to a verifier that a statement is true while keeping a witness (W) to the statement a secret. The invention also relates to the reciprocal method employed by a verifier who verifies the proof. The method includes the prover sending to the verifier a statement (S) having an arithmetic circuit with m gates and n wires configured to implement a function circuit and determine whether for a given function circuit output (h) and an elliptic curve point (P), the function circuit input (s) to a wire of the function circuit is equal to the corresponding elliptic curve point multiplier(s). The prover also sends individual wire commitments and/or a batched commitment for wires of the circuit, an input for a wire in the arithmetic circuit; and a function circuit output (h). The prover receives from the verifier a challenge value (x) and responding with an opening or additionally sends a proving key (PrK) to the verifier. The statement and the data enables the verifier to determine that the circuit is satisfied and calculate the elliptic curve point (P) and validate the statement, thus determining that the prover holds the witness (W) to the statement.

A technique for locking a blockchain transaction based on undetermined data, using a blockchain network. A locking node may include a locking script in a blockchain transaction to lock a digital asset. The locking script includes a public key for a determined data source and instructions to cause a validating node executing the locking script to verify the source of data provided in an unlocking script by: a) generating a modified public key based on the public key for the determined data source and based on data defined in the unlocking script; and b) evaluating a cryptographic signature in the unlocking script based on the modified public key. The blockchain transaction containing the locking script is sent by the locking node to the blockchain network. The lock may be removed using a cryptographic signature generated from a private key modified based on the data.

Systems and methods described herein relate to techniques in which multiple parties each generate and exchange quantities that are based on a shared secret (e.g., powers of the shared secret) without exposing the shared secret. According to a protocol, two or more parties may exchange sets of elliptic curve points generated over polynomials that can be used, by each of the two or more parties, to determine a power of a shared secret. The protocol may be utilised as part of determining parameters for a smart contract that is broadcast to a blockchain network (e.g., Bitcoin). Based on the protocol, an additional party (e.g., a third party different from the two or more parties) may perform a computational task such as execution of the smart contract.