The invention relates to efficient zero knowledge verification of composite statements that involve both arithmetic circuit satisfiability and dependent statements about the validity of public keys (key-statement proofs) simultaneously. The method enables a prover to prove this particular statement in zero-knowledge. More specifically, the invention relates to a computer-implemented method for enabling zero-knowledge proof or verification of a statement (S) in which a prover proves to a verifier that a statement is true while keeping a witness (W) to the statement a secret. The invention also relates to the reciprocal method employed by a verifier who verifies the proof. The method includes the prover sending to the verifier a statement (S) having an arithmetic circuit with m gates and n wires configured to implement a function circuit and determine whether for a given function circuit output (h) and an elliptic curve point (P), the function circuit input (s) to a wire of the function circuit is equal to the corresponding elliptic curve point multiplier (s). The prover also sends individual wire commitments and/or a batched commitment for wires of the circuit, an input for a wire in the arithmetic circuit; and a function circuit output (h). The prover receives from the verifier a challenge value (x) and responding with an opening or additionally sends a proving key (PrK) to the verifier. The statement and the data enables the verifier to determine that the circuit is satisfied and calculate the elliptic curve point (P) and validate the statement, thus determining that the prover holds the witness (W) to the statement.

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd48.

The present disclosure relates to a method and device for performing an elliptic curve cryptography computation comprising: twisting, by a first device based on a first index of quadratic or higher order twist (d), a first point (PKB) on a first elliptic curve over a further elliptic curve twisted with respect to the first elliptic curve to generate a twisted key (PKB); transmitting the twisted key (PKB) to a further device; receiving, from the further device, a return value (ShS) generated based on the twisted key (PKB); and twisting, by the first device based on the first index of quadratic or higher order twist (d), the return value (ShS) over the first elliptic curve to generate a result (ShS) of the ECC computation.

Disclosed are devices, systems and methods for performing secure transactions in an aircraft are disclosed. Embodiments of the disclosed technology enable low cost carriers to provide payment verification for on-board purchases via the in-flight entertainment system. An exemplary method for performing secure transactions in an aircraft includes transmitting, by a user device in the aircraft using a wireless protocol, a first authentication factor and a request for one or more on-board services; receiving, from an on-board transceiver using the wireless protocol, an authentication token (a) comprising a one-time code and (b) encrypted using an asymmetric cryptographic algorithm; transmitting, using the asymmetric cryptographic algorithm, a second authentication factor comprising (a) the authentication token and (b) a text message transmitted from the user device; and receiving a confirmation of a delivery of the one or more on-board services.

Disclosed are an elliptic curve point multiplication operation method and apparatus. The elliptic curve point multiplication operation method comprises ordered point multiplication and point addition operations. In a point addition operation process, when scanning that a current bit of a scalar K is not 0, a true point addition operation is executed, and when scanning that the current bit of the scalar K is 0, an equivalent point conversion operation is executed; the result of the true point addition operation and the result of the equivalent point conversion operation are stored in an identical register file, the register file comprising multiple registers. According to the elliptic curve point multiplication operation method and apparatus, side channel analysis and security error attack can be effectively resisted.

An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

An apparatus and method for performing operation being secure against side channel attack are provided. The apparatus and method generate values equal to values obtained through an exponentiation operation or a scalar multiplication operation of a point using values extracted from previously generated parameter candidate value sets and an operation secure against side-channel attack, thereby improving security against side-channel attack without degrading performance.

In an approach, a processor receives a plurality of first operand values, where the first operand values are integer values. A processor adds, using binary addition, the plurality of first operand values resulting in a sum value S. A processor determines a single combined modular correction term D for a binary sum of all operand values based on leading bits of the sum value S. A processor performs a modular addition of S and D resulting in a modular sum of said plurality of said first operand values.

Disclosed herein are a finite-field division operator, an elliptic curve cryptosystem having the finite-field division operator, and a method for operating the elliptic curve cryptosystem. The method for operating an elliptic curve cryptosystem may include, setting, by a key setting unit, a length of a key of a cryptographic algorithm, generating, by the key setting unit, first setup information that indicates a number of words corresponding to the key length, and generating, by the key setting unit, second setup information that indicates a number of repetitions of an operation by a finite-field division operator corresponding to the key length.

An elliptic curve random number generator avoids escrow keys by choosing a point on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point , wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.