A message authentication code, for a message transmitted and received over a communications network, is formed by applying inputs to an integrity algorithm acting on the message. The inputs comprise: an integrity key; a value indicating a transfer direction; and a frame-dependent integrity input, wherein the frame-dependent integrity input is a frame-dependent modulo count value that also depends on a random value and on a frame-specific sequence number.

A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.

Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate a key pair comprising a public key and a private key. The first computing device can generate a first shared secret using the private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

A method for directly transmitting an electronic coin data record between first and second terminals, with the following steps carried out by the second terminal: receiving the electronic coin data record from the first terminal, wherein the at least one electronic coin data record includes a monetary amount and a concealment amount; generating a modified electronic coin data record using the received electronic coin data record; masking the modified electronic coin record by applying a homomorphic one-way function to the modified electronic coin record in order to obtain a masked modified electronic coin record; sending a registration request for the masked modified electronic coin data record to a monitoring entity. A currency system and a payment system includes a decentrally controlled database in which masked electronic coin data records are stored; and a direct transaction layer including at least two terminals in which the method can be carried out.

Systems and methods for performing modular inversion operations in a manner protected from external monitoring attacks. An example method comprises: determining, by a processor, a first masked value based on a public cryptographic key and a first random integer value; determining a second masked value based on the public cryptographic key and a second random integer value, and determining, based on the first masked value and the second masked value, a private cryptographic key represented by a modular inversion of the public cryptographic key.

Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

Described is a lattice cryptography processor with configurable parameters. The lattice cryptography processor includes a sampling circuit configured to operate in accordance with a Secure Hash Algorithm 3 (SHA-3)-based pseudo-random number generator (PRNG), a single-port random access memory (RAM)-based number theoretic transform (NTT) memory architecture and a modular arithmetic unit. The described lattice cryptography processor is configured to be programmed with custom instructions for polynomial arithmetic and sampling. The configurable lattice cryptography processor may operate with lattice-based CCA-secure key encapsulation and a variety of different lattice-based protocols including, but not limited to: Frodo, NewHope, qTESLA, CRYSTALS-Kyber and CRYSTALS-Dilithium, achieving up to an order of magnitude improvement in performance and energy-efficiency compared to state-of-the-art hardware implementations.

The present disclosure provides a method and apparatus for determining an encryption mask, a method and apparatus for recognizing an image, a method and apparatus for training a model, a device, a storage medium and a computer program product. A specific implementation comprises: acquiring a test image set and an encryption mask set; superimposing an image in the test image set with a mask in the encryption mask set to obtain an encrypted image set; recognizing an image in the encrypted image set using a pre-trained encrypted image recognition model and recognizing the image in the encrypted image set using a pre-trained original image recognition model to obtain a first recognition result; and determining a target encryption mask from the encryption mask set based on the first recognition result.

A distributed computer network utilizing cryptography that includes one or more processors, wherein the one or more processors are programmed to receive a secret input state and one or more tuples, mask the secret input state with the one or more tuple and utilize a reveal to compute a masked input, compute six multiplications on the masked input, compute multiplication of two secret values to output an intermediate output, mask a third secret value from the intermediate output and reveal the third secret value to compute an interaction, compute a multiparty-computation multiplication with the interaction, and output a final secret value in response to computing the multiparty-computation multiplication.