The present invention relates to a method of secure generation by a client device and a server device of an RSA signature of a message to be signed with a private exponent component d of an RSA key (p, q, N, d, e), wherein said client device stores a client device private exponent component dA, a client value, and a client dynamic offset, and said server device stores a server device private exponent component dB, where dB=ddA modulo phi(N), a server value, a server dynamic offset and a failure counter, comprising: a. receiving from the client device a client part of said RSA signature (HS1) of said message to be signed, after incrementing its client value (pvA) by a first predetermined step E, from the client device private exponent component and from an updated client dynamic offset function of said client dynamic offset and of said client value, b. setting said failure counter to a first default value, c. incrementing said server value (pvB) by a second predetermined step (E), d. generating a server part of said RSA signature (HS2) of said message to be signed, from the server device private exponent component and from an updated server dynamic offset function of said server dynamic offset and of said server value, e. generating said RSA signature by combining said client part of said RSA signature (HS1) and said server part of said RSA signature (HS2), f. checking if the generation of the RSA signature was a failure and when it was a failure, incrementing said failure counter and g\ iteratively repeating above steps c\ to f\, until said RSA signature is successfully generated or said failure counter reaches a first predetermined threshold S.

Described is a system for improving data privacy in Internet of Things (IoT) devices. The system includes an IoT device having data stored thereon, one or more blockchain nodes in communication with the IoT device, and one or more multi-party computation (MPC) nodes in communication with the IoT device and the one or more blockchain nodes. The data is encrypted using a blockchain process, and a symmetric key for the encrypted data is securely distributed via a MPC process to a data recipient.

Described is a system for improving data authentication using blockchain technology and multi-party computation (MPC). The system ensures authenticity of distributed data sent from one or more servers to the distributed clients. The system initializes MPC protocols to ensure secrecy of keys used to sign a new data element. Blockchain technology is utilized to ensure correctness and integrity of the new data element. A bidirectional blockchain is used such that a forward blockchain stores the new data element to be received by the distributed clients, and a reverse blockchain stores a public key used by the distributed clients to verify authenticity of the new data element stored in the forward blockchain. Signing of the new data element with the public key causes a previous public key to expire.

A device, system and method for secure collaborations on encrypted data in a hybrid environment of a homomorphic encryption (HE) enabled device and trusted hardware. A set of computations may be divided into a subset of linear computations and a subset of non-linear computations. The linear computations on the encrypted data may be executed using homomorphic encryption (HE) in the homomorphic encryption (HE) enabled device. The non-linear computations on the unencrypted data may be executed in the trusted hardware in an unencrypted domain and encrypting the result. The results of the linear and non-linear computations may be decrypted and merged to generate a result equivalent to executing the set of linear and non-linear computations on the unencrypted data.

The present disclosure discloses a method comprising: dividing, by a computing device at a first party among a plurality of parties, local data into a plurality of data segments; recursively encrypting, by the computing device, each data segment using a plurality of public keys corresponding to the plurality of parties and a mediator; sharing, by the computing device, the local data comprising the encrypted plurality of data segments with the mediator; anonymizing, by the computing device, aggregated local data received from the mediator; and communicating, by the computing device from the mediator, a global sum that preserves privacy of the plurality of parties in a multi-party environment, wherein the global sum is computed by the mediator based on the collection of data segments that are decrypted recursively using the private key corresponding to each party and the private key corresponding to the mediator.

The technology encompasses new uses of already-known cryptographic techniques. The technology entails computer-based methods of sharing information securely, in particular an asymmetric method of secure computation that relies on the private-key/public key paradigm with homomorphic encryption. The methods and programmed computing apparatuses herein harness mathematical concepts and apply them to services or tasks that are commercially useful and that have not hitherto been possible. Applications of the methods and apparatus herein are far-ranging and include, but are not limited to: purchase-sale transactions such as real estate or automobiles, where some aspect of price negotiation is expected; stock markets; legal settlements; salary negotiation; auctions, and other types of complex financial transactions.

Embodiments allow comparison of key figures (e.g., costs, lead times) between different entities in a privacy-preserving manner, utilizing secure multi-party computation (MPC) approaches implemented by a central service provider. The central service provider receives encrypted key figure data from each of multiple players in a peer group. In one embodiment the central service provider executes a secure computation protocol comprising a semi-homomorphic encryption scheme exhibiting an additive homomorphic property. The central service provider returns to each player, a statistical measure (e.g., top quartile, bottom quartile) allowing comparison with the other players' key figures while preserving privacy. Alternative embodiments may return to the players, a statistical measure calculated from a Boolean or arithmetic circuit implemented at the central server using other secure computation approaches (e.g., garbled circuits, secret sharing, or (semi or fully) homomorphic encryption. Embodiments may find value in maintaining privacy of key figure data shared between competitors for benchmarking.

A system for identifying one or more malicious parties participating in a secure multi-party computation (MPC), comprising one of a plurality of computing nodes communicating with the plurality of computing nodes through a network(s). The computing node is adapted for participating in an MPC with the plurality of computing nodes using secure protocol(s) established over the network(s), the secure protocol(s) support transmittal of private messages to each of the other computing nodes and transmittal of broadcast messages to all of the computing nodes, detecting invalid share value(s) of a plurality of share values computed and committed by the computing nodes during the MPC, verifying each of the share values according to a plurality of agreed share values valid for the MPC which are determined through a plurality of broadcast private messages, identifying identity of malicious computing node(s) which committed the invalid share value(s) failing the verification and outputting the identity.

The techniques described herein may provide an efficient and secure two-party distributed signing protocol for the identity-based signature scheme described in the IEEE P1363 standard. For example, in an embodiment, a method may comprise generating a distributed cryptographic key at a key generation center and a first other device and a second other device and generating a distributed cryptographic signature at the first other device using the second other device.

A method and a device for information system access authentication are disclosed. The method includes: performing anonymous authentication to a random verification code generated according to a login request for accessing an information system of a client, and authenticating acquired user name and password information when the anonymous authentication is successful. The device includes an verification code authentication module and a user name and password authentication module connected to the verification code authentication module, wherein the verification code authentication module is configured to perform anonymous authentication to a random verification code generated according to a login request for accessing an information system of client; and the user name and password authentication module is configured to authenticate acquired user name and password information when the anonymous authentication is successful. The present disclosure uses a two-stage and two-factor authentication method such that the security of the login information is improved without increasing the complexity of the user's login.