An encryption system according to an embodiment is an encryption system for performing encryption and decryption using functional encryption using a quadratic function having n (where n is a predetermined integer of 2 or more) arguments, which includes a setup unit configured to generate a master secret key of the functional encryption using a master secret key of function concealed inner product functional encryption composed of pairing calculation and a master secret key of multi-input function concealed inner product functional encryption obtained by extending the function concealed inner product functional encryption to multi-inputs, an encryption unit configured to generate n pieces of ciphertext obtained by encrypting n pieces of data using the master secret key of the function concealed inner product functional encryption, the master secret key of the multi-input function concealed inner product functional encryption, and the master secret key of the functional encryption, a key generation unit configured to generate a secret key for decrypting the n pieces of ciphertext using data representing the quadratic function and the secret key of the multi-input function concealed inner product functional encryption, and a decryption unit configured to decrypt the n pieces of ciphertext using the secret key generated by the key generation unit to generate a value of the quadratic function for the n pieces of data.

According to an embodiment, a data transfer control device includes a controller, and the controller generates tag information when the controller receives a tag generation request, and encrypts the tag information, transmits the encrypted tag information to a device that transmits the tag generation request, processes data stored at a predetermined address to generate data for transmission when an address at which the data related to the data transfer request is stored includes the predetermined address, scrambles or encrypts the data for transmission using the tag information, and transmits the scrambled or encrypted data to the device.

The computer-implemented method for generating a public key and a secret key of the present disclosure comprises determining, by a processor, the secret key (s) by sampling from a distribution over {−1, 0, 1}.sup.nd; determining, by a processor, a first error vector (e) by sampling from (D.sub.αq.sup.n).sup.d and a second error value (e′) by sampling from D.sub.αq.sup.n; choosing, by a processor, a randomly uniform matrix A which satisfies A.Math.s=e (mod q); choosing, by a processor, a random column vector b which satisfies $.Math.b,s.Math.=.Math.\frac{q}{2}.Math.+e^{\prime }\left(\mathrm{mod}q\right);$
and determining, by a processor, the public key (pk) by (A∥b)∈R.sub.q.sup.d×(d+1).

A method is provided for solving a computational problem that is reducible to a problem of counting solutions to an associated decision problem. The method includes, using a quantum computer, estimating a number of the solutions to the decision problem by determining if there is at least one solution to the decision problem that lies in a pseudo-random set. The method also includes outputting or using the estimated number of the solutions to the decision problem as a solution to the computational problem. Determining if there is at least one solution to the decision problem that lies in the pseudo-random set could include determining if there is a sequence of solutions to the decision problem that, taken together, lies in the pseudo-random set.

Disclosed is a ciphertext calculation method. The ciphertext calculation method comprises the steps of: receiving a comparative calculation command for a plurality of ciphertexts of the same type; performing a calculation by reflecting the plurality of ciphertexts of the same type on a synthesis function corresponding to the comparative calculation command; and outputting the calculated ciphertexts of the same type.

A public key generated by each user of a plurality of users is used to encrypt the contacts for that user. The results are sent to a server by each user. The key generated by each user is then distributed to every other user in the system, and each recipient encrypts their contacts with the keys. The result of these encryptions for all contacts for all recipients is then received by the server, and the server computes an encrypted computation of equality of two contacts and sends all computations back to the original user. The user can use the homomorphic property of the crypto protocol (e.g., a private key) to determine a set of users that are matched as contacts with the other users. The binary results are returned to the server, and the server computes a graph using the results.

Normalization is performed with high precision in secure computation. A secure inverse computation system (100) receives [a] as an input and calculates [1/a]. The bit decomposition unit (11) generates a bit representation a.sub.0, . . . , a.sub.λ−1 of a. The flag sequence generation unit (12) generates {x.sub.0}, . . . , {x.sub.λ−1} indicating a most significant bit of {a.sub.0}, . . . , {a.sub.λ−1}. A bit sequence generation unit (13) generates {y.sub.0}, . . . , {y.sub.λ−1} in which {y.sub.0}, {y.sub.1}: ={0}, {y.sub.i}: ={(¬a.sub.i−2∧x.sub.i−1) XOR x.sub.i} (2≤i<λ), {y.sub.λ}: ={¬a.sub.λ−2∧x.sub.λ−1}. The normalization multiplier generation unit (14) generates [c] obtained by bit-connecting {y.sub.λ−1}, . . . , {y.sub.0}. The normalization unit (15) calculates [b]: =[a][c].

A cryptographic system comprising an encryption device to generate a ciphertext; a master re-encryption key generation device to generate a master re-encryption key that cannot decrypt a ciphertext generated by the encryption device, but can generate a re-encryption key for changing an access range for a ciphertext generated by the encryption device; re-encryption device to generate a re-encryption key for re-encrypting a target ciphertext generated by the encryption device, using the master re-encryption key, and re-encrypts the target ciphertext to generate a re-encrypted ciphertext, using the generated re-encryption key; and a decryption device to decrypt at least one of the ciphertext generated by the encryption device and the re-encrypted ciphertext generated by the re-encryption device.

A homomorphic operation accelerator includes a plurality of circuits and a homomorphic operation managing circuit. The plurality of circuits may perform homomorphic operations. The homomorphic operation managing circuit may receive cipher text data, homomorphic encryption information and homomorphic operation information from an external device. The homomorphic operation managing circuit may activate or deactivate each of a plurality of enable signals applied to the plurality of circuits based on the homomorphic encryption information and the homomorphic operation information. The homomorphic operation managing circuit may activate or deactivate each of the plurality of circuits based on the plurality of enable signals. The homomorphic encryption information may be associated with a homomorphic encryption algorithm used to generate the cipher text data. The homomorphic operation information may be associated with the homomorphic operations to be performed on the cipher text data.

The present disclosure provides methods and systems for ensuring the security of a blockchain and associated network, and for enabling the establishment of consensus regarding the state of the blockchain. A method of the disclosure may be implemented by one or more nodes on a blockchain network, using a non-parallelisable algorithm to calculate an output based on a computational difficulty parameter, a hash of at least one blockchain transaction; and/or a hash of at least one blockchain block header. The non-parallelisable, inherently sequential algorithm comprises at least one of the following operations or a combination thereof: a recursive operation, a modular exponentiation and/or a repeated squaring operation.