The present invention relates to a method for electronic signing of a document with a predetermined secret key (x), the method being characterized in that it comprises the implementation of steps of: (a) Drawing a pair formed by a first internal state (s.sub.1.sup.i) and a white-box implementation (WB.sub.i) of a modular arithmetic operation, from among a set of predetermined pairs ({(s.sub.1.sup.i,WB.sub.i)}.sub.i[0,n-1]) each for one nonce (k.sub.i), said first internal state (s.sub.1.sup.i) being a function of the nonce (k.sub.i) and said modular arithmetic operation being a function of the first internal state (s.sub.1.sup.i), of the nonce (k.sub.i) and of the secret key (x); (b) Determining a second internal state (s.sub.2.sup.i) by application of said drawn white-box implementation (WB.sub.i) to a condensate of the document obtained via a given hash function; (c) Generating an electronic signature of the document from the first internal state (s.sub.1.sup.i) of the drawn pair and from the second determined internal state (s.sub.2.sup.i), and deleting the drawn pair of said set of pairs ({(s.sub.1.sup.i,WB.sub.i)}.sub.i[0,n-1]).

According to an embodiment, a data transfer control device includes a controller, and the controller generates tag information when the controller receives a tag generation request, and encrypts the tag information, transmits the encrypted tag information to a device that transmits the tag generation request, processes data stored at a predetermined address to generate data for transmission when an address at which the data related to the data transfer request is stored includes the predetermined address, scrambles or encrypts the data for transmission using the tag information, and transmits the scrambled or encrypted data to the device.

An inner-product functional encryption scheme in which the maximum length of a ciphertext and the maximum length of a secret key are not restricted can be constructed. An encryption device (20) generates a ciphertext ct.sub.x in which a vector x is encrypted, using encryption setting information that is of a size depending on the size of the vector x and is generated using as input public information of a fixed size. A key generation device (30) generates a secret key sk.sub.y in which a vector y is set, using key setting information that is of a size depending on the size of the vector y and is generated using as input the public information. A decryption device (40) decrypts the ciphertext ct.sub.x with the secret key sk.sub.y to calculate an inner-product value of the vector x and the vector y.

Encryption of an image is achieved through application of a homomorphic encryption function to produce cipher images for each image. Encryption is performed individually on sub-values of a pixel's intensity value, wherein the pixel's intensity value can be described as a sum of the smaller numerical sub-values. The encrypted values for each sub-value form encrypted images that can be transferred or stored on insecure media. Separate encryption approaches can be applied to individual sets of the numerical sub-values to improve security.

This disclosure relates generally to a method and system for biometric verification. Conventional biometric verification method and system performs one or more computations in non-encrypted domain, thereby leading to security threats. The disclosed method includes performing computations such as enrollment and verification feature vector computation, dimensionality reduction of said feature vectors, and comparison of dimensionally reduced encrypted feature vectors to obtain matching scores indicating the extent of match therebetween between in encrypted domain using fully homomorphic encryption, thereby leading to secure biometric verification.

Systems and methods for performing modular inversion operations in a manner protected from external monitoring attacks. An example method comprises: determining, by a processor, a first masked value based on a public cryptographic key and a first random integer value; determining a second masked value based on the public cryptographic key and a second random integer value, and determining, based on the first masked value and the second masked value, a private cryptographic key represented by a modular inversion of the public cryptographic key.

A process receives a specification of a finite-state machine and an encrypted language element of a language over an input alphabet for the finite-state machine. The received encrypted language element is encrypted with a selected public key of a plurality of public keys. The process decrypts the encrypted language element using each private key of a plurality of private keys corresponding to the public keys. The decrypting provides a plurality of decrypted language elements and the process applies each decrypted language element to the finite-state machine. The process identifies a decrypted language element that that is accepted by the finite-state machine. The process identifies a private key, of the private keys, used in the decrypting that provided the decrypted language element identified as being accepted by the finite-state machine. The process receives from the message sender an encrypted message, and uses the identified private key in decrypting the encrypted message.

According to an example aspect of the present invention, there is provided an apparatus comprising a random access memory device, at least one processing core coupled via a first interface with the random access memory device, and a secure hardware element, comprising hash function circuitry, and coupled directly via a second interface with the random access memory device, the secure hardware element configured to obtain as input data from a memory space of the random access memory device, to produce as output a hash value of the input, and to cryptographically sign the hash value using a physically unclonable function value of the apparatus.

The computer-implemented method for generating a public key and a secret key of the present disclosure comprises determining, by a processor, the secret key (s) by sampling from a distribution over {1, 0, 1}.sup.nd; determining, by a processor, a first error vector (e) by sampling from (D.sub.q.sup.n).sup.d and a second error value (e) by sampling from D.sub.q.sup.n; choosing, by a processor, a randomly uniform matrix A which satisfies A.Math.s=e (mod q); choosing, by a processor, a random column vector b which satisfies

[00001]$b,s=.Math.\frac{q}{2}.Math.+e^{}\left(\mathrm{mod}.Math..Math.q\right);$

and determining, by a processor, the public key (pk) by (Ab)R.sub.q.sup.d(d+1).

Techniques are provided for validating sensor data using a blockchain. An exemplary method comprises: obtaining sensor data from a sensor; retrieving a transaction identifier from a blockchain; saving one or more public properties of the sensor and the transaction identifier in an output metadata stream; calculating a signature of the obtained sensor data, the one or more public properties of the sensor and the transaction identifier; saving the signature in the output metadata stream; and storing the signature encrypted with a private key of the sensor as a transaction in the blockchain. An exemplary validation of sensor data comprises decrypting the encrypted signature from the blockchain using a public key of the sensor and comparing the decrypted signature with a signature of the sensor data obtained from the output metadata stream.