An encoder including a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to generate a k-bit key, where k is a positive integer, estimate an upper bound of a number of eavesdropped links, encode each bit of the k-bit key using a random matrix of a selected rank, and transmit the encoded k-bit key through a network that performs linear operations on packets.

The present invention discloses an INS network-based anti-fault attack method of random infection, comprising the steps of sending the plain-text into an encryption processor, wherein two groups of cipher text are outputted through temporal or spatial redundancy; conducting XOR operation) on the two groups of said cipher text output to obtain the output difference; sending the said output difference into an infection function module to initiate an infection operation to obtain the infection result; conducting XOR operation on any of said groups of cipher text output to generate the final output. The present invention can realize the randomization of infection function in infection countermeasures, reduce the successful probability of fault attack and improve the safety of the circuit.

According to an embodiment, a quantum communication device is adapted to correct first sift key data acquired by performing sift processing with respect to a quantum bit string received from a transmission device via a quantum communication path. The quantum communication device includes a determination unit and a correction unit. The determination unit determines setting information of error correction on the first sift key data from an estimated error rate of the first sift key data and a margin of the estimated error rate. The correction unit generates corrected key data by performing the error correction with the setting information.

The present disclosure relates to error correction coding based on generalized concatenated codes with restricted error values for code-based cryptography. The error correction encoding comprises encoding the information according to a McEliece cryptosystem or according to a Niederreiter cryptosystem, in each case using an error vector containing at most t E N non-zero error values; and a combination of: a permutation operation, a scrambling operation; and a coding operation involving a p-ary generalized concatenated code, GCC, having an error correction capability t up to which it can correct all possible error patterns. The GCC comprises multiple outer codes A(1) with different dimensions n1 and 1=0, . . . , N, and an inner code B, the inner code B being one of an error correction code over Gaussian integers, an error correction code over Eisenstein integers, or a binary BCH error correction code, wherein q is a natural number with q>2 in the case of an error correction code over Gaussian integers or Eisenstein integers and with q=2 in the case of a binary BCH error correction code. A corresponding decoding method comprises applying erase decoding such that all decoding errors, if any, are recognized during the decoding of the GCC.

In a system for physical-layer security, a sender may encode a message word using a secrecy-code encoding, an error-propagation encoding, and an error-correction encoding, and transmit the encoded message word on a data transmission medium. An intended recipient may receive a word having errors from the noise on the intended recipient's channel, and may decode the received word using an error-correction decoder, an error-propagation decoder, and a secrecy-code decoder. If an eavesdropper's channel is noisier than the intended recipient's channel, the system may be tuned to correct all errors on the intended recipient's channel, but leave, on the eavesdropper's channel, errors that will be propagated and amplified into noise. In an alternate embodiment, a sender and an intended recipient may share a secret key and may use the shared secret key, or values generated by the shared secret key, to populate frozen bits in a polar coding scheme.channel.

A method of sharing a secret value is disclosed. The method comprises distributing respective first shares of a first secret value, known to a first participant (P.sub.i), to a plurality of second participants (P.sub.j≠i), wherein said first shares are encrypted by means of at least one private-public key pair comprising a private key and a public key being an elliptic curve generator point multiplied by the private key and wherein a first threshold number of first shares is required in order to enable a second participant to determine the first secret value. At least one second share of a respective second secret value is received from each of a plurality of second participants, wherein the second shares are encrypted by means of at least one private-public key pair comprising a private key and a public key being an elliptic curve generator point multiplied by the private key, and a second threshold number of second shares is required in order to enable a participant other than that second participant to determine the second secret value. A third share of a third secret value is formed from a plurality of second shares, wherein a third threshold number of third shares is required in order to enable the third secret value to be determined.

Utilizing error correction (ECC) for secure secret sharing includes computing an encrypted key using a key and a number of random values, computing, based on a first ECC scheme, a key ECC for the encrypted key and the random values, and storing a number of key fragments on a number of storage servers, the number of key fragments includes the encrypted key, the random values, and the key ECC.

The present invention relates to a method of transmitting a message comprising an integrity check and a header, between two processing units via a shared memory, comprising steps of: —generation (501), by a first processing unit, of a first pseudorandom binary string; —encryption (502) of the message to be transmitted by applying an involutive transformation dependent on the first pseudorandom binary string generated; —transmission and storage (503) of the encrypted message in the shared memory; —generation (504), by the second processing unit, of a second pseudorandom binary string; —decryption of the message stored by applying an involutive transformation dependent on the second pseudorandom binary string, and by decrypting the header (505) of said message, by verifying the decrypted header (505), and as a function of the result of the verification, by decrypting the complete message (506); —verification (507) of the integrity of the decrypted message on the basis of its integrity check.

A system, method and computer-readable storage medium for decrypting a code c using a modified Extended Euclidean Algorithm (EEA) having an iteration loop independent of the Hamming weight of inputs to the EEA and performing a fixed number of operations regardless of the inputs to the EEA thereby protecting a cryptographic device performing the decryption from side-channel attacks.

A device and a network can authenticate using a subscription concealed identifier (SUCI). The device can store (i) a plaintext subscription permanent identifier (SUPI) for the device, (ii) a network static public key, and (iii) a key encapsulation mechanism (KEM) for encryption using the network static public key. The network can store (i) a device database with the SUPI, (ii) a network static private key, and (iii) the KEM for decryption using the network static private key. The device can (i) combine a random number with the SUPI as input into the KEM to generate a ciphertext as the SUCI, and (ii) transmit the ciphertext/SUCI to the network. The network can (i) decrypt the ciphertext using the KEM to read the SUPI, (iii) select a key K from the device database using the SUPI, and (iv) conduct an Authentication and Key Agreement (AKA) with the selected key K.