Processing within a computing environment is facilitated by generating a hybrid security certificate using multiple cryptosystems. The generating includes obtaining data for inclusion in the hybrid security certificate, and generating a first digital signature associated with a first cryptosystem to cover the data, and a second digital signature associated with a second cryptosystem to cover the data. The generating further includes providing the hybrid security certificate, where the hybrid security certificate includes the data, the first digital signature associated with the first cryptosystem, and the second digital signature associated with the second cryptosystem, and where the first digital signature has no dependency on a key of the second cryptosystem or the second digital signature, and the second digital signature has no dependency on a key of the first cryptosystem or the first digital signature.

A cryptographic data processing method, implemented in an electronic device including a processor, the method including steps of providing a point of an elliptic curve in a Galois field, and a whole number, and of calculating a scalar product of the point by the number, the coordinates of the point and the number having a size greater than the size of words that may be processed directly by the processor, the scalar multiplication of the point by the number including steps of: storing scalar multiples of the point multiplied-by the number 2 raised to a power belonging to a series of whole numbers, setting a resulting point for each non-zero bit of the first number, adding the resulting point and one of the stored multiple points, and providing at the output of the processor the resulting point as result of the scalar product.

A method of storing data allowing a seed value for generating an encryption key to be retrieved is provided. The method comprises obtaining, for each of a plurality of biological data sources, a respective set of biometric data from an authorised user. A respective biometric identifier is generated from each set of biometric data. The biometric identifiers are stored in a database. A plurality of seed portions are generated that are combinable using a function to generate the seed value. Each seed portion is stored in the database in association with a biometric identifier.

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≦48.

Systems and methods for producing shared secret data are generally described. A first device may receive a public key from a second device. The public key may be based on a first secret element. The first device may generate a first ephemeral private key based on a second secret element, and may generate a second ephemeral private key based on a third secret element. The first device may generate a first element based on the public key and the first ephemeral private key, and may generate a second element based on the public key and the second ephemeral private key. The second element may relate to the shared secret data. The first device may generate a session public key based on the first element, the second secret element, and the third secret element. The shared secret data may be derivable, by the second device, from the session public key.

A system and method performs a moving target blind rendezvous by exchanging data through a distributed hash table. The system allows users to securely send small pieces of information over a network while only requiring an exchange of public keys ahead of time. The system relies on the size and resilience of the BitTorrent Distributed Hash Table and the security properties of cryptographic constructions such as Elliptic Curve Diffie-Hellman key exchange and secure one-way hash functions.

A computer system module(s) substitutes a double scalar multiplication, used for signature verification in an encryption/decryption system, for two single scalar multiplications. The modules verify a group equation defined by [S]B=R+[k]A′ of the encryption/decryption system, where S is an integer characterized by the signature, K is an integer generated by a message being encrypted, B is a base point on the elliptic curve, R is a point on the elliptic curve and characterized by the signature, and A′ is a public key. The modules optionally rearrange the group equation to [S]B+[−k]A′=R, and convert it to [S]B+[n−k]A′=R, where n is the order of the base point. The modules determine a joint sparse form for the integers S and n−k and apply the Shamir's algorithm to the joint sparse form to verify the group equation.

A method of exchanging a combined cryptographic key between a first node and a second node,

the first node and the second node being connected through a first communication and a second communication network, wherein the first communication network is a quantum communication network wherein information is encoded on weak light pulses; and

the first node and the second node being configured to:

exchange one or more first cryptographic keys on the first communication network;

exchange one or more second cryptographic keys using the second communication network; and

form the combined cryptographic key by combining the one or more first cryptographic keys and the one or more second cryptographic keys, such that the first node and the second node share knowledge of the combined cryptographic key.

Digital files are compressed using a process including Schmidt decompositions of matrices using an algorithm, termed ‘BSD’ herein, which is based on an algebraic method generalizing QR decomposition. Software analyzes an input file and initially identifies a matrix M, with entries within a predefined set of integers, within the file. Next, essential entries are defined, extracted from M, that contain sufficient information to recover Musing BSD. The compressed file includes the essential entries and their positions within M. To achieve an encryption process, software encrypts the pattern matrix that includes the positions of the essential entries of M. To achieve a lossy compression, software identifies essential entries that contain sufficient information to recover an approximation to M for which the quality is determined by an error threshold. For a more efficient lossy compression, software uses singular value decomposition, BSD, and other signal processing of M.

An apparatus includes a processor and a memory operatively coupled to the processor and associated with an instance of a distributed database at a first compute device. The processor is configured to select an anonymous communication path. Each blinded public key from a sequence of blinded public keys associated with the anonymous communication path is associated with a pseudonym of a compute device from a set of compute devices that implement the anonymous communication path. The processor is configured to generate an encrypted message encrypted with a first blinded public key. The processor is configured to generate an encrypted data packet including the encrypted message and a compute device identifier associated with a second compute device. The encrypted data packet is encrypted with a second blinded public key. The processor is configured to send the encrypted data packet to a third compute device.