A primary platform (PP) can (i) support a first set of cryptographic parameters and (ii) securely download an unconfigured secondary platform bundle (SPB) that includes a configuration package (SPB CP). The SPB CP can establish a secure session with a configuration server (CS). The CS can select operating cryptographic parameters supported by the first set. The SPB CP can derive an SPB private and public key. The PP can use the selected operating cryptographic parameters to securely authenticate and sign the SPB public key. The CS can (i) verify the PP signature for the SPB public key and (ii) generate an SPB identity and certificate for the SPB and (iii) send the certificate and SPB configuration data to the SPB CP. The SPB CP can complete configuration of the SPB using the SPB identity, certificate, and configuration data. The configured SPB can authenticate with a network using the certificate.

A computer enabled system for facilitating electronic micropayments in which an accounting application receives a vendor submission a remote vendor server via a public communications network. This includes identifiers for the vendor, the customer and an item selected by the customer. The accounting application then checks the status of the customer's account. If it has sufficient funds, the transaction proceeds. The customer account is conditionally debited, and the vendor account conditionally credited with the transaction amount, including fees. A transaction confirmation is sent to the vendor application which then confers usage rights for the item to the customer. The accounting application periodically reconciles the vendor and customer accounts, deducts any service fees, and makes a single payment to each vendor. This single payment only incurs a single per-transaction credit-card company fee, thereby spreading it across multiple purchases and clients, making micro-transactions profitable.

A request is received for specific information that can be determined using data in a database on a first computer system. Either at least some of the data is encrypted or the request is encrypted. The first computer system does not have a decryption key to decrypt the encrypted data or request. The first computer system performs compressible HE operations on the data to determine compressed ciphertext(s) that correspond to the specific information. The operations include using a first uncompressed HE scheme and a second compressed HE scheme. The first HE scheme is used on the data to create other multiple ciphertexts and the second HE scheme is used on the other multiple ciphertexts to pack the other multiple ciphertexts into fewer ciphertexts that are compressed. Both the HE schemes use a same secret key. The first computer system sends a response including compressed ciphertext(s) corresponding to the specific information.

In a general aspect, pseudorandom integers are generated for use in a cryptographic protocol. In some aspects, a first plurality of digits are obtained and converted to a second plurality of digits. The first plurality of digits (e.g., bits) represent an integer in a first number system (e.g., binary), and the second plurality of digits (e.g., trits) represent the integer in a second number system (e.g., trinary). A plurality of integers in the first number system are generated based on the second plurality of digits, and an array of integers is produced. Each integer in the array is less than a modulus, and the array includes the plurality of integers. The array of integers can be used in a lattice-based cryptographic protocol.

A method is described for checking a Generalized Discrete Fourier Transform (GDFT) operation on a secured domain, the method comprising (i) calculating a first checksum based on an input, (ii) determining a result of an GDFT-based operation based on the input, (iii) calculating a second checksum based on the result, (iv) comparing the first checksum and the second checksum and (v) proceeding if the first checksum correspond to the second checksum and otherwise triggering a predefined action if the first checksum does not correspond to the second checksum. Also, an according security device is provided.

An approach is provided for providing secure signing and utilization of distributed computations. A distributed computation authentication platform causes, at least in part, a signing of one or more computation closures of at least one functional flow. The distributed computation authentication platform also processes and/or facilitates a processing of the one or more signed computation closures to cause, at least in part, a transfer of the one or more signed computation closures among one or more levels, one or more nodes, or a combination thereof, wherein an execution of the one or more signed computation closures at the one or more levels, the one or more nodes, or a combination thereof is based, at least in part, on an authentication of the signed one or more computation closure.

There is provided an information processing device including: a communication unit configured to receive a first hash value calculated using a first sharing key from a terminal; and a dividing unit configured to determine a division unit of a word used for document search on the basis of matching between an encryption dictionary and a second hash value that is calculated by performing a homomorphic hash operation on the first hash value using a second sharing key corresponding to the first sharing key, in which the communication unit transmits, to the terminal, encrypted information related to the division unit determined by the dividing unit.

A hybrid encryption scheme links a first public key encryption (PKE) scheme with a second PKE scheme through a true random or pseudo-random element, which is used by a sender to encapsulate a symmetrically encrypted message and its associated symmetric key to generate a pair of ciphertexts for transmission to a recipient. The recipient decrypts and decapsulates the ciphertexts, retrieves the random element, and may conduct one or more verification steps to ensure that the ciphertexts were well-formed, and to detect any re-encryption or encapsulation attacks. To encrypt a message, the message and initial random value are encrypted with a symmetric key to provide an intermediate ciphertext. The symmetric key and the encrypted message-value are each encapsulated by distinct algorithms using distinct values derived from the initial random value, such as different hashes, and public keys to provide first and second ciphertexts.

A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.

Systems and methods described herein relate to techniques that allow for multiple parties to jointly generate or jointly agree upon the parameters for generation of a smart contract, such as a verification key. Execution of the smart contract may be performed by a third party, for example, a worker node on a blockchain network. Techniques described herein may be utilised as part of a protocol in which parties of a smart contract share powers of a secret in a manner that allows each party to determine an identical common reference string, agree on parameters for a smart contract, agree and/or make proportionate contributions the smart contract, and combinations thereof. The smart contract may be published to a blockchain network (e.g., Bitcoin Cash). The protocol may be a zero-knowledge protocol.