Disclosed is a hypersphere-based multivariable public key encryption/decryption system, which is composed of an encryption module and a decryption module, wherein the encryption module comprises a processor, and a public key transformation component for transforming plaintext into ciphertext; and the decryption module comprises a processor, a first affine transformation inversion component, a trapdoor component and a second affine transformation inversion component, wherein the trapdoor component comprises a linear equation system construction component and a linear equation system solving component. All components execute corresponding operations, so that a set of data is obtained finally, and the set of data is stored and output as decrypted plaintext; and if the decryption module does not produce data, the processor outputs warning information about a decryption failure to a user. In the system and method of the present invention, the large domain technique is not used. The designed centralizing mapping contains N sets of “centre of sphere” as private keys to realize centralizing hiding. Meanwhile, the running speed is very fast, and only linear equation system solving is required to be conducted in the decryption process.

A method of configuring a network device for key sharing and a method for a first network device to determine a shared key are provided. The method of configuring uses a private modulus (p.sub.1) a public modulus (N), and a bivariate polynomial (f.sub.1) having integer coefficients, the binary representation of the public modulus and the binary representation of the private modulus are the same in at least key length (b) consecutive bits. Local key material for a network device is generated by substituting an identity number into the bivariate polynomial and reducing modulo the private modulus the result of the substitution to obtain a univariate polynomial. Security may be increased by adding (440) one or more obfuscating numbers to coefficients of the univariate polynomial to obtain an obfuscated univariate polynomial. In a use phase, the network device determines a shared cryptographic key, by substituting (530) the identity number of another network device into the univariate polynomial and reducing modulo the public modulus and reducing modulo a key modulus.

Processing within a computing environment is facilitated by generating a hybrid security certificate using multiple cryptosystems. The generating includes obtaining data for inclusion in the hybrid security certificate, and generating a first digital signature associated with a first cryptosystem to cover the data, and a second digital signature associated with a second cryptosystem to cover the data. The generating further includes providing the hybrid security certificate, where the hybrid security certificate includes the data, the first digital signature associated with the first cryptosystem, and the second digital signature associated with the second cryptosystem, and where the first digital signature has no dependency on a key of the second cryptosystem or the second digital signature, and the second digital signature has no dependency on a key of the first cryptosystem or the first digital signature.

A method for signing and subsequently verifying a digital message, including the following steps implemented using at least one processor-based subsystem: selecting parameters including an integer q and a relatively smaller integer p that is coprime with q; generating random polynomial f relating to p and random polynomial g relating to q; producing a public key that includes h, where h is equal to a product that can be derived using g and the inverse of f mod q; producing a private key from which f and g can be derived; storing the private key and publishing the public key; producing a message digest by applying a hash function to the digital message; producing a digital signature using the message digest and the private key; and performing a verification procedure utilizing the digital signature and the public key to determine whether the signature is valid.

A key generation device (100) configured to generate a public key (126) for use in a public key encryption device and a corresponding private key (114) for use in a private key decryption device, the key generation device comprising a private key generator (110) configured for obtaining in electronic form a private random value (112, s), and generating the private key (114), the private key comprising the private random value (112), and a public key generator (120) configured for obtaining in electronic form a public set of bivariate polynomials (122, f.sub.i(,)), computing a public univariate polynomial (124) by summing over univariate polynomials obtained by substituting the private random value (112, s) into the polynomials of the public set (122, f.sub.i(s,)), and generating the public key (126), the public key comprising the public univariate polynomial (124) and the public set (122).

A post-quantum, public key cryptosystem is described which is polynomial based and where the private key polynomial has coefficients from a sub-set of Galois field elements and plain text message polynomials have coefficients from a second sub-set of Galois field elements. The public key polynomial is constructed using the inverse of the private key polynomial and a randomly chosen polynomial having coefficients chosen from a third sub-set of Galois field elements. Cipher texts are constructed using the public key and randomly chosen session key polynomials. Other more complicated embodiments are described. For implementation a small prime base field such as 2, 3 or 5 will usually be used in constructing the prime power Galois field. The system has the advantage of relatively small public key sizes.

Various embodiments include a network manager for managing network keys in a network having a plurality of nodes, the device including: a memory; and a processor configured to: determine N nodes to blacklist, wherein N is an integer; select a polynomial function from a plurality of polynomial functions of degree K and wherein the polynomial functions define plurality of secret network keys; generate K-N random abscissa values, wherein none of the random abscissa values are not found in a list of node abscissa values; calculate K-N polynomial function values for the K-N random abscissa values; calculate N polynomial function values for N node abscissa values associated with the N blacklisted nodes; transmit a message to nodes in the network including an indication of the selected polynomial function, the K-N random abscissa values, the N node abscissa values associated with the N blacklisted nodes, the K-N calculated polynomial function values, and the N calculated polynomial function values.

Techniques of generating a lattice-based verification matrix and signature vector are disclosed. The method enables generating device to sample a gadget matrix and then generate a reduced gadget matrix. The generating device may then sample a trapdoor matrix and use the trapdoor matrix and the reduced gadget matrix to generate a verification matrix. A sending device may receive the trapdoor matrix and the verification matrix from the generating device, in addition to receiving a message. The sending device may then use the trapdoor matrix and the verification matrix to generate a signature vector for the message. A verification device can receive the verification matrix, the message, and the signature vector. The verification device may use the verification matrix and the signature vector to verify the message.

An identity verification program causes a computer that is a user terminal (100) to execute a processing function for identity verification by a zero knowledge proof. The identity verification program acquires Witness that is information that only a user of the user terminal (100) is allowed to know. Such an identity verification program generates a proof for user authentication by zero knowledge proof based on the acquired Witness. The identity verification program transmits a user authentication request based on the generated proof to a cloud server (200).

Some embodiments are directed to a system with a first cryptographic device (10) and second cryptographic device (20). The devices may compute a final seed from a preshared secret known to the devices, and on a pre-seed that exchanged between them. The final seed may be used to derive a common object (a).