A photonic processor uses light signals and a residue number system (RNS) to perform calculations. The processor sums two or more values by shifting the phase of a light signal with phase shifters and reading out the summed phase with a coherent detector. Because phase winds back every 2π radians, the photonic processor performs addition modulo 2π. A photonic processor may use the summation of phases to perform dot products and correct erroneous residues. A photonic processor may use the RNS in combination with a positional number system (PNS) to extend the numerical range of the photonic processor, which may be used to accelerate homomorphic encryption (HE)-based deep learning.

A computer-implemented method is for providing processed data. In an embodiment, the method includes receiving, by a first encryption entity, first plaintext data including a matrix of numbers; determining, by the first encryption entity, an encryption key including an integer matrix; homomorphically encrypting, by the first encryption entity, the first plaintext data based on a matrix multiplication of the first plaintext data and the encryption key, to generate first encrypted data; sending, by the first encryption entity, the first encrypted data to a processing entity; receiving, by a decryption entity, encrypted processed data from the processing entity, the encrypted processed data being based on the first encrypted data; decrypting, by the decryption entity, the encrypted processed data based on a matrix multiplication of the processed data and an inverse of the encryption key, to generate processed data; and providing, by the decryption entity, the processed data.

Disclosed are a method for verifying a convolutional neural network model and a device thereof. The method for verifying the convolutional neural network model includes (a) generating a polynomial circuit equation for a first configuration of a plurality of configurations configuring the convolutional neural network model; (b) generating a first commitment value and a first proof value by applying a zero-knowledge proof scheme based on the polynomial circuit equation; (c) generating an arithmetic circuit equation for a second configuration of the plurality of configurations; (d) generating a second commitment value and a second proof value by applying a zero-knowledge proof scheme based on the arithmetic circuit equation; and (e) generating a connection proof value connecting the first commitment value and the second commitment value.

A network node (110) is provided configured for a cryptographic protocol based on a shared matrix. The network node is arranged to construct the shared matrix (A) in accordance with the selection data and a shared sequence of values. Multiple entries of the shared matrix are assigned to multiple values of the sequence of data as assigned by the selection data. The shared matrix is applied in the cryptographic protocol.

Some embodiments relate to an electronic network node (110) configured for a cryptographic operation. The network node obtains a shared matrix (A) by selecting integers, polynomials, and/or polynomial-coefficients from a shared pool, the shared pool being shared with the second network node, wherein the selecting is done according to one or more selection functions.

Methods are described for constructing a secret key by multiple participants from multiple ciphertexts such that any quorum combination of participants can decrypt their respective ciphertexts and so generate a fixed number of key fragments that can be combined by a recipient to generate the secret key. Worked examples are described showing how the encryption keys for the ciphertexts may be key wrapped using a key encapsulation mechanism for which ciphers that are resistant to attack by a quantum computer may be used. In these cases, a post-quantum quorum system is realised. Methods are described by which the quorum key fragment ciphertexts may be updated so that the original key fragments become invalid without necessitating any change to the secret key.

An apparatus comprising at least one processing core (310), at least one memory (320) including computer program code, the at least one memory (320) and the computer program code being configured to, with the at least one processing core (310), cause the apparatus at least to generate a set of three permutation matrices {P, Q and R}(510), apply the set of permutation matrices on a data matrix V and matrices W.sup.1 and H.sup.1, wherein matrices W.sup.1 and H.sup.1 comprise only non-negative elements, such that: elements aa, bb and cc, and provide matrices dd, ee and ff to a server for processing (530).

Methods and apparatus for code-based asymmetric cryptosystem using Quasi-Cyclic Moderate-Density Parity-Check (QC-MDPC) error correcting codes. Specifically, the method and apparatus generalizes the framework of (QC-MDPC) Code-Based (CB) cryptography from the binary domain (Galois Field of two elements) to an arbitrary size of Galois Field and provides an apparatus for implementing the cryptosystem with a simplified computational complexity of key generation, encryption, and decryption components of the cryptosystems and reduced sizes of the public and private security keys.

A homomorphic encryption device includes: a recryption parameter generating circuit, a recryption circuit, and an arithmetic circuit. The recryption parameter generating circuit is configured to generate a recryption parameter including a plurality of recryption levels respectively for a plurality of ciphertexts based on an arithmetic scenario including information about an arithmetic schedule between the plurality of ciphertexts. The recryption circuit is configured to generate a plurality of recrypted ciphertexts by recrypting each of the plurality of ciphertexts to a corresponding recryption level based on the recryption parameter. The arithmetic circuit is configured to output an arithmetic result by performing operations by using the plurality of recrypted ciphertexts, according to the arithmetic scenario.

A method is provided for multiplying two polynomials. In the method, first and second polynomials are evaluated at 2t inputs, where t is greater than or equal to one, and where each input is a fixed power of two multiplied with a different power of a primitive root of unity, thereby creating 2 times 2t integers, where is an integer such that is at least as large as the largest coefficient of the resulting product multiplying the first and second polynomials. The 2 times 2t integers are then multiplied pairwise, and a modular reduction is performed to get 2t integers. A linear combination of the 2t integers multiplied with primitive roots of unity is computed to get 2t integers whose limbs in the base -bit representation correspond to coefficients of the product of the first and second polynomials. The method can be implemented on a processor designed for performing RSA and/or ECC type cryptographic operations.