This invention pertains to secure communications between multiple parties and/or secure computation or data transmission between multiple computers or multiple vehicles. This invention provides a secure method for three or more parties to establish one or more shared secrets between all parties. In some embodiments, there are less than 40 parties and in other embodiments there are more than 1 million parties that establish a shared secret. In some embodiments, establishing a shared secret among multiple parties provides a method for a secure conference call. In some embodiments, a shared secret is established with multiple computer nodes across the whole earth to help provide a secure Internet infrastructure that can reliably and securely route Internet traffic. In some embodiments, a shared secret is established so that self-driving vehicles may securely communicate and securely coordinate their motion to avoid collisions. In some embodiments, a shared secret is established with multiple computer nodes that participate as a network, performing blockchain computations.

A network and a device can support a secure session with both (i) multiple post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) and (ii) forward secrecy. The network can operate (i) a first server for conducting KEM with the device and (ii) a second server for generating a digital signature which can be verified by the device with a server certificate. The first server can receive a device ephemeral public key (ePK.device) and generate (i) a server ephemeral public key (ePK.server) and private key. The first server can send, to the second server, data comprising ciphertext for the ePK.device, ePK.server and the server certificate. The second server can (i) generate the digital signature over the data, and (ii) send the digital signature to the first server. The first server can conduct a KEM with ePK.device and the ciphertext in order to encrypt at least ePK.server and the digital signature.

A key acquisition unit (411) acquires a decryption key sk.sub.i in a pair of a conversion source and a public key pk.sub.j in a pair of a conversion target, out of a plurality of pairs of a decryption key and a public key. A conversion key generation unit (412) encrypts the decryption key sk.sub.i acquired by the key acquisition unit (411) with the public key pk.sub.j, so as to generate a conversion key rk.sub.i.fwdarw.j for converting a ciphertext encrypted with a public key pk.sub.i in the pair of the conversion source into a converted ciphertext that can be decrypted with a decryption key sk.sub.j in the pair of the conversion target. An output unit (413) outputs the conversion key rk.sub.i.fwdarw.j generated by the conversion key generation unit (412).

This is a system and method for homomorphic encryption comprising: a key generation module configured to generate a secret key, a public key and a bootstrapping key; a private-key encryption module configured to generate a first ciphertext using the secret key; a public-key encryption module configured to generate a second cyphertext using the public key; a private-key decoding module configured to decode a first ciphertext, a second ciphertext and an encrypted analytic result; a homomorphic computational module configured to perform an analytical operation, according to an analytical operation request on the first ciphertext and the second ciphertext without decrypting the first ciphertext and the second ciphertext using the bootstrapping key; and, wherein the encrypted analytical result is provided by the homomorphic computational module and are encrypted with the secret key.

A system and method for encryption of data. The system and method utilizes a cryptographic function that provides asymmetric encryption/decryption and digital signing capabilities that are hardened against cyber attack from quantum computers.

Efficient polynomial multiplication for Accelerated Fully Homomorphic Encryption (FHE). An efficient method for large integer and polynomial multiplication in a ring using negacyclic convolution and discrete Galois transform with arbitrary primes is described. The method is adapted to work with arbitrary primes that support Gaussian arithmetic. Dealing with non-Gaussian primes gives rise to another problem of how to find primitive roots of unity and of (i). An efficient solution to find those roots of interest is provided.

A system for providing a residential IP network includes a plurality of transceiver circuitries, each associated with a building, for transmitting signals to/from the associated building. An optical network unit transmits and receives signals at a first frequency with an optical network. A remote unit integrated with the optical network unit converts the received signals at the first frequency into a first format that overcome losses caused by penetrating into the interior of the building over a wireless communications link and transmits the signals in the first format using beam forming and beam steering to provide the wireless signals to at least one of the plurality of transceiver circuitries. Each of the plurality of transceiver circuitries further includes first circuitry, located on an exterior of the building, for transmitting and receiving the signals in the first format. A first antenna associated with the first circuitry for transmits the signals in the first format into the interior of the building via a wireless communications link and receives signals from the interior of the building in the first format via the wireless communications link. Second circuitry, located on the interior of the building and communicatively linked with the first circuitry via the wireless communications link, receives and transmits the converted received signals in the first format that counteracts the losses caused by penetrating into the interior of the building from/to the first circuitry. A second antenna associated with the second circuitry transmits the signals in the first format to the exterior of the building via the wireless communications link and receives signals from the exterior of the building in the first format via the wireless communications link.

A layered secret sharing scheme in which a trust set of each of the parties receiving a share of the secret is received and used to generate an authorized set and an adversary set for reconstruction of a secret. In this regard, an access structure defining an authorized subset of participants may be based, at least in part, on the encoded trust subsets of the shares. The secret sharing scheme includes a secret generator that generates the shares distributed to the parties. In turn, an authorized subset of participants as defined by the access structure may provide shares to a dealer for reconstruction of the secret. However, if the participants requesting secret reconstruction are not an authorized subset of participants or if participants define an adversary subset, the secret reconstruction fails. In this regard, even if an authorized subset is present, if an adversary subset is present, the reconstruction may be “killed.”

The invention relates to method for a node of a blockchain network, the computer-implemented method comprising receiving or generating, at a node, data for distribution in the blockchain network, said node having a plurality of interfaces, said data corresponding to an object such as a transaction or a block. The transaction can be a Bitcoin transaction for recordal in a blockchain. The method determines a correlation matrix having correlation coefficients representing the correlation between data processed at each interface of said node. From the correlation matrix a correlation index for each interface is determined. A threshold or indicator is calculated and data or objects such as Bitcoin transactions are relayed from nodes via interfaces according to a set of correlation coefficients of interface receiving the data. An indicator or threshold can derived from the correlation matrix and data is relayed if the correlation between the receiving interface and the other interface is lower than the indicator. The invention also resides in a corresponding computer readable storage medium, electronic device, node of a blockchain network, super-node of a blockchain network or blockchain network.

Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PKI keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PKI keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PKI keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.