A primary platform (PP) can (i) support a first set of cryptographic parameters and (ii) securely download an unconfigured secondary platform bundle (SPB) that includes a configuration package (SPB CP). The SPB CP can establish a secure session with a configuration server (CS). The CS can select operating cryptographic parameters supported by the first set. The SPB CP can derive an SPB private and public key. The PP can use the selected operating cryptographic parameters to securely authenticate and sign the SPB public key. The CS can (i) verify the PP signature for the SPB public key and (ii) generate an SPB identity and certificate for the SPB and (iii) send the certificate and SPB configuration data to the SPB CP. The SPB CP can complete configuration of the SPB using the SPB identity, certificate, and configuration data. The configured SPB can authenticate with a network using the certificate.

Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data, a set of data attributes about the data, and a risk profile data structure indicative of a vulnerability of the data in a PQC data environment. The example method further includes retrieving PQC cryptographic performance information associated with a set of PQC cryptographic techniques. The PQC cryptographic performance information may comprise a set of PQC cryptographic performance attributes for each PQC cryptographic technique in the set of PQC cryptographic techniques. The example method further includes selecting a PQC encryption algorithm for encrypting the data based on the set of data attributes, the risk profile data structure, the PQC cryptographic performance information, and a PQC optimization machine learning model. Subsequently, the example method includes encrypting the data based on the selected PQC encryption algorithm.

Systems, methods and devices for validating and performing operations on homomorphically encrypted data are described herein. The methods include securely transmitting and extracting information from encrypted data without fully decrypting the data. A data request may include an encrypted portion including a set of confidential data. One or more sets of encrypted comparison data may be then retrieved from a database in response to the data request. The encrypted set of confidential data from the data request is then compared with each set of encrypted comparison data using one or more homomorphic operations to determine which set of encrypted comparison data matches the encrypted set of confidential data. If there is a match, this validates the set of confidential data. An encrypted indicator is then generated indicating success or failure in validating the set of confidential data, which may then be forwarded to a party associated with the data request.

A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.

Disclosed is a method and apparatus for modulus refresh, where the method for modulus refresh of a ciphertext in homomorphic encryption includes receiving a first ciphertext corresponding to a first modulus, generating a second ciphertext by performing a blind rotation on the first ciphertext, and generating a target ciphertext corresponding to a second modulus greater than the first modulus based on the first ciphertext and the second ciphertext.

In Round1, each terminal device transmits a key encryption key which conforms to post-quantum cryptography to a neighboring terminal device; in Round2, each terminal device generates a key capsule of a key-shared-between-two-parties using the received key encryption key and returns the key capsule to a terminal device which is a source of the key encryption key; in Round3, each terminal device generates information based on the key-shared-between-two-parties and transmits the information to a key distribution management device and the key distribution management device distributes information, which is obtained based on these pieces of information, to the terminal devices. Each terminal device calculates a shared key based on the distributed information.

The disclosure proposes a novel method for generating public polynomials. The method simplifies key exchange processes, reduces the time required for key exchange and reduces the bandwidth required for data transmission from a server to a client. Secondly, the method keeps the calculation processes at both sides synchronized through a novel data exchange solution, particularly through handshaking signals, to ensure that the server and the client are always in the same key exchange process. In addition, the method further reduces a transmission bandwidth by sending information of the client twice. A state synchronization mechanism of the client and the server is proposed in the disclosure to ensure that Trivium modules at both sides are in the same state at the beginning of each key exchange, thereby avoiding reinitializing the modules and improving the operation efficiency of the whole system.

A secret sharing scheme in which a trust structure of the parties receiving a share of the secret is encoded in the shares. In this regard, an access structure defining an authorized set of participants may be based, at least in part, on the encoded trust structures. The secret sharing scheme includes a secret generator that generates the shares distributed to the parties. In turn, an authorized set of participants as defined by the access structure may provide shares to a dealer for reconstruction of the secret. However, if the participants requesting secret reconstruction are not an authorized set of participants, the secret reconstruction fails. In this regard, secret sharing with asymmetrical trust structures may be provided in which the trust structures are not known by other parties in the scheme.

Disclosed are an apparatus and method with homomorphic encryption using automorphism. A computing apparatus includes one or more processors and a memory storing instructions configured to cause the one or more processors to, for a blind rotation key for performing a blind rotation operation and an operand ciphertext of the blind rotation operation: generate a preprocessed ciphertext by performing preprocessing on the operand ciphertext based on automorphism, and generate an operation result of the homomorphic encryption by performing the blind rotation operation for the operand ciphertext on a vector component of the preprocessed ciphertext and a vector component of the blind rotation key.

The technical idea of the present invention relates to a method for forming a virtual private network based on post-quantum cryptography and a virtual private network operating system performing the same. The method for forming a virtual private network performing by a first device to form a virtual private network with a second device according to an embodiment of the present invention comprises the steps of: requesting a handshake for forming the virtual private network; receiving a signature and a public key; authenticating the second device by using the signature; generating a symmetric key by using the public key; and performing virtual private network communication by using the symmetric key, wherein the public key is generated by using at least one key vector corresponding to a grid.