Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.

The present disclosure provides a cryptographic processor device capable of performing the post-quantum cryptographic encryption with in a high speed with low power, allowing a change of encryption parameters, and handling various cryptographic protocols. The cryptographic processor device executing polynomial vector operations required for a post-quantum cryptography includes: a polynomial memory bank configured to store a plurality of polynomial vectors; and an arithmetic and logic operator configured to perform operation on the polynomial vectors. The arithmetic and logic operator includes a transform operation circuit configured to multiply two polynomial vectors read out from the polynomial memory bank by using a predetermined transform operation including a plurality of operation stages, and including a combined operation unit configured to consecutively perform a first stage operation and a second stage operation among the plurality of operation stages without storing a result of the first operation stage in a memory.

Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PKI keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PKI keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PKI keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.

Techniques are presented for removing a connection to a peer node determined to be malicious based on transactions received from the peer node.

A method of operating a homomorphic ciphertext is disclosed. The method of operating a homomorphic ciphertext includes receiving a non-polynomial operation command with respect to a homomorphic ciphertext, computing an approximate polynomial function corresponding to the non-polynomial operation, performing an operation of the homomorphic ciphertext using the computed polynomial function, and outputting the operated homomorphic ciphertext, wherein the approximate polynomial function is a second approximate polynomial function which is obtained by extending a first approximate polynomial function to have a second range wider than the first range having a preset accuracy with the non-polynomial operation within a first range.

A method includes receiving a first polynomial and a second polynomial, both of order n−1 and forming d polynomial segments from both the first polynomial and the second polynomial such that each polynomial segment is of order (n/d)−1. The polynomial segments of the first polynomial and the d polynomial segments of the second polynomial are used to form segment products. Each segment product is divided into a first polynomial substructure of order n/d and a second polynomial substructure of order (n/d)−1. A first polynomial substructure containing the first n/d coefficients of a product of the first polynomial and the second polynomial is summed with a second polynomial substructure to form a sum substructure. The sum substructure is used multiple times to determine coefficients of a polynomial representing the modulo x.sup.n+1 of the product of the first polynomial and the second polynomial.

The computer-implemented method for generating a public key and a secret key of the present disclosure comprises determining, by a processor, the secret key (s) by sampling from a distribution over {−1, 0, 1}.sup.nd; determining, by a processor, a first error vector (e) by sampling from (D.sub.αq.sup.n).sup.d and a second error value (e′) by sampling from D.sub.αq.sup.n; choosing, by a processor, a randomly uniform matrix A which satisfies A.Math.s=e (mod q); choosing, by a processor, a random column vector b which satisfies $.Math.b,s.Math.=.Math.\frac{q}{2}.Math.+e^{\prime }\left(\mathrm{mod}q\right);$
and determining, by a processor, the public key (pk) by (A∥b)∈R.sub.q.sup.d×(d+1).

Disclosed are apparatuses and methods with crypto processing. Computing devices may be interconnected to each other. Each computing device may be configured to perform polynomial operations based on homomorphic encryption. Memories may be configured to store instructions. Controllers may be configured to transfer instructions from the memories to the computing devices. One or more of the computing devices may each be configured to individually process, in parallel, at least a portion of the polynomial operations based on the homomorphic encryption according to an instruction transferred from a corresponding memory.

A method includes obtaining, from a server, a filter including a set of encrypted identifiers each encrypted with a server key controlled by the server. The method includes obtaining a request that requests determination of whether a query identifier is a member of a set of identifiers corresponding to the set of encrypted identifiers. The method also includes transmitting an encryption request to the server that requests the server to encrypt the query identifier. The method includes receiving, from the server, an encrypted query identifier including the query identifier encrypted by the server key and determining, using the filter, whether the encrypted query identifier is not a member of the set of encrypted identifiers. When the encrypted query identifier is not a member of the set of encrypted identifiers, the method includes reporting that the query identifier is not a member of the set of identifiers.

Techniques of generating a lattice-based verification matrix and signature vector are disclosed. The method enables a generating device to sample a gadget matrix and then generate a reduced gadget matrix. The generating device may then sample a trapdoor matrix and use the trapdoor matrix and the reduced gadget matrix to generate a verification matrix. A sending device may receive the trapdoor matrix and the verification matrix from the generating device, in addition to receiving a message. The sending device may then use the trapdoor matrix and the verification matrix to generate a signature vector for the message. A verification device can receive the verification matrix, the message, and the signature vector. The verification device may use the verification matrix and the signature vector to verify the message.