A method for executing a cryptographic operation is provided comprising acts comprising: (i) sampling a first polynomial, wherein one or more (e.g., one, some and/or all) coefficients of the first polynomial are determined; (ii) sampling a second polynomial, wherein a selection of k coefficients of the second polynomial is determined; (iii) multiplying the first polynomial with the second polynomial to determine a result; and (iv) using the result of the multiplication in the cryptographic operation. A security device arranged to perform one, some and/or all of the acts is provided.

Systems and methods described herein relate to techniques in which multiple parties each generate and exchange quantities that are based on a shared secret (e.g., powers of the shared secret) without exposing the shared secret. According to a protocol, two or more parties may exchange sets of elliptic curve points generated over polynomials that can be used, by each of the two or more parties, to determine a power of a shared secret. The protocol may be utilised as part of determining parameters for a smart contract that is broadcast to a blockchain network (e.g., Bitcoin). Based on the protocol, an additional party (e.g., a third party different from the two or more parties) may perform a computational task such as execution of the smart contract.

Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter β; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter β; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter β.

An area efficient architecture for lattice based key encapsulation and digital signature generation having a co-processor with a polynomial arithmetic submodule configured to process polynomial arithmetic and generate integer values representing polynomial coefficients, a hash submodule operably configured to perform hash operations and to generate pseudorandom numbers, a polynomial format submodule communicatively coupled to the polynomial arithmetic submodule and the hash submodule and operably configured to encode polynomials and decode polynomials, a memory bank communicatively coupled with and operably configured to receive and store temporary values from the polynomial arithmetic submodule, the hash submodule, the polynomial format submodule, and a data interface, and with a control unit operably configured to manage the data interface at selectively controlled time intervals and to utilize the polynomial arithmetic submodule, the hash submodule, and the polynomial format submodule to perform the plurality of cryptographic algorithms for Dilithium-DSA and for Kyber-KEM with the temporary values.

The invention relates to systems, methods, network devices, and machine-readable media for encrypting and decrypting messages in a decentralized multi-authority attribute-based encryption (MA-ABE) scheme for a non-trivial class of access policies whose security is based in the random oracle model solely on the Learning With Errors (LWE) assumption. In some embodiments, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.

Aspects of associative cryptography key operations are described. In one embodiment, a first cryptographic function is applied to secret data to produce a first encrypted result. The first encrypted result is transmitted by a first device to a second device. The second device applies a second cryptographic function to the first encrypted result to produce a second encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data from others. The two different cryptographic function can be inversed or removed, in any order, to reveal the secret data. Thus, the first device can apply a first inverse cryptographic function to the second encrypted result to produce a first result, and the second device can apply a second inverse cryptographic function to the first result to decrypt the secret data.

Aspects of associative cryptography key operations are described. In one embodiment, a first cryptographic function is applied to secret data to produce a first encrypted result. The first encrypted result is transmitted by a first device to a second device. The second device applies a second cryptographic function to the first encrypted result to produce a second encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data from others. The two different cryptographic function can be inversed or removed, in any order, to reveal the secret data. Thus, the first device can apply a first inverse cryptographic function to the second encrypted result to produce a first result, and the second device can apply a second inverse cryptographic function to the first result to decrypt the secret data.

An accelerator includes polynomial multiplier circuitry including at least one modulus multiplier operating according to a mode. The at least one modulus multiplier include a multiplier to multiply two polynomial coefficients to generate a multiplication result, a power of two reducer to reduce the multiplication result to a reduced multiplication result when the mode is a power of two mode, and a prime modulus reducer to reduce the multiplication result to the reduced multiplication result when the mode is a prime modulus mode.

Disclosed are methods and systems to use p-adic numbers to permit a RSA cryptosystem to send rational numbers or to add randomness to the RSA cryptosystem. An embodiment may convert at the source device a rational number to an integer as p-adic based Hensel code representation of the rational number at the source device and then recover the rational number at the destination device by reversing the Hensel code back to the original rational number. Another embodiment may use a g-adic inverse of a message value together with a random number to obtain a different rational number to encrypt for each different random number resulting in different ciphertexts representing the same message value while still recovering the original message value despite having a different ciphertexts for the same message value. The various embodiments further retain the multiplicative homomorphism of the RSA cryptosystem since the p-adic Hensel codes are also multiplicative homomorphic.

A homomorphic operation accelerator includes a plurality of circuits and a homomorphic operation managing circuit. The plurality of circuits may perform homomorphic operations. The homomorphic operation managing circuit may receive cipher text data, homomorphic encryption information and homomorphic operation information from an external device. The homomorphic operation managing circuit may activate or deactivate each of a plurality of enable signals applied to the plurality of circuits based on the homomorphic encryption information and the homomorphic operation information. The homomorphic operation managing circuit may activate or deactivate each of the plurality of circuits based on the plurality of enable signals. The homomorphic encryption information may be associated with a homomorphic encryption algorithm used to generate the cipher text data. The homomorphic operation information may be associated with the homomorphic operations to be performed on the cipher text data.