A low footprint resource sharing hardware architecture that is implemented as a co-processor and is operably configured to perform a plurality of cryptographic algorithms for Dilithium-DSA at all NIST-recommended post-quantum cryptography security levels and a plurality of cryptographic algorithms for Kyber-KEM at all NIST-recommended post-quantum cryptography security levels. The architecture also includes a singular arithmetic unit 104 operably configured perform all arithmetic operations required in the plurality of cryptographic algorithms for Kyber-KEM and the plurality of cryptographic algorithms for Dilithium-DSA and a singular sampling unit operably configured to sample all vectors and matrices required in the plurality of cryptographic algorithms for Kyber-KEM and the plurality of cryptographic algorithms for Dilithium-DSA.

According to various embodiments, a cryptographic processing device is described comprising a processor configured to determine a masking component, generate a masked version of a secret first element by masking multiple components of the secret first element with the masking component, determine a first share of the product of the secret first element and a second element by multiplying the second element with the masked version of the secret first element, determine a second share of the product of the secret first element and the second element by multiplying the second element with the difference of the secret first element and the masked version of the secret first element and continue with a lattice-based cryptography operation using the first share and the second share of the product.

Improvements to post-quantum lattice-based digital signature schemes are disclosed. By sampling cryptographic material, including cryptographic key matrices and masking vectors from a uniform distribution, embodiments eliminate the need for a security check during generation of a digital signature vector. As a result, digital signatures can be generated faster and at a lower failure rate. A generating device can generate a verification matrix A and a secret matrix S from a uniform distribution, and an error matrix E from a special distribution (such as a Gaussian). The generating device can combine the three matrices to generate a public matrix Y. The first and the fourth matrices (A, Y) can be used as a public key used to verify digital signatures. The second and the third matrices (S, E) can be used as a private key used to generate digital signatures.

Methods, systems, and apparatus, including a method for preventing fraud. In some aspects, a method includes: receiving, from multiple client devices, a measurement data element that includes a respective group member key and a group identifier for a given conversion as a result of displaying a digital component. Each client device uses a threshold encryption scheme to generate, based at least on network data that includes one or more of impression data or conversion data for the conversion, a group key that defines a secret for encrypting the network data and generate, based on data related to the application, the respective group member key that includes a respective share of the secret. In response to determining that at least the threshold number of measurement data elements having the same group identifier have been received, the network data is decrypted using the group member keys in the received measurement data elements.

A method includes obtaining, from a server, a filter including a set of encrypted identifiers each encrypted with a server key controlled by the server. The method includes obtaining a request that requests determination of whether a query identifier is a member of a set of identifiers corresponding to the set of encrypted identifiers. The method also includes transmitting an encryption request to the server that requests the server to encrypt the query identifier. The method includes receiving, from the server, an encrypted query identifier including the query identifier encrypted by the server key and determining, using the filter, whether the encrypted query identifier is not a member of the set of encrypted identifiers. When the encrypted query identifier is not a member of the set of encrypted identifiers, the method includes reporting that the query identifier is not a member of the set of identifiers.

Modulus reduction for cryptography is described. An example of an apparatus includes multiplier circuitry to perform integer multiplication; and modulus reduction circuitry to perform modulus reduction based on a prime modulus, wherein the modulus reduction circuitry is to receive a product value, the product value resulting from multiplying a first n-bit value by a second n-bit value to generate the product value and perform modulus reduction to reduce the product value to a result within the prime modulus; and wherein the modulus reduction circuitry is based on shift and add operations.

Polynomial multiplication for side-channel protection in cryptography is described. An example of a apparatus includes one or more processors to process data; a memory to store data; and polynomial multiplier circuitry to multiply a first polynomial by a second polynomial, the first polynomial and the second polynomial each including a plurality of coefficients, the polynomial multiplier circuitry including a set of multiplier circuitry, wherein the polynomial multiplier circuitry is to select a first coefficient of the first polynomial for processing, and multiply the first coefficient of the first polynomial by all of the plurality of coefficients of the second polynomial in parallel using the set of multiplier circuits.

The invention relates to method for adjusting the minimum and maximum number of peer nodes that a node on the blockchain network will connect with. The adjustment takes in to account the bandwidth and processing capability of the node. Bandwidth capacity of a node is determined based on a maximum data amount processable by the node over a time period. Data is monitored passing through interfaces of the node, to and from peer nodes, and a profile factor of the node is determined from the difference between the input data to output data. Over a plurality of time periods monitoring said data the data analysed is used to set a minimum number of peer nodes and a maximum number of peer nodes connectable to the node according to said monitored data and the maximum number of peers connectable to the node. The method enables a node to adjust the number of connections according to performance limitation factors, such as bandwidth availability and processing performance. With the number of peer node connections determined, the node can further determine a correlation matrix between the interfaces and peer nodes to which it is connected. The matrix can be compiled with correlation coefficients representing the correlation between data processed at each interface of said node. The invention also resides in a corresponding computer readable storage medium, electronic device, node of a blockchain network or blockchain network having such a node.

Some embodiments are directed to a cryptographic device (20). A reliable bit function may be applied to a raw shared key (k*) to obtain reliable indices, indicating coefficients of a raw shared key, and reliable bits derived from the indicated coefficients. Reconciliation data (h) may be generated for the indicated coefficients of the raw shared key. A code word may be encapsulated using the reliable bits by applying an encapsulation function, obtaining encapsulated data (c) which may be transferred.

A homomorphic encryption device includes: a recryption parameter generating circuit, a recryption circuit, and an arithmetic circuit. The recryption parameter generating circuit is configured to generate a recryption parameter including a plurality of recryption levels respectively for a plurality of ciphertexts based on an arithmetic scenario including information about an arithmetic schedule between the plurality of ciphertexts. The recryption circuit is configured to generate a plurality of recrypted ciphertexts by recrypting each of the plurality of ciphertexts to a corresponding recryption level based on the recryption parameter. The arithmetic circuit is configured to output an arithmetic result by performing operations by using the plurality of recrypted ciphertexts, according to the arithmetic scenario.