A method of operating a homomorphic ciphertext is disclosed. The method of operating a homomorphic ciphertext includes receiving a non-polynomial operation command with respect to a homomorphic ciphertext, computing an approximate polynomial function corresponding to the non-polynomial operation, performing an operation of the homomorphic ciphertext using the computed polynomial function, and outputting the operated homomorphic ciphertext, wherein the approximate polynomial function is a second approximate polynomial function which is obtained by extending a first approximate polynomial function to have a second range wider than the first range having a preset accuracy with the non-polynomial operation within a first range.

Various embodiments relate to a method for securely comparing a first polynomial represented by a plurality of arithmetic shares and a second compressed polynomial represented by a bitstring where the bits in the bitstring correspond to coefficients of the second polynomial, including: performing a first masked shift of the shares of the coefficients of the first polynomial based upon the start of the interval corresponding to the compressed coefficient of the second polynomial and a modulus value; performing a second masked shift of the shares of the coefficients of the first polynomial based upon the end of the interval corresponding to the compressed coefficient of the second polynomial; bitslicing the most significant bit of the first masked shift of the shares coefficients of the first polynomial; bitslicing the most significant bit of the second masked shift of the shares coefficients of the first polynomial; and combining the first bitsliced bits and the second bitsliced bits using an AND function to produce an output including a plurality of shares indicating that the first polynomial would compress to a bitstream matching the bitstream representing the second compressed polynomial.

Various embodiments relate to a method for masked decoding of a polynomial a using an arithmetic sharing a to perform a cryptographic operation in a data processing system using a modulus q, the method for use in a processor of the data processing system, including: subtracting an offset δ from each coefficient of the polynomial a; applying an arithmetic to Boolean (A2B) function on the arithmetic shares of each coefficient a.sub.i of the polynomial a to produce Boolean shares â.sub.i that encode the same secret value a.sub.i; and performing in parallel for all coefficients a shared binary search to determine which of coefficients a.sub.i are greater than a threshold t to produce a Boolean sharing value {circumflex over (b)} of the bitstring b where each bit of b decodes a coefficient of the polynomial a.

A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, according methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data. The example method further includes generating a set of data attributes about the data. The example method further includes generating a data envelope based on the set of data attributes. Subsequently, the example method includes generating an enveloped data structure based on the data envelope and the data.

A method includes verifying a digital signature on a dual-signed message by a relying party computing system. Verifying the digital signature on the dual-signed message includes generating a cryptographic hash of content identified in the dual-signed message and signing the cryptographic hash using public key of a signing party computing system to generate a verifying hash. Verifying the digital signature on the dual-signed message further includes comparing the verifying hash to a value of the dual-signed message. Verifying the digital signature on the dual-signed message further includes, responsive to the verifying hash matching the value of the dual-signed message, determining that the digital signature on the dual-signed message is valid. The method further includes identifying an attribute of the dual-signed message by the relying party computing system. The method further includes, based on identifying the attribute, receiving a verification notification for the dual-signed message by the relying party computing system.

The invention includes a tool for the generation and usage of a dynamic polychrome lattice image for unique and secure authentication and verification purposes. The tool is multi-purposed and can be applied to a variety of use cases and may utilize multiple channels of communication between devices. The dynamic polychrome lattice image may be adjusted according to the display size and resolution of various user devices. System devices may scan the dynamic polychrome lattice image, and upon successful retrieval and decryption of the dynamic polychrome lattice image, the user may be authenticated and verified to access one or more programs or services.

A random number generating unit generates random numbers s.sub.1, s.sub.2, s′.sub.1, and s′.sub.2. A public keys randomizing unit generates first randomized public keys information obtained by randomizing public keys using the random number s.sub.1 and second randomized public keys information obtained by randomizing the public keys using the random number s.sub.2. A proxy calculation unit calculates a first commission result by using a secret key and calculates a second commission result by using the secret key. A verification unit calculates a first verification value by using the random number s.sub.2, calculates a second verification value by using the random number s.sub.1, and verifies whether or not the first verification value and the second verification value coincide with each other. A common key calculation unit calculates a common key by using the random numbers s′.sub.1 and s′.sub.2 if the first verification value and the second verification value coincide with each other.

Systems and methods are provided for proving plaintext knowledge of a message m, encrypted in a ciphertext, to a verifier computer. The method includes, at a user computer, encrypting the message m via a predetermined encryption scheme to produce a ciphertext u, and generating a plurality l of challenges c.sup.i, i=1 to l, dependent on the ciphertext u. For each challenge c.sup.i, the user computer generates a cryptographic proof Π.sub.2.sup.i comprising that challenge c.sup.i and a zero-knowledge proof of plaintext knowledge of the message m encrypted in the ciphertext u. The user computer sends the ciphertext u and the l proofs Π.sub.2.sup.i to the verifier computer. Each challenge c.sup.i is constrained to a predetermined challenge space C permitting identification, by searching the challenge space C, of an element c.sup.i″ such that the message m can be obtained via a decryption operation using the ciphertext u, the element c.sup.i″, and a decryption key of said encryption scheme.

Methods and systems are provided for authenticating a message μ, at a user computer of a group signature scheme, to a verifier computer. The method includes, at the user computer, storing a user id m for the user computer and a user signing key which comprises a signature on the user id m under a secret key of a selectively-secure signature scheme. The user id m is an element of a predetermined subring, isomorphic to .sub.q[x]/(g(x)), of a ring R=.sub.q[x]/(f(x)), where f(x) and g(x) are polynomials of degree deg(f) and deg(g) respectively such that deg(f)>deg(g)>1. The method includes, at the user computer, generating a first cryptographic proof Π.sub.1 comprising a zero-knowledge proof of knowledge of the user signing key and including the message μ in this proof of knowledge. The user computer sends the message μ and a group signature, comprising the first proof Π.sub.1, to the verifier computer.