In various embodiments, a method for performing a lattice-based cryptographic operation is provided. The method includes obtaining a noise polynomial, a secret polynomial and a public polynomial, disguising at least one of the noise polynomial, the secret polynomial and the public polynomial by means of multiplying it with a random blinding polynomial, calculating the sum of the noise polynomial with the product of the public polynomial and the secret polynomial based on the disguised at least one polynomial, and determining a result of the lattice-based cryptographic operation based on the calculated sum of the noise polynomial with the product of the public polynomial and the secret polynomial.

A computer-implemented method is for providing processed data. In an embodiment, the method includes receiving, by a first encryption entity, first plaintext data including a matrix of numbers; determining, by the first encryption entity, an encryption key including an integer matrix; homomorphically encrypting, by the first encryption entity, the first plaintext data based on a matrix multiplication of the first plaintext data and the encryption key, to generate first encrypted data; sending, by the first encryption entity, the first encrypted data to a processing entity; receiving, by a decryption entity, encrypted processed data from the processing entity, the encrypted processed data being based on the first encrypted data; decrypting, by the decryption entity, the encrypted processed data based on a matrix multiplication of the processed data and an inverse of the encryption key, to generate processed data; and providing, by the decryption entity, the processed data.

A cryptographic system is provided comprising multiple configuration servers (200, 201, 202) arranged to configure multiple network devices (300, 350, 360) for key sharing. Each configuration server comprising a computation unit (220) arranged to compute local key material for the network device from root key material specific to the configuration server and the network device identity number of the network device that is being configured. At least two configuration servers of the multiple configuration servers provide computed local key material to said network device. The network devices are configured to determine a shared key with any one of multiple network devices. A network device comprises a shared key unit (330) arranged to derive a shared key from another network device's identity number and at least two of the multiple local key materials of the network device.

A decryption condition addition device (300) acquires an original ciphertext ct.sub.s in which a secret distribution matrix M is set as information specifying a decryption condition and acquires an additional access structure S.sup.+ which is a restriction condition to restrict the decryption condition of the original ciphertext ct.sub.s. The decryption condition addition device (300) adds a row and a column which are indicated in the additional access structure S.sup.+ to the secret distribution matrix M set in the original ciphertext ct.sub.s, and thereby generates an updated ciphertext ct.sub.s, for which the decryption condition of the original ciphertext ct.sub.s is restricted.

Systems, methods and devices for validating and performing operations on homomorphically encrypted data are described herein. The methods include securely transmitting and extracting information from encrypted data without fully decrypting the data. A data request may include an encrypted portion including a set of confidential data. One or more sets of encrypted comparison data may be then retrieved from a database in response to the data request. The encrypted set of confidential data from the data request is then compared with each set of encrypted comparison data using one or more homomorphic operations to determine which set of encrypted comparison data matches the encrypted set of confidential data. If there is a match, this validates the set of confidential data. An encrypted indicator is then generated indicating success or failure in validating the set of confidential data, which may then be forwarded to a party associated with the data request.

A decoding apparatus includes a plurality-of-bits decoding part configured to receive an input vector obtained by adding a message encrypted by a trapdoor function and an error vector including an element(s) conforming with a discrete Gaussian distribution, and decode a plurality of bits from a lower bit of the message based on the input vector in correctness with a predetermined probability; and a confirmation calculation part configured to determine in parallel whether the decoded plurality of bits are correct or not, wherein the message is encrypted by taking an inner product with a vector including a power of two as an element(s).

A memory stores therein a first vector. A processor generates a first encrypted polynomial by encrypting a first polynomial that corresponds to a first binary vector obtained by performing a binary transformation on elements of the first vector. A transmitter transmits to a cryptographic operation device cryptographic information that represents the first encrypted polynomial. The cryptographic operation device multiplies the first encrypted polynomial by a second encrypted polynomial that is generated by encrypting a second polynomial that corresponds to a second binary vector obtained by performing a binary transformation on elements of a second vector, so as to generate a third encrypted polynomial. When assigning 2 to a variable in a prescribed portion of a third polynomial obtained by decrypting the third encrypted polynomial, a result of an operation of the first vector and the second vector is obtained.

A system and method of validating and performing operations on homomorphically encrypted data are described herein. The methods include processing a secure financial transaction by receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, and the transaction request comprising confidential cardholder data including an account number, non-confidential cardholder data, and transaction data, and retrieving one or more sets of encrypted comparison cardholder data encrypted according to a homomorphic encryption scheme. The confidential cardholder data is then compared to each set of the comparison cardholder data using one or more homomorphic operations to determine which set of comparison cardholder data matches the confidential cardholder data and validating the confidential cardholder data. An encrypted indicator is generated indicating authorization or rejection of the request and forwarded to a party seeking authorization to complete the financial transaction.

A processing system includes a memory and a cryptographic accelerator operatively coupled to the memory. The cryptographic accelerator performs a split substitute byte operation within two paths of a cryptographic round by determining a first output from a first path by applying a mapped affine transformation to an input bit sequence represented by an element of a composite field of a finite-prime field, wherein the first output is represented by a first element of the composite field of the finite-prime field, and a second output from a second path by applying a scaled mapped affine transformation to the input bit sequence, wherein the second output is represented by a second element of the composite field and is equal to a multiple of the first output in the composite field.

An example information encryption method that includes acquiring to-be-encrypted information and converting the to-be-encrypted information into a polynomial of a predetermined format; extracting biometric information, and acquiring biometric data; and substituting the biometric data into the polynomial for calculation to acquire a value of the polynomial and using a two-dimensional dataset including the biometric data and the value of the polynomial corresponding to the biometric data as first encrypted information. The techniques of the present disclosure improve the security of information encryption, and reduce the risk of illegal decryption of encrypted information.