A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

A trading system includes a first trading apparatus including a first processor, and a second trading apparatus including a second processor. The first processor encrypts data using secret information. The first processor publishes second trading information on a distributed ledger when first trading information enabling reception of crypto assets on a condition of publication of argument information that enables derivation of the secret information is published on a distributed ledger. The second trading information is information for receiving the crypto assets and includes the argument information. The second processor publishes the first trading information on a distributed ledger. The second processor acquires the argument information when the second trading information is published on a distributed ledger. The second processor decrypts encrypted data using the argument information.

Provided is a method for securely performing a public key algorithm comprising cryptographic computations using a private key. It includes selecting (S1), by a server device, a set of mutually coprime integers (p1,...,pn) as a base of a Residue Number System (RNS-base B), with n an integer; computing (S2), by said server device, a RNS representation of said private key, said RNS representation of an integer x in [0, P-1], with P the product of every elements of the base, being the list (x1, ...xn) with xi = x mod pi, i being an integer in [1,n]; sending (S3), by said server device, the computed RNS representation to a client device; and performing (S4), by said client device, the cryptographic computations of the public key algorithm in said RNS base using said sent RNS representation.

A method for pairing a key fob with a control unit is provided. The key fob executes an ID authenticated key agreement protocol with a pairing device based on a key fob identification to authenticate one another and to generate a first encryption key. The pairing device encrypts a control unit identification using the first encryption key. The key fob receives the encrypted control unit identification transmitted from the pairing device. The key fob then executes an ID authenticated key agreement protocol with the control unit based on the control unit identification to authenticate one another and to generate a second encryption key. The key fob then receives an operational key transmitted from the control unit that is encrypted with the second encryption key.

A device can include an internal secure processing environment (SE) and communicate with a configuration system. The device may utilize a near field communications (NFC) radio. A mobile handset can connect with the SE in the device using NFC. The mobile handset can communicate with the configuration system and receive configuration data and a software package for the device. The SE can derive a PM key pair and send the derived public key to the configuration system via the mobile handset. The SE and the configuration system can mutually derive an encryption key using the derived PM key pair. The configuration data can be transmitted over the NFC radio, and the mobile handset can establish a Wi-Fi access point. The software package can be encrypted using the encryption key and transmitted to the device over the established Wi-Fi access point, thereby completing a configuration step for the device.

A method for electronic voting is provided. The method comprises receiving a selection of a vote v.sub.i from a voter, generating one or more first values associated with the voter, calculating one or more second values based on the one or more first values, providing a first type of receipt including the one or more second values to the voter, updating a tally, t, based on the vote v.sub.i, updating a sum, s, based on the one or more first values, and publishing the receipt including the one or more second values.

A network can operate a WiFi access point with credentials. An unconfigured device can support a Device Provisioning Protocol (DPP), and record bootstrap public keys and initiator private keys. The network can record bootstrap public and responder private keys and operate a DPP server. A responder proxy can establish a secure and mutually authenticated connection with the network. The network can (i) derive responder ephemeral public and private keys, (ii) record the initiator bootstrap public key, and (iii) select a responder mode for the responder. The network can derive an encryption key with at least the (i) recorded the initiator bootstrap public key and (ii) derived responder ephemeral private key. The network can encrypt credentials using at least the derived encryption key and send the encrypted credentials through the responder proxy to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.

A method for generating a public key for an electronic device is provided, wherein the method comprises generating a public key 103 based on a private key and a unique identifier associated with the electronic device 200.

A method of communicating a secret (k.sub.0, k.sub.1) on the Bitcoin blockchain is disclosed. The method comprises sending information identifying secrets selectable by the recipient and receiving a first public key (U.sub.i) of an elliptic curve cryptography system, corresponding to a first secret (S.sub.i) selected for access by the recipient and for which a first private key (m) is accessible to the recipient. A second public key (U.sub.1-i) is received, corresponding to a second secret not selected for access by the recipient, wherein a corresponding second private key is not available to the recipient. First and second secrets encrypted by means of the respective first and second public keys (X.sub.0, X.sub.1) are sent to the recipient, wherein the first secret is accessible to the recipient by means of the first private key, the second secret is inaccessible to the recipient, and the sender is unable to distinguish between the first and second secrets.

A projection device comprises a light source, a first attenuator and a second attenuator, a first driver, a second driver, a light receiving element, and a controller. The light source emits light. The first attenuator and the second attenuator attenuate intensity of the light from the light source. The first driver drives the first attenuator. The second driver drives the second attenuator. The light receiving element receives the light distributed by the second attenuator. The controller controls the second driver to control the distribution ratio of the light distributed to the light receiving element by the second attenuator according to control of transmissivity of light at the first attenuator by the first driver.