Signature handling for a block for which consensus was formed in blockchain network which requires signatures from plurality of nodes to form consensus for block adoption. After completion of the setup, first node 110 sends a first message including a generated block to N nodes (S301). Each node evaluates the validity of the block on basis of the rule for consensus formation (S302). If the block is valid, the node sends a second message which includes signature si, by secret key share f(x.sub.i), with respect to a hash value h of the block for which consensus is to be formed (S303-1). After k signatures are collected at jth node, the node merges these signatures to generate a signature corresponding to a public key PK (S304). A block for which consensus is to be formed has signature SK.Math.h appended thereto and is added to blockchain of each node (S306).

Polynomial multiplication for side-channel protection in cryptography is described. An example of a apparatus includes one or more processors to process data; a memory to store data; and polynomial multiplier circuitry to multiply a first polynomial by a second polynomial, the first polynomial and the second polynomial each including a plurality of coefficients, the polynomial multiplier circuitry including a set of multiplier circuitry, wherein the polynomial multiplier circuitry is to select a first coefficient of the first polynomial for processing, and multiply the first coefficient of the first polynomial by all of the plurality of coefficients of the second polynomial in parallel using the set of multiplier circuits.

The present invention provides a bit decomposition secure computation system comprising: a share value storage apparatus to store share values obtained by applying (2, 3) type RSS using modulo of power of 2 arithmetic; a decomposed share value storage apparatus to store a sequence of share values obtained by applying (2, 3) type RSS using modulo 2 arithmetic; and a bit decomposition secure computation apparatus that, with respect to sharing of a value w, r1, r2, and r3 satisfying w=r1+r2+r3 mod 2{circumflex over ( )}n, where {circumflex over ( )} is a power operator and n is a preset positive integer, being used as share information by the (2, 3) type RSS stored in the share value storage apparatus, includes: an addition sharing unit that sums two values out of r1, r2 and r3 by modulo 2{circumflex over ( )}n, generates and distributes a share value of the (2, 3) type RSS with respect to the sum; and a full adder secure computation unit that executes addition processing of the value generated by the addition sharing unit and a value not used by the addition sharing unit, for each digit, by using secure computation of a full adder, and stores the result in the decomposed share value storage apparatus.

A processor-implemented encryption method using homomorphic encryption includes: receiving data; generating a ciphertext by encrypting the received data; determining a coefficient of an approximating polynomial for performing a modular reduction on a modulus corresponding to the ciphertext, based on an error between the approximating polynomial and a modular reduction function; and performing bootstrapping on the ciphertext by performing the modular reduction based on the determined coefficient of the approximating polynomial.

Bitcoins and the underlying blockchain technology are one of the main innovations in building decentralized applications. The effects of quantum computing on this technology are analyzed in general. Provided herein are effective solutions to address security vulnerabilities in a blockchain-based system that can be exploited by a quantum attacker.

A method includes receiving a first polynomial and a second polynomial, both of order n−1 and forming d polynomial segments from both the first polynomial and the second polynomial such that each polynomial segment is of order (n/d)−1. The polynomial segments of the first polynomial and the d polynomial segments of the second polynomial are used to form segment products. Each segment product is divided into a first polynomial substructure of order n/d and a second polynomial substructure of order (n/d)−1. A first polynomial substructure containing the first n/d coefficients of a product of the first polynomial and the second polynomial is summed with a second polynomial substructure to form a sum substructure. The sum substructure is used multiple times to determine coefficients of a polynomial representing the modulo x.sup.n+1 of the product of the first polynomial and the second polynomial.

A system, method, and computer program product are provided for sending and receiving messages using a noisy cryptographic system. To send a message, N secret keys are negotiated using a noisy cryptographic system, where K secret keys are expected to be noiseless. A secret polynomial that includes the N secret keys is generated, and K points on the secret polynomial are derived. For each of the N secret keys, a secret key MAC key is derived and a secret key MAC is calculated using the derived secret key MAC key. A secret key MAC header is generated that includes an array of each of the secret key MACs and possibly a corresponding public key. Message integrity plaintext is generated that includes an encrypted message, the secret key MAC header, and an array of the K points on the secret polynomial. A final message that includes the message integrity plaintext is generated for being sent.

A method of operating a homomorphic ciphertext is disclosed. The method of operating a homomorphic ciphertext includes receiving a non-polynomial operation command with respect to a homomorphic ciphertext, computing an approximate polynomial function corresponding to the non-polynomial operation, performing an operation of the homomorphic ciphertext using the computed polynomial function, and outputting the operated homomorphic ciphertext, wherein the approximate polynomial function is a second approximate polynomial function which is obtained by extending a first approximate polynomial function to have a second range wider than the first range having a preset accuracy with the non-polynomial operation within a first range.

A cryptographic decision-making of set membership is a method or system which make a secure decision-making for positive membership e∈S or negative membership e.Math.S in an unforgeable and non-repudiation way for any element e and a set S. The proposed method of the present invention comprises: acquire a set U={e.sub.1, . . . , e.sub.n} and map each element e.sub.i in U into a random point v.sub.i in a cryptography space; acquire a set S={e′.sub.1, . . . , e′.sub.m}⊂U, determine a random point v′.sub.i corresponding to each element e′.sub.i in the set S, and construct a function ƒ.sub.S(x) according to all random points v′.sub.i; introduce a random secret γ to generate ƒ.sub.S(γ) by using the function ƒ.sub.S(x), and produce a public parameter mpk according to the random secret γ; and generate the cryptographic representation of set S by using the function ƒ.sub.S(γ) and the public parameter mpk. In the embodiments, we provide two kinds of cryptographic representations of set, including Poles-based Aggregation and Zeros-based Aggregation, to make the decision on positive membership e.sub.i∈S and negative membership e.sub.i.Math.S.

A system comprises a computer including a processor and a memory. The memory storing instructions executable by the processor to transmit an authentication request to a vehicle computer, receive, from the vehicle computer, a response including data proving that the vehicle computer includes confidential information, wherein the data does not convey the confidential information, determine whether the response is valid based on the authentication request, and transmit a warning to the vehicle computer when the response is not valid.