A computer enabled system for facilitating electronic micropayments in which an accounting application receives a vendor submission a remote vendor server via a public communications network. This includes identifiers for the vendor, the customer and an item selected by the customer. The accounting application then checks the status of the customer's account. If it has sufficient funds, the transaction proceeds. The customer account is conditionally debited, and the vendor account conditionally credited with the transaction amount, including fees. A transaction confirmation is sent to the vendor application which then confers usage rights for the item to the customer. The accounting application periodically reconciles the vendor and customer accounts, deducts any service fees, and makes a single payment to each vendor. This single payment only incurs a single per-transaction credit-card company fee, thereby spreading it across multiple purchases and clients, making micro-transactions profitable.

A processor-implemented encryption method using homomorphic encryption includes: receiving data; generating a ciphertext by encrypting the received data; determining a coefficient of an approximating polynomial for performing a modular reduction on a modulus corresponding to the ciphertext, based on an error between the approximating polynomial and a modular reduction function; and performing bootstrapping on the ciphertext by performing the modular reduction based on the determined coefficient of the approximating polynomial.

A method for signing and subsequently verifying a digital message, including the following steps: generating an irreducible monic polynomial f(x) of degree n in a ring F.sub.q[x]; generating an irreducible monic polynomial F(y) of degree n in a ring F.sub.q[y]; producing first and second finite fields as F.sub.q[x]/(f(x)) and F.sub.q[y]/(F(y)), respectively; producing a secret isomorphism from the first finite field to the second finite field; producing and publishing a public key that depends on F(y); producing a private key that depends on the secret isomorphism; producing a message digest by applying a hash function to the digital message and the public key; producing a digital signature using the message digest and the private key; and performing a verification procedure utilizing the digital signature and the public key.

Systems and methods are disclosed for decentralized key generation. In one implementation, a first device is enrolled to a distributed key generation application. A local secret is generated, including a polynomial function and first coefficient(s). Commitment(s) are calculated for the polynomial function and transmitted to node(s) within a decentralized system. A value of the polynomial function is computed with respect to an identifying value that corresponds to a second device. The computed value of the polynomial function is encrypted with a public key of the second device and transmitted to one or more node(s). An encrypted value of the polynomial function computed by the second device with respect to an identifying value of the first device is decrypted and validated. The value of the polynomial function computed by the second device is combined with value(s) computed by other devices to generate a private key share associated with the first device.

Cryptographic methods and systems for key exchange, digital signature and zero-knowledge proof. In the digital signature scenario, there is provided a method of signing a digital document, comprising: obtaining a private cryptographic key associated with the signer; obtaining a digital asset from the digital document; selecting a base data element; computing a plurality of signature data elements from (i) the digital asset, (ii) the base data element and (iii) the private cryptographic key; and transmitting the digital document and the plurality of signature data elements to a recipient over a data network. Provenance of the digital document is confirmable by the recipient carrying out a predefined computation involving the digital document, the signature data elements, a plurality of noise variables and a public cryptographic key corresponding to the private cryptographic key associated with the signer. In the zero-knowledge proof scenario, the digital asset plays the role of a challenge data element.

A system, method and computer-readable storage medium for decrypting a code c using a modified Extended Euclidean Algorithm (EEA) having an iteration loop independent of the Hamming weight of inputs to the EEA and performing a fixed number of operations regardless of the inputs to the EEA thereby protecting a cryptographic device performing the decryption from side-channel attacks.

An identity verification program causes a computer that is a user terminal (100) to execute a processing function for identity verification by a zero knowledge proof. The identity verification program acquires Witness that is information that only a user of the user terminal (100) is allowed to know. Such an identity verification program generates a proof for user authentication by zero knowledge proof based on the acquired Witness. The identity verification program transmits a user authentication request based on the generated proof to a cloud server (200).

A system, method, and computer program product are provided for sending and receiving messages using a noisy cryptographic system. To send a message, N secret keys are negotiated using a noisy cryptographic system, where K secret keys are expected to be noiseless. A secret polynomial that includes the N secret keys is generated, and K points on the secret polynomial are derived. For each of the N secret keys, a secret key MAC key is derived and a secret key MAC is calculated using the derived secret key MAC key. A secret key MAC header is generated that includes an array of each of the secret key MACs and possibly a corresponding public key. Message integrity plaintext is generated that includes an encrypted message, the secret key MAC header, and an array of the K points on the secret polynomial. A final message that includes the message integrity plaintext is generated for being sent.

Methods are described for constructing a secret key by multiple participants from multiple ciphertexts such that any quorum combination of participants can decrypt their respective ciphertexts and so generate a fixed number of key fragments that can be combined by a recipient to generate the secret key. Worked examples are described showing how the encryption keys for the ciphertexts may be key wrapped using a key encapsulation mechanism for which ciphers that are resistant to attack by a quantum computer may be used. In these cases, a post-quantum quorum system is realised. Methods are described by which the quorum key fragment ciphertexts may be updated so that the original key fragments become invalid without necessitating any change to the secret key.

An apparatus is described including cryptography circuitry to generate authentication tags to provide integrity protection for plaintext and ciphertext.