A device may select a first pseudorandom integer within a range of integers. The device may generate a first candidate prime, based on the first pseudorandom integer, for primality testing. Based on determining that the first candidate prime fails a primality test, the device may select a second pseudorandom integer within the range of integers. The device may generate a second candidate prime, based on the second pseudorandom integer, for primality testing. The device may determine whether the second candidate prime satisfies the primality test. The device may selectively: re-perform, based on the second candidate prime failing the primality test, the selecting the second pseudorandom integer, the generating the second candidate prime, and the determining whether the second candidate prime satisfies the primality test, or using, based on the second candidate prime satisfying the primality test, the second candidate prime as a prime integer in a cryptographic protocol.

The present invention relates to a method for generating a prime number and using it in a cryptographic application, comprising the steps of: a) determining at least one binary base B with a small size b=log.sub.2(B) bits and for each determined base B at least one small prime p.sub.i such that B mod p.sub.i=1, with i an integer, b) selecting a prime candidate Y.sub.P, c) decomposing the selected prime candidate Y.sub.P in a base B selected among said determined binary bases : Y.sub.P=Σy.sub.jB.sup.id) computing a residue y.sub.PB from the candidate Y.sub.P for said selected base such that y.sub.PB=Σ.sub.yje) testing if said computed residue y.sub.PB is divisible by one small prime pi selected among said determined small primes for said selected base B, f) while said computed residue y.sub.PB is not divisible by said selected small prime, iteratively repeating above step e) until tests performed at step e) prove that said computed residue y.sub.PB is not divisible by any of said determined small primes for said selected base B, g) when said computed residue y.sub.PB is not divisible by any of said determined small primes for said selected base B, iteratively repeating steps c) to f) for each base B among said determined binary bases, h) when, for all determined bases B, said residue y.sub.PB computed for a determined base is not divisible by any of said determined small primes for said determined base B, executing a known rigorous probable primality test on said candidate Y.sub.P, and when the known rigorous probable primality test is a success, storing said prime candidate Y.sub.P and using said stored prime candidate Y.sub.P in said cryptographic application.

A single architected instruction to produce a signature for a message is obtained. The instruction is executed, and the executing includes determining a sign function of a plurality of sign functions supported by the instruction to be performed. Input for the instruction is obtained, and the input includes a message and a cryptographic key. A signature is produced based on the sign function to be performed and the input. The signature is to be used to verify the message.

Embodiments are directed to low circuit depth homomorphic encryption evaluations. An embodiment of an apparatus includes a hardware accelerator to receive a ciphertext generated by homomorphic encryption (HE) for evaluation, determine two coefficients of the ciphertext for HE evaluation, input the two coefficients as a first operand and a second operand to a pipeline multiplier for low circuit depth HE evaluation, perform combinatorial multiplication between the first operand and portions of the second operand, accumulate results of the combinatorial multiplication at each stage of the pipeline multiplier, and perform reduction with Mersenne prime modulus on a resulting accumulated output of the combinatorial multipliers of the pipeline multiplier.

A Paillier decryption system, IC, and method. The IC includes: a modular exponentiation module, for performing modular exponentiation operations related to a first subitem and a second subitem, where a Paillier decryption process of encrypted data is divided into a first subitem and a second subitem according to the Chinese remainder theorem, the first subitem corresponding to a first prime, the second subitem corresponding to a second prime, a public key of the encrypted data being a product of the first prime and the second prime, a bit width of the first prime being the same as a bit width of the second prime; a first module combination corresponding to the first subitem, for determining a computation result of the first subitem; and a second module combination corresponding to the second subitem, for determining a computation result of the second subitem.

Disclosed are methods and systems to provide distributed computation within a Fully Homomorphic Encryption (FHE) system by using g-adic properties to separate a ciphertext into multiple ciphertexts for each Hensel digit level. A number t of computation units may individually perform addition and/or multiplication of each Hensel digit level on each of the computation units and then reconstruct the resulting value from the result ciphertext of each computation unit using p-adic and g-adic operations. Accordingly, computation burdens may be distributed to several computation units.

Aspects of the present disclosure involve a method, a system and a computer readable memory to optimize performance of cryptographic operations by avoiding computations of inverse values during decryption of encrypted messages.

Aspects of the present disclosure involve a method, a system and a computer readable memory to generate and use prime numbers in cryptographic operations by determining one or more polynomial functions that have no roots modulo each of a predefined set of prime numbers, selecting one or more input numbers, generating a candidate number by applying one or more instances of the one or more polynomial functions to the one or more input numbers, determining that the candidate number is a prime number, and using the determined prime number to decrypt an input into the cryptographic operation.

Various implementations relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation including a masked decomposition of a polynomial a having n.sub.s arithmetic shares into a high part a.sub.1 and a low part a.sub.0 for lattice-based cryptography in a processor, the instructions, including: performing a rounded Euclidian division of the polynomial a by a base α to compute t.sup.(⋅)A; extracting Boolean shares a.sub.1.sup.(⋅)B from n low bits of t by performing an arithmetic share to Boolean share (A2B) conversion on t.sup.(⋅)A and performing an AND with ζ−1, where ζ=−α.sup.−1 is a power of 2; unmasking a.sub.1 by combining Boolean shares of a.sub.1.sup.(⋅)B; calculating arithmetic shares a.sub.0.sup.(⋅)A of the low part a.sub.0; and performing a cryptographic function using a.sub.1 and a.sub.0.sup.(⋅)A.

The invention provides a system for searching a blockchain (e.g. Bitcoin) for data/content stored in one or more blockchain transactions, and accessing that data/content. It may be used in conjunction with a protocol for searching the blockchain. An embodiment of the invention can be arranged to enable a user to search for, access, view, write and/or retrieve a portion of data provided in at least one blockchain transaction (Tx), and also arranged to identify the at least one transaction (Tx) based on a transaction index (TX.sub.index) comprising a transaction ID and a public key associated with the transaction (Tx). The system may comprise a search facility which is either provided within the blockchain search system; or arranged to interface and/or communicate with the blockchain search system. It may also comprise at least one cryptocurrency wallet.