Abstract: The present disclosure relates to a method for secure, traceable and privacy-preserving with anonymity revocation digital currency transfer to at least a first user from a second user among a plurality of banked and unbanked users by using a distributed ledger comprising a plurality of ledger nodes, wherein said users perform Digital Currency transfers by adding transactions on this ledger using user devices configured to be connected to said nodes, to a registration authority and to a revocation authority, said authorities owning each one a public/private key pair, comprising: an enrollment phase, performed by a user device of said first user, comprising: sending to the registration authority evidence of the first user's identity, generating a first user identification key pair comprising a first user identification public key and a first user identification secret key, sending to the registration authority said generated first user identification public key, receiving from the registration authority a si

Abstract: Provided is a method for generating a digital signature of an input message (M) based on a secret key (dA) of a client device having access to a first set and a second set of precomputed data stored in a storage unit. The first set of precomputed data comprises private element parts (ki) protected with an homomorphic encryption. The second set of precomputed data comprises public element parts (Qi) paired with the private element parts of the first set. Each private element part is a discrete logarithm of the public element part paired therewith. The private element (k), can be homomorphically encrypted, by combining homomorphically encrypted private element parts selected in the first set (ki). The selection of the public and private element parts depends on the input message. Other embodiments are disclosed.

Abstract: Protection of a data file to be used by a white-box cryptography software application installed in memory of a device to prevent the malevolent use of a digital copy of the data file by a white-box cryptography (WBC) software application installed in memory of another device. The mechanism includes extracting an unique identifier for the device from the environment of the device and modifying data in the data file according to the unique identifier, the available white-box cryptography software application includes a software security layer to retrieve the unique identifier from the environment of the device in which the software application is installed and to use this unique identifier in combination with the stored data file when executing, the result of the execution being correct only in case where the correct unique identifier has been extracted by the executed WBC software application.

Abstract: Provided is a method for testing if a candidate data element, belongs to a list of reference data elements, performed by a client device (102) and comprising the steps of generating an encrypted candidate data element (y?) by encrypting said candidate data element (x?) with a leveled fully homomorphic encryption scheme, transmitting said encrypted candidate data element (y?) to a server device (103), storing said reference data elements (xi) receiving, from said server device, a delta value depending on a product of differences, decrypting said delta value with said leveled fully homomorphic encryption scheme, based on said decrypted delta value, determining whether said candidate data element (x?) belongs to said list of reference data elements (xi). Other embodiments disclosed.

Abstract: Secure computation of a random number sequence in a cryptographic device. The computation is secured by receiving a homomorphic ciphertext seed vector, selecting an initial internal state from the seed vector, the initial internal state composed of a subset of elements of the seed vector, updating an internal state from a previous internal state using multivariate functions accepting elements of the previous internal state as inputs to produce a homomorphic ciphertext from homomorphic ciphertext input values, generating an intermediate result vector of homomorphic ciphertexts from the homomorphic ciphertext internal state multivariate functions accepting the elements of the internal state as inputs to produce a homomorphic ciphertext from homomorphic ciphertext input values, and decrypting the intermediate result vector elements into plaintext vector elements, thereby producing a plaintext deterministic random sequence vector corresponding to plaintext seed elements used to produce the seed vector.

Abstract: The present invention relates to a method for reaching a consensus for appending, at a current round (j), a new block of data to a permissioned ledger distributed through a network comprising network connected devices authorized by the ledger, called nodes, said method being performed by a tamper-proof computing device configured for managing securely digital keys and comprising a random number generator and a cryptoprocessor for generating signatures with said keys, and comprising, for a set of transactions to be validated, the steps of: receiving, from at least a first node (Nk), a candidate block (Bj,Nk) computed by said first node on transactions among said set of transactions, for each received candidate block, generating a random value by the random number generator, and generating a signed selection message comprising: an identifier of the current round (j), said received candidate block (Bj,Nk) and said generated random value by said cryptoprocessor, broadcasting said signed selection messages to th

Abstract: Provided is a method for generating a digital signature of an input message (M) based on a secret key (dA) of a client device having access to a first set and a second set of precomputed data stored in a storage unit. The first set of precomputed data comprises private element parts (ki) protected with an homomorphic encryption. The second set of precomputed data comprises public element parts (Qi) paired with the private element parts of the first set. Each private element part is a discrete logarithm of the public element part paired therewith. The private element (k), can be homomorphically encrypted, by combining homomorphically encrypted private element parts selected in the first set (ki). The selection of the public and private element parts depends on the input message. Other embodiments are disclosed.

Abstract: The present invention relates to a method for a secure execution of a whitebox cryptographic algorithm applied to a message (m) and protected by countermeasures based on pseudo-random values, comprising the steps of: executing a pseudo-random function (PRP) generating pseudo-random output values and an encrypted main output value based on an encrypted input value (*Xi*) derived from said message, securing said cryptographic algorithm by applying to the cryptographic algorithm said countermeasures based on said generated pseudo-random output values retrieving, from said generated encrypted main output value, the input value or part of the input value, under an encrypted form (*Xi*), executing said secured cryptographic algorithm on said encrypted retrieved value.

Abstract: Decryption of an RSA encrypted message encrypted with a public RSA key by receiving encrypted key share components computed by generating a private RSA key d and a RSA modulus integer N, where N and d are integers; splitting the private key into key shares, encrypting with a fully homomorphic encryption (FHE) algorithm each key share component by using a Fully Homomorphic Encryption secret key ps associated with a set Ss to generate the encrypted key share components of said secure RSA key, computing an intermediate value YS for each set SS from said encrypted key share components, such that said computed intermediate value is a part of the RSA decrypted message, under FHE-encrypted form, and decrypting the encrypted message by combining said computed intermediate values for all sets.

Abstract: A method to attach a mobile device to a server, using a protocol having data size encoding constraints which prevents using traditional ciphering, includes an initialization phase using a range of ephemeral IMSIs stored in a batch of credential containers of mobile devices and an associated group master key shared by the server and credential containers having the same range of ephemeral IMSIs to initiate a session using a server random value. The initialization phase uses limited payload in a mobile device-to-server message to send a randomly chosen rIMSI among the range of IMSIs to enable the server to generate keys to initiate a secured communication phase, then using individual keys stored in the mobile device and retrieved by the server with an identifier of the credential container sent in a mobile device-to-server message and with an individualization master key owned by the server.

Abstract: Generation of stateful hash based signatures of messages to be signed in a key management system including a plurality of tamper-proof computing devices by a manager device of generating a master merkle tree, triggering generating a predetermined number of slave merkle trees, for each message to be signed selecting a tamper-proof computing device for signing, assigning one yet unassigned generated slave merkle tree to said selected tamper-proof computing device, generating and sending to said selected tamper-proof computing device a command comprising said message to be signed, data enabling to obtain an OTS private key of the assigned slave merkle tree to be used to generate an OTS signature of the message to be signed, and a state value associated to said assigned slave merkle tree and keeping track of the OTS private keys of said assigned slave merkle tree already used for generating a signature.

Abstract: The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares dJ of length n, with j in [1, J], J being an integer, and such that d=d1+d2+ . . . +dJ mod phi(N), with each key share dj being equal to (dj(0) . . . dj(i) . . . dj(n/b?1)) with each key share component dj(i) in {0 . . . 2{circumflex over (?)}b?1} and i in [0, n/b?1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component dj(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key ps of a set Ss comprising the index couple (i,j), to generate an encrypted key share component edj(i) of said secure RSA key, said set Ss being a set of integer couples, among a predetermined integer number u of disjoint sets {S1, S2 Ss, Ss+1, . . .

Abstract: Secure cryptography operations on a white-box cryptography device. Receiving a first message. Receiving a cryptographic key encrypted using a homomorphic encryption scheme. Performing a cryptographic operation, e.g., decryption or digital signature, using the encrypted cryptographic key. Performing a homorphically encrypted tracer calculation that traces the performance of the cryptography operations on the white-box cryptography device thereby allowing verification that all steps of the cryptography operation has been performed without external manipulation. Performing a key-exchange operation. Decrypting the key-exchange output using an alternate cryptographic key stored on the cryptographic device.

Abstract: The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).

Abstract: A method for operating an attribute assertion device having a processor and memory to create an unlinkable digital signature-equivalent of an assertion message that is verifiable—by a service provider receiving the unlinkable digital signature-equivalent—as being generated from a digital signature of a known attribute provider having a public key PKAP. Operating the processor of the attribute assertion device to transform a digital signature of the attribute message into an unlinkable digital signature-equivalent using a one-way transformation of the signature, with the transformation process using a random value generated by the attribute assertion device and a challenge provided by the service provider.

Abstract: The present invention relates to a method to protect a data file to be used by a white-box cryptography software application installed in memory of a device to prevent the malevolent use of a digital copy of the data file by a white-box cryptography software application installed in memory of another device, said method comprising the steps of extracting an unique identifier for the device from the environment of the device and modifying data in the data file according to the unique identifier, the available white-box cryptography software application being such that it comprises a software security layer adapted to, when the WBC software application is executed, retrieve the unique identifier from the environment of the device in which it is installed and to use this unique identifier in combination with the stored data file in its execution, the result of the execution being correct only in case where the correct unique identifier has been extracted by the executed WBC software application.

Abstract: Secure generation of an RSA signature of a message to be signed with a private exponent component d of an RSA key (p, q, N, d, e), by obtaining a hashed message, said hashed message being computed by hashing said message with a public hash function H:{0,1}*?Z*N, generating a first part of the RSA signature from said hashed message and said first private exponent component share, generating a second part of the RSA signature from said first part of the RSA signature and said second private exponent component share, determining the RSA signature from said second part of the RSA signature, and wherein the step of generation of a part of the RSA signature from the smaller private exponent component share among the first and second private exponent component shares is performed using a whitebox protection method and the step of generation of a part of the RSA signature from the bigger private exponent component share among the first and second private exponent component shares is performed using lower security req

Abstract: Secure cryptography operations on a white-box cryptography device. Receiving a first message. Receiving a cryptographic key encrypted using a homomorphic encryption scheme. Performing a cryptographic operation, e.g., decryption or digital signature, using the encrypted cryptographic key. Performing a homorphically encrypted tracer calculation that traces the performance of the cryptography operations on the white-box cryptography device thereby allowing verification that all steps of the cryptography operation has been performed without external manipulation. Performing a key-exchange operation. Decrypting the key-exchange output using an alternate cryptographic key stored on the cryptographic device.

Abstract: Secure data and cryptographic key sharing on a ledger distributed on a network between a plurality of network connected devices called entities.

Abstract: Secure computation of a random number sequence in a cryptographic device. The computation is secured by receiving a homomorphic ciphertext seed vector, selecting an initial internal state from the seed vector, the initial internal state composed of a subset of elements of the seed vector, updating an internal state from a previous internal state using multivariate functions accepting elements of the previous internal state as inputs to produce a homomorphic ciphertext from homomorphic ciphertext input values, generating an intermediate result vector of homomorphic ciphertexts from the homomorphic ciphertext internal state multivariate functions accepting the elements of the internal state as inputs to produce a homomorphic ciphertext from homomorphic ciphertext input values, and decrypting the intermediate result vector elements into plaintext vector elements, thereby producing a plaintext deterministic random sequence vector corresponding to plaintext seed elements used to produce the seed vector.