Abstract: A method for digital signing of a document using a predetermined secret key. An initial internal state is determined by application to a condensate of the document of a first white box implementation of generation of a main nonce; then a modular sum of the main nonce and of a predetermined constant. The method also determines a first internal state by application to the initial internal state of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant. The method then determines a second internal state by application to said condensate of a second white box implementation of generation of the main nonce; and a second modular arithmetic operation function of the first internal state, of the main signature nonce and of the secret key. It then generates a digital signature of the document from the first internal state and the second internal state.

Abstract: A method for secure learning of parameters of a convolution neural network, CNN, for data classification includes the implementation, by data processing of a first server, including receiving from a second server a base of already classified learning data, the learning data being homomorphically encrypted; learning in the encrypted domain, from the learning database, the parameters of a reference CNN including a non-linear layer (POLYNOMIAL) operating an at least two-degree polynomial function approximating an activation function; a batch normalization layer before each non-linear layer (POLYNOMIAL); and transmitting the learnt parameters to the second server, for decryption and use for classification.

Abstract: The present invention relates to a method for electronic signing of a document with a predetermined secret key (x), the method being characterized in that it comprises the implementation of steps of: (a) Drawing a pair formed by a first internal state (s1i) and a white-box implementation (WBi) of a modular arithmetic operation, from among a set of predetermined pairs ({(s1i,WBi)}i?[0,n-1]) each for one nonce (ki), said first internal state (s1i) being a function of the nonce (ki) and said modular arithmetic operation being a function of the first internal state (s1i), of the nonce (ki) and of the secret key (x); (b) Determining a second internal state (s2i) by application of said drawn white-box implementation (WBi) to a condensate of the document obtained via a given hash function; (c) Generating an electronic signature of the document from the first internal state (s1i) of the drawn pair and from the second determined internal state (s2i), and deleting the drawn pair of said set of pairs ({(s1i,WBi)}i?[0

Abstract: A method for encrypting or decrypting a n-tuple of data ({ai}i?[[0,n-1]]) with a n-tuple of secret keys ({ki}i?[[0,n-1]]). The method uses a data-processor to perform the steps of: (a) for each element (ai), determining m>n first internal states ({yij}j?[[0,m-1]]) by application of m first operations, each: represented by a table (Tij), and defined as the combination of a single bijective internal encoding (Gij), of a non-linear sharing function (Di, Ei, Fi . . . ), and of a given non-linear permutation function (ƒ) parameterized with the secret key (ki), and (b) for each n-tuple of first internal states ({yij}i?[[0,n-1]]), determining a second internal state (zj) by application of a second operation: represented by a table (TLj), and defined as the combination of a second single bijective internal encoding (GLj), a linear multiplexing function (L), and the inverses of the first bijective internal encodings (Gij).

Abstract: The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key kr dependent on the secret key, selecting each of a first mask (?br) and a second mask (?br+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key kr? from the first round key kr and the first mask (?br) as follows: kr?=kr?(?br) wherein ? is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key kr? so as to produce two second data, after producing the first masked key kr?, generating a second round key kr+1 dependent on the secret key, calculating a second masked key kr+1? from the second round key kr+1 and the second mask (?br+1) as follows: kr+1?=kr+1?(?br+1), calculating two third data Lrbr+1, Rrbr+1 as follows: Rrbr+1=Rrbr?(?br?1)?(?br) Lrbr+1=Lrbr?(?br?1)?(?br) and executing a secon

Abstract: The present invention relates to a method for symmetrical encryption or decryption of a data block from a secret key (K), the method comprising steps of: permutation (100) of at least one portion of the secret key (K) by means of a first permutation table (PC1?) so as to produce initial data, execution of several iterations, an iteration comprising steps of: rotation (102) of data dependent on the initial data so as to produce shifted data, permutation (104) of the shifted data by means of a second permutation table (PC2?) so as to produce a round key, execution of a plurality of encryption rounds (200) from the data block, an encryption round (200) using one of the round keys, generation of at least one of the permutation tables (PC1?, PC2?), the generation comprising determination of at least one function (F, G) variable from one encryption or decryption to another, composition of said function (F, G) with a predetermined permutation table (PC1, PC2), application of the inverse of said function (F,

Abstract: The present invention relates to a method for generating an electronic signature of a document associated with a condensate obtained by a given hash function comprising performing by data-processing means (11b) of a server (10b) of steps of: (a) Receiving said condensate and a zero-knowledge proof of the fact that said condensate is indeed the result of application of said given hash function to said document; (b) Verifying that said zero-knowledge proof is valid; (c) Generating an electronic signature of the document from said condensate.

Abstract: The present invention relates to a method for digital signing of a document using a predetermined secret key (x), comprising steps of: (a) determination of an initial internal state (s0) by application to a condensate of the document of a first white box implementation (WB0) of: generation of a main nonce (k); then a modular sum of the main nonce (k) and of a predetermined constant (K); (b) determination of a first internal state (s1) by application to the initial internal state (s0) of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant (K); (c) determination of a second internal state (s2) by application to said condensate of a second white box implementation (WBs2) of: generation of the main nonce (k); and a second modular arithmetic operation function of the first internal state (s1), of the main signature nonce (k) and of the secret key (x); (d) generation of a digital signature of the document from the first internal state (s1) and t

Abstract: The present invention relates to a method for electronic signing of a document with a predetermined secret key (x), the method being characterized in that it comprises the implementation of steps of: (a) Drawing a pair formed by a first internal state (s1i) and a white-box implementation (WBi) of a modular arithmetic operation, from among a set of predetermined pairs ({(s1i,WBi)}i?[0,n-1]) each for one nonce (ki), said first internal state (s1i) being a function of the nonce (ki) and said modular arithmetic operation being a function of the first internal state (s1i), of the nonce (ki) and of the secret key (x); (b) Determining a second internal state (s2i) by application of said drawn white-box implementation (WBi) to a condensate of the document obtained via a given hash function; (c) Generating an electronic signature of the document from the first internal state (s1i) of the drawn pair and from the second determined internal state (s2i), and deleting the drawn pair of said set of pairs ({(s1i,WBi)}i?[0

Abstract: The present invention relates to a method for encrypting or decrypting a n-tuple of data with a n-tuple of secret keys , the method being characterized in that it comprises data-processing means (11a) of equipment (10a) implementing steps of: (a) For each element (ai), determination of m>n first internal states by application of m first operations, each being: represented by a stored table (Tij), and defined as the combination of a single bijective internal encoding (Gij), of a non-linear splitting function (Di, Ei, Fi . . . ), and of a given non-linear permutation function (ƒ) parameterized with the secret key (ki) corresponding; (b) For each n-tuple of first internal states , determination of a second internal state (zj) by application of a second operation being: represented by a table (TLj) stored, and defined as the combination of a second single bijective internal encoding (GLj), a linear multiplexing function (L), and the inverses of said first bijective internal encodings (Gij).

Abstract: The present invention relates to a method for generating an electronic signature of a document associated with a condensate obtained by a given hash function comprising performing by data-processing means (11b) of a server (10b) of steps of: (a) Receiving said condensate and a zero-knowledge proof of the fact that said condensate is indeed the result of application of said given hash function to said document; (b) Verifying that said zero-knowledge proof is valid; (c) Generating an electronic signature of the document from said condensate.

Abstract: A method for secure learning of parameters of a convolution neural network, CNN, for data classification includes the implementation, by data processing of a first server, including receiving from a second server a base of already classified learning data, the learning data being homomorphically encrypted; learning in the encrypted domain, from the learning database, the parameters of a reference CNN including a non-linear layer (POLYNOMIAL) operating an at least two-degree polynomial function approximating an activation function; a batch normalization layer before each non-linear layer (POLYNOMIAL); and transmitting the learnt parameters to the second server, for decryption and use for classification.

Abstract: The present invention relates to a method for symmetrical encryption or decryption of a data block from a secret key (K), the method comprising steps of: permutation (100) of at least one portion of the secret key (K) by means of a first permutation table (PC1?) so as to produce initial data, execution of several iterations, an iteration comprising steps of: rotation (102) of data dependent on the initial data so as to produce shifted data, permutation (104) of the shifted data by means of a second permutation table (PC2?) so as to produce a round key, execution of a plurality of encryption rounds (200) from the data block, an encryption round (200) using one of the round keys, generation of at least one of the permutation tables (PC1?, PC2?), the generation comprising determination of at least one function (F, G) variable from one encryption or decryption to another, composition of said function (F, G) with a predetermined permutation table (PC1, PC2), application of the inverse of said function (F,

Abstract: The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key kr dependent on the secret key, selecting each of a first mask (?br) and a second mask (?br+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key kr? from the first round key kr and the first mask (?br) as follows: k?=kr?(?br) wherein ? is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key kr? so as to produce two second data, after producing the first masked key kr?, generating a second round key kr+i dependent on the secret key, calculating a second masked key kr+1? from the second round key kr+i and the second mask (?br+1) as follows: kr+1? =kr+1 ED (?br+1), calculating two third data Lrbr+1, Rrbr+1 as follows: Rrbr+1=Rrbr?(?br?1)?(?br) Lrbr+1=Lrbr?(?br?1)?(?br) and executing

Abstract: A method for determining a representation of a product of a first element and a second element is disclosed comprising, picking a random value for each pair of a first integer between 1 and d and a second integer greater than the first integer, adding the random value to the product of a first value and a second value, and adding the result of the first addition and the product of the first value and the second value. Then summing, for each integer between 1 and d, a product of the first and second values associated with the integer, the random values associated with the pairs of which the first integer is the integer concerned, and the values obtained for the pairs of which the second integer is the integer concerned.

Abstract: A method of cryptographic processing of data (X), in particular a method protected against fault injection attacks, and an associated device. The processing includes at least one transformation (100, 1001-1006) of an input data item (s) into a result data item (s?). In this case the method includes a step (E204) of verifying the transformation including the following steps: obtaining (E206) a first data item (DV(s?)) that is compressed by applying a compression operation (110, MDV, ADV) to the result data item (s?); obtaining (E208) a second compressed data item (DV(s)) that is compressed by applying the compression operation (110, MDV, ADV) to the input data item (s); determining (E210) a verification data item (DV(s)?) by applying the transformation (100, 1001-1006) to the second compressed data item (DV(s)) and; comparing (E212) the verification data item and the first compressed data item.

Abstract: A method for evaluating a function of a finite field of characteristic p into itself, for an element x of the field, uses an evaluation, for the element x, of a polynomial formed by a plurality of monomials. The evaluation of the polynomial includes the following steps: determining monomials the degree of which is an integer power of the characteristic p by successive raisings of the element x to the power p; and determining monomials the degree of which is different from an integer power of the characteristic p on the basis of the determined monomials, the degree of which is an integer power of the characteristic p, and by at least one multiplication. An evaluating device is also provided.

Abstract: A method for creating a group signature of a message to be implemented by a member of a group in a system, the system including a trust authority, the group including at least the member provided with a secure portable electronic entity including storage elements and computing elements wherein are implanted a cryptographic algorithm. The method includes the following steps: generating via the computing elements a signature of the message using a private key common to the members of the group and integrating a data identifying the group member and a temporal data representing a temporal information of the member's membership to the group and of the date of the signature of the message, the private key common to the members of the group, the identifying data and the temporal data being stored in the storage elements.

Abstract: A method of executing an algorithm includes protecting an electronic device by affine masking. The electronic device executes operations on secret variables x, the secret variables x being binary vectors of a given size N other than zero. The method further includes replacing the secret variables x using an affine masking operation, by the following affine function: m(x)=R.x+r, where R is a random invertible binary matrix with N rows and N columns and r is a random binary vector of size N.

Abstract: A method for data cryptographic processing, that is implemented by an electronic entity and includes the conversion of input data (M?i?1), masked by an input mask (X), into output data, the conversion using a conversion table (S), and the method including the following steps: for at least one plurality of possible values (A) for the input mask (X), transferring the output value of the conversion table (S) corresponding to the masked input data (M?i?1) converted by the application of an unmasking operation using the possible value (A), into a table (T) at a position corresponding to a determined value (0) masked by the input mask (X) and converted by the application of an unmasking operation using the possible value (A); determining the output data using the value located in the table (T) at the position corresponding to the determined value (0).