Abstract: Methods, systems, and computer programs for using hybrid encryption schemes are disclosed. In some implementations, a random value is obtained by a pseudorandom generator. A symmetric key is generated based on the random value. A public component is also generated based on the random value. Additionally, an initialization vector is generated based on the random value. The symmetric key and the initialization vector are used to generate an encrypted message based on an input message. The encrypted message and the public component are transmitted to an entity. At least one of the public component or the symmetric key is generated based additionally on a public key of the entity.

Abstract: Methods, systems, and computer programs for using an implicit certificate are disclosed. In some aspects, a message and an implicit certificate are accessed. The implicit certificate is associated with an entity. A modified message is generated by combining the message with a value based on the implicit certificate. A digital signature can be generated based on the modified message and transmitted to a recipient. In some aspects, a digital signature from an entity and a message to be verified based on the digital signature are accessed. An implicit certificate associated with the entity is accessed. A modified message is generated by combining the message with a value based on the implicit certificate. The message is verified based on the digital signature and the modified message.

Abstract: Methods, systems, and computer programs for using an implicit certificate are described. In some aspects, an implicit certificate is accessed. The implicit certificate is associated with an entity and generated by a certificate authority. The implicit certificate includes a public key reconstruction value of the entity. Certificate authority public key information is accessed. The certificate authority public key information is associated with the certificate authority that issued the implicit certificate. A first value is generated based on evaluating a hash function. The hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity. A public key value of the entity can be generated or otherwise used based on the first value.

Abstract: Methods, systems, and computer programs for generating random values for encryption operations are described. In some examples, information from a message to be encrypted can be used to refresh the state of a pseudorandom generator. In some aspects, a state parameter of the pseudorandom generator is modified based on information in the message. Modifying the state parameter changes the state parameter from a prior state to a refreshed state based on the information in the message. A random output value is obtained by the pseudorandom generator in the refreshed state. The message is encrypted based on the random output value.

Abstract: Methods, systems, and computer programs for validating a batch of implicit certificates are described. Data for a batch of implicit certificates are received and validated. In some aspect, the data include key-pair-validation values that can be used to validate the public and private keys for each implicit certificate. For example, the key-pair-validation values can include a private key, a public key reconstruction value, a public key of the certificate authority, and a hash of the implicit certificate. The key-pair-validation values are either valid or invalid according to a key-pair-validation function. In some cases, modification values are obtained independent of the key-pair-validation values, and the modification values are combined with the key-pair-validation values in a batch-validation function. The batch-validation function is evaluated for the batch of implicit certificates.

Abstract: A system and method enabling a recipient correspondent of a keyed PV signature to convert it to a signature with properties similar to a traditional signature (i.e., where the message is public and may be verified by anyone), removing the keyed aspect of the signature. The recipient correspondent may transfer the converted signature to a third party and provide the third party with a proof of knowledge such that the third party may be convinced that the originator of the signature signed the message.

Abstract: A method of securely communicating a message for a financial transaction from a first correspondent to one or more recipients. The method comprises dividing the message into at least two portions. Each portion is intended for a recipient. Each portion intended for receipt by one of the recipients is encrypted with that recipient's public key. The message is signed and transmitted to one of the recipients to enable the recipient to verify the message and further transmit the message to a further recipient.

Abstract: Methods, systems, and computer programs for issuing an implicit certificate are disclosed. In some implementations, a certificate authority of an elliptic curve cryptography (ECC) system performs one or more operations for issuing the implicit certificate. A certificate request associated with a requester is received, and the certificate request includes a first element RU in a group. In response to receiving the request, a second element PU in the group is generated based on the first element RU. An implicit certificate CertU is generated based on the second element PU. Whether the public key QU of the requester corresponds to a trivial public key, such as an identity element of the group, can be determined. For example, the certificate authority can compute the public key QU of the requester based on the first element PU, the implicit certificate CertU, and a public key QCA of the certificate authority.

Abstract: A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed.

Abstract: A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed.