Abstract: A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.

Abstract: This invention describes a method for evaluating a polynomial in an extension field Fqm, wherein the method comprises the steps of partitioning the polynomial into a plurality of parts, each part is comprised of smaller polynomials using a q-th power operation in a field of characteristic q; and computing for each part components of qth powers from components of smaller powers. A further embodiment of the invention provides for a method of converting a field element represented in terms of a first basis to its representation in a second basis, comprising the steps of partitioning a polynomial, being a polynomial in the second basis, into a plurality of parts, wherein each part is comprised of smaller polynomials using a qth power operation in a field of characteristic q; evaluating the polynomial at a root thereof by computing for each part components of qth powers from components of smaller powers; and evaluating the field element at the root of the polynomial.

Abstract: This invention describes a method for evaluating a polynomial in an extension field FqM, wherein the method comprises the steps of partitioning the polynomial into a plurality of parts, each part is comprised of smaller polynomials using a q?th power operation in a field of characteristic q; and computing for each part components of q?th powers from components of smaller powers. A further embodiment of the invention provides for a method of converting a field element represented in terms of a first basis to its representation in a second basis, comprising the steps of partitioning a polynomial, being a polynomial in the second basis, into a plurality of parts, wherein each part is comprised of smaller polynomials using a q?th power operation in a field of characteristic q; evaluating the polynomial at a root thereof by computing for each part components of q?th powers from components of smaller powers; and evaluating the field element at the root of the polynomial.

Abstract: This invention relates to a system for forming a composite from a cyanoacrylate composition and a filler within depressions, holes, cracks or spaces in a substrate. The system also allows for the placement of a cantilevered member in the filled depression, hole, crack or space in the substrate to support a load when the cyanoacrylate has cured.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism ?, where ?(Q)=?·Q for all points Q(x,y) on the elliptic curve; and using smaller representations ki of the scalar k in combination with the mapping y to compute the scalar multiple of the elliptic curve point Q.

Abstract: A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion.

Abstract: A signature scheme is provided in which a message is divided into a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion.

Abstract: A method of masking a cryptographic operation using a secret value, comprising the steps of dividing the secret value into a plurality of parts; combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and utilizing each of the individual parts in the operation.

Abstract: A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: A system and method configured for applying Montgomery style reduction directly to negative quantities as well as positive values, producing the new form which does not require conditional operations to move values into the positive range. The low-order components of the resulting product, or partially completed product, can be reduced either by the addition of multiples of the modulus, as is usual in the standard Montgomery multiplication which accepts positive values, or by subtracting multiples of the modulus, which of course depends on the actual computation. Signed versions of the Montgomery values in a Montgomery computation are used to avoid the conditional addition and subtraction that can leak information, for example, using a two's complement representation.

Abstract: A method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method masks a cryptographic operation using a generator G. A secret value, which may be combined with the generator G to form a secret generator is generated. The secret value is divided into a plurality of parts. A random value is generated for association with the plurality of parts. Each of the plurality of parts is combined with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value. Each of the new values is used in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation. The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks.

Abstract: A method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method masks a cryptographic operation using a generator G. A secret value, which may be combined with the generator G to form a secret generator is generated. The secret value is divided into a plurality of parts. A random value is generated for association with the plurality of parts. Each of the plurality of parts is combined with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value. Each of the new values is used in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation. The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks.

Abstract: A system and method are provided enabling implicit redundancies such as constant differences and points that should be on the same curve, to be checked at the beginning, end and intermittently throughout the computation to thwart fault injection attacks. This can be implemented by checking the constant difference in point pairs during point multiplication, by checking constant scalings in exponentiation pairs, and by checking that any intermediate point is on the curve and/or in the correct subgroup of the curve.

Abstract: In general terms, the invention provides a finite field engine and methods for operating on elements in a finite field. The finite field engine provides finite field sub-engines suitable for any finite field size requiring a fixed number of machine words. The engine reuses these engines, along with some general purpose component or specific component providing modular reduction associated with the exact reduction (polynomial or prime) of a specific finite field. The engine has wordsized suitable code capable of adding, subtracting, multiplying, squaring, or inverting finite field elements, as long as the elements are representable in no more than the given number of words. The wordsized code produces unreduced values. Specific reduction is then applied to the unreduced value, as is suitable for the specific finite field. In this way, fast engines can be produced for many specific finite fields, without duplicating the bulk of the engine instructions (program).

Abstract: A nozzle assembly (3, 20) with a re-useable break off cap (20) for dispensing a product from a container (1). On a dispensing end (5) of the nozzle (3) a break-off cap (20) is integrally formed thereon and closes off the dispensing end (5) of the nozzle (3). The break-off cap (20) is removable by breaking a frangible connection (22) between the nozzle (3) and the break-off cap (20). Removing the break-off cap opens the dispensing end (5) of the nozzle (3) thereby allowing product to be dispensed through the nozzle (3). The break-off cap (20) removed from the nozzle (3) can then be re-engaged with the nozzle (3) to close off the dispensing end (5) thereby preventing further product from being dispensed. The cap can be attached to or removed from the nozzle (3) as often as a user requires. Packaging which includes a tray (111) or pouch into which the nozzle assembly (3, 20) and container (1) can be inserted.

Abstract: A nozzle assembly (3, 20) with a reusable break-off cap (20) for dispensing a product from a container (1). On a dispensing end (5) of the nozzle (3) a break-off cap (20) is integrally formed thereon and closes off the dispensing end (5) of the nozzle (3). The break-off cap (20) is removable by breaking a frangible connection (22) between the nozzle (3) and the break-off cap (20). Removing the break-off cap opens the dispensing end (5) of the nozzle (3) thereby allowing product to be dispensed through the nozzle (3). The break-off cap (20) removed from the nozzle (3) can then be re-engaged with the nozzle (3) to close off the dispensing end (5) thereby preventing further product from being dispensed. The cap can be attached to or removed from the nozzle (3) as often as a user requires.

Abstract: The applicants have recognized an alternate method of performing modular reduction that admits precomputation. The precomputation is enabled by approximating the inverse of the truncator T, which does not depend on the scalar. The applicants have also recognized that the representation of a scalar in a ?-adic representation may be optimized for each scalar that is needed. The applicants have further recognized that a standard rounding algorithm may be used to perform reduction modulo the truncator. In general terms, there is provided a method of reducing a scalar modulo a truncator, by pre-computing an inverse of the truncator. Each scalar multiplication then utilizes the pre-computed inverse to enable computation of the scalar multiplication without requiring a division by the truncator for each scalar multiplication.