Abstract: Disclosed are a system and method for calculating elliptic curve cryptography scalar multiplication using an FPGA (Field Programmable Gate Array), the system and method scheduling calculation, which is used in a Montgomery ladder Algorithm, and enabling efficient calculation through an improved modular arithmetic calculation method. The system for calculating elliptic curve cryptography (ECC) scalar multiplication using an FPGA includes: a scheduler implementing Montgomery ladder step calculation in a pipeline structure; a pipeline modular adder/subtractor implementing n-bit modular addition in a d-stage pipeline structure; and a modular multiplier implementing n-bit modular multiplication in a 10-stage pipeline structure up to maximum 256 bits.

Abstract: A computer-implemented method and a system provide a complete traceability of changes incurred in a security policy corresponding to a resource. A policy tracing engine (PTE) monitors and determines events of interest occurring at the resource. The PTE determines administrator-initiated intent-based changes and dynamic event-based changes incurred in the security policy and assigns a unique policy identifier (UPI) to the security policy. The UPI is a combination of unique identifiers assigned to the intent-based change and the event-based change. The PTE recomputes and stores the security policy and the UP in a policy database. The PTE receives network access information including the UPI from the corresponding resource deployed with the security policy. The PTE generates a traceability report that provides a complete traceability of each policy action performed in a networked environment to a source of each change incurred in the security policy as identified by the UPI.

Abstract: A device is provided comprising a first memory for storing a first key, a second memory for storing a second key, the device being capable of conducting a first cryptographic algorithm, wherein the first cryptographic algorithm uses the first key, the device being capable of conducting a second cryptographic algorithm, wherein the second cryptographic algorithm uses the second key, and a selection unit, which is programmable to use either the first cryptographic algorithm or the second cryptographic algorithm. Also, a method for operating such device is provided.

Abstract: Spending digital currency without owning digital currency may be facilitated. The user may use a software application running on the user's computing platform to scan a digital currency public address quick-response code (QR), or a near-field-communication (NFC) based public address. The user may be prompted to swipe-to-authenticate the transaction. The user may authenticate the transaction by fingerprint-swiping a biometric-enabled transitory password authentication device. The biometric-enabled transitory password authentication device may transmit an encrypted transitory password a server via the user's computing platform. Upon receiving and verifying the transaction, the server may send an amount of digital currency to the target address on behalf of the user. The server may charge the user's debit card an equivalent amount of sovereign currency.

Abstract: Provided is a pre-calculation device capable of keeping a secret against malicious behaviors of participants while keeping a processing load small. A Beaver triple generation processor generates a secret-shared Beaver triple formed of two secret-shared random numbers and a secret-shared value of a product of the two random numbers. A Beaver triple random inspection processor randomly selects a secret-shared Beaver triple, restores the Beaver triple through communication to and from other pre-calculation devices, and confirms that a product of first two elements is equal to a third element. The Beaver triple position stirring processor randomly replaces Beaver triples that have not been restored, to generate replaced secret-shared Beaver triples.

Abstract: A system includes a data storage device containing encrypted data to be decrypted, and a VZ storage device containing a key material for decrypting data, wherein the VZ storage device decrypts the encrypted data by consuming a portion of the key material and stores the decrypted data in the consumed portion of the key material.

Abstract: Example embodiments of systems and methods for data transmission between a contactless card and a client application are provided. A card key may be generated using a master key and identification number. A first and second session key may be generated using the card key and portions of the. A cryptographic result including the counter may be generated using one or more cryptographic algorithms and the card key. A cryptogram may be generated using the first session key and encrypted using the second session key. The application may be transmit one or more messages to the first applet of the contactless card. The first applet may be configured to establish one or more communication paths to the second applet based on receipt of the one or more messages from the client device. The second applet may be deactivated by the first applet via the one or more communication paths.

Abstract: A key distribution method based on broadband physical random sources includes: utilizing a driving semiconductor laser to generate an optical signal, passing the optical signal through a phase modulator driven by a random signal and then equally dividing the phase-modulated optical signal into two identical paths, injecting the two identical paths into slave semiconductor lasers at both communication parties Alice and Bob's sides, respectively, to generate initial synchronized signals, using the generated initial synchronized signals as driving signals to phase-modulate optical signals generated by continuous-wave (CW) light sources, and inputting the modulated optical signals to dispersion modules; wherein after the modulated CW optical signals pass through the dispersion modules, two synchronized broadband noise-like random signals are generated, and then high-speed synchronized keys are generated by a post-processing method.

Abstract: A method of enhancing travel security features associated with a mobile device is provided. The method may include operating a time clock to store a start device confiscation time in a memory and to store an end device confiscation time in the memory, monitoring the mobile device to detect tampering occurring between the start device confiscation time and the end device confiscation time, and in response to the detecting of tampering, prompting the user for a secure identifier. Upon receipt of the secure identifier, the method may include opening a secure i/o pathway to a re-image file. The secure i/o pathway preferably enables execution of an executable re-image file. The re-image file may be used to re-image a software image of the mobile device. The re-image file may contain a pre-tampered image of the mobile device.

Abstract: An authentication system handles authentication requests to apply introspection and policy enforcement. A policy server obtains a client security policy and an authenticator security policy. The policy server obtains an encrypted credential request with client metadata from a client and determines whether the client metadata satisfies the client security policy. The policy server provides the encrypted credential request to an authenticator device and obtains an encrypted credential response with authenticator metadata in response. The policy server determines whether the authenticator metadata satisfies the authenticator security policy. The policy server processes the encrypted credential response, without decrypting the encrypted credential request or the encrypted credential response, based on a determination of whether the client metadata satisfies the client security policy and the authenticator metadata satisfies the authenticator security policy.

Abstract: Systems and methods for selecting cryptographic settings based on computing device location are disclosed. According to an aspect, a method includes determining a location of a client of a server. The method also includes selecting, at the server and based on the location of the client, one of several different cryptographic settings for communication with the client or data management. The method may also include implementing, at the server, the selected cryptographic setting.

Abstract: Various embodiments relate to a method and apparatus for policy-hiding on ciphertext-policy attribute based encryption, the method including the steps of categorizing each of a plurality of attributes into a plurality of groups where each of the plurality of groups has a group attribute, inputting a policy and a message into an encryption algorithm and outputting a ciphertext; and encrypting an AND subtree in the policy and outputting a sub-cipher.

Abstract: A quantum key distribution (QKD) node apparatus and a QKD method therein. The QKD node apparatus may include a QKD module for generating quantum keys and quantum key IDs, a quantum key synchronization management module for storing the quantum keys and the quantum key IDs as outbound and inbound quantum keys in a distributed manner and sharing the outbound and inbound quantum keys with a second QKD node apparatus, and a quantum key orchestration module for delivering a master key and a master key ID to a secure application connected therewith in response to a request for the master key with the ID of a second secure application and delivering a packet including the master key encrypted with the outbound quantum key shared with the second QKD node apparatus, the master key ID, and a quantum key ID, to the second QKD node apparatus.

Abstract: The present disclosure provides a method and system for performing an SSL Handshake. In the method, during an SSL handshake with a target terminal, a target CDN node determines a target service server accessed by the target terminal and obtains information to be processed by a private key; the target CDN node sends a private key processing request to a private key server corresponding to the target service server, the private key processing request carries the information to be processed and target private key processing type information; the private key server processes the information to be processed based on the target private key processing type information and a private key of the target service server and sends a processing result to the target CDN node so that the target CDN node may continue to perform the SSL handshake with the target terminal according to the processing result.

Abstract: Embodiments are described for generating, by the processor, a first event record in response to an event being performed by the computer and generating, by the processor, a first tamper resistance record in response to the first event record being generated. The first tamper resistance record includes a first signature is created based at least in part on the first event record and a second signature is created based at least in part on the first event record. Aspects also includes validating the first event record based on the first signature and the second signature in the first tamper resistance record in response to a request to detect tampering of the first event record.

Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes determining a first cryptographic algorithm utilized in a first block of a first blockchain. The first block of the first blockchain has a first unique block identifier. A second cryptographic algorithm utilized in a second block of the first blockchain is determined. The second block of the first blockchain having a second unique block identifier. A first cryptographic algorithm status transition (“CAST”) event is defined if the second cryptographic algorithm is different than the first cryptographic algorithm. A first CAST record is defined upon occurrence of the first CAST event. The first CAST record includes the second cryptographic algorithm and the second unique block identifier. The first CAST record is digitally signed and stored on a second blockchain. The second blockchain may be referenced out-of-band of the first blockchain.

Abstract: A secure computation system calculates concealed text of a difference x?r from concealed text by using concealed text and generates concealed text and of an integer portion e and a decimal fraction portion f (0?f<1) of the difference x?r from the concealed text; reconstructs the decimal fraction portion f from the concealed text; generates, from the decimal fraction portion f and the concealed text, concealed text of a left shift value y obtained by shifting 2f, which is 2 raised to the power f which is the decimal fraction portion f, to the left by e bit; and calculates, as concealed text, concealed text of a value 2r×y obtained by multiplying 2r, which is a power of 2, by the left shift value y from the concealed text by using the concealed text.

Abstract: Federated messaging for quantum systems through teleportation is disclosed. In one example, a first routing service of a first quantum computing device receives a routing request comprising a payload qubit and an identifier of a destination service of a second quantum computing device. The first routing service identifies a routing entry of a routing table corresponding to the destination service. A first teleporting service of the first quantum computing device is identified based on the routing entry, the first teleporting service being associated with a first qubit entangled with a second qubit of a second teleporting service of the second quantum computing device. The first routing service routes the routing request to the first teleporting service, which generates quantum state data for the payload qubit using the payload qubit and the first qubit. The quantum state data is then sent to the second teleporting service via a communications network.

Abstract: Systems and methods for secure communication between devices where one device has a physical unclonable function (“PUF”) array of PUF devices and another device stores data representing characteristics of the PUF array include encryption schemes using repeated application of one-way cryptographic functions to message segments. The devices transmit or receive a processing instruction used to determined PUF devices whose measured characteristics are used to derive encryption keys. Messages are segmented and message information is securely transmitted by repeatedly application of a suitable one-way cryptographic function to each message segment where the number of applications of the function is determined by each message segment.

Abstract: Examples disclosed herein relate to symmetrically encrypting a master passphrase key. In one implementation, a computing system includes a machine-readable storage medium to store a symmetrically encrypted master passphrase key, an encrypted version of a first passphrase key associated with a second machine-readable storage medium encrypted using the master passphrase key, and an encrypted version of a second passphrase key associated with a third machine-readable storage medium encrypted using the passphrase key. A processing resource may symmetrically encrypt the master passphrase key using an encryption key derived from authentication information and/or decrypt the stored master passphrase key using a decryption key derived from the authentication information.

Abstract: Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.

Abstract: According to one embodiment, a memory system stores a part of a logical-to-physical address translation table stored in a nonvolatile memory, as a first cache, in a random-access memory, and stores a compressed logical-to-physical address translation table obtained by compressing the logical-to-physical address translation table, as a second cache, in the random-access memory. The memory system stores first information indicative of a part of a first address translation data, in a first area of a first entry of the second cache where first compressed address translation data is stored. When executing processing of checking a part of the first address translation data, the memory system refers to the first information stored in the first entry of the second cache.

Abstract: A data accessing method using data protection with aid of an Advanced Encryption Standard (AES) processing circuit, and associated apparatus such as memory device, memory controller, and the AES processing circuit are provided. The data accessing method includes: utilizing the memory controller to start receiving first protected data corresponding to a read request from predetermined storage space; utilizing the AES processing circuit to start performing decryption processing on the first protected data to obtain decrypted data; utilizing the AES processing circuit to start performing encryption processing on other data to obtain encrypted data to be second protected data corresponding to a write request; and utilizing the memory controller to start sending the second protected data to the predetermined storage space, for storing the second protected data into the predetermined storage space. The AES processing circuit can perform encryption and decryption simultaneously.

Abstract: A distributed storage system, such as a distributed storage system in a virtualized computing environment, stores data in storage nodes as immutable key-value entries. A coordinator storage node creates a key-value entry and attempts to store the key-value entry in the coordinator storage node and in neighbor storage nodes. If the storage of the key-value entry in the in the coordinator storage node and in the neighbor storage node is successful, the coordinator storage node pushes the key-value entry to other storage nodes in the distributed storage system for storage as replicas.

Abstract: Instantaneous key invalidation in response to a detected eavesdropper. A quantum computing system that includes a plurality of qubits and a quantum channel uses a quantum key distribution protocol to generate a key. The quantum computing system determines that an eavesdropper has eavesdropped on the quantum channel. In response to determining that the eavesdropper has eavesdropped on the quantum channel, the quantum computing system sends a key-revocation message to a designated destination.

Abstract: A method for communicating data from a sensor device to an Electronic Control Unit using a single-wire bi-directional communication protocol includes providing a first key of the Electronic Control Unit to the sensor device, encrypting sensor data of the sensor device using the first key to determine encrypted data, and transmitting the encrypted data from the sensor device to the Electronic Control Unit.

Abstract: The invention relates to client-side credential control to allow remote access to a second device by a first device, including: storing a private key of a key pair in a secure storage device of a first device, generating data related to a command executable by the second device, checking in the secure storage device, whether the data corresponds to at least one user credential related to the command executable by the second device stored in the secure storage device, signing a data block derived from the data using the private key, and transmitting a data packet generated from the data block to a gateway of the second device.

Abstract: This application describes systems and methods for using a garbled circuit and a physical unclonable function (PUF) value to authenticate a device. During enrollment, the device and at least one computer collaboratively construct multiple garbled circuits corresponding to bits of an enrollment PUF value generated by PUF circuitry coupled to the device. During authentication, the device and at least one computer evaluate the multiple garbled circuits using an authentication PUF value. Using the results of this evaluation, the at least one computer compares the enrollment PUF value with the authentication PUF value and determines a distance between them. The at least one computer may authenticate the device when the calculated distance is less than a threshold value.

Abstract: The invention relates to a Quantum Key Distribution system comprising a transmitter 300 and a receiver 400 for exchanging a quantum key via a quantum channel 600 through a decoy-state three state protocol wherein the transmitter comprises a transmitter processing unit 340 adapted to use random numbers from a quantum random generator to select a quantum state to encode from different states of intensity and basis, a Pulsed light source 310 adapted to generate an optical pulse, a time-bin interferometer 320 through which the generated optical pulse passes and which transforms generated optical pulse into two coherent pulses separated by the time bin duration, a single intensity modulator 360 adapted to change the intensity of the two pulses individually according to the choice made by the transmitter processing unit 340, and a variable optical attenuator 370 adapted to reduce the overall signal intensity to the optimum photon number per pulse.

Abstract: Techniques are provided to implement a key management service using key proxies and generational indexes, which allows client applications to obtain data cryptographic services without having to utilize or otherwise have knowledge of cryptographic keys. For example, a key management service receives a data decryption request from a client application. The data decryption request includes encrypted data and a key proxy assigned to the client application. The key management service determines a generational index associated with the encrypted data. The generational index identifies a generation of a cryptographic key which is associated with the key proxy and which was used to create the encrypted data. The key management service obtains a cryptographic key from a secure key vault, which is mapped to the received key proxy and the determined generational index, decrypts the encrypted data using the obtained cryptographic key, and sends the decrypted data to the client application.

Abstract: Systems and methods to retrieve, encrypt, and transmit control area network (CAN), event data recorder (EDR), engine control unit (ECU) and onboard diagnostics (OBD) data from vehicles such as automobiles and airplanes etc. is disclosed. The invention having, but not limited to, several main parts: a first part being a microcontroller having onboard memory, a second part being a connector that interfaces with a vehicle's existing CAN, EDR, ECU and OBD data, a third part being onboard software that encrypts said data to a blockchain within a vehicle, and a fourth part being multiple, wireless transmitters that send blockchain information to a cloud network. An object of the invention is to leverage and decentralize valuable telematic, CAN, EDR, ECU and OBD vehicle data for an array of stakeholders including dealers, insurers and consumers in a secure manner through the latest cryptography software.

Abstract: Example implementations relate to a computing system with a memory resource, a processing resource, and associated with a screen reader providing an audio presentation based on assigning non-positive index values to input sources. In some examples, a first index value is assigned to a first input source of a first panel of a graphical user interface (GUI). Responsive to an action event being received corresponding to the first input source, a second panel is generated. Responsive to the second panel being generated, a second input source of the second panel is generated. A second index value is assigned to the first input source when the second panel is generated, the first index value being not equal to the second index value, and the second index value being a non-positive value.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters. An order indicator data indicative of the order of the received data is generated. The received data is anonymized to derive an anonymized data. The anonymized data and the order indicator data is transmitted to the destination computer over a network. In one embodiment, a portion of the anonymized data is selected as a search ID. A cross reference between a search key indicative of a portion of the received data and the corresponding search ID is stored.

Abstract: A targeted, topic-based encryption in a publish-subscribe message queue. Topic-based encryption driven by encryption policies for both storing and receiving messages uses activity tracking and logging to ensure confidentiality of certain topics associated with stored encrypted messages. Authentication of both publisher and consumer ensure encryption and decryption keys are used in confidence.

Abstract: Methods and apparatus for secure registration to enable transactions between a first user and a vendor that is facilitated by a payment server are disclosed. The method may comprise storing a form soliciting customer information including a plurality of fields, wherein at least one of the plurality of fields is associated with an attribute. The method including receiving a copy of the form including customer data in all of the plurality of fields and transmitting a first subset of the customer data based on the attribute associated with the first subset of the customer data. The method including receiving a token in response to the transmission of the first subset of customer data and transmitting the token and a second subset of the customer data, wherein the second subset is based on the attribute associated with the second subset of customer data.

Abstract: The present application provides a method and a device for synchronizing a high-speed quantum key generation system, wherein the method comprises: a sender aligns first light pulse of signal light with that of synchronization light, and controls the signal light not to emit light during N consecutive periods within each period Tt of the synchronization light; a receiver performs time measurement on received signal light pulse, the signal light emits light at the remaining corresponding positions except the N consecutive non-emitting positions in each period Tt, the emitting positions can join the statistical process of T1i and T2i, the statistical time is reduced by several orders of magnitude relative to the existing method of only sending single signal light pulse, and the statistical process can be completed in a few hundred milliseconds or even shorter.

Abstract: Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The MAC may be combined with randomized data, and may also be encrypted to further bolster the strength of the code. These elements (shared secret, MAC algorithm, and encryption algorithm) may be employed in various combinations and to varying degrees, depending on the application and desired level of security. At each stage, the cryptographic construct operates on the cyptographically modified data from the previous stage. This layering of cryptographic constructs may increase the strength of the group of contrasts more efficiently than applying any one construct with a larger key size or similar increase in complexity.

Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The responder receives, from the initiator, a security association initialization message to establish a security association with the responder including key material used to generate a key for the security association. The responder receives an authentication message from the initiator to program the responder to establish authentication between the responder and the initiator after establishing the security association. The responder sends an authentication message response to the initiator to establish authentication with the responder in response to the authentication message. The responder sends an authentication done message to the initiator after sending the authentication message response to cause the initiator to activate using the security association and the key to encrypt and decrypt communication between the responder and initiator.

Abstract: Multiple ports of a network device are muxed together to form a single packed ingress interface into a buffer. A multiplexor alternates between the ports in alternating input clock cycles. Extra logic and wiring to provide a separate writer for each port is avoided, since the packed interface and buffer writers operate at higher speeds and/or have more bandwidth than the ports, and are thus able to handle incoming data for all of the ports coupled to the packed ingress interface. A packed ingress interface may also or instead support receiving data for multiple data units (e.g. multiple packets) from a single port in a single clock cycle, thereby reducing the potential to waste bandwidth at the end of data units. The interface may send the ending segments of the first data unit to the buffer. However, the interface may hold back the starting segments of the second data unit in a cache.

Abstract: A method performed by one or more computers includes obtaining a collection order initiated by a user; determining a quantity of payers for the collection order; determining whether the user selects to invoke a one-click friends list, and if so, generating, a one-click friends list corresponding to the quantity of payers, wherein the one-click friends list is determined by collecting and analyzing cumulative behavioral data of the user based on historical collection orders of the user within a predetermined time period; and receiving user input from the user to determine that the one-click friends list matches an actual friends list for the collection order, and in response, initiating collection corresponding to the collection order.

Abstract: A cryptographic system includes a host device and a cryptographic device. For encryption, the host includes an application that is configured to enable a user to compose an unencrypted message on a user interface and transmit the unencrypted message. The cryptographic device is configured to receive the unencrypted message, encrypt the unencrypted message with RCPs on a non-volatile storage to create an encrypted message, and send the encrypted message to the host, which then transmits the encrypted message through a communication channel. For decryption, the host receives an encrypted message through the communication channel and sends it to the cryptographic device. The cryptographic device decrypts the encrypted message with the RCPs and sends the decrypted message back to the host, which presents the decrypted message on a display. The cryptographic device may be configured to destroy RCPs that have been used up.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for obtaining a distributed blockchain encoding automated clearing house (ACH) authorization data associated with one or more prior transactions to provide a local copy of the distributed blockchain, receiving ACH authorization data associated with a first transaction, validating the ACH authorization data associated with the first transaction to obtain validation information corresponding to the first ACH authorization data associated with the first transaction, updating the local copy of the distributed blockchain with the validation information, and broadcasting the validation information to multiple nodes.

Abstract: Disclosed is a method for allocating QKD network resources, which includes the following steps: obtaining a network structure of a QKD network, and constructing a key topology according to distributions condition of quantum key resources in the QKD network; in response to arrival of a service requiring encryption, judging whether the encrypted service is delay sensitive; when the service is delay sensitive, distributing quantum key resources to the service according to the key topology of the QKD network; and when the service is not delay sensitive, distributing quantum key resources to the service according to the network structure of the QKD network. Moreover, the present disclosure also provides a device for allocating QKD network resources and a non-transitory computer-readable storage medium.

Abstract: The subject technology may be implemented by a device that includes at least one processor configured to encrypt a data object based at least in part on an encryption key. The at least one processor may be further configured to sign the encrypted data object with a private key and transmit the signed encrypted data object to a server for retrieval by another device. The at least one processor may be further configured to generate a sharing object corresponding to the data object, wherein the sharing object includes an encryption key and a public key that corresponds to the private key. The at least one processor may be further configured to encrypt the sharing object using a key of the other device and transmit, over a secure channel, the encrypted sharing object to the other device for subsequent retrieval and verification of the signed data object from the server.

Abstract: Systems and methods are described for connecting a user device to a wireless network despite the user device lacking the correct network credentials to access the wireless network. If the user device is unable to connect to a first network due to an incorrect network credential, the user device can automatically connect to a second network to obtain the correct network credentials associated with the first network. The network credentials associated with the first network can enable the user device to then connect and/or reconnect to the first network.

Abstract: A user device may connect to a wireless network despite the user device lacking the correct network credentials to access the wireless network. When the user device is unable to connect to a first network due to an incorrect network credential, the user device may automatically connect to a second network to obtain the correct network credentials associated with the first network. The network credentials associated with the first network may enable the user device to then connect and/or reconnect to the first network.

Abstract: Media, system, and method for providing encryption key management to a channel within a group-based communication system. The contents of the channel is encrypted according to the encryption key management policy of the organization to which the author of the content belongs and is stored in a data store. Responsive to a revocation request from a first organization, the encryption keys associated with any content in the channel submitted by the authors of said first organization may be revoked from a second organization, such that users of the second organization no longer have access to the content.

Abstract: Described is a system for jointly generating a random value amongst a set of servers for secure data sharing. The set of servers initiates a randomness generation protocol where each server in the set of servers selects a randomly generated polynomial and broadcasts a cryptographic hash function of the randomly generated polynomial. Each server sends its value of the cryptographic hash function of the randomly generated polynomial to the set of servers. The randomness generation protocol is used in a multi-party computation protocol to ensure a set of data is securely shared electronically amongst the set of servers via a secure, authenticated broadcast channel.

Abstract: Integrated circuits to compute a result of summing m values, rotating the sum by k bits, and adding a summation of n values Bi to Bn to the rotated sum. An embodiment includes: a first carry save adder to add up the m values to generate a first carry and a first sum; rotator circuitry to rotate both the first carry and the first sum by k bits to generate a second carry and a second sum; a second carry save adder to add up the second carry, the second sum, and the summation of values Bi to Bn to generate a third carry and a third sum; two parallel adders to generate a first intermediate result and a second intermediary result based on the third carry and the third sum; and a multiplexer to generate the result utilizing various portions of the first and second intermediate results.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to receive a request for quantum random numbers from a client device. The processor may be further configured to establish a secure communication channel with the client device; obtain a stream of quantum random numbers from a quantum random number generator appliance; and provide a set of quantum random numbers from the obtained stream of quantum random numbers to the client device via the established secure communication channel.