Abstract: Aspects of the present disclosure involve a method to perform a cryptographic operation using a plurality of iterations, each of the plurality of iterations comprising: loading a first number corresponding to a difference between a first component of a first input working point on an elliptic curve and a first component of a second input working point on the elliptic curve, loading a second number corresponding to a difference between the first component of the first input working point and a first component of a third input working point on the elliptic curve, and determining a third number corresponding to a difference between a first component of a first output working point on the elliptic curve and the first component of the second input working point, wherein determining the third number comprises squaring a product of the first number and a first function of the second number.

Abstract: The present disclosure relates to a method for protecting a first data item applied to a cryptographic algorithm, executed by a processor, wherein said algorithm is a per-round algorithm, with each round processing contents of first, second and third registers, the content of the second register being masked, during first parity rounds, by the content of a fourth register and the content of the third register being masked, during second parity rounds, by the content of a fifth register.

Abstract: Disclosed in the present disclosure is a commutative encryption and watermarking method based on a chaotic system and a zero watermark for vector geospatial data. According to the method, firstly, the vector geospatial data are scrambled and encrypted by using chaotic sequences generated by a composite chaotic system. Then, vector geospatial elements are randomly combined in pairs. A feature matrix is constructed according to the number of vertex coordinates of the vector geospatial elements in combinations, and the parity of the number. Finally, an XOR operation is performed on the feature matrix and the watermark image to construct a zero watermark image, and the zero watermark is constructed through invariant features of the vector geospatial data.

Abstract: Techniques to improve the operation of homomorphic circuits. Systems and methods described herein may improve the operation of a homomorphic circuit by analyzing a circuit to reduce the multiplicative depth of the circuit. Techniques described herein may be utilized to perform linear algebra operations with mixed encoding units, according to a homomorphic encryption scheme.

Abstract: The owner sameness confirmation system determines whether or not the owners of two terminals (200A, 200B) are the same. Authentication station servers (100A, 100B) store electronic certificates issued to the terminals and identity confirmation information of the owners of the terminals in association with each other. The terminal (200B) transmits information obtained by encrypting the identity confirmation information of the owner of the terminal (200B) through homomorphic encryption and the electronic certificate of the partner terminal (200A) to the authentication station server (100A). The authentication station server (100A) transmits response encrypted information including information obtained by encrypting the identity confirmation information of the owner of the terminal (200A) as a response. The terminal (200B) decrypts the response encrypted information and determines the sameness of the owners based on whether or not the decryption result matches a predetermined value.

Abstract: The information processing apparatus comprises a basic operation seed storage part, a reshare value computation part, and a share construction part. The basic operation seed storage part stores a seed for generating a random number used when computation is performed on a share. The reshare value computation part generates a random number using the seed, computes a share reshare value using the generated random number, and transmits data regarding the generated random number to other apparatuses. The share construction part constructs a share for type conversion using the data regarding the generated random number and the share reshare value received from other apparatuses.

Abstract: ML model(s) are created and trained using training data from user(s) to create corresponding trained ML model(s). The training data is in FHE domains, each FHE domain corresponding to an individual one of the user(s). The trained machine learning model(s) are run to perform inferencing using other data from at least one of the user(s). The running of the ML model(s) determines results. The other data is in a corresponding FHE domain of the at least one user. Using at least the results, it is determined which of the following issues is true: the results comprise objectionable material, or at least one of the trained ML model(s) performs prohibited release of information. One or more actions are taken to take to address the issue determined to be true. Methods, apparatus, and computer program product are disclosed.

Abstract: Systems and methods for distributing bootstrapping in homomorphic encryption schemes include: splitting a decryption key into a plurality of n shares; transmitting to each of a plurality of n computer processors: (i) a ciphertext; (ii) a unique share of the plurality of n shares of the decryption key; and (iii) an indication of a publicly available encryption key; receiving, from each of the plurality of n computer processors, n encrypted values; and computing a homomorphic sum of the n encrypted values to obtain an encryption of the sum of n decrypted values, such that bootstrapping of the encryption is distributed.

Abstract: A method for performing an elliptic curve cryptographic process to generate output data based on input data, the elliptic curve cryptographic process based on an elliptic curve over a finite field, wherein the generation of the output data comprises generating, based on a predetermined point V of the elliptic curve and a positive R-bit integer k, a first point of the elliptic curve that is based, at least in part, on the point kV of the elliptic curve, wherein k=?r=0R?1 2rbr and, for each r=0, 1, . . . , R?1, br is the bit value of k at bit position r of k, wherein the method comprises: storing, according to a partition of the R bit positions for k into T groups of bit positions Pt (t=0, 1, . . .

Abstract: An Integrated Montgomery Calculation Engine (IMCE), for multiplying two multiplicands modulo a predefined number, includes a Carry Save Adder (CSA) circuit and control circuitry. The CSA circuit has multiple inputs, and has outputs including a sum output and a carry output. The control circuitry is coupled to the inputs and the outputs of the CSA circuit and is configured to operate the CSA circuit in at least (i) a first setting that calculates a Montgomery precompute value and (ii) a second setting that calculates a Montgomery multiplication of the two multiplicands.

Abstract: The present disclosure provides a system in which a migration operation which is different from a normal registration operation performed on a system is started in one of a terminal before replacement and a terminal after the replacement so that a registration operation performed on the terminal after the replacement is easily completed only by causing a user to consecutively perform an authentication operation on both of the terminals.

Abstract: A method of improving performance of a data processor comprising: in a field of characteristic 2 computing XY by performing a series of: (i) multiplications of two different elements of the field; and (ii) raising an element of the field to a power Z wherein Z is a power of 2; wherein the number of multiplications (i) is at least two less than the number of ones (1s) in the binary representation of Y.

Abstract: Described implementations obtain a proof of valid attestation data. The attestation data may include configuration data of a host computing system. A prover service may receive the attestation data. The prover service may generate a proof to prove that the attestation data includes valid configuration data of the host computer system, without revealing sensitive or private information of the host computing system. The proof may be a zero-knowledge proof.

Abstract: A method for determining a cryptographic key is carried out in a data processing system, and comprises: providing a plaintext and a ciphertext determined from the plaintext using a cryptographic key and a cryptographic procedure which comprises cryptographic operations; for each cryptographic operation of the cryptographic procedure, providing at least one intermediate relation which comprises an intermediate equation and/or an intermediate inequality; determining an optimization problem comprising: the plaintext and the ciphertext; at least one optimization expression assigned to a round of the cryptographic procedure; and optimization variables comprising state variables of the cryptographic procedure and a cryptographic key variable; wherein the at least one optimization expression is determined from the at least one intermediate relation and comprises at least one preceding state variable assigned to a preceding round.

Abstract: The owner sameness confirmation system determines whether or not the owners of two terminals (200A, 200B) are the same. The terminals (200A, 200B) store identity confirmation information stored in association with electronic certificates issued to the terminals by authentication station servers (100A, 100B). The terminal (200A) transmits information obtained by encrypting the identity confirmation information of the owner through homomorphic encryption to the terminal (200B). The terminal (200B) transmits response encrypted information including information obtained by encrypting the identity confirmation information of the owner of the terminal (200B), as a response to the terminal (200A). The terminal (200A) decrypts the response encrypted information and determines the sameness of the owners based on whether or not the decryption result matches a predetermined value.

Abstract: The present invention provides an encryption determining method. The method includes the following steps: receiving a side channel signal; generating a filtered side channel signal by filtering noise within the side channel signal; generating a phasor signal by utilizing a filter to covert the filtered side channel signal; locating the encrypted segment by calculating a periodicity of the phasor signal utilizing a standard deviation window; extracting at least one encrypted characteristic from the encrypted segment; and generating an encryption analytic result by recognizing the at least one encrypted characteristic according to a characteristic recognition model; wherein the encryption analytic result includes a position of the encrypted segment within the side channel signal, and an encryption type corresponding to the side channel signal. The present invention is able to automatically and efficiently locate the encryption segment and analyze the encryption type corresponding to the side channel signal.

Abstract: The owner sameness confirmation system determines whether or not the owners of two terminals (200A, 200B) are the same. Authentication station servers (100A, 100B) store electronic certificates issued to the terminals and identity confirmation information of the owners of the terminals in association with each other. The authentication station server (100A) transmits information obtained by encrypting the identity confirmation information of the owner of the terminal (200A) through homomorphic encryption and the electronic certificate of the partner terminal (200B) to the authentication station server (100B). The authentication station server 100B transmits response encrypted information including information obtained by encrypting the identity confirmation information of the owner of the terminal (200B) as a response.

Abstract: The validity of sensor data of an Ethernet onboard network in a motor vehicle is checked by: determining a delay time of a first signal on a first connecting path between a first control unit of the Ethernet onboard network and a second control unit of the Ethernet onboard network; determining a maximum speed of the first connecting path on the basis of the delay time; and determining a type of a transmission medium of the first connecting path on the basis of the maximum speed. The following steps are also carried out: identifying at least a first control unit of the Ethernet onboard network, synchronizing at least a first control unit of the Ethernet onboard network, ascertaining the synchronization interval, ascertaining a drift of a timer of the first control unit, ascertaining a timestamp of the first control unit, reading a timestamp of the first control unit.

Abstract: Methods, systems, and devices for techniques for atomic write operations are described. A memory system may determine a set of pages for an atomic write operation in which data associated with a write command is linked together for writing to a non-volatile memory. The memory system may write, to the non-volatile memory, metadata that indicates the set of pages is associated with the atomic write operation. Based on the metadata, the memory system may determine whether each page of the set of pages has been written with data for the atomic write operation. The memory system may then communicate to a host system an indication of a completion status for the atomic write operation based on determining whether each page of the set of pages has been written with the data for the atomic write operation.

Abstract: Various systems, methods, and computer program products are provided for complex data encryption. The method includes receiving a user input code from a computing device associated with a user. The user input code is one or more plaintext characters. The method also includes generating a first encrypted value using a first encryption algorithm based on the user input code. The method further includes decrypting the first encrypted value using one or more additional encryption algorithms. The one or more synthetic user input codes are generated by the decryption of the first encrypted value using each of the one or more additional encryption algorithms. The method still further includes determining a first encryption vulnerability score based on the value of the one or more synthetic user input codes. The method also includes causing a transmission of a user input code notification based on the first encryption vulnerability score.

Abstract: An example operation may include one or more of capturing a current version of sensitive data by a data processor node, hashing, by the data processor node, the current version of the sensitive data, storing, by the data processor node, a hash of the current version of the sensitive data on a first blockchain, encrypting, by the data processor node, the current version of the sensitive data using a secret key, and storing the encrypted current version of the sensitive data on a second blockchain.

Abstract: In an approach to a implementing a PUF based on a PCM array, for each PCM device in an array of PCM devices, the PCM device is reset to an initial state. A first conductance of the PCM device is measured. A predetermined number of partial set pulses is applied to the PCM device. A second conductance of the PCM device is measured. Responsive to determining that the second conductance is greater than the first conductance multiplied by a factor, a PUF value of the PCM device is set to logical “1”. Responsive to determining that the second conductance is less than the first conductance multiplied by a factor, a PUF value of the PCM device is set to logical “0”. The PUF value of the PCM device is added to an overall PUF string for the array of PCM devices.

Abstract: Methods, apparatus, and computer readable storage medium for performing interleaved scalar multiplication are described. The method includes obtaining a bit-number of a scalar; factorizing the bit-number of the scalar into a product of a plurality of factors, the plurality of factors comprising s, d, and w; generating d tables based on a parameter, each table comprising N entries; for each iteration of s iterations: multiplying a result by two, constructing an index for each table from w bits in the scalar in the binary format, selecting a value from each table based on the constructed index for each table, and adding the value selected from each table to the result and starting next iteration; and in response to completing the s iterations, determining the result for a scalar multiplication between the scalar and the parameter.

Abstract: The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

Abstract: A method is provided for protecting a machine learning (ML) model from a side channel attack (SCA). The method is executed by a processor in a data processing system. The method includes generating a first random bit. A first weighted sum is computed for a first connection between a node of a first layer and a node of a second layer of the ML model. The first weighted sum for the first connection is equal to a multiplication of the weight of the first connection multiplied by an input to the selected node. In the multiplication, one of the weight or the input is negated conditioned on a value of the random bit. A first output including the computed first weighted sum is provided to one or more nodes of a second layer of the plurality of layers.

Abstract: This specification describes a system and method that enables bitcoin signed transactions to be accepted as a payment for goods and services instantly and off-line, without the need to wait for confirmation that the transaction is included in a valid block, or even for confirmation that a transaction has been received by the network. Building on the concept of a one-time signature implemented within bitcoin script, this method involves a payer providing the payee with a special compensation key at the point-of-sale which can be used to claim a time-locked deposit output when combined with a ‘revealed’ private key, if (and only if) a double-spend is perpetrated by the payee. The validity of this compensation key is guaranteed via a novel type of zero-knowledge-proof, which is highly efficient: the proof can be generated in ˜5 milliseconds and can be verified in ?30 milliseconds.

Abstract: A method for concealing a subscription identifier at a user equipment including a mobile equipment and an integrated circuit card storing the subscription identifier, the method including receiving a corresponding request by a server to provide a corresponding subscription identifier, performing an elliptical curve encryption of the subscription identifier generating a concealed subscription identifier, the concealing operation including the mobile equipment sending an identity retrieve command to the card, performing, before receiving the identity retrieve command at the card, a pre-calculation of the ephemeral key pair including an ephemeral private key and ephemeral public key and the shared secret key, and in response to the respective state of completion indicating that completion of the computation of a valid ephemeral key pair or shared secret key, storing the corresponding values of the ephemeral key pair and shared secret key in a table in a memory of the card.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: examining an invoked database query for execution on a database; scanning zone data from at least one data node of the database in dependence on the examining, the at least one data node of the database having a storage system and storing in the storage system table data of a table, wherein security tags are associated to respective rows of the table, and wherein the zone data specifies attributes of storage of the table within respective storage system extents of the storage system; identifying, using the zone data, at least one excludible extent of the storage system extents; and excluding the at least one excludible extent from an IO data access operation in processing of the invoked database query.

Abstract: A method of authenticating an accountholder for relaxing payment transaction authorization rules is provided. The method is implemented using an authentication computing device in communication with a memory device.

Abstract: According to one embodiment, in an inverse element arithmetic apparatus, a word unit processing unit, as approximate calculation loop for extended binary GCD process, iterates a first loop in a case where a value of |r?s| is a subtraction threshold or more, and is capable of iterating a second loop instead of the first loop in a case where the value of |r?s| is smaller than the subtraction threshold. In the first loop, values of r, s, a, b, m, and n is updated and an update matrix M is generated or updated. In the second loop, the values of m and n are updated without updating the values of r, s, a, b and the update matrix M. The control unit terminates the loop of the inverse element arithmetic process in a case where a loop number of times of the inverse element arithmetic process reaches a number-of-times threshold.

Abstract: Provided in the embodiments of the present application are a dynamic white box-based data processing method, apparatus, and device, the method comprising: using a pre-generated key obfuscation mapping relationship set to perform obfuscation processing on an original key to obtain a redundant key; and inputting the redundant key and to-be-processed data into a white box algorithm library to implement encryption and decryption processing; thus, in the technical solution provided in the embodiments of the present application, different redundant keys can be inputted into the white box algorithm library, so that there is no need to change the white box algorithm library and the key together, increasing the flexibility of the solution.

Abstract: Securing encrypted data by obtaining a credential including a plaintext string and a seed, deriving from the credential, a scrambling key and a corresponding unscrambling key, where the corresponding unscrambling key is based on a pseudo-random permutation derived from the credential, obtaining encrypted data, where the encrypted data is encrypted with a primary scheme that is independent of the credential, applying the scrambling key to the encrypted data to produce scrambled encrypted data, where recovering the encrypted data from the scrambled encrypted data requires applying the unscrambling key, and replacing the encrypted data with the scrambled encrypted data, thereby securing the encrypted data with the independent credential.

Abstract: A computing device includes at least one processor and at least one memory communicatively coupled to the at least one processor. The at least one processor is configured to determine a secret to be protected. The at least one processor is also configured to split the secret into a plurality of secret shares, at least a subset of which are required to reconstitute the secret. The at least one processor is also configured to transfer each secret share to a respective portable storage device or media for distribution to a respective shareholder. The at least one processor is also configured to generate metadata with at least a hash of each secret share, wherein the metadata is stored separate from the portable storage devices or media with the secret shares.

Abstract: A computerized process is described for improving a computer's asymmetric and symmetric encryption capabilities that results in ciphertext with higher data confidentiality, substantially greater security level, and increased data protection without encrypting any data bit more than one time. The process utilizes computing resources, eight asymmetric/symmetric encryption ciphers, eight different asymmetric/symmetric encryption keys; cipher parameters for each said cipher; and plaintext to be encrypted. A novel mechanism is described that copies bit values from common bit positions of plaintext bytes into eight partitions. Each partition of bytes is independently encrypted using a cipher with its own key and the resulting partitions of encrypted bytes are combined to form ciphertext. As the ciphertext requires eight ciphers and keys for decryption, the ciphertext security level is significantly enhanced over single cipher and key encryption. This process is reversed to decrypt ciphertext to plaintext.

Abstract: Apparatus and method for resisting side-channel attacks on cryptographic engines are described herein. An apparatus embodiment includes a cryptographic block coupled to a non-linear low-dropout voltage regulator (NL-LDO). The NL-LDO includes a scalable power train to provide a variable load current to the cryptographic block, randomization circuitry to generate randomized values for setting a plurality of parameters, and a controller to adjust the variable load current provided to the cryptographic block based on the parameters and the current voltage of the cryptographic block. The controller to cause a decrease in the variable load current when the current voltage is above a high voltage threshold, an increase in the variable load current when the current voltage is below a low voltage threshold; and a maximization of the variable load current when the current voltage is below an undervoltage threshold. The cryptographic block may be implemented with arithmetic transformations.

Abstract: A method, system, and computer readable medium for improved decoding CABAC encoded media are described. A decoding loop includes decoding an encoded binary element from a sequence of encoded binary elements to generate a decoded binary element using a context probability. A next context probability for a next encoded binary element in the sequence is determined from the decoded binary element and the next context probability for decoding the next encoded binary element is provided to the decoding loop for a next iteration.

Abstract: An example operation may include one or more of storing blockchain blocks committed to a blockchain based on a protocol executed by a current consensus committee of a blockchain network, receiving random values from the blockchain blocks which are created by nodes of the current consensus committee, randomly determining nodes of a next consensus committee of the blockchain network with respect to the current consensus committee based on the random values created by the nodes of the current consensus committee, and storing a new block to the blockchain based on a protocol based executed by the nodes of the next consensus committee.

Abstract: An encryption device includes one or more hardware processors functioning as the following units. A unit acquires, as a public key, n-variable indeterminate equations X having coefficients with a predetermined degree of a univariate polynomial ring Fp[t] on a finite field Fp. A unit embeds a plaintext m into coefficients of n-variable plaintext polynomial factors m having coefficients with a predetermined degree of the Fp[t]. A unit generates an n-variable plaintext polynomial M by multiplying the n-variable plaintext polynomial factors mi whose number is one or more. A unit randomly generates n-variable polynomials sk (k=1, 2), n-variable polynomials rk, and noise polynomial ek, each having coefficients with a predetermined degree of the Fp[t]. A unit generates a ciphertext ck by executing an operation including at least one of adding, subtracting, and multiplying the sk, the rk, the ek, and the X to, from, or by the M.

Abstract: Techniques and mechanisms to provide one or more substrates, and logic coupled to the one or more substrates. In an embodiment, the logic is to generate a pseudo-random sequence of bits, and to permute one or more bits of binary unscrambled data. In another embodiment, the logic is further to generate scrambled data based on an exclusive-or operation between the pseudo-random sequence of bits and the permuted data.

Abstract: Image data encryption by receiving first image data corresponding to a first image having a first image size, compressing the first image data, yielding second image data corresponding to a second image having a second image size, augmenting the second image data yielding third image data corresponding to a third image having the first image size, determining coordinates of a location of the second image within the third image, encrypting the third image data according to the coordinates, providing the encrypted third image data to a decoder by a first communications channel, and providing the coordinates of the second image within the third image to the decoder by a second communications channel.

Abstract: An embodiment of the present invention is a prime representation data structure in a computer architecture. The prime representation data structure has a plurality of records where each record contains a prime representation and where the prime representation is a product of two or more selected prime factors. Each of the selected prime factor associated with an n-gram of a domain representation of a domain string. The domain representation of the domain string is a domain string of ordered, contiguous domain characters. The n-gram being a subset of n number of the ordered, contiguous domain characters in the domain string. The computer architecture performs string searching and includes one or more central processing units (CPUs) with one or more operating systems, one or more input/output device interfaces, one or more memories, and one or more input/output devices.

Abstract: A communication system including a first detector; a first scattering medium; a second detector; an intensity modulator; a second scattering medium; wherein electromagnetic radiation transmitted from a first spot at the first scattering medium, and scattered by and through the first scattering medium and then the second scattering medium, forms a first speckle pattern detected by the second detector. The intensity modulator outputs a second spot of electromagnetic radiation representing the “ones” in a data stream at locations of the bright speckles (or at locations of the dark speckles to represent the “zeros” in the data stream) so that the electromagnetic radiation, transmitted from the second spot and scattered by and through the second scattering medium and then the first scattering medium, forms one or more second bright or dark speckles on the first detector. The data stream can be constructed from the second bright or dark speckles.

Abstract: A method for cryptocurrency exchange between multiple parties using threshold signature cryptocurrency wallets includes steps for creating threshold signature cryptocurrency wallets shared between a set of parties and a mediator for trading cryptocurrencies. The method may include steps for dividing a threshold private key, corresponding to each of the threshold signature cryptocurrency wallets, into n shares based on (t, n)-threshold signature scheme and sharing masked shares, corresponding to the threshold private key for each of the threshold signature cryptocurrency wallets, by the set of parties and the mediator. The method may include steps for validating correctness of all masked shares of the threshold private keys by the set of parties and the mediator. The method may include steps for signing a withdrawal cryptocurrency transaction jointly by the set of parties or signing a withdraw deposit transaction jointly by the at least one party and the mediator.

Abstract: Systems and methods are provided for encrypting data in a memristor array. The data may be scrambled by multiplying an input data unit by another data unit, by multiplying each element of a first data unit by a different instance of a second data unit. The process continues until all elements of the first data unit are multiplied by a different instance of the second data unit. The elements of the data units may be represented by resistive values of a memristor array. The result of all of the above multiplication of different instances of the second data unit are a new set of data units. All of the resulting data units are added together by adding the currents associated with values of the memristors representing the resulting data units. The operation may be performed as a finite field computation, with the memristor array.

Abstract: Encryption engines shuffle data segments during encryption and/or decryption, thereby obtaining a random permutation of the data segments to be used during encryption and/or decryption. By shuffling the data during encryption/decryption and using the resulting random permutation for encryption/decryption, the encryption engines obfuscate the power consumption information that attackers might access as part of an SCA. In some examples, the encryption engines perform intra-round shuffling of the input data within a reduced-sized encryption datapath configured to iteratively compute a portion of an encrypted block of data.

Abstract: A system includes a processing device, operatively coupled to memory, to obtain one or more ciphers that are supported by a device that is coupled to a network, determine, by the processing device, a value associated with the device, based on whether each of the one or more ciphers that are supported by the device is quantum-safe, and generate a notification based on the value.

Abstract: Establishing a transfer mode between devices for large bulk records over a TLS protocol by fragmenting an encrypted bulk record into a set of pre-defined block sizes for convenient transfer. The pre-defined block sizes are specifically sized to indicate a beginning and an end of the transfer of the associated blocks making up the large bulk record. A middle box is unaware of the association between the blocks and permits transfer according to the maximum transmission unit of the transport layer security (TLS) protocol. The fragmented bulk record is reconstructed and decrypted for use after the transfer.

Abstract: Disclosed are apparatuses, systems, and techniques to perform and facilitate secure ladder computational operations whose iterative execution depends on secret values associated with input data. Disclosed embodiments balance execution of various iterations in a way that is balanced for different secret values, significantly reducing vulnerability of ladder computations to adversarial side-channel attacks.

Abstract: A device, system and method for debugging a homomorphically encrypted (HE) program. The HE program comprising real ciphertext data and encrypted operations in the HE space (production mode) may be mapped to an equivalent plaintext program comprising equivalent pseudo-ciphertext data and pseudo-encrypted operations in the unencrypted space (simulation mode). The plaintext program may be executed in a first full pass in simulation model and a sampling of the HE program may be executed in a second partial pass in production mode, the results of which are compared. The HE program and/or mapping may be validated if the results of simulation and production mode match and debugged if the results do not match. An integrated development environment (IDE) may switch among the HE space (production mode), the unencrypted space (simulation mode), and a combination of both HE and unencrypted spaces simultaneously (simultaneous production-simulation mode).

Abstract: The intrinsic data generation device of the disclosure includes a modulation control part outputting a modulation control signal for controlling modulation, a modulation part modulating a signal based on the modulation control signal and outputting a modulated modulation signal, a PUF circuit specifying a relationship between input data and output data based on random variation intrinsic to the device and changing the output data based on the modulation signal, a data holding part holding the output data from the PUF circuit in response to the modulation control signal, and an intrinsic data output part outputting intrinsic data based on the output data provided from the data holding part.