Abstract: Embodiments are provided for suggesting topics in a messaging system. A set of queries is received from a chat transcript history, where the set of queries includes a set of unhandled queries, and each unhandled query comprises a query for which a bot did not identify a corresponding topic (e.g., queries that did not trigger selection of a topic by the bot). A vector representation is generated for each unhandled query in the set of unhandled queries. The vector representations for the set of unhandled queries are clustered to generate one or more clusters of vector representations, each cluster corresponding to a group of unhandled queries. A corresponding suggested topic is generated for each cluster and provided to an authoring tool that comprises one or more interactive elements to enable an author to select at least one of the suggested topics for implementation in the bot.

Abstract: A computer-implemented method comprising: receiving, as input, a ciphertext x representing a computational result of an approximated fully-homomorphic encryption (FHE) scheme, wherein ciphertext x comprises an underlying number m and an accumulated computational error e; iteratively, (i) performing a bit extraction operation to extract a current most significant bit (MSB) x? of ciphertext x, (ii) calculating accuracy parameters ?, ? associated with x?; (iii) applying a step function to the extracted MSB x?, based, at least in part, on the calculated accuracy parameters ?, ?, to reduce or remove the accumulated computational error e and to return a clean MSB b, and (iv) repeating steps (i)-(iii) for all bits included in the underlying number m; and reconstructing and outputting, from all of the returned clean MSBs b, the number m.

Abstract: A system and method for simultaneous compression and encryption of data. The system analyzes input data to determine its properties and creates a transformation matrix based on these properties. Using this matrix, the input data is transformed into a modified distribution, generating a main data stream of transformed data and a secondary stream of transformation information. The main data stream is compressed, and both streams are combined into a single output. The system implements security measures to protect against various attacks, including side-channel vulnerabilities. By using a dyadic distribution algorithm, the system achieves both compression and encryption in a single pass over the data, offering significant efficiency gains. The system can operate in both lossless and lossy modes, providing flexibility for different application requirements. This approach offers a unique solution for data transmission and storage scenarios where both data reduction and security are critical concerns.

Abstract: A method of registering or authenticating a user with a relying party is provided, the method including: receiving a request to generate a key pair, the request including key-generation data, the key-generation data including relying party information; deterministically generating, based on at least the key-generation data and a secret key stored in a memory of the authenticator, a key pair comprising a public key and a private key; either: transmitting the public key, or performing further processing using the private key; and deleting the key pair. An authenticator configured to perform the process is also provided.

Abstract: An electronic apparatus is disclosed.

Abstract: Aspects of the disclosure relate to NFT exchanges. A computing platform may generate a plurality of F-NFTs including F-NFT identifiers that configure the F-NFTs for end-to-end tracking. The computing platform may extract, from a voice communication, information of a request to transfer an F-NFT. The computing platform may generate, based on the information of the request, a text file. The computing platform may input, into a GPT-4 algorithm, the text file to produce a F-NFT contract identifying the F-NFT, the transferor of the F-NFT, and a transferee of the F-NFT. The computing platform may send, to an NFT exchange platform, the F-NFT contract, which may cause the NFT exchange platform to transfer custody of the F-NFT from an account of the transferor at a first institution to an account of the transferee at a second institution.

Abstract: There is provided a method of determining an order of encrypted inputs, including a first encrypted input and a second encrypted input, using at least one processor, the first encrypted input including a first encrypted data and the second encrypted input including a second encrypted data, each of the first and second encrypted data being encrypted based on a homomorphic encryption scheme, the method including: generating a first series of encrypted blocks from the first encrypted data and a second series of encrypted blocks from the second encrypted data; performing a first block-wise operation between the first series of encrypted blocks and the second series of encrypted blocks to obtain a first series of block-wise outputs; performing a second block-wise operation between the first series of encrypted blocks and the second series of encrypted blocks to obtain a second series of block-wise outputs; and determining an order of the first and second encrypted data based on the first series of block-wise outpu

Abstract: Generally discussed herein are devices, systems, and methods for secure cryptographic masking. A method can include generating a first random number, determining a result of the first random number modulo a prime number resulting in a second random number, subtracting the second random number from the prime number resulting in a first subtraction result, adding a private key value to the first subtraction result resulting in a first split, and responsive to determining the private key value is less than the random number, providing the first split and the second random number as splits of the private key.

Abstract: Provided is a method for testing if a candidate data element, belongs to a list of reference data elements, performed by a client device (102) and comprising the steps of generating an encrypted candidate data element (y?) by encrypting said candidate data element (x?) with a leveled fully homomorphic encryption scheme, transmitting said encrypted candidate data element (y?) to a server device (103), storing said reference data elements (xi) receiving, from said server device, a delta value depending on a product of differences, decrypting said delta value with said leveled fully homomorphic encryption scheme, based on said decrypted delta value, determining whether said candidate data element (x?) belongs to said list of reference data elements (xi). Other embodiments disclosed.

Abstract: A cryptocurrency miner includes compute modules and a controller. Each compute module includes a stats store, a manager, and compute engines. The controller is coupled to the compute modules via a serial bus and distributes one or more jobs to the compute modules via the serial bus. Each manager distributes jobs received by its respective compute module among the compute engines of its respective compute module. Each compute engine processes a job and reports a candidate hit found by processing the job. Each manager validates a candidate hit reported by one of the compute engines of its respective compute module, reports the validated candidate hit to the controller; and updates statistical information in the stats store of its respective compute module based on validation of the candidate hit.

Abstract: A data encryption or decryption method includes obtaining a data processing request carrying to-be-processed data; selecting one of a first processing manner and a second processing manner as a processing manner for the to-be-processed data. In the first processing manner, processing is performed by an encryption/decryption chip. In the second processing manner, processing is performed by a software program running on a central processing unit.

Abstract: A method of blockchain-based data management of distributed binary objects. The method includes identifying a binary object associated with a blockchain. The method includes storing the binary object in a first data store responsive to identifying the binary object. The method includes storing a reference to the binary object on the blockchain. The method includes generating, responsive to an interaction with the reference to the binary object and based on the binary object and a different binary object from a different data store, an additional binary object having a data size that exceeds a maximum data size associated with each block of the blockchain.

Abstract: The present disclosure provides methods and apparatuses for implementing high-speed cryptographic operations based on software-hardware collaboration, and electronic devices. In the embodiments of the present disclosure, by analyzing software and hardware computing resources in real-time, the cryptographic device driver allocates the one or more target resources for cryptographic computation to the reference data packets. When the one or more target resources include the target cryptographic device, the cryptographic device executes, according to the characteristics of the target cryptographic algorithm used to perform cryptographic computation on the reference data packet, the acceleration operation corresponding to the target cryptographic algorithm for the cryptographic computation on the reference data packets, such as grouping the reference data packets, to improve a concurrent execution rate of an algorithm and cope with situations with a large amount of service concurrency and data processing.

Abstract: Each of a plurality of clients encodes events as respective vectors and cooperatively choose a joint key. Each client then encrypts its event vector(s) using the joint key to form secret shares of a fixed value and then sends the encoded, encrypted vectors to a service-providing system that selects pairs of the vectors and determines a comparison value from a reconstruction of the secret shares. When the comparison value meets a predetermined criterion, the service-providing system generates a message indicating similarity between the selected pairs of the vectors. The service providing system thus determines a degree of similarity between the events without requiring knowledge of raw data about the events.

Abstract: A method for securing the time synchronization of an Ethernet on-board network of a motor vehicle, by: determining a delay time of a first signal on a first connecting path between a first control unit of the network and a second control unit of the network; determining a maximum speed of the first connecting path on the basis of the delay time; and determining a type of a transmission medium of the first connecting path on the basis of the maximum speed. The determination of the delay time of a first signal, the determination of the maximum speed of the first connecting path, and the determination of the type of a transmission medium of the first connecting path result in an entropy source being formed that is used to ascertain at least one dynamic key for the connecting path to encrypt a time synchronization message for the connecting path.

Abstract: An example system includes a processor to generate regular expressions representing textual pattern facets of sub-formats of a composite format, and a regular expression representing a composite textual pattern of the composite format based on sub-format and composition type. The processor can search the data using generated regular expression representing composite textual patterns to detect occurrences of candidate matches. The processor can recursively match and validate the detected occurrences with the composite format and hierarchically match and validate sub-formats in the detected occurrence. The processor can mask in place the detected occurrence of the composite format in the data using ranking-based integer format preserving masking.

Abstract: The present inventive concept discloses a method of designing a one-way computational system in QAP-based homomorphic encryption applied to the n-qubit encode operations of a k-qubit action M for public-key and semi-public-key schemes respectively, n?k, wherein the method comprises: preparing a tensor-product operator =I2n-k?M=12 and decomposing it into two parts, wherein is composed of elementary gates, and let =1† and 2=; providing a correction operator, =12 for public-key and =I2k for semi-public-key, and an encoding operator, Qen†V†=W1W2 for public-key and Qp†=W1W2 for semi-public-key, both composed of elementary gates; providing appropriate permutations P, P0 and P1, while P0=P1 for semi-public-key, to obey the nilpotent condition PW1P0=I for the identity operator; through process of merging operators according to sets of identities of gates, including Id-GateELIM, Id-GateEx and Id-GateREP, there obtain the mixed encode for public-key scheme, Uen=PQen†V†=(P1†W1†21W1P1)(P1†P0)(P0†W1†2W1P0) (P0†W2), and t

Abstract: Methods, systems, and devices are provided for wireless communication. A wireless communication device includes a transceiver to communicate with another wireless communication device. The wireless communication device further includes a processor to determine a pseudo-random value using a non-recursive function having at least one non-linear component. The processor further selects a wireless resource based on the pseudo-random value and uses the wireless resource for a wireless communication with the other wireless communication device.

Abstract: A computer processing system and method for computing large-degree isogenies having a computer processor resident on an electronic computing device operably configured to execute computer-readable instructions programmed to perform a large-degree isogeny operation by chaining together a plurality of scalar point multiplications, a plurality of isogeny computations, and a plurality of isogeny evaluations.

Abstract: Disclosed is a method for generating and authenticating a three-dimensional dynamic OTP that does not require input of a password. In the method, a user address received from a user terminal is converted into coordinate values in degrees, minutes, and seconds on latitude and longitude, and set as address coordinates from the coordinates in a unit of seconds and then a two-dimensional reference coordinate system is displayed that is subdivided with the address coordinates as an origin, a two-dimensional function is provided and rotated about an arbitrary axis to form a three-dimensional space by a three-dimensional function, one OTP generation coordinate within the three-dimensional space is provided, and then a one-time password is generated by combining respective coordinate values of x, y, and z axes of the one OTP generation coordinate.

Abstract: Various examples are directed to systems and methods for obscuring private information in input data. A system may apply an encoder model to an input data unit to generate a latent space representation of the input data unit. The system may apply multi-dimensional noise to the latent space representation of the input data unit, the multi-dimensional noise having a first value in a first latent space dimension and a second value different than the first value in a second latent space dimension. The system may apply a decoder model to the latent space representation of the input data unit to generate an obscured data unit.

Abstract: A system for matrix-based homomorphic encryption including a processor of a computing node configured to host a homomorphic encryption module and connected to at least one cloud server and a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to: acquire plaintext M required to be encrypted; select a size of a matrix and modulus n; select invertible × matrix S1 over n, wherein n is a residue ring modulo n; compute an invertible × matrix S2 over n; set a secret key (S1, S2); and encode the plaintext M by an integer m over n, wherein m is encoded by an envelope matrix comprising a form V ? ( m ) = ( ? 0 ? m ) , wherein ? and ? are numbers chosen at random ?, ??n.

Abstract: A CRC rule is generated for each CRC parity check circuit from a bank of CRC parity check circuits for mapping a fixed-length CRC output to a signature, each of the CRC parity check circuits servicing a specific string length. The selected CRC parity circuit outputs a fixed-length parity-check data for the specific data packet, and the string mapper maps the fixed-length parity-check data for the specific data packet to one of the string identifiers associated with the group of signatures. If a fixed-length parity-check match is found, outputting a string identifier of the match for a security action.

Abstract: A method of cracking a private key of an asymmetric cryptosystem includes extracting a modulus and a public key exponent from a public key, calculating the digital root of the modulus, deriving a set of candidate base pairs corresponding to the digital root and the last digit of the modulus, each of the candidate base pairs including a first candidate base and a second candidate base, iteratively testing values of a multiplier until a sum of one of the candidate bases with ninety times the multiplier is a factor of the modulus, and determining the private key using the public key exponent and the factor of the modulus. The method may further include decrypting an encrypted message using the private key.

Abstract: A hardware architecture configured to implement ASCON cryptographic algorithms and protect against side-channel attacks that includes a co-processor having a controller, a logic gate operably configured to receive a data input and ASCON state memory data in an initial cycle of permutation iterations, a multiplexor operably configured to direct data input from the logic gate based on a signal received from the controller and in the initial cycle of permutation iterations, an ASCON state memory operably configured to receive the processed data in the initial cycle of permutation iterations, and that is operably configured to implement a permutation round configured to receive the data input directly from the logic gate through the multiplexor and process the data input utilizing a permutation function to generate processed data and in the initial cycle of permutation iterations.

Abstract: A method for decoding a video according to the present invention may comprise: determining whether to divide a current block with quad tree partitioning, and dividing the current block into four partitions based on a vertical line and a horizontal line when it is determined that the current block is divided with the quad tree partitioning.

Abstract: A server and a device can support secure sessions with both (i) post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) and (ii) session resumption. In an initial secure session, the device and server can mutually generate a first shared secret key K1 from a first KEM based on a device PKI key pair. The device and server can mutually generate a second shared secret key K2 from a second KEM based on a server PKI key pair. The device and server can mutually generate a symmetric ciphering key S2 from both K1 and K2. The server can encrypt an identity for a “pre-shared” secret key (PSK-ID) with S2. The device and server can (i) mutually generate a PSK from both K1 and K2 and (ii) close the initial secure session. The device can transmit a message to resume the session, where the message includes the PSK-ID and a MAC value.

Abstract: An integrated circuit including: a plurality of physically unclonable function (PUF) cells each configured to generate a cell signal having a unique value; a selector configured to output a first signal obtained by not inverting a cell signal output by a PUF cell selected from the plurality of PUF cells and a second signal obtained by inverting the cell signal; and a key generator configured to generate a security key in response to the first signal or the second signal, wherein the selector includes a first conversion circuit configured to generate the first signal and a second conversion circuit having the same structure as the first conversion circuit and configured to generate the second signal.

Abstract: A photodetector interface circuit is described, residing partially or fully within a unit cell per pixel of an FPA. The interface circuit uses an innovative approach to providing pixel level digitization for full frame integration times while maintaining the ability to use integration capacitors of practical sizes. The technique uses successive charge subtraction, removing charge from an integration capacitor successively, triggered by the charge increasing sufficiently to charge the integrator to a reference level, thereby triggering both charge removal and incrementing a count, until all of the current flowing in the photodetector has been accounted for and the count represents the digitization of the photodetector signal. Various options on how to arrange the digitization elements are also disclosed.

Abstract: A method for certificate chain validation is disclosed for memory-efficient execution inside a secure execution environment of a hardware security module (HSM), despite very limited memory being inside the HSM. This is achieved by allocating enough HSM memory for at least the root certificate, a signer certificate, and a certificate to be validated, and replacing the signer certificate as the certificate chain is traversed. Revalidation of data is implemented by computing secure tags that enable the HSM to quickly recognize previously validated data. Chain validation is only considered provisional until checked against a CRL, which can be provided to the HSM in a streaming fashion, and each received serial number in the CRL is checked against the list of serial numbers representing the provisionally verified chain.

Abstract: Some embodiments are directed to a computer-implemented method for converting a first computation network of operations arranged to compute a function into a second computation network of FHE operations arranged to compute the same function. For example, a set of expansion factors (?i) may be determined for matrix operations in the first computation network. Real-valued matrices may be converted by scaling the real-valued matrices with their corresponding expansion factor and rounding. An accuracy measure for the second computation network can be iteratively optimized.

Abstract: A learning with errors (LWE) instance management method according to an embodiment may include obtaining, from one or more user devices among a plurality of user devices, one or more learning with errors (LWE) instances and one or more extended LWE instances including reuse tags associated with the LWE instances, storing the one or more extended LWE instances, receiving, from a first device among the plurality of user devices, a request for an LWE instance produced by a second device among the plurality of user devices, and identifying, based on a reuse tag included in each of the one or more extended LWE instances, a target extended LWE instance including an LWE instance produced by the second device among the one or more extended LWE instances, and providing the LWE instance included in the target extended LWE instance to the first device.

Abstract: An encryption method comprises: creating an asymmetric profile key comprising a multipart threshold key using a set of user devices; signing a declaration using the profile key and the set of user devices, the declaration identifying the set of user devices; creating an asymmetric location key comprising two multipart threshold keys; sharding and storing the asymmetric location key; creating a symmetric key; encrypting a file with the symmetric key; encrypting the symmetric key with the location key; and storing the encrypted file and encrypted key such that the encrypted file cannot be decrypted without decrypting the location key by a threshold of the set of user devices.

Abstract: Aspects of the subject disclosure may include, for example, receiving a first request from a first communication orchestrator of a first protected environment to provide a secure and authenticated connection between a first resource of the first protected environment and a second resource of a second protected environment, accessing first encryption information from the first communication orchestrator and second encryption information from a second communication orchestrator of the second protected environment, verifying a capability for secure quantum communications of an encryption technique of the first communication orchestrator and the second communication orchestrator according to the first encryption information and the second encryption information, and enabling the first communication orchestrator and the second communication orchestrator to initiate a secure and authenticated communication channel via quantum communications. Other embodiments are disclosed.

Abstract: A method for generating a block for a blockchain utilizing an all-or-nothing transform includes: storing, in a memory of a blockchain node in a blockchain network, a blockchain comprised of a plurality of blocks including at least a most recent block; receiving a plurality of blockchain transactions; applying an all-or-nothing transform (AONT) to the plurality of blockchain transactions to generate a plurality of pseudomessage blocks; generating a new block header including at least a timestamp and a hash value associated with the most recent block; generating a new block including at least the generated new block header and the plurality of pseudomessage blocks; and transmitting the generated new block to a plurality of additional blockchain nodes in the blockchain network.

Abstract: Aspects of the present disclosure involve a method to perform a cryptographic operation using a plurality of iterations, each of the plurality of iterations comprising: loading a first number corresponding to a difference between a first component of a first input working point on an elliptic curve and a first component of a second input working point on the elliptic curve, loading a second number corresponding to a difference between the first component of the first input working point and a first component of a third input working point on the elliptic curve, and determining a third number corresponding to a difference between a first component of a first output working point on the elliptic curve and the first component of the second input working point, wherein determining the third number comprises squaring a product of the first number and a first function of the second number.

Abstract: Disclosed in the present disclosure is a commutative encryption and watermarking method based on a chaotic system and a zero watermark for vector geospatial data. According to the method, firstly, the vector geospatial data are scrambled and encrypted by using chaotic sequences generated by a composite chaotic system. Then, vector geospatial elements are randomly combined in pairs. A feature matrix is constructed according to the number of vertex coordinates of the vector geospatial elements in combinations, and the parity of the number. Finally, an XOR operation is performed on the feature matrix and the watermark image to construct a zero watermark image, and the zero watermark is constructed through invariant features of the vector geospatial data.

Abstract: The present disclosure relates to a method for protecting a first data item applied to a cryptographic algorithm, executed by a processor, wherein said algorithm is a per-round algorithm, with each round processing contents of first, second and third registers, the content of the second register being masked, during first parity rounds, by the content of a fourth register and the content of the third register being masked, during second parity rounds, by the content of a fifth register.

Abstract: The owner sameness confirmation system determines whether or not the owners of two terminals (200A, 200B) are the same. Authentication station servers (100A, 100B) store electronic certificates issued to the terminals and identity confirmation information of the owners of the terminals in association with each other. The terminal (200B) transmits information obtained by encrypting the identity confirmation information of the owner of the terminal (200B) through homomorphic encryption and the electronic certificate of the partner terminal (200A) to the authentication station server (100A). The authentication station server (100A) transmits response encrypted information including information obtained by encrypting the identity confirmation information of the owner of the terminal (200A) as a response. The terminal (200B) decrypts the response encrypted information and determines the sameness of the owners based on whether or not the decryption result matches a predetermined value.

Abstract: Techniques to improve the operation of homomorphic circuits. Systems and methods described herein may improve the operation of a homomorphic circuit by analyzing a circuit to reduce the multiplicative depth of the circuit. Techniques described herein may be utilized to perform linear algebra operations with mixed encoding units, according to a homomorphic encryption scheme.

Abstract: The information processing apparatus comprises a basic operation seed storage part, a reshare value computation part, and a share construction part. The basic operation seed storage part stores a seed for generating a random number used when computation is performed on a share. The reshare value computation part generates a random number using the seed, computes a share reshare value using the generated random number, and transmits data regarding the generated random number to other apparatuses. The share construction part constructs a share for type conversion using the data regarding the generated random number and the share reshare value received from other apparatuses.

Abstract: ML model(s) are created and trained using training data from user(s) to create corresponding trained ML model(s). The training data is in FHE domains, each FHE domain corresponding to an individual one of the user(s). The trained machine learning model(s) are run to perform inferencing using other data from at least one of the user(s). The running of the ML model(s) determines results. The other data is in a corresponding FHE domain of the at least one user. Using at least the results, it is determined which of the following issues is true: the results comprise objectionable material, or at least one of the trained ML model(s) performs prohibited release of information. One or more actions are taken to take to address the issue determined to be true. Methods, apparatus, and computer program product are disclosed.

Abstract: Systems and methods for distributing bootstrapping in homomorphic encryption schemes include: splitting a decryption key into a plurality of n shares; transmitting to each of a plurality of n computer processors: (i) a ciphertext; (ii) a unique share of the plurality of n shares of the decryption key; and (iii) an indication of a publicly available encryption key; receiving, from each of the plurality of n computer processors, n encrypted values; and computing a homomorphic sum of the n encrypted values to obtain an encryption of the sum of n decrypted values, such that bootstrapping of the encryption is distributed.

Abstract: A method for performing an elliptic curve cryptographic process to generate output data based on input data, the elliptic curve cryptographic process based on an elliptic curve over a finite field, wherein the generation of the output data comprises generating, based on a predetermined point V of the elliptic curve and a positive R-bit integer k, a first point of the elliptic curve that is based, at least in part, on the point kV of the elliptic curve, wherein k=?r=0R?1 2rbr and, for each r=0, 1, . . . , R?1, br is the bit value of k at bit position r of k, wherein the method comprises: storing, according to a partition of the R bit positions for k into T groups of bit positions Pt (t=0, 1, . . .

Abstract: A method of improving performance of a data processor comprising: in a field of characteristic 2 computing XY by performing a series of: (i) multiplications of two different elements of the field; and (ii) raising an element of the field to a power Z wherein Z is a power of 2; wherein the number of multiplications (i) is at least two less than the number of ones (1s) in the binary representation of Y.

Abstract: The present disclosure provides a system in which a migration operation which is different from a normal registration operation performed on a system is started in one of a terminal before replacement and a terminal after the replacement so that a registration operation performed on the terminal after the replacement is easily completed only by causing a user to consecutively perform an authentication operation on both of the terminals.

Abstract: Described implementations obtain a proof of valid attestation data. The attestation data may include configuration data of a host computing system. A prover service may receive the attestation data. The prover service may generate a proof to prove that the attestation data includes valid configuration data of the host computer system, without revealing sensitive or private information of the host computing system. The proof may be a zero-knowledge proof.

Abstract: An Integrated Montgomery Calculation Engine (IMCE), for multiplying two multiplicands modulo a predefined number, includes a Carry Save Adder (CSA) circuit and control circuitry. The CSA circuit has multiple inputs, and has outputs including a sum output and a carry output. The control circuitry is coupled to the inputs and the outputs of the CSA circuit and is configured to operate the CSA circuit in at least (i) a first setting that calculates a Montgomery precompute value and (ii) a second setting that calculates a Montgomery multiplication of the two multiplicands.

Abstract: A method for determining a cryptographic key is carried out in a data processing system, and comprises: providing a plaintext and a ciphertext determined from the plaintext using a cryptographic key and a cryptographic procedure which comprises cryptographic operations; for each cryptographic operation of the cryptographic procedure, providing at least one intermediate relation which comprises an intermediate equation and/or an intermediate inequality; determining an optimization problem comprising: the plaintext and the ciphertext; at least one optimization expression assigned to a round of the cryptographic procedure; and optimization variables comprising state variables of the cryptographic procedure and a cryptographic key variable; wherein the at least one optimization expression is determined from the at least one intermediate relation and comprises at least one preceding state variable assigned to a preceding round.

Abstract: The owner sameness confirmation system determines whether or not the owners of two terminals (200A, 200B) are the same. Authentication station servers (100A, 100B) store electronic certificates issued to the terminals and identity confirmation information of the owners of the terminals in association with each other. The authentication station server (100A) transmits information obtained by encrypting the identity confirmation information of the owner of the terminal (200A) through homomorphic encryption and the electronic certificate of the partner terminal (200B) to the authentication station server (100B). The authentication station server 100B transmits response encrypted information including information obtained by encrypting the identity confirmation information of the owner of the terminal (200B) as a response.