Abstract: A device, system and method for privacy enhanced proximity detection by secure collaboration between a first party without access to user locations and a second party without access to a target user identifier. The second party may receive from the first party a homomorphic encryption public key and homomorphic encrypted target user identifier or masked target location, and may determine an associated homomorphic encrypted target user location. The second party may search a homomorphically encrypt database of user locations and associated user identifiers for homomorphic encrypted proximate user identifiers associated with homomorphic encrypted user locations proximate to the homomorphic encrypted target user location. The second party may send the first user the search result of homomorphic encrypted proximate user identifiers to be decrypted by the first party with a private key to identify proximate user identifiers without knowing their locations.

Abstract: Systems and methods for cryptography based on 128 bit integers include: receiving a complex input, the input including a 128-bit number; encrypting by: setting an imaginary part of the input to a predetermined value; encrypting the input using a Fourier transform and a scaling factor; adding a first noise and a second noise to the encrypted input, wherein the second noise obfuscates the first noise; and decrypting by: receiving the encrypted input with added first noise and second noise; estimating a standard deviation of the first noise based on an imaginary part of the received encrypted complex input; computing a standard deviation of the second noise based on the standard deviation of the first noise and a predetermined parameter; and decrypting the encrypted message using an inverse Fourier transform, the first noise, and the second noise.

Abstract: Systems and methods for digital circuit emulation with homomorphic encryption include: receiving, by a hardware design tool chain, a customization file containing a predetermined set of one or more cells; converting, by the hardware design tool chain, a first digital circuit representation in a set of hardware design language (HDL) files into a second digital circuit representation based on the predetermined set of cells in the customization file; receiving, by an encrypted circuit emulator, a set of encrypted inputs; and executing, by the encrypted circuit emulator, the second digital circuit representation using the set of encrypted inputs to generate a set of encrypted outputs.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: An interactive multi-party system for collaboratively performing homomorphic operations, such that no party has access to unencrypted data or an unencrypted operator. A first party device may add noise to encrypted data and an encrypted linear operator to generate noisy encrypted data and a noisy encrypted operator, and transmit the noisy encrypted data and operator to a second party device possessing a secret decryption key for the encryption. The second party device may decrypt the noisy encrypted data and noisy encrypted operator to generate unencrypted noisy data and an unencrypted noisy operator, solve the linear operation using the unencrypted noisy data and an unencrypted noisy operator to generate a noisy solution, encrypt the noisy solution to the linear operation, and transmit it to the first party device. The first party device may then cancel the noise of the encrypted noisy solution to generate the encrypted solution to the linear operation.

Abstract: An efficient search of a target string by a query string in homomorphically encrypted space. The target string may be encoded by reordering its characters into a plurality of target substrings, each encoding non-sequential characters of the target string separated by a periodic stride K and different target substrings having stride sequences offset relative to each other. The query string may be encoded into a plurality of query substrings, each defining a repeating sequence of a different respective character value in the query string. Each of the substrings may be homomorphically encrypted and hashed. The plurality of hashed encrypted target substrings and plurality of hashed encrypted query substrings may be compared to determine if there is a search result match. A rolling hash may iteratively update the plurality of hashed encrypted target substrings by one target string slot and the comparison may be repeated for each iterative update.

Abstract: A device, system and method for debugging a homomorphically encrypted (HE) program. The HE program comprising real ciphertext data and encrypted operations in the HE space (production mode) may be mapped to an equivalent plaintext program comprising equivalent pseudo-ciphertext data and pseudo-encrypted operations in the unencrypted space (simulation mode). The plaintext program may be executed in a first full pass in simulation model and a sampling of the HE program may be executed in a second partial pass in production mode, the results of which are compared. The HE program and/or mapping may be validated if the results of simulation and production mode match and debugged if the results do not match. An integrated development environment (IDE) may switch among the HE space (production mode), the unencrypted space (simulation mode), and a combination of both HE and unencrypted spaces simultaneously (simultaneous production-simulation mode).

Abstract: An interactive multi-party system for collaboratively performing homomorphic operations, such that no party has access to unencrypted data or an unencrypted operator. A first party device may add noise to encrypted data and an encrypted linear operator to generate noisy encrypted data and a noisy encrypted operator, and transmit the noisy encrypted data and operator to a second party device possessing a secret decryption key for the encryption. The second party device may decrypt the noisy encrypted data and noisy encrypted operator to generate unencrypted noisy data and an unencrypted noisy operator, solve the linear operation using the unencrypted noisy data and an unencrypted noisy operator to generate a noisy solution, encrypt the noisy solution to the linear operation, and transmit it to the first party device. The first party device may then cancel the noise of the encrypted noisy solution to generate the encrypted solution to the linear operation.

Abstract: A system, method, and non-transitory computer readable storage medium for privacy preserving routing of a data packet. The data packet may comprise a packet header and a data payload; the packet header comprising at least a homomorphically encrypted final destination address of a final destination device. An intermediate routing device may receive the data packet. At the intermediate routing device, in a non-TEE, homomorphic computations may be performed to determine a homomorphically encrypted address of a next intermediate routing device. At the intermediate routing device, in a TEE, one or more secret homomorphic decryption keys may be stored and used to decrypt the homomorphically encrypted address of the next address of the next intermediate routing device. The data packet may be transmitted to the decrypted address of the next intermediate routing device according to an updated packet header with the unencrypted address of the next intermediate routing device in the sequence.

Abstract: Collaborative multiparty homomorphic encryption comprising receiving a linear common public key collaboratively generated by a plurality of parties as a sum of linear public key shares associated with the respective plurality of parties. Each of two ciphertexts may be encrypted with the linear common public key and the two ciphertexts may be combined by a non-linear computation to generate a result ciphertext encrypted by a non-linear public key. The result ciphertext may be re-encrypted with a re-linearization key to swap encryption keys from the non-linear public key to a linear public key. The re-encrypted result ciphertext may be distributed to the plurality of parties to each partially decrypt the re-encrypted result ciphertext by a linear secret key share associated with the party, which in combination fully decrypts the result by a linear common secret key that is a sum of the secret key shares of the respective plurality of parties.

Abstract: A device, system and method for privacy enhanced proximity detection by secure collaboration between a first party without access to user locations and a second party without access to a target user identifier. The second party may receive from the first party a homomorphic encryption public key and homomorphic encrypted target user identifier or masked target location, and may determine an associated homomorphic encrypted target user location. The second party may search a homomorphically encrypt database of user locations and associated user identifiers for homomorphic encrypted proximate user identifiers associated with homomorphic encrypted user locations proximate to the homomorphic encrypted target user location. The second party may send the first user the search result of homomorphic encrypted proximate user identifiers to be decrypted by the first party with a private key to identify proximate user identifiers without knowing their locations.

Abstract: A device, system and method for secure collaborations on encrypted data in a hybrid environment of a homomorphic encryption (HE) enabled device and trusted hardware. A set of computations may be divided into a subset of linear computations and a subset of non-linear computations. The linear computations on the encrypted data may be executed using homomorphic encryption (HE) in the homomorphic encryption (HE) enabled device. The non-linear computations on the unencrypted data may be executed in the trusted hardware in an unencrypted domain and encrypting the result. The results of the linear and non-linear computations may be decrypted and merged to generate a result equivalent to executing the set of linear and non-linear computations on the unencrypted data.

Abstract: A device, system, and method for decentralized management of a distributed proxy re-encryption key ledger by multiple devices in a distributed peer-to-peer network. A network device may receive shared data defining access to a proxy re-encryption key. The network device may locally generate a hash code based on the shared data. The network device may receive a plurality of hash codes generated based on versions of the shared data at a respective plurality of the other devices in the network. If the locally generated hash code matches the received plurality of hash codes, the network device may validate that the shared data is the same across the network devices and may add the received proxy re-encryption key access data and locally generated hash code to a local copy of the distributed proxy re-encryption key ledger.

Abstract: A device, system and method for securely executing recursive computations over encrypted data in a homomorphically encrypted (HE) space. For a recursive algorithm with sequentially dependent recursive iterations, executing the recursive algorithm in parallel by computing multiple recursive iterations simultaneously over multiple parallel execution iterations and not in sequential order. Each parallel execution iteration may compute a partial HE solution of multiple sequential recursive iterations comprising a known HE part and leaves empty a placeholder call slot for an unknown HE part. Placeholder call slots remain empty and are filled at delayed times at a later parallel execution iteration from when the known part of the same HE computation is computed. A final HE solution is computed in fewer multiple parallel execution iterations than the number of sequential recursive iterations, thereby accelerating the recursive algorithm in HE space.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: A multi-party system, devices, and method for token-based obfuscation of secret information. A first party device may store a secret original program T and original data D, retrieve a set of secret keys SK, obfuscate the original program T with the set of secret keys SK to generate an obfuscated program T?, obfuscate the original data D with the set of secret keys SK to generate a token of the data Token(D), and transfer the obfuscated program T? and Token(D) to a second party device. The second party device may evaluate the obfuscated program T? on the token of the data Token(D) to generate a result equivalent to evaluating the original program T on the original data D if the same set of secret keys SK is used to obfuscate the original program T and the original data D, without exposing the original program T to the second party.

Abstract: A system and method for secure searching in a semi-trusted environment by comparing first and second data (query and target data). A first data provider may map first secret data to a first plurality of tokens using a token codebook, concatenate the first plurality of tokens to generate a first token signature, and homomorphically encrypt the first token signature. A second data provider may map second data to a second plurality of tokens using the token codebook, concatenate the second plurality of tokens to generate a second token signature, and compare the homomorphically encrypted first token signature and an unencrypted or homomorphically encrypted second token signature to generate a homomorphically encrypted comparison. A trusted party may decrypt the homomorphically encrypted comparison, using a secret homomorphic decryption key, to determine if the token signatures match or not respectively indicating the search query is found or not in the target data.

Abstract: An encryption and cryptosystem for fast and efficient searching of ciphertexts. Unencrypted secret data may be transformed into encoded secret data using an injective encoding such that each distinct value of the unencrypted secret data is mapped to a unique index in the encoded secret data. The encoded secret data may be homomorphically encrypted using the homomorphic encryption key to generate secret data ciphertexts. The secret data ciphertexts may be transmitted to an external system for searching the secret data ciphertexts for encoded queries. The encoded queries are encoded by the same injective encoding as the secret data, to directly search only indices of the secret data ciphertexts corresponding to query indices having non-zero query values, to detect if values of the secret data ciphertexts match values of the encoded queries at the query indices, without searching the remaining indices of the secret data ciphertexts.

Abstract: A device, system and method for fast and secure Proxy Re-Encryption (PRE) using key switching. A first user is assigned first encryption and decryption keys and a second user is assigned second encryption and decryption keys. First encrypted data encrypted with the first encryption key may be re-encrypted using a proxy re-encryption key to simultaneously switch encryption keys by adding the second encryption key and cancelling the first encryption key by the first decryption key to transform the first encrypted data encrypted by the first encryption key to second encrypted data encrypted by the second encryption key, without decrypting the underlying data. The second user may be the sole system device that possesses the (e.g., private) second decryption key to decrypt the second encrypted data.