Abstract: Embodiments include a fully non-interactive publicly-verifiable delegation scheme for committed programs, specifically, a setting where Alice is a trusted author who delegates to an untrusted worker the task of hosting a program P, represented as a Boolean circuit. Alice also commits to a succinct value based on P. Disclosed methods allow an arbitrary user/verifier without knowledge of P to be convinced that they are receiving from the worker an actual computation of Alice's program on a given input x.

Abstract: Aspects of the invention include determining relatedness between genomes without compromising privacy. In one aspect, secure genome sketches of genomes can be made publicly available without compromising privacy. These are compared to privately held (unsecured) genome sketches to determine relatedness.

Abstract: The present invention relates to a method for traitor tracing. One embodiment of a method for determining at least one traced private key used by a decoder to decrypt an encrypted message includes defining an input ciphertext, the input ciphertext being associated with a tracing private key and having a sublinear size, calling the decoder on the input ciphertext, and associating the tracing private key with a set of traced private keys if the decoder is able to correctly decrypt the encrypted message in accordance with the input ciphertext, the set of traced private keys including at least one private key.

Abstract: Systems and methods for supporting an identity-based-encryption (IBE) scheme with partial attribute matching capabilities are provided. Plaintext may be encrypted into ciphertext using an IBE public key that is based on an attribute set w. A recipient of the ciphertext may have the attributes in an overlapping but different attribute set w?. The recipient may request an IBE private key for decrypting the ciphertext from an IBE private key generator. After verifying the recipient's credentials, the IBE private key generator may generate IBE private key components based on the recipient's attribute set w?. The recipient may use an IBE private key SK constructed from the IBE private key components to decrypt the ciphertext. Decryption will be successful even though attribute set w? is different from attribute set w, provided that the overlap |w?w?| is greater than a threshold value.

Abstract: In one embodiment, the present invention is a method and apparatus for encrypting data for fine-grained access control. One embodiment of a method for encrypting data includes encrypting the data as a ciphertext, labeling the ciphertext with a set of one or more descriptive attributes, generating a decryption key for decrypting the ciphertext, associating an access structure with the decryption key, such that the data is recoverable from the ciphertext using the decryption key only if the set of one or more descriptive attributes satisfies the access structure, and outputting the ciphertext and the decryption key.

Abstract: The present invention relates to a method for traitor tracing. One embodiment of a method for determining at least one traced private key used by a decoder to decrypt an encrypted message includes defining an input ciphertext, the input ciphertext being associated with a tracing private key and having a sublinear size, calling the decoder on the input ciphertext, and associating the tracing private key with a set of traced private keys if the decoder is able to correctly decrypt the encrypted message in accordance with the input ciphertext, the set of traced private keys including at least one private key.

Abstract: A sender computer maps a randomized concatenation of a message ? to a point “x” in space using a function that renders it infeasible that a second message can be mapped nearby the message ?. The function can be a collision intractable or non-collision intractable function that maps the message to a point “x” on a widely-spaced grid, or the function can map the message to a point “x” of an auxiliary lattice. In either case, the sender computer, using a short basis (essentially, the private key) of a key lattice finds a lattice point “y” that is nearby the message point “x”, and then at least the points “x”, “y”, and message are sent to a receiver computer. To verity the signature, the receiver computer simply verifies that “y” is part of the lattice using a long basis (essentially, the public key), and that the distance between “x” and “y” is less than a predetermined distance, without being able or having to know how the lattice point “y” was obtained by the sender computer.

Abstract: An anonymous credential system which requires a user who is asserting a credential to have knowledge of the master key of the user who was originally granted that credential. In order for a user to transfer the ability to assert any one of their credentials to another user, they must also transfer their master key to that same user. The master key, however, provides such unlimited rights to its holder that a user is strongly motivated not to share their master key with anyone else. In this manner, anonymous credentials become non-transferrable because a user cannot transfer a credential without transferring their entire electronic identity.