Abstract: First and second computer systems exchange randomness and the first computer system derives a uniformly random key from the randomness. The first computer system encrypts a multitude of blocks of plaintext using the uniformly random key to create a corresponding multitude of blocks of ciphertexts. The exchanging, deriving, and encrypting each uses a public random permutation. The first computer system transmits the multitude of blocks of ciphertexts to the second computer system. Another example includes the first computer system exchanging randomness and deriving the uniformly random key. The first computer system generates an authentication tag on a multitude of blocks of plaintexts. The exchanging, deriving, and generating each uses a public random permutation. The first computer system sends the authentication tag and the multitude of blocks of plaintext to the second computer system for authentication of the plaintext by the second computer system. Systems, methods, and program products are disclosed.

Abstract: A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query.

Abstract: A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.

Abstract: A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query.

Abstract: First and second computer systems exchange randomness and the first computer system derives a uniformly random key from the randomness. The first computer system encrypts a multitude of blocks of plaintext using the uniformly random key to create a corresponding multitude of blocks of ciphertexts. The exchanging, deriving, and encrypting each uses a public random permutation. The first computer system transmits the multitude of blocks of ciphertexts to the second computer system. Another example includes the first computer system exchanging randomness and deriving the uniformly random key. The first computer system generates an authentication tag on a multitude of blocks of plaintexts. The exchanging, deriving, and generating each uses a public random permutation. The first computer system sends the authentication tag and the multitude of blocks of plaintext to the second computer system for authentication of the plaintext by the second computer system. Systems, methods, and program products are disclosed.

Abstract: A method for encrypting a database includes the following step. Keywords in the database are encrypted to obtain encrypted search tags for the keywords. A table of reverse indices is generated for the encrypted search tags. A table of cross keyword indices is generated. A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query. Such methods mask query data and the actual composition of the database to reduce computation complexity and privacy leakage.

Abstract: A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.

Abstract: A method for encrypting a database includes the following step. Keywords in the database are encrypted to obtain encrypted search tags for the keywords. A table of reverse indices is generated for the encrypted search tags. A table of cross keyword indices is generated. A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query. Such methods mask query data and the actual composition of the database to reduce computation complexity and privacy leakage.

Abstract: A system and method for data processing for coding. The method may include providing a first plurality of bytes of data, non-linearly transforming the first plurality of bytes into a second plurality of bytes, multiplying each of the second plurality of bytes of data by a predetermined constant of a plurality of constants to generate a third plurality of bytes, and organizing in use the third plurality of bytes as a plurality of output bytes. Systems to practice the foregoing methods are also described.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: The present invention provides encryption schemes and apparatus, which are more efficient than the existing single pass authenticated encryption schemes, while providing the same level of security. The initial vectors, which are an essential part of these schemes, are chosen in an incremental and safe fashion. This also leads to an incremental method for generating the pair-wise differentially uniform sequences or XOR-universal sequences which are another essential part of such schemes. The incrementality of the generation of these sequences extends to even across different plain-text messages being encrypted, leading to substantial savings in time to encrypt. A further step of encryption is shown to be redundant and leads to savings over earlier schemes. Another embodiment describes splitting the plain-text blocks into two sets, and using the block-cipher in encrypt mode on one set and the block-cipher in decrypt mode on the other set, leading to beneficial hardware solutions.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: A system and method for data processing for coding. The method may include providing a first plurality of bytes of data, non-linearly transforming the first plurality of bytes into a second plurality of bytes, multiplying each of the second plurality of bytes of data by a predetermined constant of a plurality of constants to generate a third plurality of bytes, and organizing in use the third plurality of bytes as a plurality of output bytes. Systems to practice the foregoing methods are also described.

Abstract: This invention relates to a method and apparatus for generating a cryptographic authentication code of a set of plaintext blocks, while allowing incremental updates to the set of plaintext blocks. Additionally, an aspect of the invention, allows the updated authentication code to be computed in a highly parallelizable manner. Another embodiment of the present invention defines a new class of authentication trees in which the updated authentication tree, although requiring log(n) block cryptographic operations, allows for the log(n) block cryptographic operations to be computed in parallel. Another embodiment of the present invention provides encryption and verification authentication tree schemes, as well as, an apparatus that generates, updates, and verifies such authentication trees. Another embodiment of the present invention provides authentication tree schemes in which the individual cryptographic operations are block cipher invocations as opposed to hash function invocations.

Abstract: The present invention provides encryption schemes and apparatus, which are more efficient than the existing single pass authenticated encryption schemes, while providing the same level of security. The initial vectors, which are an essential part of these schemes, are chosen in an incremental and safe fashion. This also leads to an incremental method for generating the pair-wise differentially uniform sequences or XOR-universal sequences which are another essential part of such schemes. The incrementality of the generation of these sequences extends to even across different plain-text messages being encrypted, leading to substantial savings in time to encrypt. A further step of encryption is shown to be redundant and leads to savings over earlier schemes. Another embodiment describes splitting the plain-text blocks into two sets, and using the block-cipher in encrypt mode on one set and the block-cipher in decrypt mode on the other set, leading to beneficial hardware solutions.

Abstract: A method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.

Abstract: A method and apparatus for an advanced byte-oriented symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation, and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.

Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. This cipher uses multiple stages with a modified Type-3 Feistel network, and a modified Unbalanced Type-1 Feistel network in an expansion box forward function. The cipher allows the block size, key size, number of rounds of expansion, and number of stages of ciphering to vary. The modified Type-3 cipher modifies the word used as input to the expansion box in certain rounds, to speed the diffusion properties of the ciphering. The modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks. The variable-length subkeys and the S-box can be precomputed. A minimal amount of computer storage is required to implement this cipher, which can be implemented equally well in hardware or software (or some combination thereof).

Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-3 networks are used, with different networks during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using multiplication in a cipher is defined.

Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-1 and Type-3 are both used, each during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using data-dependent rotation in a cipher is defined.