Abstract: An example operation may include one or more of capturing a current version of sensitive data by a data processor node, hashing, by the data processor node, the current version of the sensitive data, storing, by the data processor node, a hash of the current version of the sensitive data on a first blockchain, encrypting, by the data processor node, the current version of the sensitive data using a secret key, and storing the encrypted current version of the sensitive data on a second blockchain.

Abstract: A processor receives, from a requestor, a first request containing a virtual address. Based on the first request, the processor determines a real address corresponding to the virtual address, encrypts at least a portion of the real address to obtain a cryptographic secure real address, and returns the cryptographic secure real address to the requestor. Based on receiving a second request specifying a request address, the processor decrypts the request address to validate the request address as the cryptographic secure real address. Based on validating the request address as the cryptographic secure real address, the processor allows access to a resource of the data processing system identified by the real address.

Abstract: A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret. The secret is retrieved from the memory device and processed in the hardware processing circuit in accordance with information included in the received challenge. The result of the processing in the hardware processing circuit is transmitted as a response to the challenge. The hardware processing circuit executes in a parallel manner, thereby reducing a signal that can be detected by an adversary attempting a side channel attack to secure the secret.

Abstract: An example operation may include one or more of capturing a current version of sensitive data by a data processor node, hashing, by the data processor node, the current version of the sensitive data, storing, by the data processor node, a hash of the current version of the sensitive data on a first blockchain, encrypting, by the data processor node, the current version of the sensitive data using a secret key, and storing the encrypted current version of the sensitive data on a second blockchain.

Abstract: A method for compiling a matrix-product program into an obfuscated-matrix-product program includes receiving a plurality of matrices that form the matrix-product program, randomly generating a set of independent and invertible tensor-product matrices, randomly generating a set of independent and invertible linear-transform matrices, and generating a dynamic-fence-generation gadget by processing at least one of the plurality of matrices, the set of tensor-product matrices and the set of linear-transform matrices. The dynamic-fence-generation gadget is an obfuscated version of computer program represented by the plurality of matrices.

Abstract: A method for compiling a matrix-product program into an obfuscated-matrix-product program includes receiving a plurality of matrices that form the matrix-product program, randomly generating a set of independent and invertible tensor-product matrices, randomly generating a set of independent and invertible linear-transform matrices, and generating a dynamic-fence-generation gadget by processing at least one of the plurality of matrices, the set of tensor-product matrices and the set of linear-transform matrices. The dynamic-fence-generation gadget is an obfuscated version of computer program represented by the plurality of matrices.

Abstract: A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret. The secret is retrieved from the memory device and processed in the hardware processing circuit in accordance with information included in the received challenge. The result of the processing in the hardware processing circuit is transmitted as a response to the challenge. The hardware processing circuit executes in a parallel manner, thereby reducing a signal that can be detected by an adversary attempting a side channel attack to secure the secret.

Abstract: A method for initializing encrypted communications using a common reference string and a shared password, includes determining a secret key of a peer using a first message, a second message and the common reference string, wherein the first message and the second message each comprise a tuple of elements of a cyclic group G of prime order p, a blinding encryption of the shared password, and a hash projection key.

Abstract: A method for measuring trust in a transaction over a public key certificate network includes associating each edge KA?KB of an public key certificate network connecting two public keys KA and KB with a probability p that information about KB is reliable, and a confidence c that is a total dollar amount of transactions which have involved using edge KA?KB. One or more authentication paths are formed in the public key certificate network starting from public key KS and ending with a target public key KT. A limit l of an amount of insurance that an owner of KS is willing to provide to a user interested in a transaction with an owner of KT is calculated, and for each amount m<l, a premium for which the owner of KS is willing to sell insurance to the user for an amount of m is calculated.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining said Plaintext checksum and said Ciphertext checksum to obtain the simple universal hash value.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining said Plaintext checksum and said Ciphertext checksum to obtain the simple universal hash value.

Abstract: A method for measuring trust in a transaction over a public key certificate network includes associating each edge KA?KB of an public key certificate network connecting two public keys KA and KB with a probability p that information about KB is reliable, and a confidence c that is a total dollar amount of transactions which have involved using edge KA?KB. One or more authentication paths are formed in the public key certificate network starting from public key KS and ending with a target public key KT. A limit l of an amount of insurance that an owner of KS is willing to provide to a user interested in a transaction with an owner of KT is calculated, and for each amount m<l, a premium for which the owner of KS is willing to sell insurance to the user for an amount of m is calculated.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining said Plaintext checksum and said Ciphertext checksum to obtain the simple universal hash value.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from the said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining the said Plaintext checksum and the said Ciphertext checksum to obtain the simple universal hash value.

Abstract: The present invention provides encryption schemes and apparatus which securely generate a cipher-text which in itself contains checks for assuring message integrity. It also provides compatible decryption schemes confirming message integrity. The encryption scheme generates a cipher-text with message integrity in a single pass with little additional computational cost, while retaining at least the same level of security as schemes based on a MAC. One embodiment encrypts a plain-text message by dividing the plain-text message into a multitude of plain-text blocks and encrypting the plain-text blocks to form a multitude of cipher-text blocks. A single pass technique is used in this process to embed a message integrity check in the cipher-text block. A message integrity check is embedded in the cipher-text blocks by embedding a set of pseudo random numbers, which may be dependent, but are pair-wise differentially uniform. We also describe an embodiment which is highly parallelizable.

Abstract: A system and associated protocols for communication between two entities across a computer network operate such that the identities of the two entities remain concealed from each other, while ensuring that no third party is able to trace the existence of a conversation between them. The two entities correspond to each other through pseudonyms. The protocols are designed with an object to distribute trust so that an identity is not revealed by the compromise of any one agent involved in the execution of the protocol. No one agent can establish a correlation between a pseudonym and a physical address.

Abstract: A method and system offer confidential purchase of electronic data which can be used without any need of knowledge in cryptography nor mastery of computer use beyond usual usage of the World Wide Web (WWW). The method and system which guarantee confidentiality as long as there is no collusion between agents working for a large number of reputable companies whose references can be easily checked on the Internet before proceeding to the order. In addition, the method and system allow for guaranteed payment and offer recourse in case of improper delivery.

Abstract: The present invention relates to a method, system and computer program product for enabling the remote authentication of fingerprints over an insecure network using a client-server architecture by generation of a set of random queries relating to fingerprint patterns based on stored fingerprint data at the server, to which the client responds based on the observed fingerprint patterns, followed by the issuing of a randomly generates set of challenges pertaining to geometrical relationships between the fingerprint patterns for which confirm responses are received by their server, the final authentication being determined by the proportion of correct responses by the client to said challenges.

Abstract: The present invention relates to a method, system and computer program product for enabling the remote authentication of fingerprints over an insecure network using a client-server architecture by generation of a set of random queries relating to fingerprint patterns based on stored fingerprint data at the server, to which the client responds based on the observed fingerprint patterns, followed by the issuing of a randomly generates set of challenges pertaining to geometrical relationships between the fingerprint patterns for which confirm responses are received by their server, the final authentication being determined by the proportion of correct responses by the client to said challenges.

Abstract: A solution to the general problem of Secure Storage and Retrieval of Information (SSRI) guarantees that also the process of storing the information is correct even when some processors fail. A user interacts with the storage system by depositing a file and receiving a proof that the deposit was correctly executed. The user interacts with a single distinguished processor called the gateway. The mechanism enables storage in the presence of both inactive and maliciously active faults, while maintaining (asymptotical) space optimailty. This mechanism is enhanced with the added requirement of confidentiality of information; i.e., that a collusion of processors should not be able to learn anything about the information. Also, in this case space optimality is preserved.