Abstract: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity to manage authentication, for example. In some instances, the third party may also perform endpoint selection by providing a particular endpoint along with the token. The particular cipher suite applied in a particular implementation may be configurable. The process is applicable to either implicit key confirmation (e.g., handshake negotiation) or explicit key confirmation (e.g., full negotiation).

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

Abstract: A requester submits a request to perform an encrypted search that is received by an encrypted search provider. The encrypted search provider processes the request and produces a set of intermediate results which are loaded onto a mobile computer system that includes a mobile power source. The mobile computer system is shipped to the requester, and while in transit to the requester, the mobile computer system processes the intermediate results to produce a completed search result. After the mobile computer system arrives at the requester, the mobile computer system provides the completed search result to the requester.

Abstract: A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector. Cryptographic keys may be rotated probabilistically based at least in part on probabilities of output collisions of the effectively one-way function to ensure a low probability of two different plaintexts resulting in calculation of the same initialization vector for use with the same cryptographic key.

Abstract: Techniques described herein enhance information security in contexts that utilize key management systems and other providers of cryptographic services. A user of a key, management system is able to use a secret that is outside the control of the key management system combined with a secret that is cryptographically protected by the key management system (e.g., by encryption using a key managed by the key management system) to generate a message encryption key, thereby rendering the secrets individually insufficient for access to data encrypted using the message encryption key.

Abstract: A digital signature over a message may be compressed by determining a plurality of values based at least in part on the message. A mapping of the plurality of values over a digital signature scheme may be used to determine a value from which a portion of the compressed digital signature is decompressible by cryptographically deriving one or more components of the uncompressed digital signature. A public key may be used to verify the authenticity of the compressed digital signature and message.

Abstract: One or more systems implement a plurality of blockchains to track event data. The plurality of blockchains are arranged in tiered form, and the content and/or integrity of blockchains in higher tiers depends on, or at least derives from, the content and/or integrity of the blockchains in lower tiers. Depending on the specific structure and implementation, assurances, verifications, and the like may be provided for services and other resources using such blockchains in a repeatable manner.

Abstract: A host machine operated for a specific purpose can have restricted access to other components in a multi-tenant environment in order to provide for the security of the host machine. The access restriction can prevent the host machine from obtaining updates to critical system-level configurations, but such information can be obtained through a signed command received to an API for the host machine. The command can be signed by a quorum of operators, and the host machine can be configured to verify the signatures and the quorum before processing the command. The host machine can store the updates to ephemeral storage as well as persistent storage, such that upon a reboot or power cycle the host machine can operate with current configuration data.

Abstract: A system records use of values used in cryptographic algorithms where the values are subject to uniqueness constraints. As new values are received, the system checks whether violations of a unique constraint has occurred. If a violation occurs, the system performs actions to mitigate potential compromise caused by exploitation of a vulnerability caused by violation of the uniqueness constraint.

Abstract: One or more systems implement a plurality of blockchains to track event data. The plurality of blockchains are arranged in tiered form, and the content and/or integrity of blockchains in higher tiers depends on, or at least derives from, the content and/or integrity of the blockchains in lower tiers. Depending on the specific structure and implementation, assurances, verifications, and the like may be provided for services and other resources using such blockchains in a repeatable manner.

Abstract: Data security is enhanced by receiving a request that identifies an encrypted data key, an authentication tag, and additional authenticated data that includes at least a nonce. In some cases, the authentication tag is cryptographically derivable from the encrypted data key and the additional authenticated data. A system, in some cases, determines whether the nonce is authentic and decrypts the encrypted data key by using at least a cryptographic key and the nonce, thereby resulting in a plaintext data key that is usable in various contexts.

Abstract: An implicit certificate is based on a ring learning with errors (“RLWE”) public keys that are, in some examples, resistant to quantum-based computing attacks. Various methods are described that request, generate, verify, and use the implicit certificates. In some examples, the system provides an implicit certificate that enables communication between two parties that are identified at the time of certificate generation. In another example, the system provides a certificate that may be used to communicate with a variety of different parties. The implicit certificate generation algorithm yields a public key purportedly bound to U. Confirmation that the public key is bound to U is obtained after use of the corresponding private key. Binding of an entity to its associated public key and accessibility to the private key, are verified as a result of successful key use.

Abstract: A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party. A valid solution to the challenge may be generated and provided for the request to be fulfilled. The challenge may include a message and a seed, such that the seed may be used at least in part to cryptographically derive information that may be used to generate a solution to the challenge. A hash tree may be generated as of generating the solution.

Abstract: A new version of a structured collection of information, different from a previous version, of a cryptographic domain is created. The new version is created to be verifiable as a valid successor to the previous version and to specify a new set of quorum rules, with the new set of quorum rules defining one or more conditions to be fulfilled by a plurality of operators as conditions precedent to update the structured collection. The new version is provided to the plurality of operators. Digital signatures corresponding to the new version are obtained, and, as a result of the digital signatures received fulfilling the one or more conditions defined by a previous set of quorum rules specified by the previous version, the new version is caused to replace the previous version.

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

Abstract: A request to perform a cryptographic operation is received, the request including a first identifier assigned to a key group, the key group comprising a plurality of second identifiers, with the plurality of second identifiers corresponding to a plurality of cryptographic keys. A second identifier is determined, according to a distribution scheme, from the plurality of second identifiers, and the cryptographic operation is performed using a cryptographic key of the plurality of cryptographic keys that corresponds to the second identifier that was determined.

Abstract: A secret cryptographic key is stored in a protected state. While in the protected state, the secret cryptographic key is encrypted with a plurality of cryptographic keys, each of which is used to re-create the plaintext version of the secret cryptographic key. A service operated by an online service provider creates an isolated network environment containing a bastion computer system in communication with an HSM. After establishing the isolated network environment, the online service provider provides a service provider key to the HSM. An HSM key is present on the HSM, and an administrator key is provided by one or more key administrators. Using the HSM key, the service provider key, and the administrator key, the HSM performs cryptographic operations using the secret cryptographic key. When complete, the isolated network environment is deconstructed and the secret cryptographic key is returned to online storage in a protected state.

Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The co-processor can execute malware detection software, and can use this software to analyze data and/or code obtained from the relevant resources of the host machine. The trusted co-processor can notify the customer or another appropriate entity of the results of the scan, such that an appropriate action can be taken if malware is detected. The results of the scan can be trusted, as malware will be unable to falsify such a notification or modify the operation of the trusted co-processor.

Abstract: A concordance service receives a probabilistic data structure query generated based at least in part on a set of query parameters for a search of a plurality of resources. In response to receiving the query, the concordance service uses the probabilistic data structure query and a probabilistic data structure tree to determine a set of nodes of the tree that individually satisfy the set of query parameters. The concordance service verifies that the resources corresponding to the set of nodes satisfy the query parameters. Based at least in part on this verification, the concordance service provides a response to the query.

Abstract: A digital signature over a message may be compressed by determining a plurality of values based at least in part on the message. A mapping of the plurality of values over a digital signature scheme may be used to determine a value from which a portion of the compressed digital signature is decompressible by cryptographically deriving one or more components of the uncompressed digital signature. A public key may be used to verify the authenticity of the compressed digital signature and message.