Abstract: A method is provided for generating an elliptic curve cryptography key pair that uses two topologically identical pseudo-random number generators operating in parallel and in step with each other. One generator operates in the scalar number domain and the other generator operates in the elliptic curve point domain. Parallel sequences of pseudo-random elliptic curve points aG and corresponding scalars a are generated in this manner. A scalar a becomes a private key and an elliptic curve point aG is a public key of a key pair. Each generator is advanced by one iteration successively, and the isomorphic relationship ensures that the point domain generator always contains values which are multiples of the system base point according to values contained in the corresponding position in the number domain generator. In one embodiment, the pseudo-random number generators are each characterized as being lagged Fibonacci generators.

Abstract: A method for producing a white-box implementation of a cryptographic function using garbled circuits, including: producing, by a first party, a logic circuit implementing the cryptographic function using a plurality of logic gates and a plurality of wires; garbling the produced logic circuit, by the first party, including garbling the plurality of logic gates and assigning two garbled values for each of the plurality of wires; and providing a second party the garbled logic circuit and a first garbled circuit input value.

Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.

Abstract: A method is provided for managing a machine learning system. In the method, a database is provided for storing a plurality of data elements. A plurality of machine learning models is trained using assigned subsets of the plurality of data elements. The outputs of the plurality of machine learning models is provided to an aggregator. During inference operation of the machine learning system, the aggregator determines a final output based on outputs from the plurality of models. If it is determined that an assigned subset must be changed because, for example, a record must be deleted, then the data element is removed from the selected assigned subset. The affected machine learning model associated with the changed assigned subset is removed, and retrained using the changed assigned subset.

Abstract: A white-box system for authenticating a user-supplied password, including: a password database including a salt value and an authentication value for each user; a white-box implementation of a symmetric cipher configured to produce an encrypted value by encrypting the user-supplied password using the salt value associated with the user as an encoded secret key; and a comparator configured to compare the encrypted value with the authentication value associated with the user to verify the user-supplied password.

Abstract: A white-box system and method for producing a digital signature of a message m, including: a white-box implementation of a symmetric cipher configured to produce a deterministic nonce value by encrypting the message m using a secret key; and a digital signature algorithm configured to produce a digital signature of the message m based upon the deterministic nonce, the message m, and a secret signing key.

Abstract: A method for mapping an input message to a message authentication code (MAC) by a white-box implementation of a keyed cryptographic operation in a cryptographic system that includes using a white-box implementation of the block cipher in a MAC.

Abstract: A method and data processing system for detecting tampering of a machine learning model is provided. The method includes training a machine learning model. During a training operating period, a plurality of input values is provided to the machine learning model. In response to a predetermined invalid input value, the machine learning model is trained that a predetermined output value will be expected. The model is verified that it has not been tampered with by inputting the predetermined invalid input value during an inference operating period. If the expected output value is provided by the machine learning model in response to the predetermined input value, then the machine learning model has not been tampered with. If the expected output value is not provided, then the machine learning model has been tampered with. The method may be implemented using the data processing system.

Abstract: Various embodiments relate to a method of generating a shared secret for use in a symmetric cipher, including: receiving, by a processor, an encoded key Enc(K) and a white-box implementation of the symmetric cipher, where the encoded key Enc(K) is used in the white-box implementation; selecting, by the processor, homomorphic functions ? and ? and the values c1 and c3 such that Enc(K)?c1=Enc(K?c3); and transmitting, by the processor, ? and c3 to another device.

Abstract: Various embodiments relate to a method for producing a digital signature using a white-box implementation of a cryptographic digital signature function, including: receiving a input message; hashing the input message; generating a nonce based upon the input message and the white-box implementation of the cryptographic digital signature function; and computing a digital signature of the input using the nonce.

Abstract: A device, including: a memory; a processor configured to implement an encrypted machine leaning model configured to: evaluate the encrypted learning model based upon received data to produce an encrypted machine learning model output; producing verification information; a tamper resistant hardware configured to: verify the encrypted machine learning model output based upon the verification information; and decrypt the encrypted machine learning model output when the encrypted machine learning model output is verified.

Abstract: Various embodiments relate to a method of encrypting a message m using a Paillier cryptosystem, including: computing a ciphertext c based upon the message m, N, and r, where N is the product of two distinct primes p and q, and r is randomly chosen such that r?[1, N); computing a first verification value based upon u and N, where u is randomly chosen such that u?[1, N); computing a second verification value s based upon u, r, the ciphertext c, the verification value, and a hash function H.

Abstract: A method for performing a secure function in a data processing system is provided. In accordance with one embodiment, the method includes generating and encoding an encryption key. The encoded encryption key may be encrypted in a key store in a trusted execution environment (TEE) of the data processing system. The encrypted encryption key may encrypted, stored, and decrypted in the key store in the TEE, but used in a white-box implementation to perform a secure function. The secure function may include encrypting a value in the white-box implementation for securing a monetary value on, for example, a smart card. In one embodiment, each time an encryption key or decryption key is used, it is changed to a new key. The method makes code lifting and rollback attacks more difficult for an attacker because the key is stored separately from, for example, a white-box implementation in secure storage.

Abstract: A method for performing a secure function in a data processing system is provided. In accordance with one embodiment, the method includes generating and encoding an encryption key. The encoded encryption key may be encrypted in a key store in a trusted execution environment (TEE) of the data processing system. The encrypted encryption key may encrypted, stored, and decrypted in the key store in the TEE, but used in a white-box implementation to perform a secure function. The secure function may include encrypting a value in the white-box implementation for securing a monetary value on, for example, a smart card. In one embodiment, each time an encryption key or decryption key is used, it is changed to a new key. The method makes code lifting and rollback attacks more difficult for an attacker because the key is stored separately from, for example, a white-box implementation in secure storage.

Abstract: A system includes a secure processor and an unsecure processor. The secure processor is configured to: split a secure scalar K into m2 random values ki, where i is an integer index; randomly select m1-m2 values ki for the indices m2<i?m1; select m1 mask values ?i; compute m1 residues ci based upon random residues ai, ??(i)?1, and k?(i), wherein ?(i) is a random permutation; compute m1 elliptic curve points Gi based upon random residues ai and an elliptic point to be multiplied; receive m1 elliptic curve points; and compute the elliptic curve scalar multiplication by combining a portion of the received elliptic curve points and removing the mask values ?i from the portion of the received elliptic curve points. The unsecure processor is configured to: receive m1 residues ci and elliptic curve points Gi; compute m1 elliptic curve points Pi based upon the m1 residues ci and elliptic curve points Gi; and send the m1 elliptic curve points Pi to the secure processor.

Abstract: A method is provided for performing elliptic curve cryptography that reduces the number of required computations to produce, for example, a key pair. The number of computations is reduced by changing how a random nonce used in the computations is selected. In an embodiment, a look-up table is generated having pre-computed scalar values and elliptic curve points. Every time a new pseudo-random value is created for use in the ECDSA, a combination of the look-up table values is used to create multiple intermediate values. One of the multiple intermediate values is randomly chosen as a replacement value for one of the existing table entries. Each time the look-up table is used, multiple entries in the look-up table are updated to new look-up table values as described. In this manner, new randomness is provided in every step to generate the next pseudo-random nonce as a combination of multiple internally stored temporary look-up table values. Alternately, another mathematical group may be used.

Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.

Abstract: Various embodiments relate to a method for producing a digital signature using a white-box implementation of a cryptographic digital signature function, including: receiving a input message; hashing the input message; generating a nonce based upon the input message and the white-box implementation of the cryptographic digital signature function; and computing a digital signature of the input using the nonce.

Abstract: The subject disclosure is directed towards secure computations of encrypted data over a network. In response to user desired security settings with respect to the encrypted data, software/hardware library components automatically select parameter data for configuring a fully homomorphic encryption scheme to secure the encrypted data items while executing a set of computational operations. A client initiates the set of computational operations via the library components and if requested, receives secure computation results in return.

Abstract: A data processing system having rich execution environment (REE) and a trusted execution environment (TEE) is provided. In the data processing system, an unsecure memory is coupled to the REE and used for storing encrypted data for use in the TEE. The TEE may have a cache for storing the encrypted data after it is decrypted. The data in both the memory and the cache is organized in blocks, and the cache is smaller than the memory. An interpreter is provided in the TEE, along with a service block in the REE, for fetching and decrypting the data to be stored in the cache. The interpreter checks an integrity of the decrypted data using a hash tree having multiple levels. In the event of a cache miss, all blocks of the hash tree in a path from the data block to a root block are retrieved from the memory in one access operation. A method for operating the cache in the data processing system is also provided.