Abstract: An encryption and cryptosystem for fast and efficient searching of ciphertexts. Unencrypted secret data may be transformed into encoded secret data using an injective encoding such that each distinct value of the unencrypted secret data is mapped to a unique index in the encoded secret data. The encoded secret data may be homomorphically encrypted using the homomorphic encryption key to generate secret data ciphertexts. The secret data ciphertexts may be transmitted to an external system for searching the secret data ciphertexts for encoded queries. The encoded queries are encoded by the same injective encoding as the secret data, to directly search only indices of the secret data ciphertexts corresponding to query indices having non-zero query values, to detect if values of the secret data ciphertexts match values of the encoded queries at the query indices, without searching the remaining indices of the secret data ciphertexts.

Abstract: Methods and system for risk determination and risk categorization using encrypted data are provided. The risk determination can involve determining an inner product operation between a generalized weight table and an encrypted incidence vector, summing the result of the inner product operation and/or decrypting the results. Method and systems for encrypting data for use in homomorphic risk determination are also provided.

Abstract: A device, system, and method for decentralized management of a distributed proxy re-encryption key ledger by multiple devices in a distributed peer-to-peer network. A network device may receive shared data defining access to a proxy re-encryption key. The network device may locally generate a hash code based on the shared data. The network device may receive a plurality of hash codes generated based on versions of the shared data at a respective plurality of the other devices in the network. If the locally generated hash code matches the received plurality of hash codes, the network device may validate that the shared data is the same across the network devices and may add the received proxy re-encryption key access data and locally generated hash code to a local copy of the distributed proxy re-encryption key ledger.

Abstract: An encryption and cryptosystem for fast and efficient searching of ciphertexts. Unencrypted secret data may be transformed into encoded secret data using an injective encoding such that each distinct value of the unencrypted secret data is mapped to a unique index in the encoded secret data. The encoded secret data may be homomorphically encrypted using the homomorphic encryption key to generate secret data ciphertexts. The secret data ciphertexts may be transmitted to an external system for searching the secret data ciphertexts for encoded queries. The encoded queries are encoded by the same injective encoding as the secret data, to directly search only indices of the secret data ciphertexts corresponding to query indices having non-zero query values, to detect if values of the secret data ciphertexts match values of the encoded queries at the query indices, without searching the remaining indices of the secret data ciphertexts.

Abstract: A device, system and method for fast and secure Proxy Re-Encryption (PRE) using key switching. A first user is assigned first encryption and decryption keys and a second user is assigned second encryption and decryption keys. First encrypted data encrypted with the first encryption key may be re-encrypted using a proxy re-encryption key to simultaneously switch encryption keys by adding the second encryption key and cancelling the first encryption key by the first decryption key to transform the first encrypted data encrypted by the first encryption key to second encrypted data encrypted by the second encryption key, without decrypting the underlying data. The second user may be the sole system device that possesses the (e.g., private) second decryption key to decrypt the second encrypted data.

Abstract: A device, system, and method for decentralized management of a distributed proxy re-encryption key ledger by multiple devices in a distributed peer-to-peer network. A network device may receive shared data defining access to a proxy re-encryption key. The network device may locally generate a hash code based on the shared data. The network device may receive a plurality of hash codes generated based on versions of the shared data at a respective plurality of the other devices in the network. If the locally generated hash code matches the received plurality of hash codes, the network device may validate that the shared data is the same across the network devices and may add the received proxy re-encryption key access data and locally generated hash code to a local copy of the distributed proxy re-encryption key ledger.

Abstract: A method for secure comparison of encrypted symbols. According to one embodiment, a user may encrypt two symbols, share the encrypted symbols with an untrusted third party that can compute algorithms on these symbols without access the original data or encryption keys such that the result of running the algorithm on the encrypted data can be decrypted to a result which is equivalent to the result of running the algorithm on the original unencrypted data. In one embodiment the untrusted third party may perform a sequence of operations on the encrypted symbols to produce an encrypted result which, when decrypted by a trusted party, indicates whether the two symbols are the same.

Abstract: A device, system and method for fast and secure Proxy Re-Encryption (PRE) using key switching. A first user is assigned first encryption and decryption keys and a second user is assigned second encryption and decryption keys. First encrypted data encrypted with the first encryption key may be re-encrypted using a proxy re-encryption key to simultaneously switch encryption keys by adding the second encryption key and cancelling the first encryption key by the first decryption key to transform the first encrypted data encrypted by the first encryption key to second encrypted data encrypted by the second encryption key, without decrypting the underlying data. The second user may be the sole system device that possesses the (e.g., private) second decryption key to decrypt the second encrypted data.

Abstract: A system and method for secure substring search, using fully homomorphic encryption, or somewhat homomorphic encryption. In one embodiment, a first string is homomorphically compared to trial substrings of a second string, each comparison producing a ciphertext containing an encrypted indication of whether the first string matches the trial substrings. These ciphertexts are then combined in a homomorphic logical OR operation to produce a ciphertext which contains an encrypted indication of whether the first string matches any of the trial substrings, i.e., whether the first string is contained in the second string.

Abstract: A method for secure comparison of encrypted symbols. According to one embodiment, a user may encrypt two symbols, share the encrypted symbols with an untrusted third party that can compute algorithms on these symbols without access the original data or encryption keys such that the result of running the algorithm on the encrypted data can be decrypted to a result which is equivalent to the result of running the algorithm on the original unencrypted data. In one embodiment the untrusted third party may perform a sequence of operations on the encrypted symbols to produce an encrypted result which, when decrypted by a trusted party, indicates whether the two symbols are the same.