Abstract: Several round-efficient solitary multi-party computation protocols with guaranteed output delivery are disclosed. A plurality of input devices and an output device can collectively perform a computation using methods such as fully homomorphic encryption. The output of the computation is only known to the output device. Some number of these devices may be corrupt. However, even in the presence of corrupt devices, the output device can still either generate a correct output or identify that the computation was compromised. These protocols operate under different assumptions regarding the communication infrastructure (e.g., broadcast vs point-to-point), the number of participating devices, and the number of corrupt devices. These protocols are round-efficient in that they require a minimal number of communication rounds to calculate the result of the multi-party computation.

Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. Once enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Several round-efficient solitary multi-party computation protocols with guaranteed output delivery are disclosed. A plurality of input devices and an output device can collectively perform a computation using methods such as fully homomorphic encryption. The output of the computation is only known to the output device. Some number of these devices may be corrupt. However, even in the presence of corrupt devices, the output device can still either generate a correct output or identify that the computation was compromised. These protocols operate under different assumptions regarding the communication infrastructure (e.g., broadcast vs point-to-point), the number of participating devices, and the number of corrupt devices. These protocols are round-efficient in that they require a minimal number of communication rounds to calculate the result of the multi-party computation.

Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.

Abstract: A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t?1 servers can forge a valid token or mount offline dictionary attacks.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: Techniques of generating a lattice-based verification matrix and signature vector are disclosed. The method enables a generating device to sample a gadget matrix and then generate a reduced gadget matrix. The generating device may then sample a trapdoor matrix and use the trapdoor matrix and the reduced gadget matrix to generate a verification matrix. A sending device may receive the trapdoor matrix and the verification matrix from the generating device, in addition to receiving a message. The sending device may then use the trapdoor matrix and the verification matrix to generate a signature vector for the message. A verification device can receive the verification matrix, the message, and the signature vector. The verification device may use the verification matrix and the signature vector to verify the message.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t-1 servers can forge a valid token or mount offline dictionary attacks.

Abstract: A method performed by a user device is disclosed. The method comprising generating a secret and measuring a biometric template of a user operating the user device. The method then generates a plurality of secret shares of the secret and of the biometric template. The user device then transmits the secret shares of the secret and of the biometric template to a plurality of recovery devices. After, the user device may then initiate a recovery of the secret and measure a biometric measurement of the user. Data of the biometric measurement may be transmitted to the plurality of recovery devices, where the recovery devices perform a partial computation. The user device use the plurality of partial computations to determine a match between the biometric template and the biometric measurement. If the two biometrics match, the user device can reconstruct the secret using shares of the secret from the recovery devices.

Abstract: Techniques of generating a lattice-based verification matrix and signature vector are disclosed. The method enables a generating device to sample a gadget matrix and then generate a reduced gadget matrix. The generating device may then sample a trapdoor matrix and use the trapdoor matrix and the reduced gadget matrix to generate a verification matrix. A sending device may receive the trapdoor matrix and the verification matrix from the generating device, in addition to receiving a message. The sending device may then use the trapdoor matrix and the verification matrix to generate a signature vector for the message. A verification device can receive the verification matrix, the message, and the signature vector. The verification device may use the verification matrix and the signature vector to verify the message.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Systems and methods for adaptive attack resistant distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess multiple secret shares corresponding to distinct secret values, which may be used in the process of encrypting or decrypting data. The client computer may generate multiple commitments and transmit those commitments to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitments and their respective secret shares. The partial computations may be transmitted to the client computer. The client computer may use the partial computations to generate a cryptographic key. The client computer may use the cryptographic key to encrypt a message or decrypt ciphertext.

Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t?1 servers can forge a valid token or mount offline dictionary attacks.