Abstract: Systems, methods, and apparatuses can protecting a secret on a device with limited memory, while still providing tamper resistance. To achieve the lower memory usage, embodiments can apply a memory-hard function MHF to the secret S to obtain a result Y, which can be used in an encoding process to obtain a code C. After applying the MHF, a prove function can generate a proof value that is used in a decoding (e.g., a verification of computation process) of the code C. The code C can include the proof value, the secret S, and the result Y, and can be sent to a decoding device that verifies the code C as part of a decoding process.

Abstract: Systems, methods, and apparatuses can protecting a secret on a device with limited memory, while still providing tamper resistance. To achieve the lower memory usage, embodiments can apply a memory-hard function MHF to the secret S to obtain a result Y, which can be used in an encoding process to obtain a code C. After applying the MHF, a prove function can generate a proof value that is used in a decoding (e.g., a verification of computation process) of the code C. The code C can include the proof value, the secret S, and the result Y, and can be sent to a decoding device that verifies the code C as part of a decoding process.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.