Abstract: Methods and apparatus are provided for authenticated hierarchical set operations. A third party server processes a query (possibly from a client) on data sets outsourced by a source of the data. The query comprises a hierarchical set operation between at least two of the data sets. Authenticated Set Operation techniques for flat set operations can be iteratively applied for hierarchical set operations. In addition, bilinear accumulators are extended to provide an extractable accumulation scheme comprising a primary bilinear accumulator and a secondary bilinear accumulator. The client receives (i) an encoding of an answer to the query, (ii) a verification comprising, for example, one or more of subset witnesses, completeness witnesses, and/or accumulation values, and (iii) at least one argument for at least one intersection operation, union operation and/or set difference operation.

Abstract: Methods and apparatus are provided for authenticated hierarchical set operations. A third party server processes a query q (possibly from a client) on outsourced data sets S1, . . . , Sn on behalf of a source of the data. The query q comprises a hierarchical set operation. Authenticated Set Operation techniques for flat set operations can be iteratively applied for hierarchical set operations. In addition, bilinear accumulators are extended to provide an extractable accumulation scheme comprising a primary bilinear accumulator and a secondary bilinear accumulator. In addition, a query q is parsed as a tree and for each tree node, a Union/Intersection argument is provided that is related to one or more accumulation values associated with the corresponding tree node.

Abstract: The invention includes a method for key creation and recovery based on solutions to puzzles solvable by humans and not computers. In some exemplary embodiments, the key is created and recovered based on the solution(s) in conjunction with the password entered by the user. The puzzle(s) is selected based on the password used by the user from a puzzle database containing multiple puzzles that is greater in number to the number of puzzles used in conjunction with a particular password.

Abstract: The invention includes a method for key creation and recovery based on solutions to puzzles solvable by humans and not computers. In some exemplary embodiments, the key is created and recovered based on the solution(s) in conjunction with the password entered by the user. The puzzle(s) is selected based on the password used by the user from a puzzle database containing multiple puzzles that is greater in number to the number of puzzles used in conjunction with a particular password.

Abstract: An anonymous credential system which requires a user who is asserting a credential to have knowledge of the master key of the user who was originally granted that credential. In order for a user to transfer the ability to assert any one of their credentials to another user, they must also transfer their master key to that same user. The master key, however, provides such unlimited rights to its holder that a user is strongly motivated not to share their master key with anyone else. In this manner, anonymous credentials become non-transferrable because a user cannot transfer a credential without transferring their entire electronic identity.

Abstract: A mechanism which secures the communication and computation between processors in an insecure distributed environment implements efficient "compilers" for a protocol between processors. The protocol is one that assures some input-output relation when executed by processors which are not all trusted but with secret and authenticated communication links between every two processors. This protocol is transformed by a compiler into a protocol that guarantees essentially the same input-output relations in the presence of (the same type of) insecure processors and insecure communication links. Additionally, a method maintains secret values for a sequence of periods, each secret value being shared by two or more processors for one or several periods, where the processors are connected by a communication network.Another mechanism establishes different cryptographic keys established for each period of communication.

Abstract: A method is provided which allows a set of servers to maintain a set of keys, shared with a client, in the presence of mobile eavesdroppers that occasionally break into servers and learn the entire contents of their memories. Static and dynamic schemes maintain secret keys common to the user and each of several servers in the presence of a mobile, transient adversary that occasionally breaks into servers in order to gather information on the users' secret keys. The schemes use periodic "refreshments" of every user's private keys. In each round the servers involve in a computation in which each server computes a new private key to be shared with the user, in a way that allows the user to keep track of the changing keys without any communication with the servers. The schemes are very efficient. In particular, a user has to interact only with one server in order to obtain a session key. The user may choose the server with whom it wants to interact. The method may be used to securely generate random numbers (i.e.