Abstract: A transport connection system is set forth. The system includes a first device adapted to send and receive messages. A second device, adapted to send and receive message, is also provided. A message i generated by the first device includes a secret Ri-1 to a Hash (Ri-1) sent from the first device to the second device in a prior message i-1. The message i is signed by a random key Ai-1, the random key being derived from an update of a key Ai-2 from the prior message, wherein message i-1 is signed by the key Ai-2.

Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.

Abstract: A MAC aggregation technique utilizing a large field addition operation is disclosed. The large field addition operation defines the addition of two or more MACs mod p, where the two or MACs may comprise constituent MACs or aggregate MACs, and where p is a prime number that is large relative to the size of the MACs. The disclosed MAC aggregation technique yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving security even in the case where constituent MACs may be aggregated in duplicate.

Abstract: Methods and apparatus are provided for secure function evaluation for a covert client and a semi-honest server using string selection oblivious transfer. An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C1, . . . Cn,that are evaluated. Consider any wire wj of C that is an output wire of Ci, and is an input wire of Ci+1. When a slice Ci is evaluated, Ci's 1-bit wire key for wj is computed by the evaluator, and then used, via string selection oblivious transfer (SOT), to obtain the wire key for the corresponding input wire of Ci+1. This process repeats until C's output wire keys are computed by the evaluator. The 1-bit wire keys of the output wires of the slice are randomly assigned to wire values.

Abstract: Methods and apparatus are provided for secure function evaluation between a semi-honest client and a semi-honest server using an information-theoretic version of garbled circuits (GC). An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C1, . . . Cn, that are evaluated. Consider any wire wj of C that is an output wire of Ci, and is an input wire of Ci+1. When a slice Ci is evaluated, Ci's 1-bit wire key for wj is computed by the evaluator, and then used, via oblivious transfer (OT), to obtain the wire key for the corresponding input wire of Ci+1. This process repeats until C's output wire keys are computed by the evaluator. The 1-bit wire keys of the output wires of the slice are randomly assigned to wire values.

Abstract: An improved MAC aggregation technique is disclosed that yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving improved resilience to denial-of-service (DoS) attacks. The aggregate MAC is constructed in a manner wherein upon instance of channel impairments or malicious attack (e.g., from a rogue node or man-in-the-middle attacker), only a portion of the aggregate MAC will include corrupted data, at least a portion of the aggregate MAC thereby including valid verifiable data. A source of corruption of the aggregate MAC may be ascertained based on indicia of which constituent MACs are included in the valid portion; and constituent MACs that are wholly included in the valid portion may be declared valid.

Abstract: Methods and apparatus are provided for securing two-party computations against malicious adversaries. A method is provided for secure function evaluation. The disclosed method is performed by a garbled circuit evaluator for the transfer of private information, and comprises receiving from a constructor (i) s garbled circuits (GCs), wherein each of the GCs having a plurality of input wires; and (ii) commitments for each of the input wires, wherein the commitments comprise s2 pair-wise cryptographic bindings of wire garblings of each given wire in the s GCs; requesting the constructor to reveal a selected check-set of s/2 of the s GCs; and verifying that the check-set was properly constructed using less than all of the commitments. In addition, the disclosed method optionally comprises the step of evaluating the remaining GCs that were not in the check-set.

Abstract: An improved MAC aggregation technique is disclosed that yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving improved resilience to denial-of-service (DoS) attacks. The aggregate MAC is constructed in a manner wherein upon instance of channel impairments or malicious attack (e.g., from a rogue node or man-in-the-middle attacker), only a portion of the aggregate MAC will include corrupted data, at least a portion of the aggregate MAC thereby including valid verifiable data. A source of corruption of the aggregate MAC may be ascertained based on indicia of which constituent MACs are included in the valid portion; and constituent MACs that are wholly included in the valid portion may be declared valid.

Abstract: An apparatus in one example, where the apparatus comprises a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key. The communication device component generates a derivation key by applying a pseudo random function to the RAND and the shared secret key. The communication device component generates a first set of session keys based on a second random nonce (RANDC) and the derivation key where the first set of session keys are used in encrypting communications.

Abstract: Method for providing access to private digital content installed on a content server C(s), wherein a content manager server C(a) has a number of clients potentially interested in the private content; the method comprising the following steps performed at the content management server C(a): establishing a first communication channel with a client C(b) of the number of clients; receiving a query for private digital content from the client C(b) and sending an appropriate response, causing the client to establish a second communication channel with the content server; establishing a secure session with the content server C(s) over the first and second communication channel; establishing a new session key for the secure session and transmitting said new session key to the client C(b), so that the client can obtain the queried private digital content from the content server as if the client is the content management server.

Abstract: Methods and apparatus are provided for securing two-party computations against malicious adversaries. A method is provided for secure function evaluation. The disclosed method is performed by a garbled circuit evaluator for the transfer of private information, and comprises receiving from a constructor (i) s garbled circuits (GCs), wherein each of the GCs having a plurality of input wires; and (ii) commitments for each of the input wires, wherein the commitments comprise s2 pair-wise cryptographic bindings of wire garblings of each given wire in the s GCs; requesting the constructor to reveal a selected check-set of s/2 of the s GCs; and verifying that the check-set was properly constructed using less than all of the commitments. In addition, the disclosed method optionally comprises the step of evaluating the remaining GCs that were not in the check-set.

Abstract: A transport connection system is set forth. The system includes a first device adapted to send and receive messages. A second device, adapted to send and receive message, is also provided. A message i generated by the first device includes a secret Ri-1 to a Hash (Ri-1) sent from the first device to the second device in a prior message i-1. The message i is signed by a random key Ai-1, the random key being derived from an update of a key Ai-2 from the prior message, wherein message i-1 is signed by the key Ai-2.

Abstract: An efficient encryption system for improving the computation speed of a garbled circuit is set forth. The garbled circuit includes a number of garbled Boolean gates having first and second garbled Boolean gate input wires. The system includes a first key ki on a first garbled gate input wire. A second key kj is also provided on a second garbled gate input wire. A programmable function is provided for combining the first key ki and the second key kj to obtain an encrypted output key. A method for expediting encryption and decryption of a garbled circuit having a number of encryptions for a garbled table of a garbled gate is also set forth. The method includes the steps of: forming the garbled table with a number of secret keys by applying a function to the secret keys to produce less than twice the number of secret keys as the number of encryptions for the garbled table, and evaluating the garbled table to decrypt an output key of the garbled table.

Abstract: An apparatus in one example, where the apparatus comprises a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key. The communication device component generates a derivation key by applying a pseudo random function to the RAND and the shared secret key. The communication device component generates a first set of session keys based on a second random nonce (RANDC) and the derivation key where the first set of session keys are used in encrypting communications.