Abstract: A computerized process is described for improving a computer's asymmetric and symmetric encryption capabilities that results in ciphertext with higher data confidentiality, substantially greater security level, and increased data protection without encrypting any data bit more than one time. The process utilizes computing resources, eight asymmetric/symmetric encryption ciphers, eight different asymmetric/symmetric encryption keys; cipher parameters for each said cipher; and plaintext to be encrypted. A novel mechanism is described that copies bit values from common bit positions of plaintext bytes into eight partitions. Each partition of bytes is independently encrypted using a cipher with its own key and the resulting partitions of encrypted bytes are combined to form ciphertext. As the ciphertext requires eight ciphers and keys for decryption, the ciphertext security level is significantly enhanced over single cipher and key encryption. This process is reversed to decrypt ciphertext to plaintext.

Abstract: Apparatus and method for resisting side-channel attacks on cryptographic engines are described herein. An apparatus embodiment includes a cryptographic block coupled to a non-linear low-dropout voltage regulator (NL-LDO). The NL-LDO includes a scalable power train to provide a variable load current to the cryptographic block, randomization circuitry to generate randomized values for setting a plurality of parameters, and a controller to adjust the variable load current provided to the cryptographic block based on the parameters and the current voltage of the cryptographic block. The controller to cause a decrease in the variable load current when the current voltage is above a high voltage threshold, an increase in the variable load current when the current voltage is below a low voltage threshold; and a maximization of the variable load current when the current voltage is below an undervoltage threshold. The cryptographic block may be implemented with arithmetic transformations.

Abstract: A method, system, and computer readable medium for improved decoding CABAC encoded media are described. A decoding loop includes decoding an encoded binary element from a sequence of encoded binary elements to generate a decoded binary element using a context probability. A next context probability for a next encoded binary element in the sequence is determined from the decoded binary element and the next context probability for decoding the next encoded binary element is provided to the decoding loop for a next iteration.

Abstract: An example operation may include one or more of storing blockchain blocks committed to a blockchain based on a protocol executed by a current consensus committee of a blockchain network, receiving random values from the blockchain blocks which are created by nodes of the current consensus committee, randomly determining nodes of a next consensus committee of the blockchain network with respect to the current consensus committee based on the random values created by the nodes of the current consensus committee, and storing a new block to the blockchain based on a protocol based executed by the nodes of the next consensus committee.

Abstract: An encryption device includes one or more hardware processors functioning as the following units. A unit acquires, as a public key, n-variable indeterminate equations X having coefficients with a predetermined degree of a univariate polynomial ring Fp[t] on a finite field Fp. A unit embeds a plaintext m into coefficients of n-variable plaintext polynomial factors m having coefficients with a predetermined degree of the Fp[t]. A unit generates an n-variable plaintext polynomial M by multiplying the n-variable plaintext polynomial factors mi whose number is one or more. A unit randomly generates n-variable polynomials sk (k=1, 2), n-variable polynomials rk, and noise polynomial ek, each having coefficients with a predetermined degree of the Fp[t]. A unit generates a ciphertext ck by executing an operation including at least one of adding, subtracting, and multiplying the sk, the rk, the ek, and the X to, from, or by the M.

Abstract: Techniques and mechanisms to provide one or more substrates, and logic coupled to the one or more substrates. In an embodiment, the logic is to generate a pseudo-random sequence of bits, and to permute one or more bits of binary unscrambled data. In another embodiment, the logic is further to generate scrambled data based on an exclusive-or operation between the pseudo-random sequence of bits and the permuted data.

Abstract: Image data encryption by receiving first image data corresponding to a first image having a first image size, compressing the first image data, yielding second image data corresponding to a second image having a second image size, augmenting the second image data yielding third image data corresponding to a third image having the first image size, determining coordinates of a location of the second image within the third image, encrypting the third image data according to the coordinates, providing the encrypted third image data to a decoder by a first communications channel, and providing the coordinates of the second image within the third image to the decoder by a second communications channel.

Abstract: An embodiment of the present invention is a prime representation data structure in a computer architecture. The prime representation data structure has a plurality of records where each record contains a prime representation and where the prime representation is a product of two or more selected prime factors. Each of the selected prime factor associated with an n-gram of a domain representation of a domain string. The domain representation of the domain string is a domain string of ordered, contiguous domain characters. The n-gram being a subset of n number of the ordered, contiguous domain characters in the domain string. The computer architecture performs string searching and includes one or more central processing units (CPUs) with one or more operating systems, one or more input/output device interfaces, one or more memories, and one or more input/output devices.

Abstract: A method for cryptocurrency exchange between multiple parties using threshold signature cryptocurrency wallets includes steps for creating threshold signature cryptocurrency wallets shared between a set of parties and a mediator for trading cryptocurrencies. The method may include steps for dividing a threshold private key, corresponding to each of the threshold signature cryptocurrency wallets, into n shares based on (t, n)-threshold signature scheme and sharing masked shares, corresponding to the threshold private key for each of the threshold signature cryptocurrency wallets, by the set of parties and the mediator. The method may include steps for validating correctness of all masked shares of the threshold private keys by the set of parties and the mediator. The method may include steps for signing a withdrawal cryptocurrency transaction jointly by the set of parties or signing a withdraw deposit transaction jointly by the at least one party and the mediator.

Abstract: A communication system including a first detector; a first scattering medium; a second detector; an intensity modulator; a second scattering medium; wherein electromagnetic radiation transmitted from a first spot at the first scattering medium, and scattered by and through the first scattering medium and then the second scattering medium, forms a first speckle pattern detected by the second detector. The intensity modulator outputs a second spot of electromagnetic radiation representing the “ones” in a data stream at locations of the bright speckles (or at locations of the dark speckles to represent the “zeros” in the data stream) so that the electromagnetic radiation, transmitted from the second spot and scattered by and through the second scattering medium and then the first scattering medium, forms one or more second bright or dark speckles on the first detector. The data stream can be constructed from the second bright or dark speckles.

Abstract: A system includes a processing device, operatively coupled to memory, to obtain one or more ciphers that are supported by a device that is coupled to a network, determine, by the processing device, a value associated with the device, based on whether each of the one or more ciphers that are supported by the device is quantum-safe, and generate a notification based on the value.

Abstract: Establishing a transfer mode between devices for large bulk records over a TLS protocol by fragmenting an encrypted bulk record into a set of pre-defined block sizes for convenient transfer. The pre-defined block sizes are specifically sized to indicate a beginning and an end of the transfer of the associated blocks making up the large bulk record. A middle box is unaware of the association between the blocks and permits transfer according to the maximum transmission unit of the transport layer security (TLS) protocol. The fragmented bulk record is reconstructed and decrypted for use after the transfer.

Abstract: Systems and methods are provided for encrypting data in a memristor array. The data may be scrambled by multiplying an input data unit by another data unit, by multiplying each element of a first data unit by a different instance of a second data unit. The process continues until all elements of the first data unit are multiplied by a different instance of the second data unit. The elements of the data units may be represented by resistive values of a memristor array. The result of all of the above multiplication of different instances of the second data unit are a new set of data units. All of the resulting data units are added together by adding the currents associated with values of the memristors representing the resulting data units. The operation may be performed as a finite field computation, with the memristor array.

Abstract: Encryption engines shuffle data segments during encryption and/or decryption, thereby obtaining a random permutation of the data segments to be used during encryption and/or decryption. By shuffling the data during encryption/decryption and using the resulting random permutation for encryption/decryption, the encryption engines obfuscate the power consumption information that attackers might access as part of an SCA. In some examples, the encryption engines perform intra-round shuffling of the input data within a reduced-sized encryption datapath configured to iteratively compute a portion of an encrypted block of data.

Abstract: Disclosed are apparatuses, systems, and techniques to perform and facilitate secure ladder computational operations whose iterative execution depends on secret values associated with input data. Disclosed embodiments balance execution of various iterations in a way that is balanced for different secret values, significantly reducing vulnerability of ladder computations to adversarial side-channel attacks.

Abstract: A device, system and method for debugging a homomorphically encrypted (HE) program. The HE program comprising real ciphertext data and encrypted operations in the HE space (production mode) may be mapped to an equivalent plaintext program comprising equivalent pseudo-ciphertext data and pseudo-encrypted operations in the unencrypted space (simulation mode). The plaintext program may be executed in a first full pass in simulation model and a sampling of the HE program may be executed in a second partial pass in production mode, the results of which are compared. The HE program and/or mapping may be validated if the results of simulation and production mode match and debugged if the results do not match. An integrated development environment (IDE) may switch among the HE space (production mode), the unencrypted space (simulation mode), and a combination of both HE and unencrypted spaces simultaneously (simultaneous production-simulation mode).

Abstract: The intrinsic data generation device of the disclosure includes a modulation control part outputting a modulation control signal for controlling modulation, a modulation part modulating a signal based on the modulation control signal and outputting a modulated modulation signal, a PUF circuit specifying a relationship between input data and output data based on random variation intrinsic to the device and changing the output data based on the modulation signal, a data holding part holding the output data from the PUF circuit in response to the modulation control signal, and an intrinsic data output part outputting intrinsic data based on the output data provided from the data holding part.

Abstract: The present disclosure relates to a vaultless format-preserving tokenization system and method that securely converts sensitive data into a non-sensitive format while maintaining the original structure. The process includes encoding the original data, generating a secure modification based on a predetermined format by encoding another input and combining it with a unique hashing key, applying a special encryption technique that incorporates the encoded data, secure modification, and a unique encryption key to produce an encoded version of the data, and finally creating a token from the encoded data to be used in place of the original sensitive information.

Abstract: A cryptographic processing method comprises the following steps: obtaining a second number determined by adding to a first number the order of a finite group or a multiple of this order; determining a quotient and a remainder by dividing the second number by a random number; obtaining a third element equal to the combination of elements equal to a first element of the finite group and in number equal to the product of the quotient and the random number; obtaining a fourth element equal to the combination of elements equal to the first element and in number equal to the remainder; determining a second element by combining the third element and the fourth element.

Abstract: A distributed transaction and data storage platform including a distributed notary ledger or blockchain and one or more individual user micro-identifier chains that together enable the secure effectuation and recordation of one or more transactions, and/or storage of data in an automated, real-time, zero-trust, globally data law and privacy law centric manner while maintaining transaction party confidentiality and preventing chain poisoning.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing hardware designs for vulnerabilities to side-channel attacks. One of the methods includes receiving a request to analyze a device hardware design for side-channel vulnerabilities in the device after being manufactured. Physical characteristics data is obtained representing one or more physical characteristics of the device based on the device hardware design. Information flow analysis is performed to identify one or more signals of interest corresponding to digital assets. From the physical characteristics data and the one or more signals of interest, data representing potentially vulnerable signals in the device hardware design is generated. A leakage model is generated for the potentially vulnerable signals that quantifies one or more leakage criteria for one or more structures of the device hardware design.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for AI based privacy amplification. A data security system allows for data transmitted between devices to be secured using varying levels of data security that are adjusted dynamically based on the determined sensitivity level of the data. The data security system uses AI (e.g., machine learning models) to predict the sensitivity level of data being transmitted between the devices in real-time and applies an appropriate level of data security based on the predicted sensitivity level. Dynamically adjusting the level of data security that is used based on the sensitivity level of the data provides for heightened levels of data security to protect highly sensitive data, and lower levels of data security to conserve computing resources when protecting less sensitive data.

Abstract: A technological approach can be employed to protect data. Datasets from distinct computing environments of an organization can be scanned to identify data elements subject to protection, such as sensitive data. The identified elements can be automatically protected such as by masking, encryption, or tokenization. Data lineage including relationships amongst data and linkages between computing environments can be determined along with data access patterns to facilitate understanding of data. Further, personas and exceptions can be determined and employed as bases for access recommendations.

Abstract: Systems, apparatuses and methods may provide for technology that programs a plurality of seed values into a plurality of linear feedback shift registers (LFSRs), wherein the plurality of LFSRs correspond to a data word (DWORD) and at least two of the plurality of seed values differ from one another. The technology may also train a link coupled to the plurality of LFSRs, wherein the plurality of seed values cause a parity bit associated with the DWORD to toggle while the link is being trained. In one example, the technology also automatically selects the plurality of seed values based on one or more of an expected traffic pattern on the link (e.g., after training) or a deskew constraint associated with the link.

Abstract: Systems and methods for a bifurcated self-executing program that wraps a first self-executing program (e.g., a first smart contract) on a blockchain within a second self-executing program (e.g., a second smart contract), in which the second self-executing program enforces the requirement for particular security credentials/certificates. The bifurcated self-executing program comprises a single compiled self-executing program that combines the first self-executing program and the second self-executing program.

Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and outputting the ciphertext string.

Abstract: A method includes processing, by an arithmetic and logic unit of a processor, masked data, and keeping, by the arithmetic and logic unit of the processor, the masked data masked throughout their processing by the arithmetic and logic unit. A processor includes an arithmetic and logic unit configured to keep masked data masked throughout processing of the masked data in the arithmetic and logic unit.

Abstract: A method of generating a digital signature. The method comprises calculating a first random number and, based on second and third random numbers, first and second modified versions thereof. A curve point on an elliptic curve is determined based on a base point and the first modified version. A first signature part is calculated based on the curve point. Based on the second and third random numbers, the modified versions of the first random number, data to be signed, the first signature part, and a private key, a second signature part and a check value for the second signature part are calculated. The second signature part is compared with the check value for the second signature part and, responsive to the check value for the second signature part matching the second signature part, a cryptographic signature is output comprising the first signature part and the second signature part.

Abstract: A Basic Input Output System (BIOS)-based multi-user management method and system. The method includes: identifying states of multiple users of a current BIOS to find a user whose state is an enable state; finding a Non-Volatile Random Access Memory (NVRAM) corresponding to the user in the enable state, and reading BIOS configuration parameter information of the user in the enable state; monitoring a hot key boot phase of a BIOS startup process to determine whether there is a key action at the hot key boot phase; and when there is no key action, performing a manipulation to configure the current BIOS with the read BIOS configuration parameter information of the user in the enable state, thereby effectively configuring the BIOS for the multiple users, and retaining more customized parameters in BIOS information. Therefore, a server becomes a diversely used terminal device more easily.

Abstract: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.

Abstract: Disclosed is an orthogonal access control system based on cryptographic operations provided by multi-hop proxy re-encryption (PRE) that strictly enforces only authorized access to data by groups of users, scalable to large numbers of users. Scalable delegation of decryption authority can be shared with a plurality of members of a group whether those members be users or devices, and members of a group can further create sub groups and delegate decryption authority to those members, whether users or devices. Members are granted access via generation of transform keys, and membership or access can be revoked merely be deleting the transform key—no elimination of the encrypted data, regardless of its storage location, is needed.

Abstract: Content, such as an encryption key, may be transmitted between computing systems that both use more than one encryption algorithm. Secrets may be used to encode the content. The different encryption algorithms may be used to separately encrypt the encoded content and the secrets prior to communicating the encrypted, encoded content and encrypted secrets between computing systems.

Abstract: Aspects of the present disclosure involve a method, a system and a computer readable memory to perform a cryptographic operation that includes identifying a first set of mutually coprime numbers, obtaining a second set of input numbers coprime with a corresponding one of the first set of mutually coprime numbers, obtaining an output number that is a weighted sum of the second set of input numbers, each of the second set of input numbers being taken with a weight comprising a product of all of the first set of mutually coprime numbers except the corresponding one of the first set of mutually coprime numbers, and performing the cryptographic operation using the output number.

Abstract: A processing apparatus, an embedded system, a system-on-chip, and a security control method are disclosed. The processing apparatus includes a processor, adapted to execute a program; and a memory, coupled to the processor and adapted to provide a plurality of enclaves isolated from each other. One of the plurality of enclaves is a source enclave, another one of the plurality of enclaves is a target enclave, and the source enclave and the target enclave each are used to provide a storage space required for running a corresponding program. The processing apparatus further comprises a storage access controller, adapted to transmit specified data stored in the source enclave to the target enclave.

Abstract: Disclosure provides devices, methods, and computer-readable medium for secure frame management. Techniques disclosed herein provide an intelligent method for detecting triggering items in one or more frames of streaming video from an Internet Protocol camera. Upon detection, the camera transmits one or more frames of the video over a network to a computing device. Upon detecting a triggering item in a frame of the video stream, the computing device begins a streaming session with a server and stream the one or more frames of video and accompanying metadata to the server. The frames, metadata, and associated keys can all be encrypted prior to streaming to the server. For each subsequent segment of video frames that includes the triggering item, the server can append the frames of that segment to the video clip in an encrypted container. Once the triggering item is no longer detected, the streaming session can be closed.

Abstract: A writing method of a crypto device includes receiving a write request from a central processing unit, determining a write attribute of the write request, and performing one of a partial write operation and a full write operation according to the write attribute. In the full write operation, a random number for a version count is generated, a key stream is generated using the version count, the key stream and write data are encrypted in a first logical operation, and the encrypted data and the version count are stored in a memory device.

Abstract: An enhanced robust input protocol for secure multi-party computation (MPC) via pseudorandom secret sharing is provided. With this enhanced protocol, the servers that participate in MPC can generate and send a single random sharing [R] to a client with k inputs (rather than a separate random sharing per input), and the client can derive k pseudorandom sharings from [R] without any further server interactions.

Abstract: A division unit (22) divides a plaintext M every b bits from a beginning, thereby generating b-bit values M1, . . . , Mm-1 and a value Mm having 1 or more bits to b or less bits. An S1 calculation unit (241) assigns a b-bit value H1 to a value M0, and for each integer i of i=1, . . . , m in an ascending order, takes a value Mi-1 as input to an encryption function E, thereby calculating a value S1(i), and calculates a value Ci from the value S1(i) and a value Mi. An S2 calculation unit (242) assigns an r-bit value H2 to a value S2(0), and for each integer i of i=1, . . . , m in an ascending order, calculates a value S2(i) from the value S1(i) and from a value S2(i?1). A ciphertext generation unit (243) generates a ciphertext C from a value Ci for each integer i of i=1, . . . , m. An authenticator generation unit (25) generates a (b+r)-bit authenticator T by using a value S1(m) and a value S2(m).

Abstract: Systems and methods for operating a cryptographic system. The methods comprise: obtaining ciphertext by the cryptographic system; performing operations by the cryptographic system to determine whether a given sequence of values exits within the ciphertext; and synchronizing the cryptographic system with another cryptographic system using the ciphertext as a bitrate portion of an initialization value for a cryptographic algorithm and zero as a capacity portion of the initialization value for the cryptographic algorithm, when a determination is made that the given sequence of values exist within the ciphertext.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: identifying an invoked database query for execution on a database, the invoked database query being associated to a user; generating an execution plan for executing the database query on the database; wherein the generating the execution plan for execution of the database query on the database includes establishing an ordering of first and second tables, the ordering of the first and second tables being in dependence on an access privilege attribute of the user in respect to the first table; and executing the database query according to the execution plan.

Abstract: A storage circuit stores secret information. A software processing circuit obtains an operation task and generates scheduling instructions corresponding to the operation task. After receiving the scheduling instructions, a hardware processing circuit obtains the secret information from the storage circuit when the flag bit in the scheduling instruction is a valid value, determines, based on the secret information, data addresses of one or more pieces of operation data required for completing the operation corresponding to the scheduling instruction, and obtains the one or more pieces of operation data based on the data addresses to complete the operation corresponding to each scheduling instruction.

Abstract: A method for decoding a video according to the present invention may comprise: determining whether to divide a current block with quad tree partitioning, and dividing the current block into four partitions based on a vertical line and a horizontal line when it is determined that the current block is divided with the quad tree partitioning.

Abstract: A processor-implemented method is disclosed. The method includes: generating a secure data object associated with a request for transfer of resources, the secure data object indicating one or more resource transfer parameters including account information for a transferee account at a resource account management system, wherein the secure data object includes a first hash computed based on the one or more resource transfer parameters; signing the secure data object using a private key associated with the resource account management system; and sending the secure data object to a messaging address associated with a transferor of the requested resources.

Abstract: A first arithmetic input share and a second arithmetic input share of an initial arithmetically-masked cryptographic value are received. A sequence of operations using the arithmetic input shares and a randomly generated number is performed, where a current operation in the sequence of operations generates a corresponding intermediate value that is used in a subsequent operation. At the end of the sequence of operations, a first Boolean output share and a second Boolean output share are generated. The arithmetic-to-Boolean mask conversion is independent of the input bit length.

Abstract: There is provided a device for protecting the execution of a cryptographic operation from attacks, the cryptographic operation being implemented by a cryptographic algorithm, the cryptographic operation comprising at least one modular operation between a main base (m) representing a data block and at least one scalar (d) in at least one finite starting group. The device is configured to determine at least one intermediary group (E?) different from the at least one starting group (E), the number of intermediary groups being equal to the number of starting groups E. The device is further configured to determine at least one final group (E?) from the at least one starting group E and the at least one intermediary group E?. The base m being mapped to an auxiliary element (x) in the at least one intermediary group and to an auxiliary base (m?) in the at least one final group E?.

Abstract: A public key generated by each user of a plurality of users is used to encrypt the contacts for that user. The results are sent to a server by each user. The key generated by each user is then distributed to every other user in the system, and each recipient encrypts their contacts with the keys. The result of these encryptions for all contacts for all recipients is then received by the server, and the server computes an encrypted computation of equality of two contacts and sends all computations back to the original user. The user can use the homomorphic property of the crypto protocol (e.g., a private key) to determine a set of users that are matched as contacts with the other users. The binary results are returned to the server, and the server computes a graph using the results.

Abstract: A method including receiving, by a receiving device from a transmitting device, a combination of messages including encrypted decoy messages and one or more encrypted content messages, the encrypted decoy messages being determined based at least in part on encrypting decoy data and the one or more encrypted content messages being determined based at least in part on encrypting content data; and decrypting, by the receiving device, a received message included in the combination of messages based at least in part on utilizing a cryptographic key; and determining, by the receiving device, that the received message is a content message or that the received message is a decoy message based at least in part on a result of decrypting the received message. Various other aspects are contemplated.

Abstract: Methods and apparatus for combining received uplink transmissions. In an embodiment, a method is provided that includes receiving a descrambled resource element associated with selected second channel state information (CSI2) and receiving a descrambling sequence used to generate the descrambled RE. The method also includes rescrambling the descrambled RE using the descrambling sequence to generate a rescrambled RE and modifying the descrambling sequence to generate a modified descrambling sequence. The method also includes descrambling the rescrambled RE with the modified descrambling sequence to generate a modified descrambled RE and accumulating the modified descrambled RE to form a combined CSI2 value.

Abstract: A database management system receives a request to process a database query on behalf of a security principal. The database management system determines that processing the database query requires access to an encrypted portion of a file containing data subject to access conditions. The database management system determines that the security principle is authorized to use a key that corresponds to the encrypted portion of the file. The database management system then completes processing of the query by using the key to access the encrypted portion of the file.

Abstract: Systems and methods are described for establishing trust between two devices for secure peer-to-peer communication. In an example, a first and a second device can each possess a digital signature issued by the same certificate authority and a hash function issued by the same trusted entity. The devices can exchange public keys that include their respective digital signatures. The second device can verify the first device's digital signature, encrypt an encryption key with the second device's public key, hash the encryption key using its hash function, and encrypt the hash using its private key. The second device can send the encrypted hash and encryption key to the first device. The first device can verify the second device's digital signature, decrypt the encryption key, and decrypt the encrypted hash. The first device can hash the encryption key using its hashing function and compare the two hashes to verify the second device.