Abstract: A new compromise-resilient and compact cryptographic tool is provided that ensures a breach-resilient authentication and integrity of system measurements in computer systems. The described methods are forward-secure digital signatures with signature and partial public key aggregation capabilities. The methods reduce the total space overhead of signature and public key storage. The methods offer a high space efficiency for systems who has relatively low state transitions, wherein the same message is continuously signed and then followed by different messages.

Abstract: A computer data security system, useful in protecting audit logs, includes symmetric key based techniques, requires only a small-constant number of cryptographic hash operations at the signer side sending a prospective audit log or other computer record data to a primary repository to achieve forward-secure and append-only authentication. The verification is performed by independent parties sharing parts of the symmetric key, wherein the presence of single honest party among all verifier parties ensures a conditional non-repudiation. It also ensures that an active adversary cannot generate authentication tags on behalf of the signer, unless it compromises all verification parties.

Abstract: A computer data security system, useful in protecting audit logs, includes symmetric key based techniques, requires only a small-constant number of cryptographic hash operations at the signer side sending a prospective audit log or other computer record data to a primary repository to achieve forward-secure and append-only authentication. The verification is performed by independent parties sharing parts of the symmetric key, wherein the presence of single honest party among all verifier parties ensures a conditional non-repudiation. It also ensures that an active adversary cannot generate authentication tags on behalf of the signer, unless it compromises all verification parties.

Abstract: Disclosed are various embodiments for certificate-free cryptosystems that achieve significant computational and communication efficiency as compared to prior systems. A private key generator (PKG) generates a master public key and a master private key unique to the PKG; receives identifying information for at least one client device; generates a public key for the at least one client device; generates a private key for the at least one client device by: performing a hash of the identifying information using the public key generated for the at least one client device to generate a plurality of indices; identifying values corresponding to the indices from the master private key; and deriving the private key based at least in part on a summation of the values corresponding to the indices; and sends the public key and the private key to the at least one client device.

Abstract: A digital signature protocol achieves the least energy consumption, the fastest signature generation, and the smallest signature among its ECC-based counterparts. The method of authenticating is also immune to side channel attacks aiming elliptical curve operations/exponentiations as well as to weak pseudo random number generators at the signer's side. A security system for authenticating the updating of computer records includes a network of member computers in data communication with each other and calculating an assigned portion of a commitment code used for the authenticating the secure data at the verifier device by completing, among the server computers, a plurality of discrete verification tasks for a single authentication code (R?) associated with an aggregated commitment code (R), aggregating at the verifier device, the aggregated commitment code (R), and verifying the secure data at the verifier device.

Abstract: Cryptographic techniques referred to as Sender Optimal, Breach-resilient Auditing with Post-Quantum security (SOBAP) are described. Optimal efficiency and post-quantum security of symmetric key based techniques are achieved, while providing compromise-resiliency, conditional non-repudiation, and fault-tolerance verification in a distributed setting. SOBAP relies on any choice of a symmetric key based primitive with extended features (e.g., forward-security, append-only authentication), which can be optimally efficient. The verification is done via the execution of symmetric primitive F with a secure multi-party computation (SMPC) technique, wherein an honest majority guarantees a conditional non-repudiation and fault-tolerance. SOBAP offers an architecture that uses authenticated access control data structures to ensure policy enforcement. SOBAP also offers a post-quantum security via symmetric primitives and SMPC. Extensions of SOBAP offer oblivious access and enhancements with secure hardware support.

Abstract: A method of searching encrypted files includes a client computing device selecting a specific keyword to search a plurality of encrypted files stored at a server computing device and if the specific keyword has not been previously used to search the plurality of encrypted files, the method further includes using an encrypted keyword index stored at the server computing device to identify one or more encrypted files of the plurality of encrypted files that contain the specific keyword based upon keyword-file relationships stored in the encrypted keyword index.